Lucene search
K

4606 matches found

Patchstack
Patchstack
added 2023/02/22 12:0 a.m.8 views

WordPress Paytm Payment Gateway Plugin <= 2.7.3 is vulnerable to SQL Injection

Software Paytm Payment Gateway Type Plugin Vulnerable versions = 2.7.3 Fixed in 2.7.7 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2022-45805 Patch priority Low CVSS severity Low 8.2 Developer Claim ownership PSID a951aa23af06 Credits Aman Rawat Required privilege Editor...

9.8CVSS7.2AI score0.02327EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2023/02/22 12:0 a.m.4 views

PT-2023-5683 · Avast · Avast Premium Security

Name of the Vulnerable Software and Affected Versions: Avast Premium Security affected versions not specified Description: This issue allows local attackers to escalate privileges on affected installations. The flaw exists within the implementation of the sandbox feature due to incorrect...

7.8CVSS7.7AI score0.00278EPSS
Exploits0References8
SUSE CVE
SUSE CVE
added 2023/02/15 4:35 a.m.4 views

SUSE CVE-2017-1000369

Exim supports the use of multiple "-p" command line arguments which are malloc'ed and never free'ed, used in conjunction with other issues allows attackers to cause arbitrary code execution. This affects exim version 4.89 and earlier. Please note that at this time upstream has released a patch...

4CVSS9.7AI score0.0053EPSS
Exploits0References9
SUSE CVE
SUSE CVE
added 2023/02/15 4:4 a.m.3 views

SUSE CVE-2019-25085

A vulnerability was found in GNOME gvdb. It has been classified as critical. This affects the function gvdbtablewritecontentsasync of the file gvdb-builder.c. The manipulation leads to use after free. It is possible to initiate the attack remotely. The name of the patch is...

8.8CVSS6.7AI score0.00753EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2023/02/15 3:36 a.m.2 views

SUSE CVE-2021-43815

Grafana is an open-source platform for monitoring and observability. Grafana prior to versions 8.3.2 and 7.5.12 has a directory traversal for arbitrary .csv files. It only affects instances that have the developer testing tool called TestData DB data source enabled and configured. The vulnerabili...

4.3CVSS8.7AI score0.01773EPSS
Exploits0References18
SUSE CVE
SUSE CVE
added 2023/02/15 3:30 a.m.2 views

SUSE CVE-2022-3970

A vulnerability was found in LibTIFF. It has been classified as critical. This affects the function TIFFReadRGBATileExt of the file libtiff/tifgetimage.c. The manipulation leads to integer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and m...

8.8CVSS7.2AI score0.01237EPSS
Exploits1References11
SUSE CVE
SUSE CVE
added 2023/02/15 3:30 a.m.3 views

SUSE CVE-2022-4639

A vulnerability, which was classified as critical, has been found in sslh. This issue affects the function hexdump of the file probe.c of the component Packet Dumping Handler. The manipulation of the argument msginfo leads to format string. The attack may be initiated remotely. The name of the...

9.8CVSS9.2AI score0.00855EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2023/02/15 3:25 a.m.2 views

SUSE CVE-2022-31129

moment is a JavaScript date library for parsing, validating, manipulating, and formatting dates. Affected versions of moment were found to use an inefficient parsing algorithm. Specifically using string-to-date parsing in moment more specifically rfc2822 parsing, which is tried by default has...

7.5CVSS6.8AI score0.03949EPSS
Exploits1References11
Positive Technologies
Positive Technologies
added 2023/02/15 12:0 a.m.4 views

PT-2023-9310 · Gpac +2 · Gpac +2

Name of the Vulnerable Software and Affected Versions: GPAC version 2.3-DEV-rev40-g3602a5ded Description: A critical issue has been found in the mp3 dmx process function of the file filters/reframe mp3.c, which leads to a heap-based buffer overflow. The attack may be initiated remotely...

10CVSS6.6AI score0.01153EPSS
Exploits1References23
CBLMariner
CBLMariner
added 2023/02/14 8:21 p.m.27 views

CVE-2023-0266 affecting package kernel for versions less than 5.15.92.1-1

CVE-2023-0266 affecting package kernel for versions less than 5.15.92.1-1. A patched version of the package is available...

7.9CVSS7.3AI score0.03702EPSS
Exploits0
Vulnrichment
Vulnrichment
added 2023/02/14 3:4 p.m.9 views

CVE-2023-25576 @fastify/multipart vulnerable to DoS due to unlimited number of parts

@fastify/multipart is a Fastify plugin to parse the multipart content-type. Prior to versions 7.4.1 and 6.0.1, @fastify/multipart may experience denial of service due to a number of situations in which an unlimited number of parts are accepted. This includes the multipart body parser accepting an...

