Lucene search
K

209 matches found

ATTACKERKB
ATTACKERKB
added 2023/12/18 3:15 p.m.11 views

CVE-2023-6817

A use-after-free vulnerability in the Linux kernel's netfilter: nftables component can be exploited to achieve local privilege escalation. The function nftpipapowalk did not skip inactive elements during set walk which could lead double deactivations of PIPAPO Pile Packet Policies elements, leadi...

7.8CVSS6AI score0.00334EPSS
Exploits0References7Affected Software1
Vulnrichment
Vulnrichment
added 2023/10/31 3:36 p.m.17 views

CVE-2023-46722 Pimcore Admin Classic Bundle Cross-site Scripting (XSS) in PDF previews

The Pimcore Admin Classic Bundle provides a backend UI for Pimcore. Prior to version 1.2.0, a cross-site scripting vulnerability has the potential to steal a user's cookie and gain unauthorized access to that user's account through the stolen cookie or redirect users to other malicious sites. Use...

6.1CVSS6.7AI score0.00496EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2023/10/25 5:17 p.m.15 views

CVE-2023-37910 org.xwiki.platform:xwiki-platform-attachment-api vulnerable to Missing Authorization on Attachment Move

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Starting with the introduction of attachment move support in version 14.0-rc-1 and prior to versions 14.4.8, 14.10.4, and 15.0-rc-1, an attacker with edit access on any document can be the use...

8.1CVSS6.7AI score0.00573EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2023/10/12 12:0 a.m.4 views

PT-2023-27875 · Plixer · Plixer Scrutinizer

Name of the Vulnerable Software and Affected Versions: Plixer Scrutinizer versions prior to 19.3.1 Description: An issue was discovered in the /fcgi/scrut fcgi.fcgi endpoint, specifically in the csvExportReport endpoint action generateCSV, which is vulnerable to SQL injection through the sorting...

9.8CVSS9.8AI score0.00699EPSS
Exploits1References5
OSV
OSV
added 2023/06/28 8:15 p.m.3 views

UBUNTU-CVE-2023-3389

A use-after-free vulnerability in the Linux Kernel iouring subsystem can be exploited to achieve local privilege escalation. Racing a iouring cancel poll request with a linked timeout can cause a UAF in a hrtimer. We recommend upgrading past commit ef7dfac51d8ed961b742218f526bd589f3900a59...

7.8CVSS6.7AI score0.00718EPSS
Exploits0References15
OSV
OSV
added 2023/06/09 11:15 a.m.2 views

DEBIAN-CVE-2023-32732

gRPC contains a vulnerability whereby a client can cause a termination of connection between a HTTP2 proxy and a gRPC server: a base64 encoding error for -bin suffixed headers will result in a disconnection by the gRPC server, but is typically allowed by HTTP2 proxies. We recommend upgrading beyo...

5.3CVSS6.2AI score0.00531EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2023/06/09 12:0 a.m.13 views

PT-2023-17120 · WordPress · Ultimate Addons For Contact Form 7

Name of the Vulnerable Software and Affected Versions: The Ultimate Addons for Contact Form 7 plugin for WordPress versions up to and including 3.1.23 Description: The issue allows authenticated attackers of any authorization level to perform SQL Injection via the id parameter. This enables them ...

8.8CVSS7.3AI score0.0082EPSS
Exploits0References6
OSV
OSV
added 2023/04/27 3:3 p.m.18 views

CVE-2023-30848 Pimcore SQL Injection Vulnerability in Admin Search Find API

Pimcore is an open source data and experience management platform. Prior to version 10.5.21, the admin search find API has a SQL injection vulnerability. Users should upgrade to version 10.5.21 to receive a patch or, as a workaround, apply the patch manually...

8.8CVSS8.9AI score0.00724EPSS
Exploits0References5
NVD
NVD
added 2023/03/06 7:15 p.m.14 views

CVE-2023-27472

quickentity-editor-next is an open source, system local, video game asset editor. In affected versions HTML tags in entity names are not sanitised XSS vulnerability. Allows arbitrary code execution within the browser sandbox, among other things, simply from loading a file containing a script tag ...

8.2CVSS8.4AI score0.00323EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2023/03/01 12:0 a.m.10 views

PT-2023-16767 · Pimcore · Pimcore

Name of the Vulnerable Software and Affected Versions: pimcore/pimcore versions prior to 10.5.18 Description: The issue is related to Cross-site Scripting XSS - Stored, which can be used by an attacker to send a malicious script to any user through the Image/Video thumbnail config. Recommendation...

