Lucene search
K

925 matches found

CNNVD
CNNVD
added 2023/12/06 12:0 a.m.5 views

Jellyfin Parameter Injection Vulnerability

Jellyfin is a freeware media system. It allows you to control the management and streaming of media. It is an alternative to the proprietary Emby and Plex, and can serve media from a dedicated server to end-user devices through multiple applications. A parameter injection vulnerability exists in...

8.8CVSS8.5AI score0.01251EPSS
Exploits1References7
CVE
CVE
added 2023/10/05 5:25 p.m.49 views

CVE-2023-43069

Dell SmartFabric Storage Software versions 1.4 and earlier are affected by an OS command injection vulnerability in the CLI. An authenticated local attacker could potentially inject parameters to curl or docker, enabling arbitrary command execution. Impact includes possible compromise of confiden...

7.8CVSS7.6AI score0.00468EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2023/09/30 10:15 p.m.1 views

CVE-2023-43720

Os Commerce is currently susceptible to a Cross-Site Scripting XSS vulnerability. This vulnerability allows attackers to inject JS through the "BILLINGGENDERTITLE1" parameter, potentially leading to unauthorized execution of scripts within a user's web browser...

5.4CVSS5.9AI score0.00431EPSS
Exploits1References2
NVD
NVD
added 2023/09/30 9:15 p.m.15 views

CVE-2023-43715

Os Commerce is currently susceptible to a Cross-Site Scripting XSS vulnerability. This vulnerability allows attackers to inject JS through the "ENTRYFIRSTNAMEMINLENGTHTITLE1" parameter, potentially leading to unauthorized execution of scripts within a user's web browser...

5.4CVSS5.3AI score0.00431EPSS
Exploits1References2
OSV
OSV
added 2023/09/28 9:15 p.m.3 views

CVE-2023-43013

Asset Management System v1.0 is vulnerable to an unauthenticated SQL Injection vulnerability on the 'email' parameter of index.php page, allowing an external attacker to dump all the contents of the database contents and bypass the login control...

9.8CVSS5.9AI score0.00713EPSS
Exploits1References2
OSV
OSV
added 2023/09/20 7:15 p.m.8 views

CVE-2023-43377

A cross-site scripting XSS vulnerability in /hoteldruid/visualizzacontratto.php of Hoteldruid v3.0.5 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the destinatarioemail1 parameter...

5.4CVSS5.6AI score
Exploits0References1
CNNVD
CNNVD
added 2023/09/19 12:0 a.m.3 views

Blamer Parameter Injection Vulnerability

Blamer is a tool for obtaining code author information from a version control system. A security vulnerability exists in Blamer versions prior to 1.0.4, which stems from an arbitrary parameter injection vulnerability in the blameByFile API...

9.1CVSS7.3AI score0.00924EPSS
Exploits1References4
ATTACKERKB
ATTACKERKB
added 2023/09/05 10:15 p.m.4 views

CVE-2023-41507

Super Store Finder v3.6 was discovered to contain multiple SQL injection vulnerabilities in the store locator component via the products, distance, lat, and lng parameters...

9.8CVSS7.4AI score0.00784EPSS
Exploits2References3
Positive Technologies
Positive Technologies
added 2023/09/01 12:0 a.m.8 views

PT-2023-27085 · Unknown · Free/Open Source Inventory Management System

Name of the Vulnerable Software and Affected Versions: Free and Open Source Inventory Management System version 1.0 Description: The issue allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Name, Address, and Company parameters under the "Add New...

6.1CVSS6.7AI score0.00537EPSS
Exploits1References5
ATTACKERKB
ATTACKERKB
added 2023/08/25 10:15 p.m.2 views

CVE-2023-39288

A vulnerability in the Connect Mobility Router component of Mitel MiVoice Connect through 9.6.2304.102 could allow an authenticated attacker with elevated privileges and internal network access to conduct a command argument injection due to insufficient parameter sanitization. A successful exploi...

