Lucene search
K

6038 matches found

Vulnrichment
Vulnrichment
added 2024/05/13 7:51 p.m.16 views

CVE-2024-28277

In Sourcecodester School Task Manager v1.0, a vulnerability was identified within the subjectname= parameter, enabling Stored Cross-Site Scripting XSS attacks. This vulnerability allows attackers to manipulate the subject's name, potentially leading to the execution of malicious JavaScript payloa...

5.8AI score0.00362EPSS
Exploits0References2
CVE
CVE
added 2024/05/13 7:51 p.m.65 views

CVE-2024-28277

CVE-2024-28277 affects Sourcecodester School Task Manager v1.0. The vulnerability is a Stored Cross-Site Scripting (XSS) in the subject_name/subject name parameter, allowing an attacker to manipulate the subject’s name and potentially execute malicious JavaScript payloads. Root cause is unvalidat...

6.1CVSS5.7AI score0.00362EPSS
Exploits0References2Affected Software1
Packet Storm
Packet Storm
added 2024/05/13 12:0 a.m.260 views

Panel.SmokeLoader MVID-2024-0682 Cross Site Request Forgery / Cross Site Scripting

Discovery / credits: Malvuln John Page aka hyp3rlinx c 2024 Original source: https://malvuln.com/advisory/4b5fc3a2489985f314b81d35eac3560fB.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Panel.SmokeLoader Vulnerability: Cross Site Request Forgery CSRF - Persistent XSS Family:...

7.4AI score
Exploits0
Positive Technologies
Positive Technologies
added 2024/05/09 12:0 a.m.6 views

PT-2024-22375 · Unknown · Sourcecodester School Task Manager

Name of the Vulnerable Software and Affected Versions: Sourcecodester School Task Manager version 1.0 Description: The issue is related to Cross Site Scripting XSS via the add-task.php endpoint, specifically the task name parameter. This allows for potential malicious script injection. No...

6.1CVSS5.9AI score0.00286EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2024/05/09 12:0 a.m.5 views

PT-2024-22376 · Unknown · Sourcecodester School Task Manager

Name of the Vulnerable Software and Affected Versions: Sourcecodester School Task Manager version 1.0 Description: A vulnerability was identified within the subject name= parameter, enabling Stored Cross-Site Scripting XSS attacks. This issue allows attackers to manipulate the subject's name,...

6.1CVSS5.8AI score0.00362EPSS
Exploits0References5
Cvelist
Cvelist
added 2024/05/08 9:3 p.m.18 views

CVE-2024-26517

SQL Injection vulnerability in School Task Manager v.1.0 allows a remote attacker to obtain sensitive information via a crafted payload to the delete-task.php component...

7.4AI score0.00802EPSS
Exploits0References2
CVE
CVE
added 2024/05/08 9:3 p.m.49 views

CVE-2024-26517

CVE-2024-26517 is a SQL injection vulnerability in School Task Manager v1.0, exploitable via the delete-task.php component, allowing a remote attacker to obtain sensitive information. The linked documents consistently identify the affected software and component (School Task Manager 1.0, delete-t...

9.1CVSS7.4AI score0.00802EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2024/05/08 9:3 p.m.13 views

CVE-2024-26517

SQL Injection vulnerability in School Task Manager v.1.0 allows a remote attacker to obtain sensitive information via a crafted payload to the delete-task.php component...

7.5AI score0.00802EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2024/05/07 12:0 a.m.5 views

PT-2024-25129 · J2Eefast · J2Eefast

Name of the Vulnerable Software and Affected Versions: J2EEFAST version 2.7.0 Description: A SQL injection issue was discovered via the sql filter parameter in the findApplyedTasksPage function in BpmTaskMapper.xml. This allows for potential exploitation. No information is provided about the...

8.8CVSS8AI score0.00536EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2024/05/05 12:0 a.m.8 views

PT-2024-40761 · Git +1 · Tinyusb

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided description. Description: The issue is related to a crash type of "Use-of-uninitialized-value" as reported by OSS-Fuzz. The crash state involves cdc task and fuzz.cc, indicating a...

