Lucene search
K

145 matches found

Vulnrichment
Vulnrichment
added 2023/10/27 12:0 a.m.16 views

CVE-2023-46815

An issue was discovered in SugarCRM 12 before 12.0.4 and 13 before 13.0.2. An Unrestricted File Upload vulnerability has been identified in the Notes module. By using a crafted request, custom PHP code can be injected via the Notes module because of missing input validation. An attacker with...

7.1AI score0.00553EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2023/10/27 12:0 a.m.14 views

CVE-2023-46816

An issue was discovered in SugarCRM 12 before 12.0.4 and 13 before 13.0.2. A Server Site Template Injection SSTI vulnerability has been identified in the GecControl action. By using a crafted request, custom PHP code can be injected via the GetControl action because of missing input validation. A...

7.4AI score0.00597EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2023/10/27 12:0 a.m.9 views

PT-2023-30232 · Sugarcrm · Sugarcrm

Name of the Vulnerable Software and Affected Versions: SugarCRM versions prior to 12.0.4 SugarCRM versions prior to 13.0.2 Description: A Server Site Template Injection SSTI issue has been identified in the GecControl action, allowing custom PHP code injection via the GetControl action due to...

8.8CVSS9AI score0.00597EPSS
Exploits0References4
OSV
OSV
added 2023/10/04 11:15 a.m.4 views

CVE-2023-4997

Improper authorisation of regular users in ProIntegra Uptime DC software versions below 2.0.0.33940 allows them to change passwords of all other users including administrators leading to a privilege escalation...

8.8CVSS5.8AI score0.00544EPSS
Exploits0References2
OSV
OSV
added 2023/09/12 8:15 p.m.14 views

CVE-2023-4918

A flaw was found in the Keycloak package, more specifically org.keycloak.userprofile. When a user registers itself through registration flow, the "password" and "password-confirm" field from the form will occur as regular user attributes. All users and clients with proper rights and roles are abl...

8.8CVSS6.8AI score0.00466EPSS
Exploits0References3
OSV
OSV
added 2023/09/07 7:15 a.m.4 views

CVE-2023-38033

ASUS RT-AC86U unused Traffic Analyzer legacy Statistic function has insufficient filtering of special character. A remote attacker with regular user privilege can exploit this vulnerability to perform command injection attack to execute arbitrary commands, disrupt system or terminate services...

8.8CVSS6AI score
Exploits0References1
OSV
OSV
added 2023/09/07 7:15 a.m.5 views

CVE-2023-39237

ASUS RT-AC86U Traffic Analyzer - Apps analysis function has insufficient filtering of special character. A remote attacker with regular user privilege can exploit this vulnerability to perform command injection attack to execute arbitrary commands, disrupt system or terminate services...

8.8CVSS6AI score0.01056EPSS
Exploits0References1
OSV
OSV
added 2023/09/07 7:15 a.m.4 views

CVE-2023-39236

ASUS RT-AC86U Traffic Analyzer - Statistic function has insufficient filtering of special character. A remote attacker with regular user privilege can exploit this vulnerability to perform command injection attack to execute arbitrary commands, disrupt system or terminate services...

8.8CVSS6AI score0.01056EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2023/09/04 12:0 a.m.4 views

PT-2023-7492 · Asus · Asus Rt-Ac86U

Name of the Vulnerable Software and Affected Versions: ASUS RT-AC86U affected versions not specified Description: The issue is related to the insufficient filtering of special characters in the Traffic Analyzer legacy Statistic function of the ASUS RT-AC86U router. A remote attacker with regular...

9CVSS8.9AI score0.01056EPSS
Exploits0References9
Huntr
Huntr
added 2023/08/29 9:32 a.m.12 views

LimeSurvey 5.6.34-230816 has a storage based XSS vulnerability caused by importManifest

Description A regular user with "theme" privileges who maliciously sets the "templatename" during the importManifest process can lead to a stored Cross-Site Scripting XSS vulnerability. Proof of Concept The first step is to create a user with only 'theme' permission. Log in to this user and make ...

