Lucene search
K

67 matches found

RedhatCVE
RedhatCVE
added 2025/02/06 3:54 a.m.14 views

CVE-2021-39173

Cachet is an open source status page system. Prior to version 2.5.1 authenticated users, regardless of their privileges User or Admin, can trick Cachet and install the instance again, leading to arbitrary code execution on the server. This issue was addressed in version 2.5.1 by improving the...

8.8CVSS7.3AI score0.02362EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/02/05 7:36 p.m.10 views

CVE-2022-39246

matrix-android-sdk2 is the Matrix SDK for Android. Prior to version 1.5.1, an attacker cooperating with a malicious homeserver can construct messages appearing to have come from another person. Such messages will be marked with a grey shield on some platforms, but this may be missing in others...

7.5CVSS6.6AI score0.00655EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2024/12/13 5:51 p.m.22 views

CVE-2024-55887

A flaw was found in the ucum-java library for FHIR. XML parsing performed by the UcumEssenceService is vulnerable to XML external entity injections. A processed XML file with a malicious DTD tag could produce XML containing data from the host system. This impacts use cases where ucum is being use...

8.6CVSS8.4AI score0.0055EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2024/12/13 4:8 p.m.14 views

CVE-2024-55887 Ucum-java has an XXE vulnerability in XML parsing

Ucum-java is a FHIR Java library providing UCUM Services. In versions prior to 1.0.9, XML parsing performed by the UcumEssenceService is vulnerable to XML external entity injections. A processed XML file with a malicious DTD tag could produce XML containing data from the host system. This impacts...

8.6CVSS6.8AI score0.0055EPSS
Exploits0References1
Brave Browser
Brave Browser
added 2024/08/22 7:4 a.m.25 views

Brave Desktop 1.69.153 Security Fixes

Implemented process hardening for the Brave VPN services on Windows. - Implemented a trusted source check for "Elevator::InstallVPNServices". - Updated code to use JSON serialization to escape all unsafe symbols in SpeedReader. - Limited extension features to allow listed extensions. Upgraded...

5.9AI score
Exploits0References5Affected Software1
NVD
NVD
added 2024/06/21 4:15 p.m.30 views

CVE-2022-44593

Use of Less Trusted Source vulnerability in SolidWP Solid Security allows HTTP DoS.This issue affects Solid Security: from n/a through 9.3.1...

5.3CVSS0.0026EPSS
Exploits0References1
CVE
CVE
added 2024/06/21 3:56 p.m.74 views

CVE-2022-44593

CVE-2022-44593 pertains to Solid Security (SolidWP) and is described as a Use of Less Trusted Source vulnerability that enables HTTP DoS. Public detail indicates the issue affects Solid Security versions up to 9.3.1, with the connected entry also referencing an IP Address Spoofing to Denial of Se...

5.3CVSS5.3AI score0.0026EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2024/05/14 5:15 p.m.5 views

CVE-2024-23105

A Use Of Less Trusted Source CWE-348 vulnerability in Fortinet FortiPortal version 7.0.0 through 7.0.6 and version 7.2.0 through 7.2.1 allows an unauthenticated attack to bypass IP protection through crafted HTTP or HTTPS packets...

7.5CVSS5.8AI score0.00445EPSS
Exploits0References1
NVD
NVD
added 2024/05/14 5:15 p.m.30 views

CVE-2024-23105

A Use Of Less Trusted Source CWE-348 vulnerability in Fortinet FortiPortal version 7.0.0 through 7.0.6 and version 7.2.0 through 7.2.1 allows an unauthenticated attack to bypass IP protection through crafted HTTP or HTTPS packets...

7.5CVSS7.7AI score0.00445EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/05/14 4:19 p.m.30 views

CVE-2024-23105

A Use Of Less Trusted Source CWE-348 vulnerability in Fortinet FortiPortal version 7.0.0 through 7.0.6 and version 7.2.0 through 7.2.1 allows an unauthenticated attack to bypass IP protection through crafted HTTP or HTTPS packets...

