Lucene search
K

925 matches found

Vulnrichment
Vulnrichment
added 2024/02/21 2:47 a.m.14 views

CVE-2023-42498

Reflected cross-site scripting XSS vulnerability in the Language Override edit screen in Liferay Portal 7.4.3.8 through 7.4.3.97, and Liferay DXP 2023.Q3 before patch 5, and 7.4 update 4 through 92 allows remote attackers to inject arbitrary web script or HTML via the...

9.6CVSS5.7AI score0.00611EPSS
Exploits0References1
Exploit DB
Exploit DB
added 2024/02/05 12:0 a.m.476 views

WhatsUp Gold 2022 (22.1.0 Build 39) - XSS

Exploit Title: WhatsUpGold 22.1.0 - Stored Cross-Site Scripting XSS Date: April 18, 2023 Exploit Author: Andreas Finstad 4ndr34z Vendor Homepage: https://www.whatsupgold.com Version: v.22.1.0 Build 39 Tested on: Windows 2022 Server CVE : CVE-2023-35759 Reference:...

6.1CVSS6.3AI score0.0213EPSS
Exploits3
NVD
NVD
added 2024/01/15 2:15 p.m.15 views

CVE-2023-42135

PAX A920Pro/A50 devices with PayDroid8.1.0SagittariusV11.1.5020230614 or earlier can allow local code execution via parameter injection by bypassing the input validation when flashing a specific partition. The attacker must have physical USB access to the device in order to exploit this...

6.8CVSS6.8AI score0.00591EPSS
Exploits1References4
OSV
OSV
added 2024/01/15 2:15 p.m.3 views

CVE-2023-42135

PAX A920Pro/A50 devices with PayDroid8.1.0SagittariusV11.1.5020230614 or earlier can allow local code execution via parameter injection by bypassing the input validation when flashing a specific partition. The attacker must have physical USB access to the device in order to exploit this...

6.8CVSS6.2AI score0.00663EPSS
Exploits2References4
Prion
Prion
added 2024/01/15 2:15 p.m.14 views

Input validation

PAX A920Pro/A50 devices with PayDroid8.1.0SagittariusV11.1.5020230614 or earlier can allow local code execution via parameter injection by bypassing the input validation when flashing a specific partition. The attacker must have physical USB access to the device in order to exploit this...

4.6CVSS7.5AI score0.00663EPSS
Exploits2References4Affected Software1
Cvelist
Cvelist
added 2024/01/15 1:28 p.m.21 views

CVE-2023-42135

PAX A920Pro/A50 devices with PayDroid8.1.0SagittariusV11.1.5020230614 or earlier can allow local code execution via parameter injection by bypassing the input validation when flashing a specific partition. The attacker must have physical USB access to the device in order to exploit this...

6.8CVSS7AI score0.00591EPSS
Exploits1References4
CVE
CVE
added 2024/01/15 1:28 p.m.45 views

CVE-2023-42135

CVE-2023-42135 details (PAX A920Pro/A50) affect PayDroid_8.1.0_Sagittarius_V11.1.50_20230614 or earlier on PAX Android POS devices. The vulnerability allows local code execution by bypassing input validation during flashing of a specific partition, via parameter injection in the flashing process....

6.8CVSS7AI score0.00591EPSS
Exploits1References4Affected Software1
CNNVD
CNNVD
added 2024/01/15 12:0 a.m.3 views

PAX Technology A920 Security Vulnerability

PAX Technology A920 is an Android mobile payment terminal from PAX Technology. A security vulnerability exists in PAX Technology A920 PayDroid8.1.0SagittariusV11.1.4520230314 and prior versions, which originates from the ability to bypass input validation when refreshing a specific partition, and...

7.6CVSS7.2AI score0.00663EPSS
Exploits2References5
CNNVD
CNNVD
added 2023/12/29 12:0 a.m.4 views

Apache OpenOffice Parameter Injection Vulnerability

Apache OpenOffice is an open source office software suite from the U.S. Apache Apache Foundation. The suite contains text documents, spreadsheets, presentations, drawings, databases and more. A security vulnerability exists in Apache OpenOffice versions 4.1.14 and earlier, which stems from a...

8.8CVSS7.2AI score0.02727EPSS
Exploits0References5
CNNVD
CNNVD
added 2023/12/26 12:0 a.m.4 views

Buffalo VR-S1000 Security Vulnerability

The Buffalo VR-S1000 is a VPN router from Buffalo, Japan. A security vulnerability exists in the Buffalo VR-S1000 version 2.37 and earlier, which stems from a parameter injection vulnerability that could allow an authenticated attacker to access the product's command line interface to execute...

