Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

246 matches found

CNVD
CNVDadded 2020/07/28 12:0 a.m.2 views

rollup-plugin-dev-server path traversal vulnerability

rollup-plugin-dev-server is a plugin summary package. A path traversal vulnerability exists in the readFile operation of the 'readFileFromContentBase' function in rollup-plugin-dev-server all versions, which stems from the program's failure to clean up paths, and can be exploited by an attacker t...

7.5CVSS7.1AI score0.01768EPSS
Exploits1References1
OSV
OSVadded 2019/06/04 3:42 p.m.0 views

GHSA-PGCR-7WM4-MCV6 Sensitive Data Exposure in pem

Versions of pem before 1.13.2 expose sensitive data when the readPkcs12 is used. The readPkcs12 function reads the certificate and key data from a pkcs12 file using the encryption password. As part of this process it creates a globally readable file with a filename of 20 random 0-f characters in...

7.5CVSS5.9AI score
Exploits0References4
BDU FSTEC
BDU FSTECadded 2018/02/21 12:0 a.m.5 views

The vulnerability of the UpdateThemeVersionPortalComponent component in the SAP NetWeaver software integration platform allows a hacker to execute arbitrary JavaScript code on the client side.

The vulnerability of the UpdateThemeVersionPortalComponent component in the SAP NetWeaver software integration platform exists due to insufficient cleaning of data entered by users when they are displayed on the journal viewing page. Exploiting this vulnerability allows a malicious actor to execu...

6.4CVSS6AI score
Exploits0References2Affected Software1
Packet Storm
Packet Stormadded 2016/12/06 12:0 a.m.49 views

AbanteCart 1.2.7 Cross Site Scripting

Exploit Title: AbanteCart 1.2.7 Stored XSS Date: 06-12-2016 Software Link: http://www.abantecart.com/ Exploit Author: Kacper Szurek Contact: http://twitter.com/KacperSzurek Website: http://security.szurek.pl/ Category: webapps 1. Description By default all user input is escaped using...

7.4AI score
Exploits0
BDU FSTEC
BDU FSTECadded 2016/07/05 12:0 a.m.5 views

The vulnerability of the Linux operating system, which allows a malicious individual to trigger a local service failure

In the HID driver for the Zeroplus gaming manipulator, there is no mechanism for cleaning the entered information, which leads to local service failure...

4.7CVSS6.5AI score0.00419EPSS
Exploits0References2Affected Software1
BDU FSTEC
BDU FSTECadded 2016/02/12 12:0 a.m.6 views

The vulnerability of the Ruby Colorscore interpreter extension, which allows a hacker to execute arbitrary code.

The vulnerability of the class initialization method Histogram lib/colorscore/histogram.rb in the Ruby Colorscore extension is related to the lack of measures to clean input data. Exploiting this vulnerability allows a malicious actor to execute arbitrary code using metasymbols in variables like...

10CVSS8.2AI score0.0353EPSS
Exploits0References4Affected Software1
Rows per page
Query Builder