7.5CVSS7.9AI score0.00445EPSS
Exploits0References1
CVE
CVE
added 2024/05/14 4:19 p.m.65 views

CVE-2024-23105

Fortinet FortiPortal contains a CWE-348 vulnerability (Use Of Less Trusted Source) that, in versions 7.0.0–7.0.6 and 7.2.0–7.2.1 , allows an unauthenticated attacker to bypass IP protection via crafted HTTP/HTTPS packets. The issue is described as bypassing IP access controls; impact is described...

7.5CVSS7AI score0.00445EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2024/05/14 4:19 p.m.23 views

CVE-2024-23105

A Use Of Less Trusted Source CWE-348 vulnerability in Fortinet FortiPortal version 7.0.0 through 7.0.6 and version 7.2.0 through 7.2.1 allows an unauthenticated attack to bypass IP protection through crafted HTTP or HTTPS packets...

7.5CVSS7.2AI score0.00445EPSS
Exploits0References1
OSV
OSV
added 2024/03/18 2:15 p.m.3 views

CVE-2024-27773

Unitronics Unistream Unilogic – Versions prior to 1.35.227 - CWE-348: Use of Less Trusted Source may allow RCE...

8.8CVSS5.8AI score0.00355EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2024/03/18 1:32 p.m.15 views

CVE-2024-27773 Unitronics Unistream Unilogic – Versions prior to 1.35.227 CWE-348: Use of Less Trusted Source

Unitronics Unistream Unilogic – Versions prior to 1.35.227 - CWE-348: Use of Less Trusted Source may allow RCE...

8.8CVSS7.2AI score0.00355EPSS
Exploits0References2
NVD
NVD
added 2023/08/30 6:15 p.m.87 views

CVE-2023-40582

find-exec is a utility to discover available shell commands. Versions prior to 1.0.3 did not properly escape user input and are vulnerable to Command Injection via an attacker controlled parameter. As a result, attackers may run malicious shell commands in the context of the running process. This...

9.8CVSS9.8AI score0.01489EPSS
Exploits0References2
Prion
Prion
added 2023/08/30 6:15 p.m.10 views

Command injection

find-exec is a utility to discover available shell commands. Versions prior to 1.0.3 did not properly escape user input and are vulnerable to Command Injection via an attacker controlled parameter. As a result, attackers may run malicious shell commands in the context of the running process. This...

7.5CVSS9.7AI score0.01489EPSS
Exploits0References2Affected Software1
Github Security Blog
Github Security Blog
added 2022/09/30 12:40 a.m.39 views

matrix-js-sdk subject to impersonated messages due to permissive key forwarding

Impact An attacker cooperating with a malicious homeserver can construct messages appearing to have come from another person. Such messages will be marked with a grey shield on some platforms, but this may be missing in others. This attack is possible due to the matrix-js-sdk implementing a too...

7.5CVSS7.9AI score0.0099EPSS
Exploits0References8Affected Software1
Prion
Prion
added 2022/09/28 9:15 p.m.16 views

Design/Logic Flaw

Matrix iOS SDK allows developers to build iOS apps compatible with Matrix. Prior to version 0.23.19, an attacker cooperating with a malicious homeserver can construct messages appearing to have come from another person. Such messages will be marked with a grey shield on some platforms, but this m...

5CVSS7.2AI score0.00753EPSS
Exploits0References4Affected Software1
CVE
CVE
added 2022/09/28 8:55 p.m.69 views

CVE-2022-39257

The CVE concerns Matrix iOS SDK prior to 0.23.19, where a too-permissive key forwarding policy allows an attacker coordinating with a malicious homeserver to create messages that appear to come from another user. The SDK now enforces stricter forwarding: forwarded keys are accepted only in respon...

7.5CVSS7.2AI score0.00753EPSS
Exploits0References4Affected Software1
UbuntuCve
UbuntuCve
added 2022/09/28 8:15 p.m.46 views

CVE-2022-39249

Matrix Javascript SDK is the Matrix Client-Server SDK for JavaScript. Prior to version 19.7.0, an attacker cooperating with a malicious homeserver can construct messages appearing to have come from another person. Such messages will be marked with a grey shield on some platforms, but this may be...

7.5CVSS7AI score0.0099EPSS
Exploits0References7
Rows per page
Query Builder