Lucene search
K

4606 matches found

Positive Technologies
Positive Technologies
added 2023/04/24 12:0 a.m.4 views

PT-2023-22823 · Jellyfin · Jellyfin

Name of the Vulnerable Software and Affected Versions: Jellyfin versions 10.8.0 through 10.8.10 Description: The issue is related to a directory traversal vulnerability inside the ClientLogController, specifically /ClientLog/Document. This vulnerability can be combined with a cross-site scripting...

8.8CVSS6.8AI score0.01972EPSS
Exploits2References16
Positive Technologies
Positive Technologies
added 2023/04/22 12:0 a.m.3 views

PT-2023-18484 · Podofo · Podofo

Name of the Vulnerable Software and Affected Versions: PoDoFo version 0.10.0 Description: A critical vulnerability was found in PoDoFo, affecting the function readXRefStreamEntry of the file PdfXRefStreamParserObject.cpp. The manipulation leads to heap-based buffer overflow. An attack must be...

7.8CVSS5.8AI score0.00372EPSS
Exploits1References15
Positive Technologies
Positive Technologies
added 2023/04/19 12:0 a.m.7 views

PT-2023-21342 · Unknown · Online Jewelry Shop

Name of the Vulnerable Software and Affected Versions: Online Jewelry Shop version 1.0 Description: A cross-site scripting XSS issue was discovered that allows attackers to execute arbitrary script via a crafted URL. Recommendations: For Online Jewelry Shop version 1.0, consider disabling the...

5.4CVSS5.6AI score0.00365EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2023/04/18 11:31 p.m.9 views

CVE-2023-29519 Code injection in org.xwiki.platform:xwiki-platform-attachment-ui

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. A registered user can perform remote code execution leading to privilege escalation by injecting the proper code in the "property" field of an attachment selector, as a gadget of their own...

9CVSS9.6AI score0.01945EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2023/04/18 12:0 a.m.6 views

PT-2023-22448 · Wbce Cms · Wbce Cms

Name of the Vulnerable Software and Affected Versions: WBCE CMS version 1.5.3 Description: The issue is a command execution vulnerability. It can be exploited via the admin/languages/install.php endpoint. Recommendations: For WBCE CMS version 1.5.3, consider disabling access to the...

7.2CVSS6.8AI score0.01247EPSS
Exploits1References6
CBLMariner
CBLMariner
added 2023/04/16 1:4 a.m.21 views

CVE-2022-41724 affecting package msft-golang for versions less than 1.19.6-1

CVE-2022-41724 affecting package msft-golang for versions less than 1.19.6-1. A patched version of the package is available...

7.5CVSS9.2AI score0.01111EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2023/04/16 12:0 a.m.44 views

FreeBSD : libxml2 -- multiple vulnerabilities (0bd7f07b-dc22-11ed-bf28-589cfc0f81b0)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the 0bd7f07b-dc22-11ed-bf28-589cfc0f81b0 advisory. - The libxml2 project reports: Hashing of empty dict strings isn't deterministic Fix null dere...

6.5CVSS7.3AI score0.01086EPSS
Exploits1References5
Vulnrichment
Vulnrichment
added 2023/04/14 7:30 p.m.8 views

CVE-2023-30535 Snowflake JDBC vulnerable to command injection via SSO URL authentication

Snowflake JDBC provides a JDBC type 4 driver that supports core functionality, allowing Java program to connect to Snowflake. Users of the Snowflake JDBC driver were vulnerable to a command injection vulnerability. An attacker could set up a malicious, publicly accessible server which responds to...

7.3CVSS9AI score0.01668EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2023/04/14 12:0 a.m.4 views

PT-2023-3156 · Totolink · Totolink X18

Name of the Vulnerable Software and Affected Versions: TOTOLINK X18 version V9.1.0cu.2024 B20220329 Description: The issue is related to insufficient argument validation in the UploadFirmwareFile function of the TOTOLINK X18 router's firmware, allowing a remote attacker to execute arbitrary...

10CVSS9.5AI score0.02014EPSS
Exploits1References4
Patchstack
Patchstack
added 2023/04/13 12:0 a.m.8 views

WordPress W4 Post List Plugin < 2.4.6 is vulnerable to Cross Site Scripting (XSS)

Software W4 Post List Type Plugin Vulnerable versions 2.4.6 Fixed in 2.4.6 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-1373 Patch priority High CVSS severity High 7.1 Developer Claim ownership PSID ad8aa4c045d1 Credits Erwan LR WPScan Required...

