Lucene search
K

4606 matches found

OSV
OSV
added 2023/04/03 2:15 p.m.5 views

AZL-26772 CVE-2023-28625 affecting package mod_auth_openidc for versions less than 2.4.14.2-1

modauthopenidc is an authentication and authorization module for the Apache 2.x HTTP server that implements the OpenID Connect Relying Party functionality. In versions 2.0.0 through 2.4.13.1, when OIDCStripCookies is set and a crafted cookie supplied, a NULL pointer dereference would occur,...

7.5CVSS6.6AI score0.01327EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2023/04/02 12:0 a.m.5 views

PT-2023-17250 · Sourcecodester · Sourcecodester Simple Mobile Comparison Website

Name of the Vulnerable Software and Affected Versions: SourceCodester Simple Mobile Comparison Website version 1.0 Description: A critical issue was found in the file /admin/fields/manage field.php of the component GET Parameter Handler. The manipulation of the id argument leads to sql injection...

9.8CVSS6.9AI score0.00726EPSS
Exploits1References7
Positive Technologies
Positive Technologies
added 2023/03/31 12:0 a.m.5 views

PT-2023-17230 · Sourcecodester · Sourcecodester Grade Point Average Gpa Calculator

Name of the Vulnerable Software and Affected Versions: SourceCodester Grade Point Average GPA Calculator version 1.0 Description: A critical issue has been found, affecting the function get scale of the file Master.php. The manipulation of the argument perc leads to sql injection. The attack can ...

9.8CVSS7.5AI score0.00738EPSS
Exploits1References6
Github Security Blog
Github Security Blog
added 2023/03/30 12:30 p.m.35 views

Use of hard-coded, security-relevant constants in deepset-ai/haystack

Use of Hard-coded, Security-relevant Constants in GitHub repository deepset-ai/haystack in version 1.15.0 and prior. A patch is available at commit 5fc84904f198de661d5b933fde756aa922bf09f1...

9.8CVSS9.1AI score0.00843EPSS
Exploits1References5Affected Software1
Patchstack
Patchstack
added 2023/03/30 12:0 a.m.15 views

WordPress Swatchly – WooCommerce Variation Swatches for Products Plugin <= 1.2.0 is vulnerable to Cross Site Request Forgery (CSRF)

Software Swatchly – WooCommerce Variation Swatches for Products Type Plugin Vulnerable versions = 1.2.0 Fixed in 1.2.1 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-23792 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID...

8.8CVSS7AI score0.00253EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2023/03/30 12:0 a.m.5 views

PT-2023-17189

Name of the Vulnerable Software and Affected Versions deepset-ai/haystack versions prior to 0.1.30 deepset-ai/haystack version 1.15.0 and prior Description The issue is related to the use of hard-coded, security-relevant constants in the GitHub repository deepset-ai/haystack. A patch is available...

9.8CVSS7.3AI score0.00843EPSS
Exploits1References13
Positive Technologies
Positive Technologies
added 2023/03/27 12:0 a.m.3 views

PT-2023-20953 · Unknown · Opengoofy Hippo4J

Name of the Vulnerable Software and Affected Versions: OpenGoofy Hippo4j version 1.4.3 Description: The issue allows an attacker to obtain sensitive information via the ConfigVerifyController function of the Tenant Management module. Recommendations: For OpenGoofy Hippo4j version 1.4.3, consider...

6.5CVSS6.2AI score0.00605EPSS
Exploits1References6
Positive Technologies
Positive Technologies
added 2023/03/25 12:0 a.m.6 views

PT-2023-17129 · Unknown · Jiangmin Antivirus

Name of the Vulnerable Software and Affected Versions: Jianming Antivirus version 16.2.2022.418 Description: A vulnerability was found in the library kvcore.sys of the component IoControlCode Handler, which can lead to denial of service. The manipulation can be launched on the local host. The...

5.5CVSS6.9AI score0.00317EPSS
Exploits1References7
CBLMariner
CBLMariner
added 2023/03/24 11:57 p.m.71 views

CVE-2024-28182 affecting package rust for versions less than 1.68.0-1

CVE-2024-28182 affecting package rust for versions less than 1.68.0-1. A patched version of the package is available...

5.3CVSS5.8AI score0.8496EPSS
Exploits1
CBLMariner
CBLMariner
added 2023/03/24 11:56 p.m.22 views

CVE-2023-23004 affecting package kernel for versions less than 5.15.102.1-1

CVE-2023-23004 affecting package kernel for versions less than 5.15.102.1-1. A patched version of the package is available...

