Lucene search
K

182 matches found

Positive Technologies
Positive Technologies
added 2024/03/26 12:0 a.m.5 views

PT-2024-13025 · Win Zapp · Win Zapp

Name of the Vulnerable Software and Affected Versions: Win ZApp versions prior to 4.3.0.121 Description: The issue is related to a missing password type validation in the Revert Password check. This could be disabled for some features, potentially leading to security issues. Recommendations: For...

7.3CVSS7.4AI score0.00236EPSS
Exploits0References6
Amazon
Amazon
added 2024/03/05 12:0 a.m.7 views

Important: composer

Issue Overview: Composer is a dependency Manager for the PHP language. In affected versions several files within the local working directory are included during the invocation of Composer and in the context of the executing user. As such, under certain conditions arbitrary code execution may lead...

8.8CVSS7.8AI score0.00273EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2024/03/01 12:0 a.m.5 views

PT-2024-21015 · Unknown · Microdicom Dicom Viewer

Name of the Vulnerable Software and Affected Versions: MicroDicom DICOM Viewer versions 2023.3 Build 9342 and prior Description: The issue is related to a lack of proper validation of user-supplied data, which could result in memory corruption within the application. Recommendations: For MicroDic...

7.8CVSS6.7AI score0.00241EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2024/02/27 12:0 a.m.6 views

PT-2024-15099 · Bestwebsoft · Error Log Viewer

Name of the Vulnerable Software and Affected Versions: The Error Log Viewer by BestWebSoft WordPress plugin versions prior to 1.1.3 Description: The issue allows users to read and download PHP logs without authorization, potentially exposing sensitive data. This is a Directory Listing issue...

6.5CVSS9.5AI score0.00587EPSS
Exploits2References8
Positive Technologies
Positive Technologies
added 2024/02/13 12:0 a.m.3 views

PT-2024-2226 · Intel · Intel Xtu

Name of the Vulnerable Software and Affected Versions: IntelR XTU versions prior to 7.12.0.29 Description: The issue is related to improper access control in IntelR XTU software, which may allow an authenticated user to potentially enable escalation of privilege via local access. This could permi...

7.8CVSS7.3AI score0.0019EPSS
Exploits0References6
CVE
CVE
added 2024/01/18 6:45 p.m.236 views

CVE-2024-22419

CVE-2024-22419 affects the Vyper compiler/runtime: the built-in concat can write past the allocated memory buffer, potentially corrupting memory and changing contract semantics. The root cause is the build_IR path not properly conforming to the copy_bytes API for versions >= 0.3.2, enabling a ...

9.8CVSS8.7AI score0.0077EPSS
Exploits1References3Affected Software1
Positive Technologies
Positive Technologies
added 2024/01/11 12:0 a.m.6 views

PT-2024-1444 · Unknown · Rapid Scada

Name of the Vulnerable Software and Affected Versions: Rapid SCADA versions prior to Version 5.8.4 Description: The issue is related to the use of open redirection due to incorrect data cleaning on the user login page. This allows an attacker to redirect users to malicious pages through the login...

5.5CVSS5.3AI score0.00315EPSS
Exploits0References9
Amazon
Amazon
added 2024/01/08 12:0 a.m.3 views

Important: bluez

Issue Overview: bluez: unauthorized HID device connections allows keystroke injection and arbitrary commands execution CVE-2023-45866 Affected Packages: bluez Issue Correction: Run dnf update bluez --releasever 2023.3.20240108 or dnf update --advisory ALAS2023-2024-473 --releasever 2023.3.2024010...

6.3CVSS7.6AI score0.07879EPSS
Exploits8
Positive Technologies
Positive Technologies
added 2023/12/19 12:0 a.m.6 views

PT-2023-30931 · Unknown · Quantumcloud Chatbot

Name of the Vulnerable Software and Affected Versions: QuantumCloud AI ChatBot versions through 4.7.8 Description: The issue is related to an Improper Neutralization of Special Elements used in an SQL Command, also known as SQL Injection. This allows for potential exploitation of the QuantumCloud...

7.6CVSS7.4AI score0.00725EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2023/12/18 12:0 a.m.4 views

PT-2023-30947 · Svgator · Svgator

Name of the Vulnerable Software and Affected Versions: SVGator – Add Animated SVG Easily versions 1.2.4 and earlier Description: A Cross-Site Request Forgery CSRF issue has been identified. This type of issue allows an attacker to trick a user into performing unintended actions on a web applicati...

