Lucene search
K

29 matches found

NVD
NVD
added 2024/07/25 10:15 p.m.17 views

CVE-2024-3938

The "reset password" login page accepted an HTML injection via URL parameters. This has already been rectified via patch, and as such it cannot be demonstrated via Demo site link. Those interested to see the vulnerability may spin up a...

6.1CVSS0.00253EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/07/25 9:17 p.m.13 views

CVE-2024-3938

The "reset password" login page accepted an HTML injection via URL parameters. This has already been rectified via patch, and as such it cannot be demonstrated via Demo site link. Those interested to see the vulnerability may spin up a...

5.4CVSS6.8AI score0.00253EPSS
Exploits0References1
CVE
CVE
added 2024/06/06 9:23 p.m.2018 views

CVE-2024-24192

CVE-2024-24192 affects robdns, with a heap overflow in the code path handling block->filename in /src/zonefile-insertion.c (version d76d2e6). Multiple connected sources corroborate the issue and identify the vulnerable component as block->filename and the function zonefile-insertion.c. PT-2...

9.1CVSS8AI score0.00375EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2024/05/31 4:15 p.m.13 views

CVE-2022-25038

wanEditor v4.7.11 was discovered to contain a cross-site scripting XSS vulnerability via the video upload function...

6.1CVSS6AI score0.00256EPSS
Exploits0References2
NVD
NVD
added 2024/05/30 5:15 a.m.20 views

CVE-2024-4356

The List categories plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'categories' shortcode in all versions up to, and including, 0.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

6.4CVSS5.9AI score0.00337EPSS
Exploits0References3
NVD
NVD
added 2024/05/29 5:16 p.m.8 views

CVE-2024-35512

hmq v1.5.5 is vulnerable to Denial of Service DoS due to a Null Pointer Exception. A remote attacker can trigger a broker crash by sending a specially crafted MQTT UNSUBSCRIBE packet with an illegal control character Topic. The failure to properly validate this field leads to a null pointer...

5.3CVSS6.5AI score0.00464EPSS
Exploits0References1
NVD
NVD
added 2024/05/28 8:16 p.m.15 views

CVE-2022-45171

An issue was discovered in LIVEBOX Collaboration vDesk through v018. An Unrestricted Upload of a File with a Dangerous Type can occur under the vShare web site section. A remote user, authenticated to the product, can arbitrarily upload potentially dangerous files without restrictions...

8.8CVSS6.4AI score0.00752EPSS
Exploits1References1
NVD
NVD
added 2024/05/28 5:15 p.m.26 views

CVE-2024-34852

F-logic DataCube3 v1.0 is affected by command injection due to improper string filtering at the command execution point in the ./admin/transceiverschedule.php file. An unauthenticated remote attacker can exploit this vulnerability by sending a file name containing command injection. Successful...

6.3CVSS7.7AI score0.01623EPSS
Exploits1References1
CVE
CVE
added 2024/05/24 3:12 p.m.62 views

CVE-2021-47570

CVE-2021-47570 is addressed in the Linux kernel staging area (rt8188eu driver). The issue was a memory leak in rtw_wx_read32() where ptmp was not freed before returning -EINVAL. A fix (memory cleanup) has been applied to resolve this vulnerability; references point to kernel stable commits that i...

5.5CVSS5.2AI score0.00181EPSS
Exploits0References2Affected Software1
NVD
NVD
added 2024/05/23 10:15 p.m.21 views

CVE-2024-5298

D-Link D-View queryDeviceCustomMonitorResult Exposed Dangerous Method Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of D-Link D-View. Although authentication is required to exploit this vulnerability, the existi...

8.8CVSS9.2AI score0.01847EPSS
Exploits0References1
NVD
NVD
added 2024/05/22 11:15 p.m.35 views

CVE-2024-22026

A local privilege escalation vulnerability in EPMM before 12.1.0.0 allows an authenticated local user to bypass shell restriction and execute arbitrary commands on the appliance...