5.5CVSS6.7AI score0.0029EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2023/03/23 12:0 a.m.4 views

PT-2023-21030 · Swfdump · Swfdump

Name of the Vulnerable Software and Affected Versions: swfdump version 0.9.2 Description: A heap buffer overflow was discovered in the function swf GetPlaceObject at swfobject.c. Recommendations: For swfdump version 0.9.2, consider disabling the swf GetPlaceObject function as a temporary workarou...

5.5CVSS5.7AI score0.00363EPSS
Exploits1References9
Positive Technologies
Positive Technologies
added 2023/03/22 12:0 a.m.4 views

PT-2023-17081 · Feifeicms · Feifeicms

Name of the Vulnerable Software and Affected Versions: FeiFeiCMS version 2.7.130201 Description: A vulnerability was found in the Extension Tool component, specifically affecting the file Publicsystemslide add.html. This issue leads to cross-site scripting and can be initiated remotely. The explo...

5.4CVSS6.4AI score0.00594EPSS
Exploits1References7
Vulnrichment
Vulnrichment
added 2023/03/20 2:51 p.m.7 views

CVE-2023-28428 PDFio vulnerable to Denial Of Service when opening a corrupt PDF file

PDFio is a C library for reading and writing PDF files. In versions 1.1.0 and prior, a denial of service vulnerability exists in the pdfio parser. Crafted pdf files can cause the program to run at 100% utilization and never terminate. This is different from CVE-2023-24808. A patch for this issue ...

6.2CVSS6.1AI score0.00221EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2023/03/20 12:0 a.m.3 views

PT-2023-17047 · Pimcore · Pimcore

Name of the Vulnerable Software and Affected Versions: pimcore/pimcore versions prior to 10.5.19 Description: The issue is related to Cross-site Scripting XSS - DOM, which has the potential to steal a user's cookie and gain unauthorized access to that user's account through the stolen cookie or...

4.8CVSS4.1AI score0.00402EPSS
Exploits1References11
Positive Technologies
Positive Technologies
added 2023/03/18 12:0 a.m.6 views

PT-2023-17032 · Rebuild · Rebuild

Name of the Vulnerable Software and Affected Versions: Rebuild versions up to 3.2.3 Description: A critical vulnerability was found in the function queryListOfConfig of the file /admin/robot/approval/list. The manipulation of the argument q leads to sql injection. The attack can be launched...

8.8CVSS7AI score0.00715EPSS
Exploits1References7
Prion
Prion
added 2023/03/17 8:15 p.m.14 views

Design/Logic Flaw

Miniflux is a feed reader. Since v2.0.25, Miniflux will automatically proxy images served over HTTP to prevent mixed content errors. When an outbound request made by the Go HTTP client fails, the html.ServerError is returned unescaped without the expected Content Security Policy header added to...

4.9CVSS5.8AI score0.00586EPSS
Exploits0References7Affected Software1
Vulnrichment
Vulnrichment
added 2023/03/17 7:4 p.m.6 views

CVE-2023-27591 Unauthenticated Miniflux user can bypass allowed networks check to obtain Prometheus metrics

Miniflux is a feed reader. Prior to version 2.0.43, an unauthenticated user can retrieve Prometheus metrics from a publicly reachable Miniflux instance where the METRICSCOLLECTOR configuration option is enabled and METRICSALLOWEDNETWORKS is set to 127.0.0.1/8 the default. A patch is available in...

7.5CVSS7.6AI score0.00755EPSS
Exploits0References4
OSV
OSV
added 2023/03/17 7:15 a.m.2 views

UBUNTU-CVE-2023-1449

A vulnerability has been found in GPAC 2.3-DEV-rev35-gbbca86917-master and classified as problematic. This vulnerability affects the function gfav1resetstate of the file mediatools/avparsers.c. The manipulation leads to double free. It is possible to launch the attack on the local host. The explo...

7.8CVSS5.6AI score0.0037EPSS
Exploits1References3
CBLMariner
CBLMariner
added 2023/03/16 3:40 a.m.31 views

CVE-2023-26545 affecting package kernel 5.10.168.1-1

CVE-2023-26545 affecting package kernel 5.10.168.1-1. A patched version of the package is available...

4.7CVSS8.5AI score0.00331EPSS
Exploits0
Patchstack
Patchstack
added 2023/03/16 12:0 a.m.10 views

WordPress Open Graphite Plugin <= 1.6.0 is vulnerable to Cross Site Scripting (XSS)

Software Open Graphite Type Plugin Vulnerable versions = 1.6.0 Fixed in 1.6.1 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2022-47439 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 2e0d810c3c50 Credits minhtuanact Require...

7.1CVSS5.6AI score0.00382EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder