Lucene search
K

4605 matches found

Vulnrichment
Vulnrichment
added 2022/07/15 12:10 p.m.5 views

CVE-2022-31097 Stored XSS in Grafana's Unified Alerting

Grafana is an open-source platform for monitoring and observability. Versions on the 8.x and 9.x branch prior to 9.0.3, 8.5.9, 8.4.10, and 8.3.10 are vulnerable to stored cross-site scripting via the Unified Alerting feature of Grafana. An attacker can exploit this vulnerability to escalate...

7.3CVSS8.2AI score0.68603EPSS
Exploits0References5
CBLMariner
CBLMariner
added 2022/07/14 8:59 p.m.20 views

CVE-2022-2097 affecting package openssl 1.1.1k-12

CVE-2022-2097 affecting package openssl 1.1.1k-12. A patched version of the package is available...

5.3CVSS9.9AI score0.02024EPSS
Exploits0
Grafana
Grafana
added 2022/07/14 12:0 a.m.8 views

Grafana account takeover via OAuth vulnerability

Grafana is an open-source platform for monitoring and observability. In versions 5.3 until 9.0.3, 8.5.9, 8.4.10, and 8.3.10, it is possible for a malicious user who has authorization to log into a Grafana instance via a configured OAuth IdP which provides a login name to take over the account of...

7.5CVSS7.1AI score0.02039EPSS
Exploits0
Vulnrichment
Vulnrichment
added 2022/07/12 10:5 p.m.7 views

CVE-2022-31102 Cross-site Scripting for Argo CD single sign on users

Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. Argo CD starting with 2.3.0 and prior to 2.3.6 and 2.4.5 is vulnerable to a cross-site scripting XSS bug which could allow an attacker to inject arbitrary JavaScript in the /auth/callback page in a victim's browser. This...

2.6CVSS4.6AI score0.005EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2022/07/12 12:0 a.m.2 views

PT-2022-15750 · Sourcecodester · Sourcecodester Clinics Patient Management System

Name of the Vulnerable Software and Affected Versions: SourceCodester Clinics Patient Management System version 2.0 Description: A critical issue was found in the system, affecting an unknown function of the file /pms/update user.php?user id=1. The manipulation of the profile picture argument wit...

8.8CVSS9.1AI score0.02598EPSS
Exploits4References5
Positive Technologies
Positive Technologies
added 2022/07/07 12:0 a.m.3 views

PT-2022-17062 · Cwp · Cwp

Name of the Vulnerable Software and Affected Versions: CWP version 0.9.8.1122 Description: A path traversal vulnerability in loader.php allows attackers to execute arbitrary code via a crafted POST request. Recommendations: For CWP version 0.9.8.1122, consider disabling the loader.php file until ...

10CVSS9.6AI score0.45314EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2022/07/01 12:0 a.m.3 views

PT-2022-21058 · Tenda · Tenda Ax1806

Name of the Vulnerable Software and Affected Versions: Tenda AX1806 version 1.0.0.1 Description: A stack overflow issue was discovered via the list parameter in the fromSetRouteStatic function. Recommendations: For Tenda AX1806 version 1.0.0.1, consider restricting access to the fromSetRouteStati...

7.8CVSS7.6AI score0.01074EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2022/07/01 12:0 a.m.3 views

PT-2022-20990 · Mcms · Mcms

Name of the Vulnerable Software and Affected Versions: MCMS version 5.2.8 Description: The issue is related to an arbitrary file upload vulnerability. This means that an attacker could potentially upload malicious files to the system, which could lead to various security problems. Recommendations...

9.8CVSS8.8AI score0.01471EPSS
Exploits1References7
Positive Technologies
Positive Technologies
added 2022/06/30 12:0 a.m.4 views

PT-2022-22347 · Jenkins · Jenkins Deployment Dashboard Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Deployment Dashboard Plugin versions 1.0.10 and earlier Description: The issue is related to a stored cross-site scripting XSS vulnerability. It occurs because environment names on the Deployment Dashboard view are not properly escape...

