Lucene search
K

3025 matches found

OSV
OSV
added 2022/08/12 4:15 p.m.15 views

CVE-2022-35589

A cross-site scripting XSS issue in the Fork version 5.9.3 allows remote attackers to inject JavaScript via the "publishontime" Parameter...

4.8CVSS5AI score
Exploits0References1
GithubExploit
GithubExploit
added 2022/08/03 2:51 a.m.554 views

Exploit for Code Injection in Vmware Spring_Cloud_Gateway

CVE-2022-22947 Introduction to CVE-2022-22947 The Spring C...

10CVSS7.8AI score0.98253EPSS
Exploits54
ATTACKERKB
ATTACKERKB
added 2022/07/30 12:15 a.m.2 views

CVE-2022-30083

EllieGrid Android Application version 3.4.1 is vulnerable to Code Injection. The application appears to evaluate user input as code remote...

9.8CVSS7.4AI score0.00984EPSS
Exploits1References2
OSV
OSV
added 2022/07/30 12:15 a.m.3 views

CVE-2022-30083

EllieGrid Android Application version 3.4.1 is vulnerable to Code Injection. The application appears to evaluate user input as code remote...

9.8CVSS5.9AI score
Exploits0References1
OSV
OSV
added 2022/07/23 12:0 a.m.13 views

GHSA-5GXC-FXCR-9326 convert-svg-core vulnerable to remote code injection

The package convert-svg-core before 0.6.2 is vulnerable to Remote Code Injection via sending an SVG file containing the payload in an onload attribute. Puppeteer/Chromium used by convert-svg-core will execute any code within that tag, including malicious code. PoC Payload html where the id...

9.8CVSS9.9AI score0.09204EPSS
Exploits1References6
Github Security Blog
Github Security Blog
added 2022/07/23 12:0 a.m.24 views

convert-svg-core vulnerable to remote code injection

The package convert-svg-core before 0.6.2 is vulnerable to Remote Code Injection via sending an SVG file containing the payload in an onload attribute. Puppeteer/Chromium used by convert-svg-core will execute any code within that tag, including malicious code. PoC Payload html where the id...

9.9CVSS9.9AI score0.09204EPSS
Exploits1References6Affected Software1
NVD
NVD
added 2022/07/22 8:15 p.m.22 views

CVE-2022-25759

The package convert-svg-core before 0.6.2 are vulnerable to Remote Code Injection via sending an SVG file containing the payload...

9.9CVSS0.09204EPSS
Exploits1References4
OSV
OSV
added 2022/07/22 8:15 p.m.16 views

CVE-2022-25759

The package convert-svg-core before 0.6.2 are vulnerable to Remote Code Injection via sending an SVG file containing the payload...

9.8CVSS7.5AI score
Exploits0References4
Prion
Prion
added 2022/07/22 8:15 p.m.12 views

Code injection

The package convert-svg-core before 0.6.2 are vulnerable to Remote Code Injection via sending an SVG file containing the payload...

7.5CVSS9.8AI score0.09204EPSS
Exploits1References4Affected Software1
CVE
CVE
added 2022/07/22 8:0 p.m.72 views

CVE-2022-25759

The CVE-2022-25759 issue affects the convert-svg-core npm package, specifically versions before 0.6.2. It enables remote code injection by processing an SVG containing a payload (notably via an onload attribute). Impact is remote code execution when using the vulnerable library in conjunction wit...

9.9CVSS9.8AI score0.09204EPSS
Exploits1References4Affected Software1
Cvelist
Cvelist
added 2022/07/22 8:0 p.m.21 views

CVE-2022-25759 Remote Code Injection

The package convert-svg-core before 0.6.2 are vulnerable to Remote Code Injection via sending an SVG file containing the payload...

9.9CVSS10AI score0.09204EPSS
Exploits1References4
ATTACKERKB
ATTACKERKB
added 2022/07/22 8:0 p.m.4 views

CVE-2022-25759

The package convert-svg-core before 0.6.2 are vulnerable to Remote Code Injection via sending an SVG file containing the payload...

9.9CVSS6AI score0.09204EPSS
Exploits1References5
CNNVD
CNNVD
added 2022/07/22 12:0 a.m.4 views

convert-svg 代码注入漏洞

convert-svg is open source series of open source software for converting SVG format files to other formats. A security vulnerability exists in versions of convert-svg prior to 0.6.2, which stems from the fact that by sending SVG files containing payloads, convert-svg-core is vulnerable to remote...

9.9CVSS8.6AI score0.09204EPSS
Exploits1References5
Prion
Prion
added 2022/07/15 12:15 p.m.23 views

Code injection

Honeywell Alerton Ascent Control Module ACM through 2022-05-04 allows unauthenticated programming writes from remote users. This enables code to be store on the controller and then run without verification. A user with malicious intent can send a crafted packet to change and/or stop the program...

6CVSS7.9AI score0.01174EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2022/07/12 6:20 a.m.60 views

CVE-2022-22682

CVE-2022-22682 affects Synology Calendar: an XSS flaw in Event Management prior to version 2.4.5-10930. The issue arises from improper neutralization of input during web page generation, enabling an authenticated remote attacker to inject arbitrary script/HTML through unspecified vectors. Impact ...

6.5CVSS5.1AI score0.00484EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2022/06/27 7:15 p.m.3 views

CVE-2017-20099

A vulnerability was found in Analytics Stats Counter Statistics Plugin 1.2.2.5 and classified as critical. This issue affects some unknown processing. The manipulation leads to code injection. The attack may be initiated remotely...

9.8CVSS5.6AI score0.0109EPSS
Exploits1References2
NVD
NVD
added 2022/06/24 7:15 a.m.15 views

CVE-2017-20095

A vulnerability classified as critical was found in Simple Ads Manager Plugin. This vulnerability affects unknown code. The manipulation leads to code injection. The attack can be initiated remotely...

9.8CVSS0.0087EPSS
Exploits1References2
CNNVD
CNNVD
added 2022/06/02 12:0 a.m.3 views

Merchandise Online Store 代码问题漏洞

Merchandise Online Store is a Merchandise Online Store system developed by Carlo Montero. A security vulnerability exists in Merchandise Online Store v1.0, which is caused by a remote code injection issue in the user profile upload port on the system information page...

9.8CVSS8.8AI score0.01701EPSS
Exploits1References2
Snyk
Snyk
added 2022/06/01 7:58 a.m.7 views

Remote Code Injection

Overview convert-svg-core is a package that supports converting SVG into another format using headless Chromium. Affected versions of this package are vulnerable to Remote Code Injection via sending an SVG file containing the payload. PoC: js const convert = require'convert-svg-to-png'; const...

9.9CVSS7.5AI score0.09204EPSS
Exploits1References2
NVD
NVD
added 2022/05/26 2:15 p.m.10 views

CVE-2021-34360

A cross-site request forgery CSRF vulnerability has been reported to affect QNAP device running Proxy Server. If exploited, this vulnerability allows remote attackers to inject malicious code. We have already fixed this vulnerability in the following versions of Proxy Server: QTS 4.5.x: Proxy...

8.8CVSS0.00437EPSS
Exploits0References1
Rows per page
Query Builder