Lucene search
K

17 matches found

CVE
CVE
added 2024/11/26 10:56 a.m.74 views

CVE-2024-50373

CVE-2024-50373 affects Advantech EKI-6333AC-2G (≤1.6.3), EKI-6333AC-2GD (≤1.6.3) and EKI-6333AC-1GPO (≤1.2.1). The root cause is improper neutralization of special elements in OS commands during the restore_config_from_utility operation in the edgserver service, enabling remote unauthenticated at...

9.8CVSS10AI score0.01285EPSS
Exploits0References1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/11/13 11:48 a.m.23 views

Security Bulletin: Multiple Vulnerabilities in IBM Event Endpoint Management

Summary Multiple vulnerabilities were addressed in IBM Event Endpoint Management version 11.3.2 Vulnerability Details CVEID:CVE-2024-47176 DESCRIPTION: OpenPrinting cups-browsed could allow a remote attacker to obtain sensitive information, caused by the binding on UDP INADDRANY:631 and trusting...

9.8CVSS9.9AI score0.76959EPSS
Exploits17Affected Software1
ICS
ICS
added 2024/09/24 6:0 a.m.37 views

Alisonic Sibylla

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.3 ATTENTION: Exploitable remotely/Low attack complexity Vendor: Alisonic Equipment: Sibylla Vulnerability: Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' 2. RISK EVALUATION Successful exploitation of this vulnerability...

9.8CVSS9.8AI score0.00561EPSS
Exploits0References10
CVE
CVE
added 2024/05/16 9:3 a.m.56 views

CVE-2024-3126

CVE-2024-3126 concerns the parisneo/lollms-webui project, specifically the bug in the Python file lollms_xtts.py and the function run_xtts_api_server. The issue stems from constructing an OS command with a Python f-string and passing xtts_base_url to subprocess.Popen without adequate input saniti...

8.4CVSS8.5AI score0.01321EPSS
Exploits1References2Affected Software1
NVD
NVD
added 2024/01/08 9:15 p.m.18 views

CVE-2023-52142

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Cool Plugins Events Shortcodes For The Events Calendar.This issue affects Events Shortcodes For The Events Calendar: from n/a through 2.3.1...

8.8CVSS8.2AI score0.00544EPSS
Exploits0References1
Prion
Prion
added 2023/12/20 4:15 p.m.14 views

Sql injection

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in WooCommerce AutomateWoo.This issue affects AutomateWoo: from n/a through 4.9.50...

5.5CVSS7.9AI score0.00644EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2023/12/12 12:15 p.m.23 views

CVE-2023-49692

A vulnerability has been identified in RUGGEDCOM RM1224 LTE4G EU 6GK6108-4AM00-2BA2 All versions V7.2.2, RUGGEDCOM RM1224 LTE4G NAM 6GK6108-4AM00-2DA2 All versions V7.2.2, SCALANCE M804PB 6GK5804-0AP00-2AA2 All versions V7.2.2, SCALANCE M812-1 ADSL-Router 6GK5812-1AA00-2AA2 All versions V7.2.2,...

7.2CVSS0.00623EPSS
Exploits0References3
NVD
NVD
added 2023/10/31 3:15 p.m.13 views

CVE-2023-35879

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in WooCommerce Product Vendors allows SQL Injection.This issue affects Product Vendors: from n/a through 2.1.78...

9.8CVSS9.8AI score0.00579EPSS
Exploits1References1
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2023/06/27 12:0 a.m.56 views

JVN#78634340: Multiple vulnerabilities in WAVLINK WL-WN531AX2

WL-WN531AX2 provided by WAVLINK contains multiple vulnerabilities listed below. Client-side enforcement of server-side security CWE-602 - CVE-2023-32612 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H| Base Score: 6.8 CVSS v2| AV:A/AC:L/Au:S/C:C/I:C/A:C|...

8.1CVSS7.6AI score0.00734EPSS
Exploits0
NVD
NVD
added 2023/02/07 10:15 a.m.20 views

CVE-2023-22643

An Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' vulnerability in libzypp-plugin-appdata of SUSE Linux Enterprise Server for SAP 15-SP3; openSUSE Leap 15.4 allows attackers that can trick users to use specially crafted REPOALIAS, REPOTYPE or...

7.8CVSS6.7AI score0.02447EPSS
Exploits1References1
ICS
ICS
added 2022/03/24 12:0 a.m.52 views

mySCADA myPRO

1. EXECUTIVE SUMMARY CVSS v3 8.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: mySCADA Equipment: myPRO Vulnerability: Command Injection 2. RISK EVALUATION Successful exploitation of this vulnerability could allow arbitrary operating system commands injection. 3. TECHNICAL...

9CVSS9AI score0.01343EPSS
Exploits0References5
Prion
Prion
added 2020/01/27 10:15 a.m.20 views

Sql injection

An Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in susestudio-ui-server of SUSE Studio onsite allows remote attackers with admin privileges in Studio to alter SQL statements, allowing for extraction and modification of data. This issue affects:...

5.5CVSS8.3AI score0.01027EPSS
Exploits0References1Affected Software2
Packet Storm
Packet Storm
added 2018/05/31 12:0 a.m.109 views

Quest DR Series Disk Backup Software 4.0.3 Code Execution

Core Security - Corelabs Advisory http://corelabs.coresecurity.com/ Quest DR Series Disk Backup Multiple Vulnerabilities 1. Advisory Information Title: Quest DR Series Disk Backup Multiple Vulnerabilities Advisory ID: CORE-2018-0002 Advisory URL:...

0.37581EPSS
Exploits2
Core Security
Core Security
added 2017/12/19 12:0 a.m.563 views

Trend Micro Smart Protection Server Multiple Vulnerabilities

1. Advisory Information Title: Trend Micro Smart Protection Server Multiple Vulnerabilities Advisory ID: CORE-2017-0008 Advisory URL:https://www.coresecurity.com/core-labs/advisories/trend-micro-smart-protection-server-multiple-vulnerabilities Date published: 2017-12-19 Date of last update:...

9.8CVSS9.4AI score0.19369EPSS
Exploits10
Debian CVE
Debian CVE
added 2017/09/17 5:0 a.m.23 views

CVE-2017-14500

Removed by vendor...

8.8CVSS8.7AI score0.03078EPSS
Exploits0
Core Security
Core Security
added 2017/08/23 12:0 a.m.552 views

Trend Micro Smart Protection OS Command Injection

1. Advisory Information Title: Trend Micro Smart Protection OS Command Injection Advisory ID: CORE-2017-0004 Advisory URL:http://www.coresecurity.com/core-labs/advisories/trend-micro-smart-protection-os-command-injection Date published: 2017-08-23 Date of last update: 2017-08-23 Vendors contacted...

8.8CVSS8.8AI score0.14092EPSS
Exploits1
ICS
ICS
added 2017/02/14 12:0 a.m.51 views

Geutebrück IP Cameras

CVSS v3 9.8 ATTENTION: Remotely exploitable/low skill level to exploit Vendor: Geutebrück Equipment: IP Cameras Vulnerabilities: Authentication Bypass and Improper Neutralization of Special Elements AFFECTED PRODUCTS The following Geutebrück G-Cam IP camera version is affected: G-Cam/EFD-2250...

10CVSS10AI score0.5229EPSS
Exploits4References3
Rows per page
Query Builder