Lucene search
+L

175 matches found

Cvelist
Cvelist
added 2024/03/14 6:37 p.m.38 views

CVE-2024-27301 Privilege Escalation Abusing installer in SupportApp

Support App is an opensource application specialized in managing Apple devices. It's possible to abuse a vulnerability inside the postinstall installer script to make the installer execute arbitrary code as root. The cause of the vulnerability is the fact that the shebang !/bin/zsh is being used...

7.3CVSS7.5AI score0.00321EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2024/03/12 12:0 a.m.14 views

CVE-2024-25331

DIR-822 Rev. B Firmware v2.02KRB09 and DIR-822-CA Rev. B Firmware v2.03WWb01 suffer from a LAN-Side Unauthenticated Remote Code Execution RCE vulnerability elevated from HNAP Stack-Based Buffer Overflow...

7.6AI score0.00334EPSS
Exploits0References2
NVD
NVD
added 2024/01/12 5:15 a.m.23 views

CVE-2024-23174

An issue was discovered in the PageTriage extension in MediaWiki before 1.35.14, 1.36.x through 1.39.x before 1.39.6, and 1.40.x before 1.40.2. XSS can occur via the rev-deleted-user, pagetriage-tags-quickfilter-label, pagetriage-triage, pagetriage-filter-date-range-format-placeholder,...

5.4CVSS5.3AI score0.00406EPSS
Exploits1References2
OSV
OSV
added 2023/11/08 2:51 p.m.22 views

GHSA-J9RC-W3WV-FV62 XWiki Platform vulnerable to reflected cross-site scripting through revision parameter in content menu

Impact XWiki is vulnerable to reflected cross-site scripting RXSS via the rev parameter that is used in the content of the content menu without escaping. If an attacker can convince a user to visit a link with a crafted parameter, this allows the attacker to execute arbitrary actions in the name ...

9.6CVSS7.7AI score0.02191EPSS
Exploits1References5
GithubExploit
GithubExploit
added 2023/08/29 2:2 p.m.462 views

Exploit for Server-Side Request Forgery in Rbaskets Request_Baskets

Maltrail v0.53 RCE PoC for Maltrail v0.53 RCE I could not get...

6.5CVSS6.4AI score0.06976EPSS
Exploits29
CNNVD
CNNVD
added 2023/06/15 12:0 a.m.6 views

D-Link GO-RT-AC750 操作系统命令注入漏洞

The D-Link GO-RT-AC750 is a wireless dual-band simple router from China AUO D-Link. A security vulnerability exists in the D-Link GO-RT-AC750 revAv101b03 version, which originates from the parameter service of genacgimain containing command injection...

9.8CVSS8.5AI score0.29348EPSS
Exploits1References3
The Coalfire Blog
The Coalfire Blog
added 2023/06/08 8:55 p.m.16 views

What are the impacts of FedRAMP® Rev. 5?

The FedRAMP PMO released the final Rev. 5 security control baselines and transition guidance for cloud service providers CSPs who have achieved authorization to operate ATO and those still in the planning stages. All CSPs should review the guidance as soon as possible and start developing a plan...

7AI score
Exploits0
Openbugbounty
Openbugbounty
added 2023/06/05 3:10 p.m.9 views

rev-vacances.fr Cross Site Scripting vulnerability OBB-3392289

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

6.1AI score
Exploits0
CNNVD
CNNVD
added 2023/04/15 12:0 a.m.6 views

Open-Xchange OX App Suite 代码问题漏洞

Open-Xchange OX App Suite is an email and productivity suite client software from Open-Xchange Germany. A security vulnerability previously existed in Open-Xchange OX App Suite version 7.10.6-rev30, which stemmed from the presence of server-side request forgery...

4.3CVSS5AI score0.00462EPSS
Exploits0References3
Packet Storm
Packet Storm
added 2023/04/05 12:0 a.m.266 views

Kardex Mlog MCC 5.7.12 Remote Code Execution

!/usr/bin/env python3 Exploit Title: Kardex Mlog MCC 5.7.12 - RCE Remote Code Execution Date: 12/13/2022 Exploit Author: Patrick Hener Vendor Homepage: https://www.kardex.com/en/mlog-control-center Version: 5.7.12+0-a203c2a213-master Tested on: Windows Server 2016 CVE : CVE-2023-22855 Writeup:...

