Lucene search
K

76 matches found

Prion
Prion
added 2024/03/02 3:15 a.m.21 views

Input validation

Due to insufficient server-side validation, an attacker with login privileges could access certain resources that the attacker should not have access to by changing parameter values...

4CVSS7.2AI score0.00425EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2024/02/21 12:0 a.m.5 views

SailPoint IdentityIQ Security Vulnerability

SailPoint IdentityIQ is a security software from SailPoint, Inc. which provides credit monitoring, identity insurance, and antivirus. A security vulnerability exists in SailPoint IdentityIQ Lifecycle Manager that stems from improperly limiting parameter values...

7.1CVSS6.8AI score0.00344EPSS
Exploits0References3
AlpineLinux
AlpineLinux
added 2023/11/15 11:15 p.m.11 views

CVE-2023-48199

HTML Injection vulnerability in the 'manageApiKeys' component in Grocy = 4.0.3 allows attackers to inject arbitrary HTML content without script execution. This occurs when user-supplied data is not appropriately sanitized, enabling the injection of HTML tags through parameter values. The attacker...

4.3CVSS8AI score0.00502EPSS
Exploits1
NVD
NVD
added 2023/11/15 11:15 p.m.33 views

CVE-2023-48199

HTML Injection vulnerability in the 'manageApiKeys' component in Grocy = 4.0.3 allows attackers to inject arbitrary HTML content without script execution. This occurs when user-supplied data is not appropriately sanitized, enabling the injection of HTML tags through parameter values. The attacker...

7.8CVSS0.00502EPSS
Exploits1References4
Prion
Prion
added 2023/11/15 11:15 p.m.11 views

Design/Logic Flaw

HTML Injection vulnerability in the 'manageApiKeys' component in Grocy = 4.0.3 allows attackers to inject arbitrary HTML content without script execution. This occurs when user-supplied data is not appropriately sanitized, enabling the injection of HTML tags through parameter values. The attacker...

4.3CVSS7.7AI score0.00502EPSS
Exploits1References3Affected Software1
Cvelist
Cvelist
added 2023/11/15 12:0 a.m.34 views

CVE-2023-48199

HTML Injection vulnerability in the 'manageApiKeys' component in Grocy = 4.0.3 allows attackers to inject arbitrary HTML content without script execution. This occurs when user-supplied data is not appropriately sanitized, enabling the injection of HTML tags through parameter values. The attacker...

8.1AI score0.00502EPSS
Exploits1References4
Hacker One
Hacker One
added 2023/10/31 8:9 p.m.30 views

Khan Academy: Text Injection/ Content Spoofing on https://cloud.e.khanacademy.org by breaking out of input tag.

A vulnerability was discovered on https://cloud.e.khanacademy.org that allowed text injection via breaking out of an input tag. By inserting a closing angle bracket in a parameter value, an attacker could inject arbitrary text that would be reflected on the page, enabling phishing attacks. The...

7.2AI score
Exploits0
OSV
OSV
added 2023/05/10 11:18 a.m.6 views

USN-6066-1 heat vulnerability

It was discovered that OpenStack Heat incorrectly handled certain hidden parameter values. A remote authenticated user could possibly use this issue to obtain sensitive data...

7.4CVSS5.8AI score0.00709EPSS
Exploits1References2
CNNVD
CNNVD
added 2023/04/26 12:0 a.m.4 views

Linux kernel 代码问题漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from the presence of speculative pointer dereferences with controlled resource parameter values, which can be...

5.3CVSS6.5AI score0.0072EPSS
Exploits0References10
NVD
NVD
added 2023/03/25 12:15 a.m.29 views

CVE-2023-25801

TensorFlow is an open source machine learning platform. Prior to versions 2.12.0 and 2.11.1, nnops.fractionalavgpoolv2 and nnops.fractionalmaxpoolv2 require the first and fourth elements of their parameter poolingratio to be equal to 1.0, as pooling on batch and channel dimensions is not supporte...

