Lucene search
K

68 matches found

VulnCheck KEV
VulnCheck KEV
added 2021/11/29 12:0 a.m.4 views

VulnCheck KEV: CVE-2021-24969

The WordPress Download Manager WordPress plugin before 3.2.22 does not sanitise and escape Template data before outputting it in various pages such as admin dashboard and frontend. Due to the lack of authorisation and CSRF checks in the wpdmsavetemplate AJAX action, any authenticated users...

5.4CVSS6AI score0.006EPSS
Exploits2References1
CNNVD
CNNVD
added 2021/08/16 12:0 a.m.4 views

TryGhost express-hbs 代码注入漏洞

TryGhost express-hbs is an Express handlebar template engine with multiple layouts, blocks and cache sections. tryGhost express-hbs suffers from an information disclosure vulnerability that stems from the product's Express render API mixing pure template data with engine configuration options,...

5.3CVSS5.6AI score0.01178EPSS
Exploits1References3
Veracode
Veracode
added 2021/05/17 3:35 a.m.19 views

Information Disclosure

express-handlebars is vulnerable to information disclosure. The vulnerability exists due to a the mixing of untrusted data with the express-handlebars options passed to the template data...

8.6CVSS1.5AI score0.17988EPSS
Exploits1References7Affected Software1
CNNVD
CNNVD
added 2021/05/14 12:0 a.m.6 views

Squirrelly 信息泄露漏洞

npm Npm squirrelly is an application from the American company npm. It provides a modern, configurable and powerful Express template engine implemented in JavaScript. Squirrelly suffers from an information disclosure vulnerability that stems from mixing pure template data with engine configuratio...

8.8CVSS8.6AI score0.59844EPSS
Exploits2References7
OSV
OSV
added 2017/12/11 9:29 p.m.4 views

CVE-2017-1613

IBM Connections 6.0 could allow an unauthenticated remote attacker to gain unauthenticated or unauthorized access to non-sensitive Engagement Center template data. IBM X-Force ID: 132954...

5.3CVSS5.8AI score0.01533EPSS
Exploits0References3
CVE
CVE
added 2017/12/11 9:0 p.m.57 views

CVE-2017-1613

CVE-2017-1613 affects IBM Connections 6.0 (Engagement Center). A remote, unauthenticated attacker could access non‑sensitive Engagement Center template data. Root cause and exact exploit details are not provided in the documents; exploitation status is listed as null in the sources. No remediatio...

5.3CVSS5.4AI score0.01533EPSS
Exploits0References3Affected Software1
CNVD
CNVD
added 2017/12/07 12:0 a.m.3 views

IBM Connections Engagement Center Information Disclosure Vulnerability

IBM Connections Engagement Center is a set of digital work platforms for employees at IBM in the United States. The platform allows for the addition of email, apps, news, and social tools through an administrative interface. An information disclosure vulnerability exists in IBM Connections...

5.3CVSS6.2AI score0.01533EPSS
Exploits0References1
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.12 views

PHP-RESIDENCE <= 0.7.2 - Multiple LFI Vulnerability

No description provided by source. '/ -.- --------------------oOO------OOo------------------- | PHP-RESIDENCE = 0.7.2 Multiple LFI Vulnerability | | works only with magicquotesgpc = off | ------------------------------------------------------ ! Discovered: cr4wl3r cr4wl3r!linuxmail.org ! Download...

7.1AI score
Exploits0
Rows per page
Query Builder