6.9AI score
Exploits0References2
Vulnrichment
Vulnrichment
added 2024/05/03 3:10 p.m.17 views

CVE-2022-48697 nvmet: fix a use-after-free

In the Linux kernel, the following vulnerability has been resolved: nvmet: fix a use-after-free Fix the following use-after-free complaint triggered by blktests nvme/004: BUG: KASAN: user-memory-access in blkmqcompleterequestremote+0xac/0x350 Read of size 4 at addr 0000607bd1835943 by task...

6.8AI score0.00228EPSS
Exploits0References6
CVE
CVE
added 2024/05/03 2:52 p.m.84 views

CVE-2022-48675

CVE-2022-48675 is a Linux kernel issue in IB/core involving a nested deadlock between exiting mmap (exit_mmap/__mmu_notifier_release) and a mutex held during ib_umem_odp_map_dma_and_lock. The root cause is a potential deadlock when mmput() is called while umem_mutex is held, triggering a lock in ...

5.5CVSS6.4AI score0.00178EPSS
Exploits0References4Affected Software1
NVD
NVD
added 2024/05/03 3:15 a.m.25 views

CVE-2023-38124

Inductive Automation Ignition OPC UA Quick Client Task Scheduling Exposed Dangerous Function Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Inductive Automation Ignition. Authentication is required to exploit...

8.8CVSS7.5AI score0.5582EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2024/05/03 3:15 a.m.8 views

CVE-2023-38124

Inductive Automation Ignition OPC UA Quick Client Task Scheduling Exposed Dangerous Function Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Inductive Automation Ignition. Authentication is required to exploit...

8.8CVSS7.6AI score0.5582EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2024/05/03 3:15 a.m.7 views

CVE-2023-38124

Inductive Automation Ignition OPC UA Quick Client Task Scheduling Exposed Dangerous Function Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Inductive Automation Ignition. Authentication is required to exploit...

8.8CVSS6.2AI score
Exploits0References2
Vulnrichment
Vulnrichment
added 2024/05/03 1:59 a.m.17 views

CVE-2023-38124 Inductive Automation Ignition OPC UA Quick Client Task Scheduling Exposed Dangerous Function Remote Code Execution Vulnerability

Inductive Automation Ignition OPC UA Quick Client Task Scheduling Exposed Dangerous Function Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Inductive Automation Ignition. Authentication is required to exploit...

7.2CVSS8AI score0.5582EPSS
Exploits0References2
CVE
CVE
added 2024/05/03 1:59 a.m.64 views

CVE-2023-38124

CVE-2023-38124 affects Inductive Automation Ignition Gateway/OPC UA Quick Client Task Scheduling. The flaw stems from exposing a dangerous function in the Ignition Gateway server, allowing remote attackers to execute code with SYSTEM privileges after authenticating. Documents consistently describ...

8.8CVSS7.5AI score0.5582EPSS
Exploits0References2Affected Software1
Amazon
Amazon
added 2024/05/03 12:0 a.m.6 views

Medium: kernel

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: netfilter: nftables: disallow timeout for anonymous sets CVE-2023-52620 In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: Add NULL ptr dereference checking at the end of attrallocatefra...

7.8CVSS7.1AI score0.00992EPSS
Exploits0
Cvelist
Cvelist
added 2024/05/01 1:0 p.m.20 views

CVE-2024-27060 thunderbolt: Fix NULL pointer dereference in tb_port_update_credits()

In the Linux kernel, the following vulnerability has been resolved: thunderbolt: Fix NULL pointer dereference in tbportupdatecredits Olliver reported that his system crashes when plugging in Thunderbolt 1 device: BUG: kernel NULL pointer dereference, address: 0000000000000020 PF: supervisor read...

6.5AI score0.00225EPSS
Exploits0References3
UbuntuCve
UbuntuCve
added 2024/05/01 6:15 a.m.21 views

CVE-2024-26951

In the Linux kernel, the following vulnerability has been resolved: wireguard: netlink: check for dangling peer via isdead instead of empty list If all peers are removed via wgpeerremoveall, rather than setting peerlist to empty, the peer is added to a temporary list with a head on the stack of...

7.8CVSS6.3AI score0.00234EPSS
Exploits0References22
Rows per page
Query Builder