Lucene search
K

161 matches found

RedhatCVE
RedhatCVE
added 2025/05/23 2:20 a.m.6 views

CVE-2023-38565

A path handling issue was addressed with improved validation. This issue is fixed in macOS Monterey 12.6.8, iOS 16.6 and iPadOS 16.6, macOS Big Sur 11.7.9, macOS Ventura 13.5, watchOS 9.6. An app may be able to gain root privileges...

7.8CVSS5.8AI score0.00209EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 11:2 p.m.8 views

CVE-2022-33708

Improper input validation vulnerability in AppsPackageInstaller in Galaxy Store prior to version 4.5.41.8 allows local attackers to launch activities as Galaxy Store privilege...

7.8CVSS6.7AI score0.00214EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/02 10:15 p.m.15 views

CVE-2023-37535

Insufficient URI protocol whitelist in HCL Domino Volt and Domino Leap allow script injection through query parameters...

7.1CVSS7.5AI score0.00194EPSS
Exploits0References3
Circl
Circl
added 2025/04/18 3:59 p.m.6 views

CVE-2022-20533

creationtimestamp| type| source ---|---|--- 2025-04-18 15:59:02+00:00| seen| https://t.me/DarkWebInformerCVEAlerts/12476...

3.3CVSS4.2AI score0.00109EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/04/16 5:38 p.m.6 views

CVE-2025-32833

A vulnerability has been identified in TeleControl Server Basic All versions V3.1.2.2. The affected application is vulnerable to SQL injection through the internally used 'UnlockProjectUserRights' method. This could allow an authenticated remote attacker to bypass authorization controls, to read...

8.8CVSS7.8AI score0.00683EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/04/09 11:18 p.m.18 views

CVE-2025-32033

The Apollo Router Core is a configurable, high-performance graph router written in Rust to run a federated supergraph that uses Apollo Federation 2. Prior to 1.61.2 and 2.1.1, the operation limits plugin uses unsigned 32-bit integers to track limit counters e.g. for a query's height. If a counter...

7.5CVSS6.8AI score0.00551EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/03/31 8:34 a.m.17 views

CVE-2025-31406 WordPress ELEX WooCommerce Request a Quote plugin <= 2.3.9 - Broken Access Control vulnerability

Missing Authorization vulnerability in ELEXtensions ELEX WooCommerce Request a Quote elex-request-a-quote allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ELEX WooCommerce Request a Quote: from n/a through = 2.3.9...

4.3CVSS0.00288EPSS
Exploits0References1
Snyk
Snyk
added 2025/03/11 3:46 p.m.5 views

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization due to improper API access control mechanisms. An attacker can modify data type information that should be restricted by exploiting the insufficient security restrictions applied to low-privilege user accounts...

5.3CVSS6.7AI score0.00298EPSS
Exploits0References2
Patchstack
Patchstack
added 2025/02/18 10:58 p.m.4 views

WordPress WP Media Category Management plugin 2.0-2.3.3 - Cross-Site Request Forgery to Settings Update vulnerability

Cross-Site Request Forgery to Settings Update vulnerability discovered by luckybuddy in WordPress Plugin WP Media Category Management versions 2.0-2.3.3...

6.5CVSS7AI score0.00258EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2025/02/11 10:26 a.m.7 views

CVE-2023-37482

The login functionality of the web server in affected devices does not normalize the response times of login attempts. An unauthenticated remote attacker could exploit this side-channel information to distinguish between valid and invalid usernames...

6.9CVSS0.00486EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/02/05 10:43 p.m.11 views

CVE-2022-36339

Improper input validation in firmware for IntelR NUC 8 Compute Element, IntelR NUC 11 Compute Element, IntelR NUC 12 Compute Element may allow a privileged user to enable escalation of privilege via local access...

7.8CVSS7AI score0.00184EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/02/05 12:46 p.m.9 views

CVE-2024-43370

gettext.js is a GNU gettext port for node and the browser. There is a cross-site scripting XSS injection if .po dictionary definition files are corrupted. This vulnerability has been patched in version 2.0.3. As a workaround, control the origin of the definition catalog to prevent the use of this...

7.2CVSS5.9AI score0.0038EPSS
Exploits0
OSV
OSV
added 2024/11/26 7:15 p.m.4 views

CVE-2024-53619

An authenticated arbitrary file upload vulnerability in the Documents module of SPIP v4.3.3 allows attackers to execute arbitrary code via uploading a crafted PDF file...

6.3CVSS6.1AI score0.00545EPSS
Exploits1References1
OSV
OSV
added 2024/10/17 8:15 p.m.6 views

CVE-2024-49281

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in NinjaTeam Click to Chat – WP Support All-in-One Floating Widget allows Stored XSS.This issue affects Click to Chat – WP Support All-in-One Floating Widget: from n/a through 2.3.3...

5.4CVSS5.8AI score0.00509EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2024/07/20 12:0 a.m.5 views

PT-2024-28113 · Unknown · Team Members

Name of the Vulnerable Software and Affected Versions: Team Members versions through 5.3.3 Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting XSS. This allows for Stored XSS attacks. Recommendations: For versions...

6.5CVSS5.9AI score0.0034EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2024/04/22 12:0 a.m.6 views

PT-2024-24555 · Unknown · Flusity-Cms

Name of the Vulnerable Software and Affected Versions: flusity CMS version 2.33 Description: An issue in the software allows a remote attacker to execute arbitrary code via the add addon.php component. Recommendations: For version 2.33, consider disabling the add addon.php component until a patch...

9.8CVSS8.3AI score0.01052EPSS
Exploits1References4
OSV
OSV
added 2024/03/18 7:15 p.m.4 views

UBUNTU-CVE-2023-41334

Astropy is a project for astronomy in Python that fosters interoperability between Python astronomy packages. Version 5.3.2 of the Astropy core package is vulnerable to remote code execution due to improper input validation in the TranformGraph.todotgraph function. A malicious user can provide a...

8.4CVSS7.8AI score0.01124EPSS
Exploits1References4
Circl
Circl
added 2024/02/23 10:27 p.m.5 views

CVE-2021-33138

creationtimestamp| type| source ---|---|--- 2024-02-23 22:27:13+00:00| seen| https://t.me/ctinow/192231...

4.8AI score
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/01/02 2:49 a.m.5 views

CVE-2023-32878

In battery, there is a possible information disclosure due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08308070; Issue ID: ALPS08307992...

4.3AI score0.00106EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2023/07/24 3:19 p.m.12 views

CVE-2023-3640 Kernel: x86/mm: a per-cpu entry area leak was identified through the init_cea_offsets function when prefetchnta and prefetcht2 instructions being used for the per-cpu entry area mapping to the user space

A possible unauthorized memory access flaw was found in the Linux kernel's cpuentryarea mapping of X86 CPU data to memory, where a user may guess the location of exception stacks or other important data. Based on the previous CVE-2023-0597, the 'Randomize per-cpu entry area' feature was implement...

7CVSS7.3AI score0.00719EPSS
Exploits1References3
Rows per page
Query Builder