6.7CVSS7AI score0.01096EPSS
Exploits1References1
NVD
NVD
added 2024/05/22 11:15 p.m.24 views

CVE-2024-29850

Veeam Backup Enterprise Manager allows account takeover via NTLM relay...

8.8CVSS8.8AI score0.00809EPSS
Exploits0References1
NVD
NVD
added 2024/05/22 7:15 a.m.21 views

CVE-2021-47439

In the Linux kernel, the following vulnerability has been resolved: net: dsa: microchip: Added the condition for scheduling kszmibreadwork When the ksz module is installed and removed using rmmod, kernel crashes with null pointer dereferrence error. During rmmod, kszswitchremove function tries to...

5.5CVSS6.4AI score0.00225EPSS
Exploits0References3
NVD
NVD
added 2024/05/21 3:15 p.m.15 views

CVE-2021-47291

In the Linux kernel, the following vulnerability has been resolved: ipv6: fix another slab-out-of-bounds in fib6nhflushexceptions While running the self-tests on a KASAN enabled kernel, I observed a slab-out-of-bounds splat very similar to the one reported in commit 821bbf79fe46 "ipv6: Fix KASAN:...

7.1CVSS6.5AI score0.00247EPSS
Exploits0References4
CVE
CVE
added 2024/05/14 4:57 p.m.141 views

CVE-2024-30044

CVE-2024-30044 is a Microsoft SharePoint Server Remote Code Execution vulnerability reported across multiple feeds. The connected docs identify the affected product as SharePoint Server and describe a remote code execution flaw that could allow an attacker to run arbitrary code on the target syst...

7.2CVSS7AI score0.8399EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2024/05/14 4:57 p.m.111 views

CVE-2024-30003

CVE-2024-30003 is a Windows vulnerability in the Windows Mobile Broadband Driver that enables remote code execution. The issue is described in the connected sources as a vulnerability that allows execution of arbitrary code (Windows Mobile Broadband) with the attacker requiring physical access (a...

6.8CVSS7.5AI score0.00932EPSS
Exploits0References1Affected Software9
CVE
CVE
added 2024/04/09 5:18 p.m.61 views

CVE-2024-27242

CVE-2024-27242 concerns the Zoom Desktop Client for Linux, with affected versions prior to 5.17.10. The vulnerability is a cross-site scripting issue in the Linux client that can be exploited by an authenticated user to cause a denial of service over the network. The impact is limited to availabi...

6.8CVSS4.3AI score0.00462EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2024/04/05 8:2 p.m.272 views

CVE-2024-29748

CVE-2024-29748 is an Android Pixel privilege-escalation vulnerability affecting Pixel firmware. Root cause described as a logic error allowing local escalation of privilege without extra execution privileges; exploitation requires user interaction. CVSSv3.1 base score 7.8 (HIGH) with LOCAL access...

7.8CVSS8.2AI score0.0068EPSS
In wildExploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2023/10/04 2:46 p.m.52 views

Zod denial of service vulnerability during email validation

Impact API servers running express-zod-api having: - version of express-zod-api below 10.0.0-beta1, - and using the following or similar validation schema in its implementation: z.string.email, are vulnerable to a DoS attack due to: - Inefficient Regular Expression Complexity in zod versions up t...

7.5CVSS6.7AI score0.00764EPSS
Exploits1References5Affected Software1
Metasploit
Metasploit
added 2023/07/31 7:52 p.m.451 views

Rudder Server SQLI Remote Code Execution

This Metasploit module exploits a SQL injection vulnerability in RudderStack's rudder-server, an open source Customer Data Platform CDP. The vulnerability exists in versions of rudder-server prior to 1.3.0-rc.1. By exploiting this flaw, an attacker can execute arbitrary SQL commands, which may le...

8.8CVSS8.8AI score0.85825EPSS
Exploits4
Rows per page
Query Builder