Lucene search
K

260 matches found

OSV
OSV
added 2024/11/29 7:15 p.m.3 views

DEBIAN-CVE-2024-36615

FFmpeg n7.0 has a race condition vulnerability in the VP9 decoder. This could lead to a data race if video encoding parameters were being exported, as the side data would be attached in the decoder thread while being read in the output thread...

5.9CVSS6.1AI score0.00436EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/11/29 12:0 a.m.12 views

CVE-2024-36615

FFmpeg n7.0 has a race condition vulnerability in the VP9 decoder. This could lead to a data race if video encoding parameters were being exported, as the side data would be attached in the decoder thread while being read in the output thread...

6.7AI score0.00436EPSS
Exploits0References3
CVE
CVE
added 2024/11/29 12:0 a.m.67 views

CVE-2024-36615

The CVE-2024-36615 entry concerns FFmpeg n7.0: a race condition in the VP9 decoder that can cause a data race if video encoding parameters are exported, with side data attached in the decoder thread while read in the output thread. Connected sources (Debian DLA-4440 and OpenSUSE/SUSE advisories) ...

5.9CVSS6.7AI score0.00436EPSS
Exploits0References3Affected Software1
CNNVD
CNNVD
added 2024/11/14 12:0 a.m.5 views

Red Hat OpenShift Container Platform 安全漏洞

Red Hat OpenShift Container Platform is a suite of application platforms from Red Hat, Inc. that enables organizations to develop, deploy and manage existing container-based applications across physical, virtual and public cloud infrastructures. A security vulnerability exists in Red Hat OpenShif...

4.9CVSS5.1AI score0.00361EPSS
Exploits0References3
Cvelist
Cvelist
added 2024/03/24 7:4 p.m.29 views

CVE-2024-29194 OneUptime Vulnerable to a Privilege Escalation via Local Storage Key Manipulation

OneUptime is a solution for monitoring and managing online services. The vulnerability lies in the improper validation of client-side stored data within the web application. Specifically, the ismasteradmin key, stored in the local storage of the browser, can be manipulated by an attacker. By...

8.3CVSS8.3AI score0.00702EPSS
Exploits1References2
NVD
NVD
added 2024/02/23 7:15 a.m.26 views

CVE-2024-1779

The Admin side data storage for Contact Form 7 plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ztdcfcfchangestatus function in all versions up to, and including, 1.1.1. This makes it possible for unauthenticated attackers to alter t...

5.3CVSS5.1AI score0.00386EPSS
Exploits0References2
Cvelist
Cvelist
added 2024/02/23 6:48 a.m.29 views

CVE-2024-1777 Admin side data storage for Contact Form 7 <= 1.1.1 - Cross-Site Request Forgery

The Admin side data storage for Contact Form 7 plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1.1. This is due to missing or incorrect nonce validation on the settings update function. This makes it possible for unauthenticated attackers t...

4.3CVSS4.5AI score0.00198EPSS
Exploits0References2
OSV
OSV
added 2023/11/01 2:15 p.m.5 views

DEBIAN-CVE-2023-46931

GPAC 2.3-DEV-rev605-gfc9e29089-master contains a heap-buffer-overflow in ffdmxparsesidedata /afltest/gpac/src/filters/ffdmx.c:202:14 in gpac/MP4Box...

5.5CVSS5.6AI score0.00206EPSS
Exploits0References1
OSV
OSV
added 2023/11/01 2:15 p.m.1 views

UBUNTU-CVE-2023-46931

GPAC 2.3-DEV-rev605-gfc9e29089-master contains a heap-buffer-overflow in ffdmxparsesidedata /afltest/gpac/src/filters/ffdmx.c:202:14 in gpac/MP4Box...

5.5CVSS5.8AI score0.00206EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2023/11/01 12:0 a.m.4 views

PT-2023-30264 · Gpac +1 · Gpac +1

Name of the Vulnerable Software and Affected Versions: GPAC version 2.3-DEV-rev605-gfc9e29089-master Description: The issue is a heap-buffer-overflow in the ffdmx parse side data function located at /afltest/gpac/src/filters/ff dmx.c:202:14 in gpac/MP4Box. This indicates a problem with how data i...

