Lucene search
K

96 matches found

Prion
Prion
added 2023/10/14 4:15 a.m.22 views

Cross site scripting

Multiple Stored Cross Site Scripting XSS vulnerabilities in Opart opartmultihtmlblock before version 2.0.12 and Opart multihtmlblock version 1.0.0, allows remote authenticated users to inject arbitrary web script or HTML via the bodytext or bodytextrude field in /sourcefiles/BlockhtmlClass.php an...

4.9CVSS5.2AI score0.00388EPSS
Exploits0References1Affected Software1
Prion
Prion
added 2023/10/04 11:15 a.m.19 views

Path traversal

Aqua Drive, in its 2.4 version, is vulnerable to a relative path traversal vulnerability. By exploiting this vulnerability, an authenticated non privileged user could access/modify stored resources of other users. It could also be possible to access and modify the source and configuration files o...

6.5CVSS8.3AI score0.00629EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2023/10/04 12:0 a.m.6 views

PT-2023-25768 · Unknown · Aqua Drive

Name of the Vulnerable Software and Affected Versions: Aqua Drive version 2.4 Description: The issue allows an authenticated non-privileged user to access or modify stored resources of other users through a relative path traversal vulnerability. It could also be possible to access and modify the...

9.9CVSS8.5AI score0.00629EPSS
Exploits0References5
Ubuntu
Ubuntu
added 2023/09/20 11:48 a.m.44 views

USN-6389-1: Indent vulnerability

It was discovered that Indent incorrectly handled parsing certain source files. If a user or automated system were tricked into processing a specially crafted source file, a remote attacker could use this issue to cause Indent to crash, resulting in a denial of service, or possibly execute...

5.5CVSS5.8AI score0.00424EPSS
Exploits1
OSV
OSV
added 2023/09/20 11:48 a.m.2 views

USN-6389-1 indent vulnerability

It was discovered that Indent incorrectly handled parsing certain source files. If a user or automated system were tricked into processing a specially crafted source file, a remote attacker could use this issue to cause Indent to crash, resulting in a denial of service, or possibly execute...

5.5CVSS6.2AI score0.00424EPSS
Exploits1References2
UbuntuCve
UbuntuCve
added 2023/02/20 11:15 p.m.49 views

CVE-2022-48338

An issue was discovered in GNU Emacs through 28.2. In ruby-mode.el, the ruby-find-library-file function has a local command injection vulnerability. The ruby-find-library-file function is an interactive function, and bound to C-c C-f. Inside the function, the external command gem is called throug...

7.3CVSS7AI score0.01639EPSS
Exploits0References2
SUSE CVE
SUSE CVE
added 2023/02/15 6:4 a.m.3 views

SUSE CVE-2009-1577

Multiple stack-based buffer overflows in the putstring function in find.c in Cscope before 15.6 allow user-assisted remote attackers to execute arbitrary code via a long 1 function name or 2 symbol in a source-code file...

9.3CVSS8.2AI score0.07496EPSS
Exploits1References3
CVE
CVE
added 2022/08/15 8:36 a.m.76 views

CVE-2022-2180

The CVE-2022-2180 issue affects the GREYD.SUITE WordPress theme and related listings, where unauthenticated users can upload arbitrary files (including PHP) via the theme’s custom font upload workflow due to missing authorization/CSRF checks. This can lead to remote code execution (RCE). Affected...

9.8CVSS10AI score0.01896EPSS
Exploits2References1Affected Software1
WPVulnDB
WPVulnDB
added 2022/07/21 12:0 a.m.20 views

GREYD.SUITE < 1.2.7 - Unauthenticated File Upload to RCE

The plugin does not properly validate uploaded custom font packages, and does not perform any authorization or csrf checks, allowing an unauthenticated attacker to upload arbitrary files including php source files, leading to possible remote code execution RCE. Version 1.2.5 added CSRF checks PoC...

9.8CVSS2.2AI score0.01896EPSS
Exploits2Affected Software1
Veracode
Veracode
added 2022/05/29 2:46 p.m.20 views

Privilege Escalation

needrestart is vulnerable to privilege escalation. The vulnerability exists when the library tries to detect if interpreters are using old source files...