5.6AI score
Exploits0
Prion
Prion
added 2023/07/31 6:15 a.m.18 views

Cross site scripting

A stored cross-site scripting XSS issue was discovered within the Custom User Icons functionality of ASUS RT-AX88U running firmware versions 3.0.0.4.388.23110 and prior. After a remote attacker logging in device with regular user privilege, the remote attacker can perform a Stored Cross-site...

4.9CVSS5.2AI score0.00373EPSS
Exploits0References1Affected Software1
Huntr
Huntr
added 2023/02/22 3:1 a.m.38 views

Insecure Business Logic - Client Side Enforcement Bypass on User Account Deletion

Description The application enforces account deletion on the client-side with a popup that states the admin account cannot be deleted. Additionally, regular users do not have an option in the interface to delete their own account. An administrative and regular-privileged user are able to bypass...

5.5CVSS5.5AI score0.0075EPSS
Exploits1References1
SUSE CVE
SUSE CVE
added 2023/02/15 4:26 a.m.6 views

SUSE CVE-2018-12561

An issue was discovered in the cantata-mounter D-Bus service in Cantata through 2.3.1. A regular user can inject additional mount options such as filemode= by manipulating for example the domain parameter of the samba URL...

8.8CVSS9.1AI score0.01382EPSS
Exploits0References3
UbuntuCve
UbuntuCve
added 2022/12/30 11:15 p.m.37 views

CVE-2022-34682

NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer, where an unprivileged regular user can cause a null-pointer dereference, which may lead to denial of service...

5.5CVSS6.1AI score0.00233EPSS
Exploits0References2
Cvelist
Cvelist
added 2022/12/30 12:0 a.m.37 views

CVE-2022-34672

NVIDIA Control Panel for Windows contains a vulnerability where an unauthorized user or an unprivileged regular user can compromise the security of the software by gaining privileges, reading sensitive information, or executing commands...

7.8CVSS8.5AI score0.00207EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2022/11/15 2:24 p.m.7 views

CVE-2022-41814 Potential XSS in history view

Cross-site Scripting XSS vulnerability in BlueSpiceFoundation extension of BlueSpice allows user with regular account and edit permissions to inject arbitrary HTML into the history view of a wikipage...

3.3CVSS5.3AI score0.00255EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2022/11/15 12:0 a.m.6 views

PT-2022-26206 · Unknown +1 · Bluespicebookshelf +1

Name of the Vulnerable Software and Affected Versions: BlueSpice affected versions not specified Description: The issue allows a user with a regular account and edit permissions to inject arbitrary HTML into the book navigation, which is a result of a Cross-site Scripting XSS vulnerability in the...

5.4CVSS5.2AI score0.00255EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2022/11/15 12:0 a.m.5 views

PT-2022-24980 · Bluespice · Bluespice

Name of the Vulnerable Software and Affected Versions: BlueSpice affected versions not specified Description: The issue allows a user with a regular account and edit permissions to inject arbitrary HTML into the personal menu navigation of their own and other users, enabling targeted attacks...

5.4CVSS5.4AI score0.00255EPSS
Exploits0References3
Fedora
Fedora
added 2022/05/07 4:47 a.m.40 views

[SECURITY] Fedora 36 Update: podman-4.0.3-1.fc36

podman Pod Manager is a fully featured container engine that is a simple daemonless tool. podman provides a Docker-CLI comparable command line that eases the transition from other container engines and allows the management of pods, containers and images. Simply put: alias docker=3Dpodman. Most...

7.5CVSS10AI score0.05994EPSS
Exploits0
RedHat Linux
RedHat Linux
added 2021/12/02 4:24 p.m.5 views

mailman: CSRF token bypass allows to perform CSRF attacks and admin takeover

A Cross-Site Request Forgery CSRF attack can be performed in mailman due to a CSRF token bypass. CSRF tokens are not checked against the right type of user when performing admin operations and a token created by a regular user can be used by an admin to perform an admin-level request, effectively...

8.8CVSS7.3AI score0.0073EPSS
Exploits0References4
Rows per page
Query Builder