9.8CVSS9.4AI score0.14832EPSS
Exploits8
OpenVAS
OpenVAS
added 2023/03/01 12:0 a.m.23 views

D-Link DIR-882 Rev. A <= 1.30B06 Multiple Vulnerabilities

D-Link DIR-882 Rev. A devices are prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

10CVSS7.9AI score0.04635EPSS
Exploits3References24
OpenVAS
OpenVAS
added 2023/02/14 12:0 a.m.17 views

D-Link DIR-825 Rev B <= 2.10b02 NULL Pointer Dereference Vulnerability

D-Link DIR-825 Rev. B devices are prone to a NULL pointer dereference vulnerability. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

7.5CVSS7.6AI score0.01127EPSS
Exploits0References1
HPE Security Bulletins
HPE Security Bulletins
added 2022/05/17 12:0 a.m.4 views

HPESBNW04308 rev.5 - Aruba Products, Multiple Vulnerabilities

Potential Security Impact: Remote: Arbitrary Code Execution, Denial of Service DoS SUPPORTED SOFTWARE VERSIONS: ONLY impacted versions are listed. Aruba AirWave Management Platform 8.2.14.0 and below Aruba LIC-ALE-1 Analytics and Location Engine 1 AP License E-LTU 2.2.0.2 and below Aruba Fabric...

9.8CVSS6.8AI score0.34174EPSS
Exploits1
ATTACKERKB
ATTACKERKB
added 2022/04/07 10:15 p.m.4 views

CVE-2021-43474

An Access Control vulnerability exists in D-Link DIR-823G REVA1 1.02B05 Lastest via any parameter in the HNAP1 function...

9.8CVSS5.8AI score0.03078EPSS
Exploits1References3
NVD
NVD
added 2022/01/31 1:15 p.m.25 views

CVE-2020-36056

Beetel 777VR1-DI Hardware Version REV.1.01 Firmware Version V01.00.0955 was discovered to contain a cross-site scripting XSS vulnerability via the Ping diagnostic option...

5.4CVSS0.0052EPSS
Exploits0References2
OSV
OSV
added 2021/07/30 2:15 p.m.4 views

CVE-2021-28094

OX Documents before 7.10.5-rev7 has Incorrect Access Control for converted documents because hash collisions can occur, due to use of CRC32...

6.5CVSS5.8AI score0.01114EPSS
Exploits0References3
OpenVAS
OpenVAS
added 2021/07/30 12:0 a.m.25 views

SUSE: Security Advisory (SUSE-SU-2021:2555-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

8CVSS7.7AI score0.88644EPSS
Exploits5References2
CNNVD
CNNVD
added 2021/07/22 12:0 a.m.7 views

Open-xchange OX App Suite 跨站脚本漏洞

Open-xchange OX App Suite is a set of Web-based cloud desktop environments from Open-Xchange Open-xchange USA. The environment allows users to more intuitively manage email, tasks, files, and more. A cross-site scripting vulnerability exists in OX App Suite, which stems from an XSS vulnerability...

6.1CVSS5.9AI score0.00792EPSS
Exploits0References3
Rosalinux
Rosalinux
added 2021/07/02 5:41 p.m.37 views

Advisory ROSA-SA-2021-1948

Software: pcsc-lite 1.8.8 OS: Cobalt 7.9 CVE-ID: CVE-2016-10109 CVE-Crit: HIGH CVE-DESC: Post-release exploitation vulnerability in pcsc-lite before 1.8.20 allows remote attackers to cause a denial of service failure with a command that uses "cardList" after the descriptor has been released using...

7.5CVSS7.2AI score0.04042EPSS
Exploits0
Rosalinux
Rosalinux
added 2021/07/02 5:13 p.m.72 views

Advisory ROSA-SA-2021-1867

Software: libebml 1.3.9 OS: Cobalt 7.9 CVE-ID: CVE-2021-3405 CVE-Crit: MEDIUM CVE-DESC: A bug was found in libebml before version 1.4.2. A heap overflow bug exists in the EbmlString :: ReadData and EbmlUnicodeString :: ReadData implementations of libebml. CVE-STATUS: default CVE-REV: default...

6.5CVSS7.3AI score0.01737EPSS
Exploits1
Rows per page
Query Builder