7.8CVSS7.3AI score0.00405EPSS
Exploits2References8Affected Software1
OSV
OSV
added 2022/05/18 12:0 a.m.29 views

GHSA-2XVX-RW9P-XGFC Sandbox bypass vulnerability through implicitly allowlisted platform Groovy files in Jenkins Pipeline: Groovy Plugin

Pipeline: Groovy Plugin allows pipelines to load Groovy source files. This is intended to be used to allow Global Shared Libraries to execute without sandbox protection. In Pipeline: Groovy Plugin 2689.v434009a31bf1 and earlier, any Groovy source files bundled with Jenkins core and plugins could ...

7.5CVSS8.6AI score0.01244EPSS
Exploits0References6
OSV
OSV
added 2022/05/17 6:58 p.m.18 views

CVE-2022-30688

needrestart 0.8 through 3.5 before 3.6 is prone to local privilege escalation. Regexes to detect the Perl, Python, and Ruby interpreters are not anchored, allowing a local user to escalate privileges when needrestart tries to detect if interpreters are using old source files...

7.8CVSS7.7AI score0.00405EPSS
Exploits2References11
UbuntuCve
UbuntuCve
added 2022/05/17 3:0 p.m.31 views

CVE-2022-30688

needrestart 0.8 through 3.5 before 3.6 is prone to local privilege escalation. Regexes to detect the Perl, Python, and Ruby interpreters are not anchored, allowing a local user to escalate privileges when needrestart tries to detect if interpreters are using old source files...

7.8CVSS7.1AI score0.00405EPSS
Exploits2References2
AlpineLinux
AlpineLinux
added 2022/05/17 2:5 p.m.53 views

CVE-2022-30945

Jenkins Pipeline: Groovy Plugin 2689.v434009a31bf1 and earlier allows loading any Groovy source files on the classpath of Jenkins and Jenkins plugins in sandboxed pipelines...

8.5CVSS2.1AI score0.01244EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2022/05/17 12:0 a.m.4 views

PT-2022-20399 · Jenkins · Jenkins Pipeline: Groovy Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Pipeline: Groovy Plugin versions 2689.v434009a 31b f1 and earlier Description: The issue allows loading any Groovy source files on the classpath of Jenkins and Jenkins plugins in sandboxed pipelines. This could potentially be used to...

8.5CVSS8.2AI score0.01244EPSS
Exploits0References9
Github Security Blog
Github Security Blog
added 2022/05/01 2:31 a.m.23 views

Apache Tomcat allows remote attackers to read JSP source files

The HTTP/1.1 connector in Apache Tomcat 4.1.15 through 4.1.40 does not reject NULL bytes in a URL when allowLinking is configured, which allows remote attackers to read JSP source files and obtain sensitive information...

7.8CVSS6.6AI score0.03503EPSS
Exploits0References7Affected Software1
OSV
OSV
added 2022/05/01 2:31 a.m.22 views

GHSA-QRCX-P4RR-G48H Apache Tomcat allows remote attackers to read JSP source files

The HTTP/1.1 connector in Apache Tomcat 4.1.15 through 4.1.40 does not reject NULL bytes in a URL when allowLinking is configured, which allows remote attackers to read JSP source files and obtain sensitive information...

7.8CVSS7.4AI score0.03503EPSS
Exploits0References6
Ubuntu
Ubuntu
added 2022/04/12 12:19 p.m.38 views

USN-5375-1: GNU cflow vulnerability

It was discovered that GNU cflow was incorrectly handling memory cleanup operations at the end of a compilation module. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code...

6.5CVSS6.8AI score0.01114EPSS
Exploits0
CNVD
CNVD
added 2021/08/19 12:0 a.m.19 views

bikeshed path traversal vulnerability

bikeshed is a preprocessor for specification documents, converting the source document which contains only the actual specification content, plus some shorthand for linking terms and other content into a final specification document with appropriate samples, bibliographies, indexes, and so on. A...

7.5CVSS7.6AI score0.01106EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2021/08/16 7:54 a.m.1 views

CVE-2021-23423

This affects the package bikeshed before 3.0.0. This can occur when an untrusted source file containing include, include-code or include-raw block is processed. The contents of arbitrary files could be disclosed in the HTML output...

7.5CVSS5.4AI score0.01106EPSS
Exploits1References3
Rows per page
Query Builder