Lucene search
K

180 matches found

euvd
euvd
added 2025/10/03 8:7 p.m.3 views

EUVD-2021-8130

Malicious code in bioql PyPI...

4.3CVSS5AI score0.00869EPSS
Exploits0References1
nessus
nessus
added 2025/08/19 12:0 a.m.5 views

Linux Distros Unpatched Vulnerability : CVE-2017-5092

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Insufficient validation of untrusted input in PPAPI Plugins in Google Chrome prior to 60.0.3112.78 for Windows allowed a remote attacker to potentially perform ...

8.8CVSS8.1AI score0.01427EPSS
Exploits0References2
redhatcve
redhatcve
added 2025/05/23 1:4 a.m.10 views

CVE-2022-37164

Inoda OnTrack v3.4 employs a weak password policy which allows attackers to potentially gain unauthorized access to the application via brute-force attacks. Additionally, user passwords are hashed without a salt or pepper making it much easier for tools like hashcat to crack the hashes...

9.8CVSS7.3AI score0.00585EPSS
Exploits0References1
redhatcve
redhatcve
added 2025/05/22 6:57 p.m.7 views

CVE-2021-20715

Improper access control vulnerability in Hot Pepper Gourmet App for Android ver.4.111.0 and earlier, and for iOS ver.4.111.0 and earlier allows a remote attacker to lead a user to access an arbitrary website via the vulnerable App...

4.3CVSS6.8AI score0.00869EPSS
Exploits0References1
vulncheck_kev
vulncheck_kev
added 2024/05/06 12:0 a.m.5 views

VulnCheck KEV: CVE-2013-2912

Use-after-free vulnerability in the PepperInProcessRouter::SendToHost function in content/renderer/pepper/pepperinprocessrouter.cc in the Pepper Plug-in API PPAPI in Google Chrome before 30.0.1599.66 allows remote attackers to cause a denial of service or possibly have unspecified other...

7.5CVSS5.9AI score0.0145EPSS
Exploits0References1
openbugbounty
openbugbounty
added 2024/01/15 5:50 p.m.4 views

pepperfashion.gr Improper Access Control vulnerability OBB-3835419

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

7AI score
Exploits0
susecve
susecve
added 2023/02/15 5:37 a.m.3 views

SUSE CVE-2013-2912

Use-after-free vulnerability in the PepperInProcessRouter::SendToHost function in content/renderer/pepper/pepperinprocessrouter.cc in the Pepper Plug-in API PPAPI in Google Chrome before 30.0.1599.66 allows remote attackers to cause a denial of service or possibly have unspecified other impact vi...

7.5CVSS9.6AI score0.0145EPSS
Exploits0References5
susecve
susecve
added 2023/02/15 5:33 a.m.3 views

SUSE CVE-2013-6666

The PepperFlashRendererHost::OnNavigate function in renderer/pepper/pepperflashrendererhost.cc in Google Chrome before 33.0.1750.146 does not verify that all headers are Cross-Origin Resource Sharing CORS simple headers before proceeding with a PPBFlash.Navigate operation, which might allow remot...

5.8CVSS8.6AI score0.01177EPSS
Exploits1References3
susecve
susecve
added 2023/02/15 5:26 a.m.4 views

SUSE CVE-2014-7906

Use-after-free vulnerability in the Pepper plugins in Google Chrome before 39.0.2171.65 allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted Flash content that triggers an attempted PepperMediaDeviceManager access outside of the object's...

7.5CVSS9.6AI score0.01951EPSS
Exploits0References4
susecve
susecve
added 2023/02/15 5:7 a.m.4 views

SUSE CVE-2016-1631

The PPBFlashMessageLoopImpl::InternalRun function in content/renderer/pepper/ppbflashmessageloopimpl.cc in the Pepper plugin in Google Chrome before 49.0.2623.75 mishandles nested message loops, which allows remote attackers to bypass the Same Origin Policy via a crafted web site...

8.8CVSS8.8AI score0.01334EPSS
Exploits2References7
susecve
susecve
added 2023/02/15 3:56 a.m.3 views

SUSE CVE-2020-16014

Use after free in PPAPI in Google Chrome prior to 87.0.4280.66 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page...