7.8CVSS7.7AI score0.0025EPSS
Exploits0References3
CNNVD
CNNVD
added 2023/12/25 12:0 a.m.4 views

Nipah virus Testing Management System SQL Injection Vulnerability

Nipah Virus Testing Management System is an online virus diagnostic platform. A SQL injection vulnerability exists in version 1.0 of the PHPGurukul Nipah Virus Testing Management System, which stems from some unknown processing in bwdates-report-result.php that leads to SQL injection via the...

9.8CVSS8AI score0.00553EPSS
Exploits0References2
NVD
NVD
added 2023/12/24 10:15 p.m.27 views

CVE-2023-7102

Use of a Third Party library produced a vulnerability in Barracuda Networks Inc. Barracuda ESG Appliance which allowed Parameter Injection.This issue affected Barracuda ESG Appliance, from 5.1.3.001 through 9.2.1.001, until Barracuda removed the vulnerable logic...

9.8CVSS0.43323EPSS
Exploits2References6
ATTACKERKB
ATTACKERKB
added 2023/12/24 10:15 p.m.30 views

CVE-2023-7102

Use of a Third Party library produced a vulnerability in Barracuda Networks Inc. Barracuda ESG Appliance which allowed Parameter Injection.This issue affected Barracuda ESG Appliance, from 5.1.3.001 through 9.2.1.001, until Barracuda removed the vulnerable logic...

9.8CVSS7.5AI score0.43323EPSS
In wildExploits2References8
OSV
OSV
added 2023/12/24 10:15 p.m.4 views

CVE-2023-7102

Use of a Third Party library produced a vulnerability in Barracuda Networks Inc. Barracuda ESG Appliance which allowed Parameter Injection.This issue affected Barracuda ESG Appliance, from 5.1.3.001 through 9.2.1.001, until Barracuda removed the vulnerable logic...

9.8CVSS5.8AI score0.43323EPSS
Exploits2References6
Prion
Prion
added 2023/12/24 10:15 p.m.29 views

Design/Logic Flaw

Use of a Third Party library produced a vulnerability in Barracuda Networks Inc. Barracuda ESG Appliance which allowed Parameter Injection.This issue affected Barracuda ESG Appliance, from 5.1.3.001 through 9.2.1.001, until Barracuda removed the vulnerable logic...

7.5CVSS7.2AI score0.43323EPSS
Exploits2References6Affected Software5
Cvelist
Cvelist
added 2023/12/24 9:47 p.m.31 views

CVE-2023-7102 Remote Code Execution (RCE) Vulnerability

Use of a Third Party library produced a vulnerability in Barracuda Networks Inc. Barracuda ESG Appliance which allowed Parameter Injection.This issue affected Barracuda ESG Appliance, from 5.1.3.001 through 9.2.1.001, until Barracuda removed the vulnerable logic...

9.7AI score0.43323EPSS
Exploits2References6
CVE
CVE
added 2023/12/24 9:47 p.m.229 views

CVE-2023-7102

CVE-2023-7102 is a Barracuda ESG Appliance vulnerability caused by a vulnerable third-party library that allowed parameter injection. Affected versions span 5.1.3.001–9.2.1.001; Barracuda removed the vulnerable logic to fix the issue. No explicit exploitation details are provided in the available...

9.8CVSS9.4AI score0.43323EPSS
In wildExploits2References6Affected Software1
CNNVD
CNNVD
added 2023/12/24 12:0 a.m.4 views

Barracuda Email Security Gateway Security Vulnerability

Barracuda Email Security Gateway is an email security gateway from Barracuda that manages and filters all inbound and outbound email traffic to protect organizations from email threats and data breaches. A security vulnerability exists in Barracuda Email Security Gateway versions 5.1.3.001 throug...

9.8CVSS6.9AI score0.43323EPSS
Exploits2References7
VulnCheck KEV
VulnCheck KEV
added 2023/12/24 12:0 a.m.6 views

VulnCheck KEV: CVE-2023-7102

Use of a Third Party library produced a vulnerability in Barracuda Networks Inc. Barracuda ESG Appliance which allowed Parameter Injection.This issue affected Barracuda ESG Appliance, from 5.1.3.001 through 9.2.1.001, until Barracuda removed the vulnerable logic...

9.8CVSS7.4AI score0.43323EPSS
Exploits2References1
OSV
OSV
added 2023/12/07 7:15 a.m.5 views

CVE-2023-48827

Time Slots Booking Calendar 4.0 is vulnerable to Multiple HTML Injection issues via the name, pluginsmsapikey, pluginsmscountrycode, calendarid, title, country name, or customername parameter...

5.4CVSS5.8AI score0.00465EPSS
Exploits2References2
Rows per page
Query Builder