Lucene search
K

1212 matches found

RedhatCVE
RedhatCVE
added 2025/05/23 4:33 a.m.8 views

CVE-2023-5798

The Assistant WordPress plugin before 1.4.4 does not validate a parameter before making a request to it via wpremoteget, which could allow users with a role as low as Editor to perform SSRF attacks...

8.8CVSS6.7AI score0.00694EPSS
Exploits2
RedhatCVE
RedhatCVE
added 2025/05/23 3:39 a.m.8 views

CVE-2023-29090

An issue was discovered in Samsung Exynos Mobile Processor, Automotive Processor and Modem for Exynos Modem 5123, Exynos Modem 5300, Exynos 980, Exynos 1080, Exynos 9110, and Exynos Auto T5123. Memory corruption can occur due to insufficient parameter validation while decoding an SIP Via header...

7.5CVSS7.1AI score0.00752EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 3:39 a.m.11 views

CVE-2023-29086

An issue was discovered in Samsung Exynos Mobile Processor, Automotive Processor and Modem for Exynos Modem 5123, Exynos Modem 5300, Exynos 980, Exynos 1080, Exynos 9110, and Exynos Auto T5123. Memory corruption can occur due to insufficient parameter validation while decoding an SIP Min-SE heade...

7.5CVSS7.1AI score0.00794EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 3:22 a.m.11 views

CVE-2023-24698

Insufficient parameter validation in the Foswiki::Sandbox component of Foswiki v2.1.7 and below allows attackers to perform a directory traversal via supplying a crafted web request...

7.5CVSS6.8AI score0.00702EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 3:22 a.m.6 views

CVE-2023-29085

An issue was discovered in Samsung Exynos Mobile Processor, Automotive Processor and Modem for Exynos Modem 5123, Exynos Modem 5300, Exynos 980, Exynos 1080, Exynos 9110, and Exynos Auto T5123. Memory corruption can occur due to insufficient parameter validation while decoding an SIP status line...

7.5CVSS7.1AI score0.00794EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 2:42 a.m.4 views

CVE-2023-23300

The Toybox.Cryptography.Cipher.initialize API method in CIQ API version 3.0.0 through 4.1.7 does not validate its parameters, which can result in buffer overflows when copying data. A malicious application could call the API method with specially crafted parameters and hijack the execution of the...

9.8CVSS7.2AI score0.01274EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2025/05/23 1:54 a.m.7 views

CVE-2023-24812

Misskey is an open source, decentralized social media platform. In versions prior to 13.3.3 SQL injection is possible due to insufficient parameter validation in the note search API by tag notes/search-by-tag. This has been fixed in version 13.3.3. Users are advised to upgrade. Users unable to...

9.8CVSS7.8AI score0.0071EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 1:46 a.m.9 views

CVE-2023-29089

An issue was discovered in Samsung Exynos Mobile Processor, Automotive Processor and Modem for Exynos Modem 5123, Exynos Modem 5300, Exynos 980, Exynos 1080, Exynos 9110, and Exynos Auto T5123. Memory corruption can occur due to insufficient parameter validation while decoding SIP multipart...

7.5CVSS7.1AI score0.00752EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 1:15 a.m.5 views

CVE-2022-29872

A vulnerability has been identified in SICAM T All versions V3.0. Affected devices do not properly validate parameters of POST requests. This could allow an authenticated attacker to set the device to a denial of service state or to control the program counter and, thus, execute arbitrary code on...

8.8CVSS8.5AI score0.01342EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 12:14 a.m.13 views

CVE-2022-44621

Diagnosis Controller miss parameter validation, so user may attacked by command injection via HTTP Request...

9.8CVSS7.4AI score0.0299EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 10:32 p.m.5 views

CVE-2022-25344

An XSS issue was discovered on Olivetti d-COLOR MF3555 2XDS000.002.271 devices. The Web Application doesn't properly check parameters, sent in a /dvcset/sysset/set.cgi POST request via the arg01.Hostname field, before saving them on the server. In addition, the JavaScript malicious content is the...

6.1CVSS6AI score0.00732EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 10:4 p.m.10 views

CVE-2022-0656

The Web To Print Shop : uDraw WordPress plugin before 3.3.3 does not validate the url parameter in its udrawconverturltobase64 AJAX action available to both unauthenticated and authenticated users before using it in the filegetcontents function and returning its content base64 encoded in the...

7.5CVSS6.7AI score0.07736EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2025/05/22 9:47 p.m.7 views

CVE-2022-45176

An issue was discovered in LIVEBOX Collaboration vDesk through v018. Stored Cross-site Scripting XSS can occur under the /api/v1/getbodyfile endpoint via the uri parameter. The web application through its vShare functionality section doesn't properly check parameters, sent in HTTP requests as...

6.1CVSS6AI score0.00314EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 9:23 p.m.6 views

CVE-2021-29576

TensorFlow is an end-to-end open source platform for machine learning. The implementation of tf.rawops.MaxPool3DGradGrad is vulnerable to a heap buffer overflow. The...

7.8CVSS6.8AI score0.00211EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 9:23 p.m.9 views

CVE-2021-29431

Sydent is a reference Matrix identity server. Sydent can be induced to send HTTP GET requests to internal systems, due to lack of parameter validation or IP address blacklisting. It is not possible to exfiltrate data or control request headers, but it might be possible to use the attack to perfor...

7.7CVSS6.7AI score0.01194EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 8:55 p.m.6 views

CVE-2021-37417

Zoho ManageEngine ADSelfService Plus version 6103 and prior allows CAPTCHA bypass due to improper parameter validation...

9.8CVSS7.3AI score0.0475EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 7:24 p.m.4 views

CVE-2021-25028

The Event Tickets WordPress plugin before 5.2.2 does not validate the tribeticketsredirectto parameter before redirecting the user to the given value, leading to an arbitrary redirect issue...

6.1CVSS6.8AI score0.0194EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2025/05/22 7:23 p.m.9 views

CVE-2021-24786

The Download Monitor WordPress plugin before 4.4.5 does not properly validate and escape the "orderby" GET parameter before using it in a SQL statement when viewing the logs, leading to an SQL Injection issue...

7.2CVSS7.2AI score0.17484EPSS
Exploits5References1
RedhatCVE
RedhatCVE
added 2025/05/22 7:22 p.m.9 views

CVE-2021-24458

The getayspopupboxes and getpopupcategories functions of the Popup box WordPress plugin before 2.3.4 did not use whitelist or validate the orderby parameter before using it in SQL statements passed to the getresults DB calls, leading to SQL injection issues in the admin dashboard...

8.8CVSS7.7AI score0.01362EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2025/05/22 7:20 p.m.11 views

CVE-2021-24154

The Theme Editor WordPress plugin before 2.6 did not validate the GET file parameter before passing it to the downloadfile function, allowing administrators to download arbitrary files on the web server, such as /etc/passwd...

4.9CVSS6.9AI score0.01066EPSS
Exploits1References1
Rows per page
Query Builder