5.5CVSS6.5AI score0.00206EPSS
Exploits0References15
CNVD
CNVD
added 2022/03/31 12:0 a.m.19 views

Sourcecodester Hospital Patient Records Management System跨站脚本漏洞(CNVD-2022-48761)

Sourcecodester Hospital Patient Records Management System is a Web-based application that provides an automated platform for hospitals to store and manage their patient records. A cross-site scripting vulnerability exists in version 1.0, which stems from the lack of proper validation of client-si...

5.4CVSS1.7AI score0.00487EPSS
Exploits1References1
CNVD
CNVD
added 2022/03/11 12:0 a.m.18 views

livehelperchat Cross-Site Scripting Vulnerability (CNVD-2022-18521)

livehelperchat is available through Live Helper Chat, which provides free live support on the website. livehelperchat suffers from a cross-site scripting vulnerability that stems from the lack of proper validation of client-side data by the WEB application. An attacker could exploit the...

6.5CVSS2.5AI score0.0064EPSS
Exploits1References1
CNNVD
CNNVD
added 2022/03/11 12:0 a.m.5 views

Orchard Core 跨站脚本漏洞

Net Core, an open source modular and multi-tenant application framework built using Asp.Net Core, and a content management system Cms built on top of the framework.A cross-site scripting vulnerability exists in Orchard Core, which stems from the lack of proper validation of client-side data in th...

6.1CVSS5.4AI score0.00728EPSS
Exploits1References3
CNVD
CNVD
added 2022/03/04 12:0 a.m.17 views

Zulip Cross-Site Scripting Vulnerability (CNVD-2022-17016)

Zulip is a powerful open source group chat application from the Zulip team. Used to combine the immediacy of real-time chat with the productivity benefits of threaded conversations, Zulip suffers from a cross-site scripting vulnerability that stems from the WEB application's lack of proper...

5.4CVSS3.1AI score0.00563EPSS
Exploits0References1
CNVD
CNVD
added 2022/03/01 12:0 a.m.21 views

Microweber Cross-Site Scripting Vulnerability (CNVD-2022-15527)

Microweber is an online store management system from the Microweber community in the United States that provides drag-and-drop functionality. The system includes modules for adding products, images, etc. A cross-site scripting vulnerability exists in GitHub, which stems from the lack of proper...

8CVSS2.8AI score0.00888EPSS
Exploits1References1
CNNVD
CNNVD
added 2022/02/26 12:0 a.m.5 views

Tricentis qTest 跨站脚本漏洞

Tricentis qTest is used by Tricentis to centrally manage and understand software testing activities from conception to production. qTest has a cross-site scripting vulnerability that stems from the lack of proper validation of client-side data by the WEB application, which can be exploited by...

5.4CVSS5.3AI score0.00448EPSS
Exploits0References5
CNVD
CNVD
added 2022/02/14 12:0 a.m.20 views

Taocms Cross-Site Scripting Vulnerability (CNVD-2022-11522)

Taocms is a micro Cms content management system in China. Taocms suffers from a cross-site scripting vulnerability that stems from the lack of proper validation of client-side data in the WEB application, which can be exploited by attackers to execute client-side code...

4.8CVSS3.7AI score0.00494EPSS
Exploits1References1
CNNVD
CNNVD
added 2022/02/10 12:0 a.m.6 views

Taocms 跨站脚本漏洞

Taocms is a micro Cms content management system in China. Taocms suffers from a cross-site scripting vulnerability that stems from the lack of proper validation of client-side data in the WEB application, which can be exploited by attackers to execute client-side code...

4.8CVSS5.3AI score0.00494EPSS
Exploits1References1
CNNVD
CNNVD
added 2022/02/09 12:0 a.m.6 views

chatwoot 跨站脚本漏洞

chatwoot is a software application. Customer Engagement Suite, an open source alternative to Intercom, Zendesk, Salesforce Service Cloud, and more. chatwoot suffers from a cross-site scripting vulnerability that stems from the WEB application's lack of proper validation of client-side data. An...

6.1CVSS6AI score0.0085EPSS
Exploits1References3
CNNVD
CNNVD
added 2022/02/09 12:0 a.m.7 views

GitHub 跨站脚本漏洞

GitHub is a hosting platform for open source and private software projects. A cross-site scripting vulnerability exists in the GitHub repository chatwoot/chatwoot and prior versions, which stems from a lack of proper validation of client-side data by the web application. An attacker can exploit...

7.3CVSS6.7AI score0.00856EPSS
Exploits1References3
Rows per page
Query Builder