5.4CVSS4.8AI score0.00401EPSS
Exploits1References10
Cvelist
Cvelist
added 2023/02/15 12:0 a.m.34 views

CVE-2023-25156 Kiwi TCMS has no protection against brute-force attacks on login page

Kiwi TCMS, an open source test management system, does not impose rate limits in versions prior to 12.0. This makes it easier to attempt brute-force attacks against the login page. Users should upgrade to v12.0 or later to receive a patch. As a workaround, users may install and configure a...

7.5CVSS9.5AI score0.00902EPSS
Exploits0References4
Cvelist
Cvelist
added 2023/02/13 8:19 p.m.41 views

CVE-2023-25160 IDOR Vulnerability in Nextcloud Mail

Nextcloud Mail is an email app for the Nextcloud home server platform. Prior to versions 2.2.1, 1.14.5, 1.12.9, and 1.11.8, an attacker can access the mail box by ID getting the subjects and the first characters of the emails. Users should upgrade to Mail 2.2.1 for Nextcloud 25, Mail 1.14.5 for...

4.1CVSS5.5AI score0.0046EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2023/01/27 6:57 p.m.6 views

CVE-2023-0549 YAFNET Private Message PostPrivateMessage cross site scripting

A vulnerability, which was classified as problematic, has been found in YAFNET up to 3.1.10. This issue affects some unknown processing of the file /forum/PostPrivateMessage of the component Private Message Handler. The manipulation of the argument subject/message leads to cross site scripting. T...

4CVSS4.7AI score0.0069EPSS
Exploits1References6
Vulnrichment
Vulnrichment
added 2023/01/13 6:5 p.m.8 views

CVE-2023-22491 gatsby-transformer-remark vulnerable to unsanitized JavaScript code injection

Gatsby is a free and open source framework based on React that helps developers build websites and apps. The gatsby-transformer-remark plugin prior to versions 5.25.1 and 6.3.2 passes input through to the gray-matter npm package, which is vulnerable to JavaScript injection in its default...

8.1CVSS8.2AI score0.00613EPSS
Exploits1References1
CVE
CVE
added 2023/01/09 8:50 a.m.63 views

CVE-2022-4882

CVE-2022-4882 affects kaltura mwEmbed (up to 2.91). The vulnerability resides in the Share Plugin’s file modules/KalturaSupport/components/share/share.js, where manipulating the res argument leads to cross-site scripting. The issue can be exploited remotely with high attack complexity and require...

4.7CVSS4.1AI score0.00555EPSS
Exploits0References5Affected Software1
Cvelist
Cvelist
added 2023/01/05 7:59 a.m.26 views

CVE-2019-25098 soerennb eXtplorer Archive archive.php path traversal

A vulnerability was found in soerennb eXtplorer up to 2.1.12. It has been classified as critical. This affects an unknown part of the file include/archive.php of the component Archive Handler. The manipulation leads to path traversal. Upgrading to version 2.1.13 is able to address this issue. The...

5.5CVSS9.6AI score0.01015EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2022/12/21 12:0 a.m.6 views

CVE-2022-4642 tatoeba2 Profile Name cross site scripting

A vulnerability was found in tatoeba2. It has been classified as problematic. This affects an unknown part of the component Profile Name Handler. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be...

3.5CVSS5.3AI score0.00508EPSS
Exploits0References4
Debian CVE
Debian CVE
added 2022/12/12 1:35 p.m.26 views

CVE-2021-4243

Removed by vendor...

6.7AI score
Exploits0
Vulnrichment
Vulnrichment
added 2022/11/03 12:0 a.m.6 views

CVE-2022-39375 Cross-Site Scripting (XSS) through public RSS feed in GLPI

GLPI stands for Gestionnaire Libre de Parc Informatique. GLPI is a Free Asset and IT Management Software package that provides ITIL Service Desk features, licenses tracking and software auditing. Users may be able to create a public RSS feed to inject malicious code in dashboards of other users...

4.5CVSS4.9AI score0.00488EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2022/11/03 12:0 a.m.10 views

CVE-2022-39373 Stored Cross-Site Scripting (XSS) in entity name in GLPI

GLPI stands for Gestionnaire Libre de Parc Informatique. GLPI is a Free Asset and IT Management Software package that provides ITIL Service Desk features, licenses tracking and software auditing. Administrator may store malicious code in entity name. This issue has been patched, please upgrade to...

4.9CVSS5.2AI score0.0044EPSS
Exploits0References1
Rows per page
Query Builder