Lucene search
K

925 matches found

CNNVD
CNNVD
added 2025/01/06 12:0 a.m.4 views

go-git 参数注入漏洞

go-git is go-git open source a highly extensible git implementation library written in pure Go. A parameter injection vulnerability exists in go-git versions prior to v5.13, which stems from the presence of a parameter injection vulnerability that could allow an attacker to set arbitrary values t...

9.8CVSS7.4AI score0.0124EPSS
Exploits0References3
CNVD
CNVD
added 2024/12/25 12:0 a.m.10 views

Dell PowerStore Parameter Injection Vulnerability

Dell PowerStore is a scalable all-flash array storage from Dell USA. The Dell PowerStore suffers from a parameter injection vulnerability that originates from improper parameter delimiter neutralization, which can be exploited by an attacker to modify arbitrary system files...

7.1CVSS7.1AI score0.0026EPSS
Exploits0References1
CVE
CVE
added 2024/12/21 9:23 a.m.46 views

CVE-2024-11688

CVE-2024-11688 is a reflected XSS in the WordPress LaTeX2HTML plugin. The vulnerability allows unauthenticated attackers to inject scripts via the ver or date parameters on pages that render the attack, affecting all versions up to and including 2.5.5. Connected Red Hat and other sources corrobor...

6.1CVSS6.1AI score0.00426EPSS
Exploits0References3
CNVD
CNVD
added 2024/12/20 12:0 a.m.3 views

Online Class and Exam Scheduling System term.php File SQL Injection Vulnerability

Online Class and Exam Scheduling System is an online class and exam scheduling system. The Online Class and Exam Scheduling System suffers from a SQL injection vulnerability that stems from a lack of validation of externally entered SQL statements in the parameter id of the file /pages/term.php. ...

8.8CVSS8.3AI score0.00534EPSS
Exploits1References1
CNNVD
CNNVD
added 2024/12/19 12:0 a.m.3 views

Dell PowerStore 参数注入漏洞

Dell PowerStore is a scalable all-flash array storage from Dell USA. The Dell PowerStore suffers from a parameter injection vulnerability that originates from improper parameter delimiter neutralization, which can be exploited by an attacker to modify arbitrary system files...

7.1CVSS7.3AI score0.0026EPSS
Exploits0References1
CNNVD
CNNVD
added 2024/12/05 12:0 a.m.3 views

Codezips Project Management System 注入漏洞

Codezips Project Management System is an open source project management system from Codezips. An injection vulnerability exists in CodeZips Project Management System version 1.0, which stems from an incorrect manipulation of the parameter email that can lead to SQL injection...

9.8CVSS7.9AI score0.00663EPSS
Exploits1References4
Cvelist
Cvelist
added 2024/12/05 12:0 a.m.24 views

CVE-2024-53470

Multiple stored cross-site scripting XSS vulnerabilities in the component /configuracao/gatewaypagamento.php of WeGIA v3.2.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the id or name parameter...

0.0042EPSS
Exploits1References3
OSV
OSV
added 2024/11/18 6:15 a.m.4 views

CVE-2024-52944

An issue was discovered in Veritas Enterprise Vault before 15.1 UPD882911, ZDI-CAN-24698. It allows an authenticated remote attacker to inject a parameter into an HTTP request, allowing for Cross-Site Scripting while viewing archived content. This could reflect back to an authenticated user witho...

5.4CVSS5.8AI score0.00343EPSS
Exploits0References1
NVD
NVD
added 2024/11/18 6:15 a.m.15 views

CVE-2024-52944

An issue was discovered in Veritas Enterprise Vault before 15.1 UPD882911, ZDI-CAN-24698. It allows an authenticated remote attacker to inject a parameter into an HTTP request, allowing for Cross-Site Scripting while viewing archived content. This could reflect back to an authenticated user witho...

5.4CVSS0.00343EPSS
Exploits0References1
OSV
OSV
added 2024/11/18 6:15 a.m.3 views

CVE-2024-52943

An issue was discovered in Veritas Enterprise Vault before 15.1 UPD882911, ZDI-CAN-24697. It allows an authenticated remote attacker to inject a parameter into an HTTP request, allowing for Cross-Site Scripting XSS while viewing archived content. This could reflect back to an authenticated user...

5.4CVSS5.8AI score0.01076EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/11/18 12:0 a.m.14 views

CVE-2024-52944

An issue was discovered in Veritas Enterprise Vault before 15.1 UPD882911, ZDI-CAN-24698. It allows an authenticated remote attacker to inject a parameter into an HTTP request, allowing for Cross-Site Scripting while viewing archived content. This could reflect back to an authenticated user witho...