6.1CVSS5.6AI score0.00458EPSS
Exploits2References4Affected Software1
Positive Technologies
Positive Technologies
added 2023/04/11 12:0 a.m.5 views

PT-2023-22316 · Bento4 · Bento4

Name of the Vulnerable Software and Affected Versions: Bento4 version 1.6.0-639 Description: A segmentation violation was discovered in the AP4 TrunAtom::SetDataOffsetint function in Ap4TrunAtom.h. Recommendations: For Bento4 version 1.6.0-639, as a temporary workaround, consider disabling the AP...

5.5CVSS5.3AI score0.00291EPSS
Exploits1References4
CBLMariner
CBLMariner
added 2023/04/07 4:59 a.m.17 views

CVE-2022-3707 affecting package kernel 5.10.172.1-1

CVE-2022-3707 affecting package kernel 5.10.172.1-1. A patched version of the package is available...

5.5CVSS8AI score0.00224EPSS
Exploits0
CBLMariner
CBLMariner
added 2023/04/07 4:59 a.m.14 views

CVE-2023-1118 affecting package kernel 5.10.172.1-1

CVE-2023-1118 affecting package kernel 5.10.172.1-1. A patched version of the package is available...

7.8CVSS7.9AI score0.00286EPSS
Exploits0
CBLMariner
CBLMariner
added 2023/04/07 4:59 a.m.25 views

CVE-2022-45142 affecting package heimdal 7.7.1-1

CVE-2022-45142 affecting package heimdal 7.7.1-1. A patched version of the package is available...

7.5CVSS7.5AI score0.00491EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2023/04/07 12:0 a.m.4 views

PT-2023-17353 · Unknown · Zhenfeng13 My-Blog

Name of the Vulnerable Software and Affected Versions: zhenfeng13 My-Blog affected versions not specified Description: A problematic issue was found in the software, affecting an unknown function of the file /admin/configurations/userInfo. The manipulation of the arguments yourAvatar, yourName, a...

5CVSS4.9AI score0.0033EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2023/04/07 12:0 a.m.5 views

PT-2023-19989 · Tenda · Tenda Ac5

Name of the Vulnerable Software and Affected Versions: Tenda AC5 version US AC5V1.0RTL V15.03.06.28 Description: The issue is related to a stack overflow via the form fast setting wifi set function, which can be exploited to cause a Denial of Service DoS or execute arbitrary code using a crafted...

9.8CVSS9.6AI score0.00959EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2023/04/06 12:0 a.m.5 views

PT-2023-5839 · Triangle Microworks · Scada Data Gateway

Name of the Vulnerable Software and Affected Versions: Triangle MicroWorks SCADA Data Gateway affected versions not specified Description: The issue is related to the disclosure of information in the SCADA Data Gateway system. It allows remote attackers to disclose sensitive information on affect...

5.3CVSS6.4AI score0.00539EPSS
Exploits0References8
Patchstack
Patchstack
added 2023/04/06 12:0 a.m.18 views

WordPress Product Catalog Simple Plugin <= 1.6.17 is vulnerable to Cross Site Scripting (XSS)

Software Product Catalog Simple Type Plugin Vulnerable versions = 1.6.17 Fixed in 1.7.0 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-29388 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 48939529292d Credits minhtuana...

7.1CVSS5.6AI score0.00382EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2023/04/05 12:0 a.m.9 views

PT-2023-17280 · Unknown · Sourcecodester Online Payroll System

Name of the Vulnerable Software and Affected Versions: SourceCodester Online Payroll System version 1.0 Description: A critical issue has been found in the system, affecting an unknown function of the file /admin/attendance row.php. The manipulation of the id argument leads to sql injection,...

9.8CVSS6.7AI score0.00808EPSS
Exploits1References7
Positive Technologies
Positive Technologies
added 2023/04/04 12:0 a.m.6 views

PT-2023-21333 · Wondershare · Wondershare Anireel

Name of the Vulnerable Software and Affected Versions: Wondershare Anireel version 1.5.4 Description: An issue in Wondershare Anireel allows a remote attacker to execute arbitrary commands via the anireel setup full9589.exe file. Recommendations: For Wondershare Anireel version 1.5.4, consider...

7.8CVSS8AI score0.00433EPSS
Exploits1References4
Rows per page
Query Builder