Lucene search
K

9 matches found

RedhatCVE
RedhatCVE
added 2025/05/22 10:51 p.m.10 views

CVE-2022-30972

A cross-site request forgery CSRF vulnerability in Jenkins Storable Configs Plugin 1.0 and earlier allows attackers to have Jenkins parse a local XML file e.g., archived artifacts that uses external entities for extraction of secrets from the Jenkins controller or server-side request forgery...

8.8CVSS6.7AI score0.00625EPSS
Exploits0References1
OSV
OSV
added 2024/08/22 3:15 a.m.8 views

CVE-2024-7384

The AcyMailing – An Ultimate Newsletter Plugin and Marketing Automation Solution for WordPress plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the acymextractArchive function in all versions up to, and including, 9.7.2. This makes it possible fo...

8.8CVSS6.5AI score0.00958EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2024/08/21 12:0 a.m.9 views

PT-2024-38313 · WordPress · Acymailing

Name of the Vulnerable Software and Affected Versions: AcyMailing – An Ultimate Newsletter Plugin and Marketing Automation Solution for WordPress versions up to, and including, 9.7.2 Description: The issue is related to arbitrary file uploads due to missing file type validation in the acym...

8.8CVSS7.8AI score0.00958EPSS
Exploits0References15
Positive Technologies
Positive Technologies
added 2024/07/17 12:0 a.m.4 views

PT-2024-5370 · Ibm · Ibm Engineering Requirements Management Doors Web Access

Name of the Vulnerable Software and Affected Versions: IBM Engineering Requirements Management DOORS Web Access version 9.7.2.8 Description: The issue is related to an XML External Entity Injection XXE attack when processing XML data. This could allow a remote attacker to expose sensitive...

8.2CVSS9.5AI score0.00614EPSS
Exploits0References8
Circl
Circl
added 2022/05/26 4:14 p.m.7 views

CVE-2022-29721

creationtimestamp| type| source ---|---|--- 2022-05-26 16:14:08+00:00| seen| https://t.me/cibsecurity/43373...

7.5CVSS7.3AI score0.00991EPSS
Exploits1References1
OSV
OSV
added 2021/10/27 1:15 a.m.5 views

CVE-2021-35236

The Secure flag is not set in the SSL Cookie of Kiwi Syslog Server 9.7.2 and previous versions. The Secure attribute tells the browser to only send the cookie if the request is being sent over a secure channel such as HTTPS. This will help protect the cookie from being passed over unencrypted...

5.3CVSS6.1AI score0.00502EPSS
Exploits0References2
OSV
OSV
added 2021/09/27 5:15 p.m.5 views

CVE-2021-36134

Out of bounds write vulnerability in the JPEG parsing code of Netop Vision Pro up to and including 9.7.2 allows an adjacent unauthenticated attacker to write to arbitrary memory potentially leading to a Denial of Service DoS...

6.5CVSS6.7AI score0.00526EPSS
Exploits1References1
CNVD
CNVD
added 2020/06/05 12:0 a.m.3 views

Foxit Reader and PhantomPDF Resource Management Error Vulnerability (CNVD-2020-32084)

Foxit Reader and Foxit PhantomPDF are both Chinese Foxit Foxit company a PDF document reader. A security vulnerability exists in Foxit Reader versions prior to 9.7.2 and PhantomPDF versions prior to 9.7.2. The vulnerability can be exploited by an attacker to cause an application crash resource...

7.5CVSS6.7AI score0.0153EPSS
Exploits0References1
CNVD
CNVD
added 2020/06/05 12:0 a.m.2 views

Foxit Reader and PhantomPDF Resource Management Error Vulnerability (CNVD-2020-32082)

Foxit Reader and Foxit PhantomPDF are both Chinese Foxit Foxit company a PDF document reader. A resource management error vulnerability exists in Foxit Reader versions prior to 9.7.2 and PhantomPDF versions prior to 9.7.2, which is caused by the execution of JavaScript code after a delete or clos...

7.5CVSS7AI score0.02131EPSS
Exploits0References1
Rows per page
Query Builder