4606 matches found
CVE-2023-22486 cmark-gfm Quadratic complexity bug in handle_close_bracket may lead to a denial of service
cmark-gfm is GitHub's fork of cmark, a CommonMark parsing and rendering library and program in C. Versions prior to 0.29.0.gfm.7 contain a polynomial time complexity issue in handleclosebracket that may lead to unbounded resource exhaustion and subsequent denial of service. This vulnerability has...
PT-2023-10625 · Bastianallgeier · Bastianallgeier Kirby Webmentions Plugin
Name of the Vulnerable Software and Affected Versions: bastianallgeier Kirby Webmentions Plugin affected versions not specified Description: A vulnerability was found in the bastianallgeier Kirby Webmentions Plugin, allowing for injection attacks. The manipulation can be launched remotely, but th...
PT-2023-16177 · Pimcore · Pimcore
Name of the Vulnerable Software and Affected Versions: pimcore/pimcore versions prior to 10.5.14 Description: The issue is related to Cross-site Scripting XSS - Stored, which can result in stolen user cookies. A proof of concept involves logging in with a dev account, navigating to specific...
PT-2023-10817 · Bigtree · Events Extension
Name of the Vulnerable Software and Affected Versions: Events Extension on BigTree affected versions not specified Description: A critical issue was found in the Events Extension, affecting the getRandomFeaturedEventByDate, getUpcomingFeaturedEventsInCategoriesWithSubcategories, recacheEvent, and...
PT-2023-9942 · Unknown · Php-Form-Builder-Class
Name of the Vulnerable Software and Affected Versions: manikandan170890 php-form-builder-class affected versions not specified Description: A vulnerability has been found in the Textarea Handler component of the php-form-builder-class, specifically in the file PFBC/Element/Textarea.php. The...
PT-2023-10579 · Unknown · Insteon Hub
Name of the Vulnerable Software and Affected Versions: Insteon Hub version 1012 Description: Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the "cc" channel of Insteon Hub. Specially crafted commands sent through the PubNub service can cause a...
PT-2023-9999 · Unknown · Zerochplus
Name of the Vulnerable Software and Affected Versions: zerochplus affected versions not specified Description: A vulnerability has been found in zerochplus, affecting the PrintResList function of the file test/mordor/thread.res.pl. The manipulation leads to cross-site scripting and can be initiat...
RHEL 7 : .NET 6.0 (RHSA-2023:0078)
The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2023:0078 advisory. .NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. N...
PT-2023-10136 · Unknown · Emmflo Yuko-Bot
Name of the Vulnerable Software and Affected Versions: emmflo yuko-bot affected versions not specified Description: A vulnerability was found in emmflo yuko-bot, declared as problematic. The manipulation of the title argument leads to denial of service. The attack can be initiated remotely...
PT-2023-10332 · Forumhulp · Forumhulp
Name of the Vulnerable Software and Affected Versions: ForumHulp affected versions not specified Description: A critical issue was found in ForumHulp searchresults, affecting the list keywords function of the file event/listener.php. The manipulation of the word argument leads to SQL injection...
CVE-2023-22475 Cross-Site Scripting in Canarytoken history
Canarytokens is an open source tool which helps track activity and actions on your network. A Cross-Site Scripting vulnerability was identified in the history page of triggered Canarytokens prior to sha-fb61290. An attacker who discovers an HTTP-based Canarytoken a URL can use this to execute...
PT-2023-10118 · Unknown · Kassi Xingwall
Name of the Vulnerable Software and Affected Versions: kassi xingwall affected versions not specified Description: A critical issue has been found in kassi xingwall, affecting some unknown processing of the file app/controllers/oauth.js. The manipulation leads to session fixiation. Recommendation...
PT-2023-10195 · Unknown · Jeff-Kelley Opensim-Utils
Name of the Vulnerable Software and Affected Versions: jeff-kelley opensim-utils affected versions not specified Description: A critical issue has been found in jeff-kelley opensim-utils, affecting the DatabaseForRegion function of the file regionscrits.php. The manipulation of the region argumen...
Cross site scripting
Discourse is an option source discussion platform. Prior to version 2.8.14 on the stable branch and version 3.0.0.beta16 on the beta and tests-passed branches, pending post titles can be used for cross-site scripting attacks. Pending posts can be created by unprivileged users when a category has...
CVE-2023-22454 Discourse vulnerable to Cross-site Scripting through pending post titles descriptions
Discourse is an option source discussion platform. Prior to version 2.8.14 on the stable branch and version 3.0.0.beta16 on the beta and tests-passed branches, pending post titles can be used for cross-site scripting attacks. Pending posts can be created by unprivileged users when a category has...
CVE-2022-23546 Discourse vulnerable to private topic leak via email#send_digest
In version 2.9.0.beta14 of Discourse, an open-source discussion platform, maliciously embedded urls can leak an admin's digest of recent topics, possibly exposing private information. A patch is available for version 2.9.0.beta15. There are no known workarounds for this issue...
CVE-2015-10015
A vulnerability, which was classified as critical, has been found in glidernet ogn-live. This issue affects some unknown processing. The manipulation leads to sql injection. The patch is named bc0f19965f760587645583b7624d66a260946e01. It is recommended to apply a patch to fix this issue. The...
PT-2023-12408 · Unknown · Eprintsug Ulcc-Core
Name of the Vulnerable Software and Affected Versions: eprintsug ulcc-core affected versions not specified Description: A critical issue was found in the file cgi/toolbox/toolbox, where the manipulation of the password argument leads to command injection. This issue can be exploited remotely...
Autodesk DWG TrueView 2023 < 2023.1.1 RCE
The remote host has an install of Autodesk DWG TrueView version 2023 prior to 2023.1.1. It is, therefore, affected by a remote code execution vulnerability due to DLL search order hijacking. Note that Nessus has not tested for this issue but has instead relied only on the application's...
CVE-2022-23526 affecting package helm for versions less than 3.9.4-4
CVE-2022-23526 affecting package helm for versions less than 3.9.4-4. A patched version of the package is available...