9.6CVSS9.1AI score0.0099EPSS
Exploits0References9
attackerkb
attackerkb
added 2022/09/08 4:15 p.m.4 views

CVE-2022-37163

Bminusl IHateToBudget v1.5.7 employs a weak password policy which allows attackers to potentially gain unauthorized access to the application via brute-force attacks. Additionally, user passwords are hashed without a salt or pepper making it much easier for tools like hashcat to crack the hashes...

9.8CVSS7.4AI score0.00493EPSS
Exploits0References3
cvelist
cvelist
added 2022/09/08 3:16 p.m.23 views

CVE-2022-37163

Bminusl IHateToBudget v1.5.7 employs a weak password policy which allows attackers to potentially gain unauthorized access to the application via brute-force attacks. Additionally, user passwords are hashed without a salt or pepper making it much easier for tools like hashcat to crack the hashes...

9.8AI score0.00493EPSS
Exploits0References2
ptsecurity
ptsecurity
added 2022/09/08 12:0 a.m.6 views

PT-2022-23852 · Inoda · Inoda Ontrack

Name of the Vulnerable Software and Affected Versions: Inoda OnTrack version 3.4 Description: The issue is related to a weak password policy, allowing potential unauthorized access via brute-force attacks. User passwords are hashed without a salt or pepper, making it easier for tools like hashcat...

9.8CVSS9.3AI score0.00585EPSS
Exploits0References8
osv
osv
added 2021/04/27 6:15 a.m.3 views

CVE-2021-20715

Improper access control vulnerability in Hot Pepper Gourmet App for Android ver.4.111.0 and earlier, and for iOS ver.4.111.0 and earlier allows a remote attacker to lead a user to access an arbitrary website via the vulnerable App...

4.3CVSS5.9AI score0.00869EPSS
Exploits0References1
nvd
nvd
added 2021/04/27 6:15 a.m.23 views

CVE-2021-20715

Improper access control vulnerability in Hot Pepper Gourmet App for Android ver.4.111.0 and earlier, and for iOS ver.4.111.0 and earlier allows a remote attacker to lead a user to access an arbitrary website via the vulnerable App...

4.3CVSS0.00869EPSS
Exploits0References1
prion
prion
added 2021/04/27 6:15 a.m.15 views

Improper access control

Improper access control vulnerability in Hot Pepper Gourmet App for Android ver.4.111.0 and earlier, and for iOS ver.4.111.0 and earlier allows a remote attacker to lead a user to access an arbitrary website via the vulnerable App...

4.3CVSS4.5AI score0.00869EPSS
Exploits0References1Affected Software1
cve
cve
added 2021/04/27 5:42 a.m.42 views

CVE-2021-20715

CVE-2021-20715 concerns an improper access control (CWE-284) in Hot Pepper Gourmet App for Android (v4.111.0 and earlier) and iOS (v4.111.0 and earlier). A remote attacker can cause a user to visit an arbitrary website via the vulnerable app, enabling phishing-like exposure. Mitigation: update to...

4.3CVSS4.4AI score0.00869EPSS
Exploits0References1Affected Software1
cvelist
cvelist
added 2021/04/27 5:42 a.m.17 views

CVE-2021-20715

Improper access control vulnerability in Hot Pepper Gourmet App for Android ver.4.111.0 and earlier, and for iOS ver.4.111.0 and earlier allows a remote attacker to lead a user to access an arbitrary website via the vulnerable App...

4.7AI score0.00869EPSS
Exploits0References1
jvn
jvn
added 2021/04/27 12:0 a.m.58 views

JVN#97434260: Hot Pepper Gourmet App fails to restrict access permissions

Hot Pepper Gourmet App provided by Recruit Co., Ltd. implements the function to access a requested URL using Custom URL Scheme. This function contains an improper access control vulnerability CWE-284 that may allow the vulnerable App to receive an request from an arbitrary App and execute access...

4.3CVSS4.7AI score0.00869EPSS
Exploits0
Rows per page
Query Builder