Lucene search
K

4605 matches found

Positive Technologies
Positive Technologies
added 2022/12/19 12:0 a.m.5 views

PT-2022-26676 · Silverstripe · Silverstripe/Subsites

Name of the Vulnerable Software and Affected Versions: Silverstripe silverstripe/subsites versions through 2.6.0 Description: The subsites module can weaken edit restrictions on some files, allowing a malicious user to edit files they do not have edit rights to. This issue only affects projects...

7.5CVSS7.3AI score0.00524EPSS
Exploits0References10
Vulnrichment
Vulnrichment
added 2022/12/18 12:0 a.m.21 views

CVE-2022-4592 luckyshot CRMx index.php commentdelete sql injection

A vulnerability was found in luckyshot CRMx and classified as critical. This issue affects the function get/save/delete/comment/commentdelete of the file index.php. The manipulation leads to sql injection. The attack may be initiated remotely. The name of the patch is...

6.3CVSS7.8AI score0.00468EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2022/12/18 12:0 a.m.5 views

CVE-2021-4254 ctrlo lenio Notice main.tt cross site scripting

A vulnerability has been found in ctrlo lenio and classified as problematic. Affected by this vulnerability is an unknown functionality of the file views/layouts/main.tt of the component Notice Handler. The manipulation of the argument notice.notice.text leads to cross site scripting. The attack...

3.5CVSS4.8AI score0.00385EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2022/12/15 12:0 a.m.7 views

PT-2022-11597 · Unknown · Chbrown Rfc6902

Name of the Vulnerable Software and Affected Versions: chbrown rfc6902 affected versions not specified Description: A problematic vulnerability has been found in chbrown rfc6902, affecting an unknown part of the file pointer.ts. The manipulation leads to improperly controlled modification of obje...

9.8CVSS9.4AI score0.01267EPSS
Exploits1References10
OSV
OSV
added 2022/12/08 9:30 a.m.19 views

GHSA-VP22-232W-H9X8 RuoYi-Cloud Cross-site Scripting vulnerability

A vulnerability was found in yproject RuoYi-Cloud. It has been rated as problematic. Affected by this issue is some unknown functionality of the component JSON Handler. The manipulation leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the publi...

6.1CVSS4.8AI score0.00398EPSS
Exploits1References5
Github Security Blog
Github Security Blog
added 2022/12/08 9:30 a.m.24 views

RuoYi-Cloud Cross-site Scripting vulnerability

A vulnerability was found in yproject RuoYi-Cloud. It has been rated as problematic. Affected by this issue is some unknown functionality of the component JSON Handler. The manipulation leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the publi...

6.1CVSS6.1AI score0.00398EPSS
Exploits1References5Affected Software1
Tenable Nessus
Tenable Nessus
added 2022/12/08 12:0 a.m.14 views

EulerOS 2.0 SP8 : yajl (EulerOS-SA-2022-2812)

According to the versions of the yajl packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - yajl-ruby is a C binding to the YAJL JSON parsing and generation library. The 1.x branch and the 2.x branch of yajl contain an integer overflow...

7.5CVSS7.8AI score0.03472EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2022/12/06 5:37 p.m.8 views

CVE-2022-23470 Arbitrary file access in the Galaxy data analysis platform

Galaxy is an open-source platform for data analysis. An arbitrary file read exists in Galaxy 22.01 and Galaxy 22.05 due to the switch to Gunicorn, which can be used to read any file accessible to the operating system user under which Galaxy is running. This vulnerability affects Galaxy 22.01 and...

8.6CVSS8.5AI score0.00785EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2022/12/05 8:52 p.m.7 views

CVE-2022-46164 Account takeover via prototype vulnerability

NodeBB is an open source Node.js based forum software. Due to a plain object with a prototype being used in socket.io message handling a specially crafted payload can be used to impersonate other users and takeover accounts. This vulnerability has been patched in version 2.6.1. Users are advised ...

9.4CVSS9.3AI score0.48994EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2022/12/02 10:53 p.m.8 views

CVE-2022-23465 SwiftTerm vulnerable to arbitrary command execution

SwiftTerm is a Xterm/VT100 Terminal emulator. Prior to commit a94e6b24d24ce9680ad79884992e1dff8e150a31, an attacker could modify the window title via a certain character escape sequence and then insert it back to the command line in the user's terminal, e.g. when the user views a file containing...

