Lucene search
K

133 matches found

Prion
Prion
added 2019/08/23 5:15 p.m.19 views

Design/Logic Flaw

mixin-deep is vulnerable to Prototype Pollution in versions before 1.3.2 and version 2.0.0. The function mixin-deep could be tricked into adding or modifying properties of Object.prototype using a constructor payload...

7.5CVSS9.1AI score0.03508EPSS
Exploits1References4Affected Software3
Cvelist
Cvelist
added 2019/08/23 4:46 p.m.28 views

CVE-2019-10747

set-value is vulnerable to Prototype Pollution in versions lower than 3.0.1. The function mixin-deep could be tricked into adding or modifying properties of Object.prototype using any of the constructor, prototype and proto payloads...

8.2AI score0.02475EPSS
Exploits1References4
OSV
OSV
added 2019/07/01 6:15 p.m.2 views

CVE-2019-12826

A Cross-Site-Request-Forgery CSRF vulnerability in widgetlogic.php in the 2by2host Widget Logic plugin before 5.10.2 for WordPress allows remote attackers to execute PHP code via snippets that are attached to widgets and then eval'd to dynamically determine their visibility by crafting a maliciou...

8.8CVSS7.5AI score0.0111EPSS
Exploits1References4
ripstech
ripstech
added 2019/03/13 6:27 a.m.45 views

WordPress 5.1 CSRF to Remote Code Execution

Impact An attacker can take over any WordPress site that has comments enabled by tricking an administrator of a target blog to visit a website set up by the attacker. As soon as the victim administrator visits the malicious website, a cross-site request forgery CSRF exploit is run against the...

7.5AI score
Exploits0
RedhatCVE
RedhatCVE
added 2019/02/01 11:49 p.m.51 views

CVE-2018-16487

A prototype pollution vulnerability was found in lodash 4.17.11 where the functions merge, mergeWith, and defaultsDeep can be tricked into adding or modifying properties of Object.prototype...

6.8CVSS2.5AI score0.01553EPSS
Exploits2References2
NVD
NVD
added 2019/01/09 11:29 p.m.18 views

CVE-2018-16172

Improper countermeasure against clickjacking attack in client certificates management screen was discovered in Cybozu Remote Service 3.0.0 to 3.1.8, that allows remote attackers to trick a user to delete the registered client certificate...

6.5CVSS6.5AI score0.006EPSS
Exploits0References2
Prion
Prion
added 2019/01/09 11:29 p.m.21 views

Input validation

Improper countermeasure against clickjacking attack in client certificates management screen was discovered in Cybozu Remote Service 3.0.0 to 3.1.8, that allows remote attackers to trick a user to delete the registered client certificate...

5.8CVSS7AI score0.006EPSS
Exploits0References2Affected Software1
CNVD
CNVD
added 2019/01/09 12:0 a.m.2 views

Microsoft Jet Database Engine Remote Code Execution Vulnerability

Microsoft Jet Database Engine is an underlying database engine. A remote code execution vulnerability exists in Microsoft Jet Database Engine, which arises from the failure of Jet Database Engine to properly handle objects in memory, and can be exploited to execute arbitrary code on a victim's...

9.3CVSS8.1AI score0.13596EPSS
Exploits0References1
CNVD
CNVD
added 2018/11/22 12:0 a.m.17 views

Huawei Honor 7A and Honor 9 Lite Information Disclosure Vulnerability

The Huawei Honor 7A and Honor 9 Lite are both smartphone products from the Chinese company Huawei Huawei. An information disclosure vulnerability exists in Huawei Honor 7A prior to version 8.0.0.195C00 and Huawei Honor 9 Lite prior to version 8.0.0.182C01. The vulnerability can be exploited to...

4.3CVSS4.3AI score0.00266EPSS
Exploits0References1
NVD
NVD
added 2018/09/07 10:29 p.m.20 views

CVE-2018-14398

An issue was discovered in Creme CRM 1.6.12. The value of the cancel button uses the content of the HTTP Referer header, and could be used to trick a user into visiting a fake login page in order to steal credentials...

6.1CVSS6.2AI score0.00681EPSS
Exploits1References1
CNVD
CNVD
added 2018/07/23 12:0 a.m.4 views

libgig heap buffer overflow vulnerability (CNVD-2018-15174)

libgig is a C++ library for loading, modifying existing and creating new Gigasampler .gig files and DLS downloadable sound level 1/2 files, KORG sample-based instruments .KSF and .KMP files, SoundFont v2 .sf2 files and AKAI sampler data. A heap-based buffer overflow vulnerability exists in the...

