Lucene search
K

377 matches found

Vulnrichment
Vulnrichment
added 2024/10/10 10:12 p.m.16 views

CVE-2024-47872 Cross-site Scripting on Gradio server via upload of HTML files, JS files, or SVG files

Gradio is an open-source Python package designed for quick prototyping. This vulnerability involves Cross-Site Scripting XSS on any Gradio server that allows file uploads. Authenticated users can upload files such as HTML, JavaScript, or SVG files containing malicious scripts. When other users...

6.9CVSS5.9AI score0.00252EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/10/10 10:12 p.m.23 views

CVE-2024-47872 Cross-site Scripting on Gradio server via upload of HTML files, JS files, or SVG files

Gradio is an open-source Python package designed for quick prototyping. This vulnerability involves Cross-Site Scripting XSS on any Gradio server that allows file uploads. Authenticated users can upload files such as HTML, JavaScript, or SVG files containing malicious scripts. When other users...

6.9CVSS0.00252EPSS
Exploits0References1
CVE
CVE
added 2024/10/10 10:12 p.m.84 views

CVE-2024-47872

Technical details about CVE-2024-47872 are not publicly provided in the connected documents. Please monitor for updates from official advisories for affected products, components, versions, and remediation steps.

6.9CVSS5.4AI score0.00252EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2024/10/10 10:12 p.m.12 views

CVE-2024-47872 Cross-site Scripting on Gradio server via upload of HTML files, JS files, or SVG files

Gradio is an open-source Python package designed for quick prototyping. This vulnerability involves Cross-Site Scripting XSS on any Gradio server that allows file uploads. Authenticated users can upload files such as HTML, JavaScript, or SVG files containing malicious scripts. When other users...

6.9CVSS6.2AI score0.00252EPSS
Exploits0References3
OSV
OSV
added 2024/10/10 10:9 p.m.15 views

GHSA-GVV6-33J7-884G Gradio has an XSS on every Gradio server via upload of HTML files, JS files, or SVG files

Impact What kind of vulnerability is it? Who is impacted? This vulnerability involves Cross-Site Scripting XSS on any Gradio server that allows file uploads. Authenticated users can upload files such as HTML, JavaScript, or SVG files containing malicious scripts. When other users download or view...

5.4CVSS5.3AI score0.00252EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2024/10/10 10:9 p.m.24 views

Gradio has an XSS on every Gradio server via upload of HTML files, JS files, or SVG files

Impact What kind of vulnerability is it? Who is impacted? This vulnerability involves Cross-Site Scripting XSS on any Gradio server that allows file uploads. Authenticated users can upload files such as HTML, JavaScript, or SVG files containing malicious scripts. When other users download or view...

6.9CVSS6.2AI score0.00252EPSS
Exploits0References4Affected Software1
Patchstack
Patchstack
added 2024/09/16 7:14 a.m.3 views

WordPress WooCommerce Multiple Free Gift plugin <= 1.2.3 - Insufficient Server-Side Validation to Arbitrary Gift Adding vulnerability

Insufficient Server-Side Validation to Arbitrary Gift Adding vulnerability discovered by Danielius Vargonas in WordPress Plugin WooCommerce Multiple Free Gift versions = 1.2.3...

5.3CVSS7AI score0.00317EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2024/09/14 2:4 a.m.11 views

CVE-2022-3459 WooCommerce Multiple Free Gift <= 1.2.3 - Insufficient Server-Side Validation to Arbitrary Gift Adding

The WooCommerce Multiple Free Gift plugin for WordPress is vulnerable to gift manipulation in all versions up to, and including, 1.2.3. This is due to plugin not enforcing server-side checks on the products that can be added as a gift. This makes it possible for unauthenticated attackers to add...

5.3CVSS5.2AI score0.00317EPSS
Exploits0References2
Cvelist
Cvelist
added 2024/09/14 2:4 a.m.20 views

CVE-2022-3459 WooCommerce Multiple Free Gift <= 1.2.3 - Insufficient Server-Side Validation to Arbitrary Gift Adding

The WooCommerce Multiple Free Gift plugin for WordPress is vulnerable to gift manipulation in all versions up to, and including, 1.2.3. This is due to plugin not enforcing server-side checks on the products that can be added as a gift. This makes it possible for unauthenticated attackers to add...

5.3CVSS0.00317EPSS
Exploits0References2
BDU FSTEC
BDU FSTEC
added 2024/08/19 12:0 a.m.5 views

The vulnerability of the Kubernetes Linkerd security tool for clusters lies in insufficient validation of requests on the server side. This allows a malicious actor to perform an SSRF attack and cause service failure.

