Lucene search
K

3944 matches found

CISA
CISA
added 2023/04/17 12:0 p.m.4 views

CISA and CESER Releases Software Bill of Materials (SBOM) Sharing Lifecycle Report

CISA and the U.S. Department of Energy DOE Cybersecurity, Energy Security, and Emergency Response CESER have released the SBOM Sharing Lifecycle Report to the cybersecurity and supply chain community. The purpose of this report is to enumerate and describe the different parties and phases of the...

7.2AI score
Exploits0References4
Patchstack
Patchstack
added 2023/04/16 12:0 a.m.17 views

WordPress Quiz And Survey Master Plugin <= 8.1.4 is vulnerable to SQL Injection

Software Quiz And Survey Master Type Plugin Vulnerable versions = 8.1.4 Fixed in 8.1.5 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2023-28787 Patch priority High CVSS severity High 9.3 Developer Claim ownership PSID 34ea65c01c78 Credits Rafie Muhammad Patchstack Required...

9.3CVSS7.2AI score0.01977EPSS
Exploits0References2Affected Software1
The Hacker News
The Hacker News
added 2023/04/14 7:15 a.m.3 views

Severe Android and Novi Survey Vulnerabilities Under Active Exploitation

The U.S. Cybersecurity and Infrastructure Security Agency CISA has added two vulnerabilities to its Known Exploited Vulnerabilities KEV catalog, based on evidence of active exploitation. The two flaws are listed below - CVE-2023-20963 CVSS score: 7.8 - Android Framework Privilege Escalation...

9.8CVSS7.4AI score0.0269EPSS
Exploits0
The Hacker News
The Hacker News
added 2023/04/14 7:15 a.m.64 views

Severe Android and Novi Survey Vulnerabilities Under Active Exploitation

The U.S. Cybersecurity and Infrastructure Security Agency CISA has added two vulnerabilities to its Known Exploited Vulnerabilities KEV catalog, based on evidence of active exploitation. The two flaws are listed below - CVE-2023-20963 CVSS score: 7.8 - Android Framework Privilege Escalation...

9.8CVSS8.4AI score0.0269EPSS
Exploits0
VulnCheck KEV
VulnCheck KEV
added 2023/04/13 12:0 a.m.5 views

VulnCheck KEV: CVE-2023-29492

Novi Survey contains an insecure deserialization vulnerability that allows remote attackers to execute code on the server in the context of the service account...

9.8CVSS7.7AI score0.0269EPSS
Exploits0References1
CISA KEV Catalog
CISA KEV Catalog
added 2023/04/13 12:0 a.m.18 views

Novi Survey Insecure Deserialization Vulnerability

Novi Survey contains an insecure deserialization vulnerability that allows remote attackers to execute code on the server in the context of the service account...

9.8CVSS8.8AI score0.0269EPSS
In wildExploits0
OSV
OSV
added 2023/04/11 5:15 a.m.4 views

CVE-2023-29492

Novi Survey before 8.9.43676 allows remote attackers to execute arbitrary code on the server in the context of the service account. This does not provide access to stored survey or response data...

9.8CVSS6.2AI score0.0269EPSS
Exploits0References2
NVD
NVD
added 2023/04/11 5:15 a.m.13 views

CVE-2023-29492

Novi Survey before 8.9.43676 allows remote attackers to execute arbitrary code on the server in the context of the service account. This does not provide access to stored survey or response data...

9.8CVSS9.8AI score0.0269EPSS
Exploits0References2
Prion
Prion
added 2023/04/11 5:15 a.m.16 views

Code injection

Novi Survey before 8.9.43676 allows remote attackers to execute arbitrary code on the server in the context of the service account. This does not provide access to stored survey or response data...

7.5CVSS9.7AI score0.0269EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2023/04/11 12:0 a.m.15 views

CVE-2023-29492

Novi Survey before 8.9.43676 allows remote attackers to execute arbitrary code on the server in the context of the service account. This does not provide access to stored survey or response data...