5.4CVSS0.00343EPSS
Exploits0References1
CNNVD
CNNVD
added 2024/11/18 12:0 a.m.2 views

Veritas Enterprise Vault 安全漏洞

Veritas Enterprise Vault is a Veritas platform for capturing, archiving, and discovering information across all communications platforms. A security vulnerability exists in Veritas Enterprise Vault versions prior to 15.1 UPD882911, which stems from a vulnerability that allows an authenticated,...

5.4CVSS5.5AI score0.01076EPSS
Exploits0References2
CNNVD
CNNVD
added 2024/11/18 12:0 a.m.2 views

Veritas Enterprise Vault 安全漏洞

Veritas Enterprise Vault is a Veritas platform for capturing, archiving, and discovering information across all communications platforms. A security vulnerability exists in Veritas Enterprise Vault versions prior to 15.1 UPD882911, which stems from a vulnerability that allows an authenticated,...

5.4CVSS5.5AI score0.00343EPSS
Exploits0References2
CNNVD
CNNVD
added 2024/11/18 12:0 a.m.1 views

Veritas Enterprise Vault 安全漏洞

Veritas Enterprise Vault is a Veritas platform for capturing, archiving, and discovering information across all communications platforms. A security vulnerability exists in Veritas Enterprise Vault versions prior to 15.1 UPD882911, which stems from a vulnerability that allows an authenticated,...

5.4CVSS5.5AI score0.00335EPSS
Exploits0References2
CNNVD
CNNVD
added 2024/11/18 12:0 a.m.2 views

Veritas Enterprise Vault 安全漏洞

Veritas Enterprise Vault is a Veritas platform for capturing, archiving, and discovering information across all communications platforms. A security vulnerability exists in Veritas Enterprise Vault versions prior to 15.1 UPD882911, which stems from a vulnerability that allows an authenticated,...

5.4CVSS5.5AI score0.00343EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2024/11/17 12:0 a.m.4 views

PT-2024-35495 · Veritas · Veritas Enterprise Vault

Name of the Vulnerable Software and Affected Versions: Veritas Enterprise Vault versions prior to 15.1 UPD882911 Description: The issue allows an authenticated remote attacker to inject a parameter into an HTTP request, enabling Cross-Site Scripting while viewing archived content. This could...

5.4CVSS6.5AI score0.00343EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2024/11/17 12:0 a.m.3 views

PT-2024-35492 · Veritas · Veritas Enterprise Vault

Name of the Vulnerable Software and Affected Versions: Veritas Enterprise Vault versions prior to 15.1 UPD882911 Description: The issue allows an authenticated remote attacker to inject a parameter into an HTTP request, enabling Cross-Site Scripting XSS while viewing archived content. This could...

5.4CVSS6.1AI score0.00335EPSS
Exploits0References6
CNNVD
CNNVD
added 2024/11/13 12:0 a.m.2 views

Ivanti Connect Secure和Ivanti Policy Secure 参数注入漏洞

Ivanti Connect Secure and Ivanti Policy Secure are both products of Ivanti Corporation, U.S.A. Ivanti Connect Secure is a secure remote network connection tool.Ivanti Policy Secure is a network access control NAC solution. A parameter injection vulnerability exists in Ivanti Connect Secure versio...

9.1CVSS9.4AI score0.01899EPSS
Exploits0References3
CNNVD
CNNVD
added 2024/11/13 12:0 a.m.2 views

Ivanti Connect Secure和Ivanti Policy Secure 参数注入漏洞

Ivanti Connect Secure and Ivanti Policy Secure are both products of Ivanti Corporation, U.S.A. Ivanti Connect Secure is a secure remote network connection tool.Ivanti Policy Secure is a network access control NAC solution. A parameter injection vulnerability exists in Ivanti Connect Secure versio...

9.1CVSS9.3AI score0.01744EPSS
Exploits0References3
CNNVD
CNNVD
added 2024/11/13 12:0 a.m.3 views

Ivanti Connect Secure和Ivanti Policy Secure 参数注入漏洞

Ivanti Connect Secure and Ivanti Policy Secure are both products of Ivanti Corporation, U.S.A. Ivanti Connect Secure is a secure remote network connection tool.Ivanti Policy Secure is a network access control NAC solution. A parameter injection vulnerability exists in Ivanti Connect Secure versio...

9.1CVSS9.4AI score0.01744EPSS
Exploits0References3
Rows per page
Query Builder