CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

35 matches found

CNVD•added 2022/10/12 12:0 a.m.•18 views

WordPress soledad cross-site scripting vulnerability

WordPress is a set of blogging platforms developed by the WordPress Foundation using the PHP language. WordPress theme is a theme for WordPress. cross-site scripting vulnerability exists in versions prior to WordPress soledad 8.2.5, which stems from its failure to clear a certain parameter, an...

6.1CVSS1.4AI score0.0023EPSS

Exploits2References1

CNVD•added 2022/10/12 12:0 a.m.•16 views

WordPress Cryptocurrency Pricing list and Ticker Cross-Site Scripting Vulnerability

WordPress and WordPress plugin are products of the WordPress Foundation. WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin. WordPress Cryptocurrency Pricing list and Ticker 1.5 and earlier versions have a cross-site scripting vulnerabilit...

6.1CVSS1.9AI score0.0021EPSS

Exploits1References1

CNNVD•added 2022/09/28 12:0 a.m.•2 views

Heimavista Rpage 跨站脚本漏洞

Heimavista Rpage is a content management system from the Chinese company Heimavista. A cross-site scripting vulnerability exists in versions of Heimavista Rpage prior to v5.4.103, which stems from insufficient filtering of the platform's web URLs that allows an unauthenticated, remote attacker to...

6.1CVSS6AI score0.00595EPSS

Exploits0References2

CNVD•added 2022/02/23 12:0 a.m.•10 views

WordPress Plugin Download Manager SQL Injection Vulnerability

WordPress is a set of blogging platforms developed using the PHP language by the Wordpress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. A SQL injection vulnerability exists in the WordPress plugin Download Manager prior to version 3.2.34. The...

8.8CVSS6.9AI score0.00666EPSS

Exploits2References1

CNNVD•added 2021/11/15 12:0 a.m.•4 views

欣学英资讯 webopac7 跨站脚本漏洞

XinXueYing Info Webopac7 is an online public access catalog of China XinXueYing Info. It is used for users to access library services over the Internet. A cross-site scripting vulnerability exists in XinXueYing Info webopac7, which originates from a book search field parameter that does not...

6.1CVSS5.9AI score0.00496EPSS

Exploits0References2

CNVD•added 2021/08/31 12:0 a.m.•17 views

Indexhibit Cross-Site Scripting Vulnerability (CNVD-2021-67909)

Indexhibit is a web-based content management system. A reflection-based cross-site scripting vulnerability exists in the /plugin/ajax.php component of Indexhibit version 2.1.5. An attacker could use this vulnerability to execute arbitrary web script or HTML...

6.1CVSS3.4AI score0.00201EPSS

Exploits1References1

CNNVD•added 2021/08/30 12:0 a.m.•2 views

Indexhibit 跨站脚本漏洞

6.1CVSS5.6AI score0.00201EPSS

Exploits1References1

CNNVD•added 2021/05/24 12:0 a.m.•1 views

WordPress 跨站脚本漏洞

WordPress is a blogging platform developed by the WordPress Wordpress Foundation using the PHP language. A cross-site scripting vulnerability exists in the WordPress Membership & Learning Management System Plugin for WordPress plugin prior to version 4.21.1, which stems from the plugin generating...

5.4CVSS5.4AI score0.00363EPSS

Exploits2References2

The Hacker News•added 2021/05/07 11:37 a.m.•40 views

New TsuNAME Flaw Could Let Attackers Take Down Authoritative DNS Servers

Security researchers Thursday disclosed a new critical vulnerability affecting Domain Name System DNS resolvers that could be exploited by adversaries to carry out reflection-based denial-of-service attacks against authoritative nameservers. The flaw, called 'TsuNAME,' was discovered by researche...

1AI score

Exploits0

Veracode•added 2017/12/30 1:4 a.m.•120 views

Arbitrary Code Execution

dozer is vulnerable to arbitrary code execution attacks. It incorrectly uses a reflection-based approach to type conversion which allows attackers to execute code through serialized objects...

9.8CVSS9.6AI score0.05361EPSS

Exploits0References9Affected Software1

NVD•added 2017/12/29 10:29 p.m.•10 views

CVE-2014-9515

Dozer improperly uses a reflection-based approach to type conversion, which might allow remote attackers to execute arbitrary code via a crafted serialized object...

9.8CVSS9.6AI score0.05361EPSS

Exploits0References9

Cvelist•added 2017/12/29 10:0 p.m.•13 views

CVE-2014-9515

Dozer improperly uses a reflection-based approach to type conversion, which might allow remote attackers to execute arbitrary code via a crafted serialized object...

9.7AI score0.05361EPSS

Exploits0References9

Positive Technologies•added 2017/12/29 12:0 a.m.•2 views

PT-2017-6361 · Apache · Dozer

Name of the Vulnerable Software and Affected Versions: Dozer affected versions not specified Description: The issue is related to Dozer's improper use of a reflection-based approach to type conversion. This might allow remote attackers to execute arbitrary code via a crafted serialized object...

9.8CVSS9.6AI score0.05361EPSS

Exploits0References12

Akamai Blog•added 2017/03/24 1:30 p.m.•20 views

DDoS of Past, Present and Future

The pervasiveness of technology has meant automation of tasks, allowing better productivity, with more time to do more. However, the dark side of technology would be that enterprises and individuals alike are vulnerable to cybercrimes, compromise of identities, loss of data and subject to malicio...

6.9AI score

Exploits0

Snyk•added 2014/12/05 7:41 a.m.•3 views

Deserialization of Untrusted Data

Overview Affected versions of this package are vulnerable to Deserialization of Untrusted Data due to the improper use of a reflection-based approach to type conversion. An attacker can execute arbitrary code via a crafted serialized object. Details Serialization is a process of converting an...

9.8CVSS7.5AI score0.05361EPSS

Exploits0References2

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by