7.1CVSS7.8AI score0.0043EPSS
Exploits0References2
NVD
NVD
added 2022/12/02 3:15 p.m.29 views

CVE-2022-46159

Discourse is an open-source discussion platform. In version 2.8.13 and prior on the stable branch and version 2.9.0.beta14 and prior on the beta and tests-passed branches, any authenticated user can create an unlisted topic. These topics, which are not readily available to other users, can take u...

4.3CVSS0.00605EPSS
Exploits0References2
Cvelist
Cvelist
added 2022/12/02 2:15 p.m.39 views

CVE-2022-46159 Any authenticated Discourse user can create an unlisted topic

Discourse is an open-source discussion platform. In version 2.8.13 and prior on the stable branch and version 2.9.0.beta14 and prior on the beta and tests-passed branches, any authenticated user can create an unlisted topic. These topics, which are not readily available to other users, can take u...

4.3CVSS5.2AI score0.00605EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2022/12/02 12:0 a.m.4 views

PT-2022-27600 · Tenda · Tenda Ac6V1.0

Name of the Vulnerable Software and Affected Versions: Tenda AC6V1.0 version 15.03.05.19 Description: A buffer overflow issue was discovered via the schedEndTime parameter in the setSchedWifi function. This allows for potential exploitation. Recommendations: For Tenda AC6V1.0 version 15.03.05.19,...

7.5CVSS7.5AI score0.00815EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2022/12/02 12:0 a.m.5 views

PT-2022-27198 · Tenda · Tenda I21

Name of the Vulnerable Software and Affected Versions: Tenda i21 version 1.0.0.144656 Description: The issue is related to a Buffer Overflow that can be triggered via the "/goform/setUplinkInfo" API endpoint. This allows for potential exploitation. Recommendations: For Tenda i21 version...

9.8CVSS9.2AI score0.00928EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2022/11/30 12:0 a.m.9 views

CVE-2022-46162 Discourse BBCode plugin vulnerable to arbitrary CSS injection

discourse-bbcode is the official BBCode plugin for Discourse. Prior to commit 91478f5, CSS injection can occur when rendering content generated with the discourse-bccode plugin. This vulnerability only affects sites which have the discourse-bbcode plugin installed and enabled. This issue is patch...

8.8CVSS7.2AI score0.0113EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2022/11/29 12:0 a.m.3 views

PT-2022-23218 · Churchcrm · Churchcrm

Name of the Vulnerable Software and Affected Versions: ChurchCRM version 4.4.5 Description: The issue allows attackers to store XSS via location input Deposit Comment. This enables potential malicious activities through the exploitation of this input field. Recommendations: For ChurchCRM version...

4.8CVSS6.1AI score0.00488EPSS
Exploits1References7
Positive Technologies
Positive Technologies
added 2022/11/29 12:0 a.m.2 views

PT-2022-26208 · Gpac · Gpac

Name of the Vulnerable Software and Affected Versions: GPAC version 2.1-DEV-rev490-g68064e101-master Description: A problematic vulnerability was found in GPAC, affecting the function lsr translate coords of the file laser/lsr dec.c. The manipulation leads to integer overflow. It is possible to...

9.8CVSS6.7AI score0.04615EPSS
Exploits98References245
OSV
OSV
added 2022/11/28 9:15 p.m.10 views

PYSEC-2022-43175

Drag and Drop XBlock v2 implements a drag-and-drop style problem, where a learner has to drag items to zones on a target image. Versions prior to 3.0.0 are vulnerable to cross-site scripting in multiple XBlock Fields. Any platform that has deployed the XBlock may be impacted. Version 3.0.0 contai...

6.1CVSS8AI score0.00806EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2022/11/23 12:0 a.m.5 views

PT-2022-27151 · Totolink · Totolink Nr1800X

Name of the Vulnerable Software and Affected Versions: TOTOLINK NR1800X version 9.1.0u.6279 B20210910 Description: The issue concerns a command injection via the FileName parameter in the setUploadSetting function. This allows for potential malicious commands to be executed. No information is...

9.8CVSS9.7AI score0.0181EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2022/11/18 12:0 a.m.6 views

PT-2022-6453 · Adobe · Dimension

Name of the Vulnerable Software and Affected Versions: Adobe Dimension versions 3.4.7 and earlier Description: The issue is related to an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as...

5.5CVSS5.3AI score0.00332EPSS
Exploits0References6
Rows per page
Query Builder