8CVSS5.1AI score0.00602EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2022/06/22 12:0 a.m.6 views

PT-2022-3089 · Motorola · Motorola Moscad +1

Name of the Vulnerable Software and Affected Versions: Motorola MOSCAD and ACE line of RTUs through 2022-05-02 Description: The issue concerns the omission of an authentication requirement in the Motorola MOSCAD and ACE line of RTUs. These devices feature IP Gateway modules that allow for...

7.6CVSS7.5AI score0.00643EPSS
Exploits0References9
CBLMariner
CBLMariner
added 2022/06/15 5:3 p.m.11 views

CVE-2022-1734 affecting package kernel 5.10.116.1-1

CVE-2022-1734 affecting package kernel 5.10.116.1-1. A patched version of the package is available...

7CVSS7.4AI score0.0052EPSS
Exploits1
CBLMariner
CBLMariner
added 2022/06/15 5:3 p.m.33 views

CVE-2021-30560 affecting package libxslt 1.1.34-2

CVE-2021-30560 affecting package libxslt 1.1.34-2. A patched version of the package is available...

8.8CVSS7.5AI score0.21623EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2022/06/14 12:0 a.m.4 views

PT-2022-20864 · Sap · Sap Financial Consolidation

Name of the Vulnerable Software and Affected Versions: SAP Financial Consolidation version 1010 Description: The issue results in escalation of privileges due to the lack of necessary authorization checks for an authenticated user. Recommendations: For SAP Financial Consolidation version 1010,...

8.8CVSS8.8AI score0.00715EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2022/06/10 12:0 a.m.36 views

Cross-site Scripting in FacturaScripts

Cross-site Scripting XSS - Reflected in GitHub repository neorazorx/facturascripts. A patch is available on the master branch of the repository in commit 7b4ddb92...

6.8CVSS0.8AI score0.00643EPSS
Exploits1References4Affected Software1
OSV
OSV
added 2022/06/10 12:0 a.m.29 views

GHSA-J8C7-3JPQ-8985 Cross-site Scripting in FacturaScripts

Cross-site Scripting XSS - Reflected in GitHub repository neorazorx/facturascripts. A patch is available on the master branch of the repository in commit 7b4ddb92...

5.4CVSS5.3AI score0.00643EPSS
Exploits1References4
OSV
OSV
added 2022/06/09 4:15 p.m.1 views

DEBIAN-CVE-2022-31031

PJSIP is a free and open source multimedia communication library written in C language implementing standard based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE. In versions prior to and including 2.12.1 a stack buffer overflow vulnerability affects PJSIP users that use STUN in their...

9.8CVSS8.6AI score0.01809EPSS
Exploits0References1
OSV
OSV
added 2022/06/09 4:15 p.m.1 views

ALPINE-CVE-2022-31031

PJSIP is a free and open source multimedia communication library written in C language implementing standard based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE. In versions prior to and including 2.12.1 a stack buffer overflow vulnerability affects PJSIP users that use STUN in their...

9.8CVSS7.3AI score0.01809EPSS
Exploits0References1
OSV
OSV
added 2022/06/09 4:15 p.m.1 views

UBUNTU-CVE-2022-31031

PJSIP is a free and open source multimedia communication library written in C language implementing standard based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE. In versions prior to and including 2.12.1 a stack buffer overflow vulnerability affects PJSIP users that use STUN in their...

9.8CVSS7.5AI score0.01809EPSS
Exploits0References5
Cvelist
Cvelist
added 2022/06/07 12:0 a.m.27 views

CVE-2022-31031 Potential stack buffer overflow when parsing message as a STUN client

PJSIP is a free and open source multimedia communication library written in C language implementing standard based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE. In versions prior to and including 2.12.1 a stack buffer overflow vulnerability affects PJSIP users that use STUN in their...

9.8CVSS9.8AI score0.01809EPSS
Exploits0References6
Packet Storm
Packet Storm
added 2022/06/06 12:0 a.m.283 views

Poly Studio X30 / Studio X50 / Studio X70 / G7500 Command Injection

SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Authenticated Command Injection product: Poly Studio X30, Studio X50, Studio X70, G7500 vulnerable version: 3.4.0-292042, 3.5.0-344025, 3.6.0 fixed version: 3.7.0 or high...

0.01577EPSS
Exploits3
Rows per page
Query Builder