8CVSS8.6AI score0.00148EPSS
Exploits0References2
SUSE CVE
SUSE CVE
added 2023/02/15 6:2 a.m.4 views

SUSE CVE-2009-3619

Unspecified vulnerability in ViewVC 1.0 before 1.0.9 and 1.1 before 1.1.2 has unknown impact and remote attack vectors related to "printing illegal parameter names and values."...

5CVSS7AI score0.01771EPSS
Exploits0References4
CNVD
CNVD
added 2023/02/14 12:0 a.m.23 views

Siemens RUGGEDCOM APE1808 product family competitive conditions vulnerability

RUGGEDCOM APE1808 is a utility-level application hosting platform that allows you to deploy a range of commercial applications for edge computing and network security in harsh industrial environments.A competitive condition vulnerability exists in the Siemens RUGGEDCOM APE1808 product family, whi...

6.4CVSS2.2AI score0.00151EPSS
Exploits0References1
Veracode
Veracode
added 2022/07/20 4:10 a.m.33 views

Information Disclosure

bolt is vulnerable to information disclosure. The vulnerability exists in the startplan function in connection.rb due to submitting sensitive parameter values to the orchestrator service when running plans over the PCP transport which allows an attacker to gain access to sensitive information...

4.1CVSS4.7AI score0.00449EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2022/05/13 1:42 a.m.18 views

Codiad Vulnerable to Shell Command Injection

components/filemanager/class.filemanager.php in Codiad before 2.8.3 is vulnerable to remote command execution because shell commands can be embedded in parameter values, as demonstrated by searchfiletype...

9.8CVSS9.7AI score0.07547EPSS
Exploits4References7Affected Software1
Prion
Prion
added 2022/04/01 11:15 p.m.16 views

Privilege escalation

An local privilege escalation vulnerability due to a "runasroot" command in eScan Anti-Virus. This vulnerability is due to invalid arguments and insufficient execution conditions related to "runasroot" command. This vulnerability can induce remote attackers to exploit root privileges by...

10CVSS8.8AI score0.02267EPSS
Exploits0References1Affected Software1
Apache Tomcat
Apache Tomcat
added 2021/05/12 12:0 a.m.109 views

Fixed in Apache Tomcat 9.0.46

Low: Authentication weakness CVE-2021-30640 Queries made by the JNDI Realm did not always correctly escape parameters. Parameter values could be sourced from user provided data eg user names as well as configuration data provided by an administrator. In limited circumstances it was possible for...

6.5CVSS6.8AI score0.09886EPSS
Exploits0Affected Software1
PyPA
PyPA
added 2021/05/11 2:15 p.m.5 views

PYSEC-2021-30

OctoPrint before 1.6.0 allows XSS because API error messages include the values of input parameters...

6.1CVSS6.4AI score0.01143EPSS
Exploits1References4Affected Software1
NVD
NVD
added 2021/04/08 4:15 a.m.24 views

CVE-2021-1420

A vulnerability in certain web pages of Cisco Webex Meetings could allow an unauthenticated, remote attacker to modify a web page in the context of a user's browser. The vulnerability is due to improper checks on parameter values in affected pages. An attacker could exploit this vulnerability by...

4.7CVSS0.00925EPSS
Exploits0References1
Prion
Prion
added 2021/04/08 4:15 a.m.22 views

Design/Logic Flaw

A vulnerability in certain web pages of Cisco Webex Meetings could allow an unauthenticated, remote attacker to modify a web page in the context of a user's browser. The vulnerability is due to improper checks on parameter values in affected pages. An attacker could exploit this vulnerability by...

4.3CVSS4.8AI score0.00925EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2021/04/08 4:6 a.m.14 views

CVE-2021-1420 Cisco Webex Meetings HTML Injection Vulnerability

A vulnerability in certain web pages of Cisco Webex Meetings could allow an unauthenticated, remote attacker to modify a web page in the context of a user's browser. The vulnerability is due to improper checks on parameter values in affected pages. An attacker could exploit this vulnerability by...

4.7CVSS6.7AI score0.00925EPSS
Exploits0References1
Rows per page
Query Builder