Lucene search
K

925 matches found

OSV
OSV
added 2024/05/14 3:38 p.m.4 views

CVE-2024-34231

A cross-site scripting XSS vulnerability in Sourcecodester Laboratory Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the System Short Name parameter...

7.1CVSS5.9AI score0.00486EPSS
Exploits1References1
OSV
OSV
added 2024/05/08 3:15 p.m.2 views

CVE-2024-25526

RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the projectid parameter at /ProjectManage/pmgattinc.aspx...

8.1CVSS5.8AI score0.00591EPSS
Exploits1References1
CNNVD
CNNVD
added 2024/05/03 12:0 a.m.3 views

Inductive Automation Ignition 安全漏洞

Inductive Automation Ignition is an integrated software platform for SCADA systems from Inductive Automation, USA. The platform supports SCADA Data Acquisition and Monitoring Systems, HMI Human Machine Interface, and more. Inductive Automation Ignition has a security vulnerability that originates...

8.8CVSS9.1AI score0.01386EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2024/05/03 12:0 a.m.4 views

PT-2024-31202 · Gescen · Gescen

Name of the Vulnerable Software and Affected Versions: Gescen affected versions not specified Description: The issue allows an attacker to send a specially crafted SQL query to the pass parameter and retrieve all the data stored in the database. This is a SQL injection vulnerability...

9.8CVSS7.6AI score0.00504EPSS
Exploits0References3
CNNVD
CNNVD
added 2024/05/02 12:0 a.m.7 views

Mitel 6800 SIP 和 6900 SIP 安全漏洞

The Mitel 6800 SIP and Mitel 6900 SIP are both products of Mitel Canada.The Mitel 6800 SIP is a 6800 SIP series IP phone.The Mitel 6900 SIP is a 6900 SIP series IP phone. A security vulnerability exists in the Mitel 6800 SIP and 6900 SIP that stems from insufficient parameter cleanup, which allow...

6.2CVSS6.9AI score0.00441EPSS
Exploits0References2
NVD
NVD
added 2024/04/29 7:15 p.m.37 views

CVE-2024-0840

The Grandstream UCM Series IP PBX before firmware version 1.0.20.52 is affected by a parameter injection vulnerability in the HTTP interface. A remote and authenticated attacker can execute arbitrary code by sending a crafted HTTP request. Authentication may be possible using a default user and...

8.8CVSS8.8AI score0.0088EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/04/29 6:42 p.m.21 views

CVE-2024-0840 Grandstream UCM Series IP PBX HTTP Parameter Injection

The Grandstream UCM Series IP PBX before firmware version 1.0.20.52 is affected by a parameter injection vulnerability in the HTTP interface. A remote and authenticated attacker can execute arbitrary code by sending a crafted HTTP request. Authentication may be possible using a default user and...

8.8CVSS8AI score0.0088EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/04/29 6:42 p.m.45 views

CVE-2024-0840 Grandstream UCM Series IP PBX HTTP Parameter Injection

The Grandstream UCM Series IP PBX before firmware version 1.0.20.52 is affected by a parameter injection vulnerability in the HTTP interface. A remote and authenticated attacker can execute arbitrary code by sending a crafted HTTP request. Authentication may be possible using a default user and...

8.8CVSS9AI score0.0088EPSS
Exploits0References1
CVE
CVE
added 2024/04/29 6:42 p.m.66 views

CVE-2024-0840

CVE-2024-0840 affects Grandstream UCM Series IP PBX firmwares prior to 1.0.20.52 (UCM6202/6204/6208/6510). A parameter injection vulnerability in the HTTP interface allows a remote, authenticated attacker to execute arbitrary code by sending a crafted HTTP request; authentication may be possible ...

8.8CVSS8AI score0.0088EPSS
Exploits0References1
CNNVD
CNNVD
added 2024/04/22 12:0 a.m.2 views

phpFox 安全漏洞

phpFox is a social networking platform from phpFox Inc. A security vulnerability exists in phpFox version v4.8.9. An attacker can exploit this vulnerability to execute arbitrary web script or HTML by injecting a specially crafted payload with the History parameter...