8.8CVSS8.7AI score0.00272EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2023/12/08 12:0 a.m.6 views

PT-2023-22021 · Ncp · Ncp Secure Enterprise Client

Name of the Vulnerable Software and Affected Versions: NCP Secure Enterprise Client versions prior to 12.22 Description: The issue allows attackers to read registry information of the operating system by creating a symbolic link. This is possible due to a flaw in the Support Assistant component o...

4.3CVSS4.3AI score0.00594EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2023/11/30 12:0 a.m.4 views

PT-2023-30753 · Nitin Rathod · Wp Forms Puzzle Captcha

Name of the Vulnerable Software and Affected Versions: WP Forms Puzzle Captcha versions n/a through 4.1 Description: A Cross-Site Request Forgery CSRF vulnerability in Nitin Rathod WP Forms Puzzle Captcha allows Stored XSS. Recommendations: For WP Forms Puzzle Captcha versions n/a through 4.1,...

7.1CVSS6.8AI score0.00207EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2023/10/31 12:0 a.m.9 views

PT-2023-6633 · Google +3 · Google Chrome +3

Name of the Vulnerable Software and Affected Versions: Google Chrome versions prior to 119.0.6045.105 Description: The issue is related to a use after free vulnerability in the Profiles component of Google Chrome. This vulnerability can be exploited by a remote attacker who convinces a user to...

9.8CVSS7.2AI score0.99694EPSS
Exploits130References1106
Positive Technologies
Positive Technologies
added 2023/10/02 12:0 a.m.6 views

PT-2023-28073 · Yydevelopment · Back To The Top Button

Name of the Vulnerable Software and Affected Versions: YYDevelopment Back To The Top Button plugin versions = 2.1.5 Description: The issue is related to a Stored Cross-Site Scripting XSS vulnerability that requires authentication with admin or higher privileges. Recommendations: For YYDevelopment...

5.9CVSS5.3AI score0.00316EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2023/09/06 12:0 a.m.5 views

PT-2023-27508 · Flatsome · Flatsome

Name of the Vulnerable Software and Affected Versions: Flatsome | Multi-Purpose Responsive WooCommerce Theme versions 3.17.5 and earlier Description: The issue is related to Deserialization of Untrusted Data, which can lead to Unauthenticated PHP Object Injection. It is estimated to affect over...

9.8CVSS9.2AI score0.0049EPSS
Exploits0References8
UbuntuCve
UbuntuCve
added 2023/09/05 9:15 p.m.22 views

CVE-2023-39360

Cacti is an open source operational monitoring and fault management framework.Affected versions are subject to a Stored Cross-Site-Scripting XSS Vulnerability allows an authenticated user to poison data. The vulnerability is found in graphsnew.php. Several validations are performed, but the...

6.1CVSS6.1AI score0.00767EPSS
Exploits1References2
Amazon
Amazon
added 2023/08/21 12:0 a.m.11 views

Important: kernel-livepatch-5.10.179-166.674

Issue Overview: A flaw was found in the Linux kernel's networking subsystem within the RPL protocol's handling. This issue results from the improper handling of user-supplied data, which can lead to an assertion failure. This flaw allows an unauthenticated, remote attacker to create a denial of...

7.8CVSS7AI score0.06127EPSS
Exploits2
Positive Technologies
Positive Technologies
added 2023/07/17 12:0 a.m.4 views

PT-2023-25602 · WordPress · Woocommerce Order Barcodes

Name of the Vulnerable Software and Affected Versions: WooCommerce Order Barcodes plugin versions 1.6.4 and earlier Description: The issue is related to a Cross-Site Request Forgery CSRF vulnerability. This type of vulnerability allows an attacker to trick a user into performing unintended action...

8.8CVSS8.8AI score0.00214EPSS
Exploits0References4
OSV
OSV
added 2023/06/29 8:38 p.m.29 views

CVE-2023-36469 Code injection through NotificationRSSService in XWiki Platform

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Any user who can edit their own user profile and notification settings can execute arbitrary script macros including Groovy and Python macros that allow remote code execution including...

9.9CVSS8.9AI score0.82376EPSS
Exploits1References7
OSV
OSV
added 2023/06/22 8:0 p.m.1 views

GHSA-WHJ9-M24X-QHHP FastAsyncWorldEdit vulnerable to Uncontrolled Resource Consumption

Coordinated Disclosure Timeline - 10.06.2023: Issue reported to IntellectualSites - 11.06.2023: Issue is acknowledged - 12.06.2023: Issue has been fixed - 22.06.2023: Advisory has been published Impacted version range Before 2.6.3 Details Proof of Concept As a user, do the following: 1. Select...

6.2CVSS6.1AI score0.00306EPSS
Exploits0References5
Rows per page
Query Builder