7.7AI score0.0269EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2023/04/11 12:0 a.m.22 views

CVE-2023-29492

Novi Survey before 8.9.43676 allows remote attackers to execute arbitrary code on the server in the context of the service account. This does not provide access to stored survey or response data. Recent assessments: Assessed Attacker Value: 0 Assessed Attacker Value: 0Assessed Attacker Value: 0...

9.8CVSS9.6AI score0.0269EPSS
In wildExploits0References2
CNNVD
CNNVD
added 2023/04/11 12:0 a.m.4 views

Novi Survey 代码注入漏洞

Novi Survey is an advanced survey software for online surveys, web surveys and email surveys from Novi Survey. A security vulnerability exists in versions prior to Novi Survey 8.9.43676, which can be exploited by attackers to execute arbitrary code on the server in the context of a service accoun...

9.8CVSS9.2AI score0.0269EPSS
Exploits0References2
CVE
CVE
added 2023/04/11 12:0 a.m.638 views

CVE-2023-29492

Summary (CVE-2023-29492) NoviSurvey before version 8.9.43676 is affected by an insecure deserialization vulnerability. The flaw allows remote attackers to execute arbitrary code on the server in the context of the service account, without accessing stored survey or response data. Concrete details...

9.8CVSS9AI score0.0269EPSS
In wildExploits0References2Affected Software1
Cvelist
Cvelist
added 2023/04/11 12:0 a.m.16 views

CVE-2023-29492

Novi Survey before 8.9.43676 allows remote attackers to execute arbitrary code on the server in the context of the service account. This does not provide access to stored survey or response data...

9.9AI score0.0269EPSS
Exploits0References1
OSV
OSV
added 2023/04/07 11:15 p.m.6 views

CVE-2023-1946

A vulnerability was found in SourceCodester Survey Application System 1.0 and classified as problematic. This issue affects some unknown processing of the component Add New Handler. The manipulation of the argument Title with the input promptdocument.domain leads to cross site scripting. The atta...

6.1CVSS3.8AI score0.00357EPSS
Exploits0References2
NVD
NVD
added 2023/04/07 11:15 p.m.17 views

CVE-2023-1946

A vulnerability was found in SourceCodester Survey Application System 1.0 and classified as problematic. This issue affects some unknown processing of the component Add New Handler. The manipulation of the argument Title with the input promptdocument.domain leads to cross site scripting. The atta...

6.1CVSS4.3AI score0.00357EPSS
Exploits0References2
Prion
Prion
added 2023/04/07 11:15 p.m.16 views

Cross site scripting

A vulnerability was found in SourceCodester Survey Application System 1.0 and classified as problematic. This issue affects some unknown processing of the component Add New Handler. The manipulation of the argument Title with the input promptdocument.domain leads to cross site scripting. The atta...

3.3CVSS6AI score0.00357EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2023/04/07 10:0 p.m.15 views

CVE-2023-1946 SourceCodester Survey Application System Add New cross site scripting

A vulnerability was found in SourceCodester Survey Application System 1.0 and classified as problematic. This issue affects some unknown processing of the component Add New Handler. The manipulation of the argument Title with the input promptdocument.domain leads to cross site scripting. The atta...

3.3CVSS6.2AI score0.00357EPSS
Exploits0References2
CVE
CVE
added 2023/04/07 10:0 p.m.49 views

CVE-2023-1946

CVE-2023-1946 affects SourceCodester Survey Application System 1.0, specifically the Add New Handler component. The vulnerability arises from unsanitized input in the Title parameter, where passing a payload such as can trigger cross-site scripting. The issue appears to be exploitable remotely, ...

6.1CVSS4.8AI score0.00357EPSS
Exploits0References2Affected Software1
CNNVD
CNNVD
added 2023/04/07 12:0 a.m.4 views

SourceCodester Survey Application System 跨站脚本漏洞

Survey Application System is a survey application system by Carlo Montero Individual Developer. A cross-site scripting vulnerability exists in SourceCodester Survey Application System version 1.0, which stems from a problem with the component Add New Handler, where manipulation of the parameter...

6.1CVSS4AI score0.00357EPSS
Exploits0References3
Rows per page
Query Builder