8.8CVSS9AI score0.01142EPSS
Exploits1References1
Cvelist
Cvelist
added 2018/04/23 3:0 p.m.31 views

CVE-2018-3850

An exploitable use-after-free vulnerability exists in the JavaScript engine Foxit Software Foxit PDF Reader version 9.0.1.1049. A specially crafted PDF document can trigger a previously freed object in memory to be reused, resulting in arbitrary code execution. An attacker needs to trick the user...

8.8CVSS8.8AI score0.0287EPSS
Exploits1References3
CNVD
CNVD
added 2018/03/12 12:0 a.m.4 views

Cisco Identity Services Engine Cross-Site Scripting Vulnerability (CNVD-2018-05083)

Cisco Identity Services Engine ISE is an identity-based environment awareness platform ISE Identity Services Engine from Cisco. The platform collects real-time information from the network, users and devices, and develops and enforces policies to regulate the network. A cross-site request forgery...

6.8CVSS6.7AI score0.00875EPSS
Exploits0References1
Microsoft CVE
Microsoft CVE
added 2017/09/12 7:0 a.m.50 views

Microsoft Edge Security Feature Bypass Vulnerability

A security feature bypass vulnerability exists in Microsoft Edge when the Edge Content Security Policy CSP fails to properly validate certain specially crafted documents. An attacker who exploited the bypass could trick a user into loading a page containing malicious content. To exploit the bypas...

4.2CVSS5.6AI score0.03455EPSS
Exploits0
CNVD
CNVD
added 2017/05/23 12:0 a.m.4 views

Apple macOS Sierra WindowServer Memory Corruption Vulnerability

Apple macOS is an operating system that runs on Apple's Macintosh line of computers. A memory corruption vulnerability exists in Apple macOS Sierra WindowServer, which can be exploited by a remote attacker to submit a special application and trick the user into parsing it to execute arbitrary cod...

9.3CVSS7.4AI score0.01169EPSS
Exploits0References1
CNVD
CNVD
added 2017/05/05 12:0 a.m.3 views

Google Chrome Blink Memory Misreference Vulnerability (CNVD-2017-07275)

Google Chrome is a web browser developed by Google Inc. in the United States. A memory misreference vulnerability exists in Google Chrome Blink, which allows remote attackers to exploit the vulnerability by submitting a special WEB page and tricking the user into parsing it, which can crash the...

8.8CVSS9.1AI score0.01374EPSS
Exploits0References1
CNVD
CNVD
added 2017/04/25 12:0 a.m.6 views

concrete5 File Manager Thumbnail Editor Cross-Site Request Forgery Vulnerability

concrete5 is a free content management system CMS developed by Portland Labs in the United States. The system can be edited and typeset directly on the page.File Manager is a full-featured file manager.Thumbnail Editor is one of the thumbnail editors. A cross-site request forgery vulnerability...

6.5CVSS6.9AI score0.012EPSS
Exploits3References1
Cvelist
Cvelist
added 2017/04/24 6:12 a.m.21 views

CVE-2017-8082

concrete5 8.1.0 has CSRF in Thumbnail Editor in the File Manager, which allows remote attackers to disable the entire installation by merely tricking an admin into viewing a malicious page involving the /tools/required/files/importers/imageeditor?fID=1&imgData= URI. This results in a site-wide...

6.3AI score0.012EPSS
Exploits3References3
NVD
NVD
added 2016/12/22 9:59 p.m.12 views

CVE-2016-9179

lynx: It was found that Lynx doesn't parse the authority component of the URL correctly when the host name part ends with '?', and could instead be tricked into connecting to a different host...

7.5CVSS6.1AI score0.01987EPSS
Exploits0References2
Cvelist
Cvelist
added 2016/12/11 2:0 a.m.30 views

CVE-2016-4412

An issue was discovered in phpMyAdmin. A user can be tricked into following a link leading to phpMyAdmin, which after authentication redirects to another malicious site. The attacker must sniff the user's valid phpMyAdmin token. All 4.0.x versions prior to 4.0.10.16 are affected...

4.8AI score0.01024EPSS
Exploits0References3
Rows per page
Query Builder