7.1CVSS6.8AI score0.00314EPSS
Exploits0References3
CVE
CVE
added 2024/04/19 12:0 a.m.58 views

CVE-2024-32206

CVE-2024-32206 describes a stored XSS in WUZHICMS v4.1.0, specifically the \affiche\admin\index.php component, where a crafted payload in the $formdata parameter can cause arbitrary web script/HTML execution. The vulnerability is documented across multiple sources (NVD/Red HatOSV/CVE lists) with ...

4.6CVSS5.6AI score0.00498EPSS
Exploits1References3Affected Software1
CVE
CVE
added 2024/04/17 12:0 a.m.50 views

CVE-2024-32339

WonderCMS v3.4.3 has multiple XSS vulnerabilities on the HOW TO page. The flaws arise from insufficient input filtering/escaping on the HOW TO page, allowing an attacker to inject arbitrary web scripts/HTML via crafted payloads into parameters. Per sources, this can lead to theft of cookie-based ...

6.1CVSS6AI score0.00404EPSS
Exploits1References1Affected Software1
CNNVD
CNNVD
added 2024/04/17 12:0 a.m.4 views

HashiCorp go-getter 安全漏洞

HashiCorp go-getter is a library for Go golang from HashiCorp, USA, used to download files or directories from various sources using URLs as the primary form of input. A security vulnerability exists in HashiCorp go-getter versions 1.5.9 through 1.7.3 that stems from vulnerability to parameter...

9.8CVSS7.2AI score0.01329EPSS
Exploits0References3
CNNVD
CNNVD
added 2024/04/16 12:0 a.m.2 views

Checkmk 安全漏洞

Checkmk is an editor. A security vulnerability exists in Checkmk versions 2.0.0 through 2.3.0 that stems from the presence of a parameter injection vulnerability...

6.5CVSS6.9AI score0.00314EPSS
Exploits0References2
CNNVD
CNNVD
added 2024/04/15 12:0 a.m.4 views

aEnrich a+HRD 参数注入漏洞

aEnrich a+HRD is an all-around human resource development solution from Acer China aEnrich. A parameter injection vulnerability exists in aEnrich a+HRD version 6.8, 7.0, 7.1, 7.2. The vulnerability stems from the file download function of youtube-dl.exe not properly restricting the user input,...

7.5CVSS7.3AI score0.00408EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2024/04/03 12:0 a.m.4 views

PT-2024-2666

Name of the Vulnerable Software and Affected Versions D-Link DNS-320L affected versions not specified D-Link DNS-325 affected versions not specified D-Link DNS-327L affected versions not specified D-Link DNS-340L affected versions not specified Description A critical issue exists in the HTTP GET...

9.8CVSS7.6AI score0.99997EPSS
Exploits8References109
CNNVD
CNNVD
added 2024/03/01 12:0 a.m.6 views

Commend WS203VICM Parameter Injection Vulnerability

The Commend WS203VICM is a vandalism prevention station with a camera and call button from Commend. The Commend WS203VICM suffers from a parameter injection vulnerability that originates from a vulnerability that allows an unauthenticated, remote attacker to send a crafted message to the web serv...

8.6CVSS7.2AI score0.00621EPSS
Exploits0References3
CNNVD
CNNVD
added 2024/03/01 12:0 a.m.5 views

Commend WS203VICM Parameter Injection Vulnerability

The Commend WS203VICM is a vandalism prevention station with a camera and call button from Commend. A parameter injection vulnerability exists in the Commend WS203VICM that originates from weakly encoding credentials used to transmit the WS203VICM...

5.7CVSS7.2AI score0.00246EPSS
Exploits0References3
OSV
OSV
added 2024/02/29 1:43 a.m.2 views

CVE-2024-1206

The WP Recipe Maker plugin for WordPress is vulnerable to SQL Injection via the 'recipes' parameter in all versions up to, and including, 9.1.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for...

8.8CVSS5.9AI score
Exploits0References7
NVD
NVD
added 2024/02/21 3:15 a.m.23 views

CVE-2023-42498

Reflected cross-site scripting XSS vulnerability in the Language Override edit screen in Liferay Portal 7.4.3.8 through 7.4.3.97, and Liferay DXP 2023.Q3 before patch 5, and 7.4 update 4 through 92 allows remote attackers to inject arbitrary web script or HTML via the...

9.6CVSS7.8AI score0.00611EPSS
Exploits0References1
Rows per page
Query Builder