7.5CVSS7.5AI score0.01463EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2023/02/13 8:34 p.m.6 views

CVE-2023-25162 Nextcloud Server vulnerable to SSRF via filter bypass due to lax checking on IPs

Nextcloud Server is the file server software for Nextcloud, a self-hosted productivity platform. Nextcloud Server prior to 24.0.8 and 23.0.12 and Nextcloud Enterprise server prior to 24.0.8 and 23.0.12 are vulnerable to server-side request forgery SSRF. Attackers can leverage enclosed alphanumeri...

5.3CVSS5.6AI score0.00816EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2023/02/08 8:44 p.m.8 views

CVE-2023-25163 Argo CD leaks repository credentials in user-facing error messages and in logs

Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. All versions of Argo CD starting with v2.6.0-rc1 have an output sanitization bug which leaks repository access credentials in error messages. These error messages are visible to the user, and they are logged. The error...

6.3CVSS6.6AI score0.00843EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2023/02/07 10:57 p.m.24 views

go.uuid has Predictable UUID Identifiers

CVE Description for go.uuid A flaw was found in github.com/satori/go.uuid in versions from commit 0ef6afb2f6cdd6cdaeee3885a95099c63f18fc8c to d91630c8510268e75203009fe7daf2b8e1d60c45. Due to insecure randomness in the g.rand.Read function the generated UUIDs are predictable for an attacker. Updat...

9.8CVSS9.4AI score0.02307EPSS
Exploits0References10Affected Software1
Positive Technologies
Positive Technologies
added 2023/02/06 12:0 a.m.4 views

PT-2023-16449 · Sourcecodester · Sourcecodester Canteen Management System

Name of the Vulnerable Software and Affected Versions: SourceCodester Canteen Management System version 1.0 Description: A critical issue affects some unknown functionality of the file removeUser.php. The manipulation of the id argument leads to SQL injection. The attack can be launched remotely,...

8.1CVSS8.1AI score0.00717EPSS
Exploits0References7
The Hacker News
The Hacker News
added 2023/02/04 4:41 a.m.2 views

Warning: Hackers Actively Exploiting Zero-Day in Fortra's GoAnywhere MFT

A zero-day vulnerability affecting Fortra's GoAnywhere MFT managed file transfer application is being actively exploited in the wild. Details of the flaw were first publicly shared by security reporter Brian Krebs on Mastodon. No public advisory has been published by Fortra. The vulnerability is ...

7.7AI score
Exploits0
Positive Technologies
Positive Technologies
added 2023/02/01 12:0 a.m.7 views

PT-2023-2975 · Faronics · Faronics Insight

Name of the Vulnerable Software and Affected Versions: Faronics Insight version 10.0.19045 Description: An issue in Faronics Insight allows an unauthenticated attacker to upload any type of file to any location on the Teacher Console's computer. This enables various exploitation paths, including...

8.8CVSS8.3AI score0.01362EPSS
Exploits1References4
Vulnrichment
Vulnrichment
added 2023/01/27 6:12 p.m.6 views

CVE-2021-41231 OpenMage LTS DataFlow upload remote code execution vulnerability

OpenMage LTS is an e-commerce platform. Prior to versions 19.4.22 and 20.0.19, an administrator with the permissions to upload files via DataFlow and to create products was able to execute arbitrary code via the convert profile. Versions 19.4.22 and 20.0.19 contain a patch for this issue...

7.2CVSS7.5AI score0.01235EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2023/01/25 6:15 a.m.6 views

CVE-2023-23609 contiki-ng BLE-L2CAP contains Improper size validation of L2CAP frames

Contiki-NG is an open-source, cross-platform operating system for Next-Generation IoT devices. Versions prior to and including 4.8 are vulnerable to an out-of-bounds write that can occur in the BLE-L2CAP module. The Bluetooth Low Energy - Logical Link Control and Adaptation Layer Protocol BLE-L2C...

8.2CVSS8.4AI score0.00353EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2023/01/25 12:0 a.m.5 views

PT-2023-12672 · Smartctl · Smartctl

Name of the Vulnerable Software and Affected Versions: smartctl versions all Description: The issue is related to Command Injection via the info method due to improper input sanitization. This allows for potential exploitation. No information is provided about the estimated number of potentially...

7.8CVSS7.6AI score0.01219EPSS
Exploits1References6
Rows per page
Query Builder