The vulnerability of the Kubernetes Linkerd security tool for clusters is related to insufficient validation of requests on the server side. Exploiting this vulnerability allows a malicious actor to perform an SSRF attack and cause a service failure by sending specially crafted requests to...

3.7CVSS5.5AI score0.00444EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2024/08/02 12:0 a.m.5 views

PT-2024-29000 · Changing Information Technology · Tcbservisign

Name of the Vulnerable Software and Affected Versions: TCBServiSign Windows Version from CHANGING Information Technology affected versions not specified Description: The issue concerns improper validation of server-side input in a specific API. This allows unauthenticated remote attackers to caus...

8.8CVSS7.3AI score0.00532EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2024/07/09 12:0 a.m.1 views

PT-2024-4802

Name of the Vulnerable Software and Affected Versions: Microsoft SharePoint Server affected versions not specified Description: The issue is related to insufficient server-side request validation, allowing a remote attacker to disclose protected information. There is no information provided about...

7.8CVSS5.4AI score0.02356EPSS
Exploits0References8
IBM Security Bulletins
IBM Security Bulletins
added 2024/06/25 3:36 p.m.31 views

Security Bulletin: Sterling B2B Integrator Standard Edition is vulnerable to cross-site scripting ( CVE-2023-42014).

Summary In Sterling B2B Integrator Standard Edition Console, the Content-Security-Policy header in the console for B2Bi is not set to the stictest available value. The Content-Security-Policy that is set by the server allows inline Javascript and "eval" functions in the browser. Allowing inline...

5.4CVSS5.3AI score0.00261EPSS
Exploits0Affected Software1
Veracode
Veracode
added 2024/04/24 5:8 a.m.14 views

Prototype Pollution

Conform is vulnerable to prototype pollution. The vulnerability is due to the nested object parsing, allowing attackers to trigger prototype pollution by passing crafted input to parseWith functions. Applications using Conform for server-side validation of form data or URL parameters are affected...

8.6CVSS6.9AI score0.00725EPSS
Exploits0References4Affected Software3
OSV
OSV
added 2024/04/23 9:15 p.m.19 views

GHSA-624G-8QJG-8QXF Conform contains a Prototype Pollution Vulnerability in `parseWith...` function

Summary Conform allows the parsing of nested objects in the form of object.property. Due to an improper implementation of this feature, an attacker can exploit it to trigger prototype pollution by passing a crafted input to parseWith... functions. PoC javascript const parseWithZod =...

8.6CVSS8.5AI score0.00725EPSS
Exploits0References6
Github Security Blog
Github Security Blog
added 2024/04/23 9:15 p.m.36 views

Conform contains a Prototype Pollution Vulnerability in `parseWith...` function

Summary Conform allows the parsing of nested objects in the form of object.property. Due to an improper implementation of this feature, an attacker can exploit it to trigger prototype pollution by passing a crafted input to parseWith... functions. PoC javascript const parseWithZod =...

8.6CVSS8.5AI score0.00725EPSS
Exploits0References6Affected Software3
NVD
NVD
added 2024/04/23 9:15 p.m.11 views

CVE-2024-32866

Conform, a type-safe form validation library, allows the parsing of nested objects in the form of object.property. Due to an improper implementation of this feature in versions prior to 1.1.1, an attacker can exploit the feature to trigger prototype pollution by passing a crafted input to...

8.6CVSS8.5AI score0.00725EPSS
Exploits0References3
OSV
OSV
added 2024/04/23 9:7 p.m.28 views

CVE-2024-32866 Conform contains Prototype Pollution Vulnerability in `parseWith...` function

Conform, a type-safe form validation library, allows the parsing of nested objects in the form of object.property. Due to an improper implementation of this feature in versions prior to 1.1.1, an attacker can exploit the feature to trigger prototype pollution by passing a crafted input to...

8.6CVSS8.2AI score0.00725EPSS
Exploits0References5
CVE
CVE
added 2024/04/23 9:7 p.m.78 views

CVE-2024-32866

CVE-2024-32866 concerns Conform, a type-safe form validation library. The issue enables prototype pollution through parsing of nested objects (object.property) in parseWith… functions due to an improper implementation in versions prior to 1.1.1. This affects server-side validation of form data or...

8.6CVSS6.5AI score0.00725EPSS
Exploits0References3
OSV
OSV
added 2024/04/10 5:15 p.m.14 views

CVE-2024-1599

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority...

6.6AI score
Exploits0
Rows per page
Query Builder