5.5CVSS6AI score0.00509EPSS
Exploits0References3
CNNVD
CNNVD
added 2023/08/25 12:0 a.m.2 views

Mitel MiVoice Connect 参数注入漏洞

Mitel MiVoice Connect is Mitel Canada's software for centralized management of Mitel Networks' call processing and collaboration tools. A security vulnerability exists in Mitel MiVoice Connect that arises from insufficient cleaning of parameters...

5.5CVSS5.7AI score0.00509EPSS
Exploits0References3
CNNVD
CNNVD
added 2023/08/25 12:0 a.m.7 views

Mitel MiVoice Connect 参数注入漏洞

Mitel MiVoice Connect is Mitel Canada's software for centralized management of Mitel Networks' call processing and collaboration tools. A security vulnerability exists in Mitel MiVoice Connect that arises from insufficient cleaning of parameters...

5.5CVSS5.7AI score0.00509EPSS
Exploits0References3
CNNVD
CNNVD
added 2023/08/04 12:0 a.m.7 views

Connected IO Parameter Injection Vulnerability

Connected IO is a leading hardware, software and cloud-based IoT and machine-to-machine solution from US-based Connected IO, Inc. A security vulnerability exists in Connected IO ER2000 v2.1.0 and earlier versions, which stems from a parameter injection vulnerability in the iptables command in the...

9.8CVSS8AI score0.00819EPSS
Exploits0References3
CNNVD
CNNVD
added 2023/08/04 12:0 a.m.5 views

Connected IO Parameter Injection Vulnerability

Connected IO is a leading hardware, software and cloud-based IoT and machine-to-machine solution from US-based Connected IO, Inc. A security vulnerability exists in Connected IO ER2000 v2.1.0 and earlier versions, which stems from a parameter injection vulnerability in the AT command in the...

9.8CVSS8AI score0.00819EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2023/08/03 9:12 p.m.8 views

CVE-2023-30952 Foundry Issues reporterPath phishing by parameter injection

A security defect was discovered in Foundry Issues that enabled users to create convincing phishing links by editing the request sent when creating an Issue. This defect was resolved in Frontend release 6.228.0...

5CVSS6.9AI score0.00367EPSS
Exploits0References1
Cvelist
Cvelist
added 2023/08/03 9:12 p.m.27 views

CVE-2023-30952 Foundry Issues reporterPath phishing by parameter injection

A security defect was discovered in Foundry Issues that enabled users to create convincing phishing links by editing the request sent when creating an Issue. This defect was resolved in Frontend release 6.228.0...

5CVSS5.4AI score0.00367EPSS
Exploits0References1
CNNVD
CNNVD
added 2023/07/26 12:0 a.m.3 views

Amanda 参数注入漏洞

Amanda is an automated network disk archiver organized by the University of Maryland at College Park. Allows IT administrators to set up a single primary backup server to back up multiple hosts to tape drives/converters or disks or optical media over a network. A security vulnerability exists in...

7.8CVSS7.1AI score0.00459EPSS
Exploits1References7
Vulnrichment
Vulnrichment
added 2023/07/07 12:0 a.m.15 views

CVE-2023-37172

TOTOLINK A3300R V17.0.0cu.557B20221024 was discovered to contain a command injection vulnerability via the ip parameter in the setDiagnosisCfg function...

8AI score0.01674EPSS
Exploits1References1
CNNVD
CNNVD
added 2023/05/31 12:0 a.m.4 views

Dcat Admin 跨站脚本漏洞

Dcat Admin is a backend system builder based on the secondary development of laravel-admin by Jiang Qinghua, an individual developer. A security vulnerability exists in Dcat Admin v2.1.3-beta that could allow an attacker to execute arbitrary web script or HTML via URL parameter injection with a...

5.4CVSS6.1AI score0.00398EPSS
Exploits1References2
CNNVD
CNNVD
added 2023/05/27 12:0 a.m.7 views

Docker Desktop 参数注入漏洞

Docker Desktop is a container technology-based desktop software for lightweight deployment of applications from the U.S. company Docker. The product provides a desktop environment that supports creating a container lightweight virtual machine and deploying and running applications on...

7.8CVSS7.4AI score0.00269EPSS
Exploits0References3
Rows per page
Query Builder