Lucene search
K

109 matches found

Veracode
Veracode
added 2022/11/28 5:33 a.m.34 views

Cross-site Scripting (XSS)

spatie/browsershot is vulnerable to cross site scripting. The vulnerable exists in the setUrl function in Browsershot.php which allows an external attacker to remotely obtain arbitrary local files, because the application does not validate the passed URL protocol...

8.2CVSS7.6AI score0.0061EPSS
Exploits1References4Affected Software1
Positive Technologies
Positive Technologies
added 2022/11/25 12:0 a.m.6 views

PT-2022-26035 · Unknown · Browsershot

Name of the Vulnerable Software and Affected Versions: Browsershot version 3.57.2 Description: The issue allows an external attacker to remotely obtain arbitrary local files. This is possible because the application does not validate the URL protocol passed to the Browsershot::url method...

8.2CVSS8AI score0.0061EPSS
Exploits1References8
Vulnrichment
Vulnrichment
added 2022/11/25 12:0 a.m.8 views

CVE-2022-41706 Browsershot 3.57.2 - Server Side XSS to LFR via URL

Browsershot version 3.57.2 allows an external attacker to remotely obtain arbitrary local files. This is possible because the application does not validate the URL protocol passed to the Browsershot::url method...

7.8AI score0.0061EPSS
Exploits1References2
Cvelist
Cvelist
added 2022/11/25 12:0 a.m.22 views

CVE-2022-41706 Browsershot 3.57.2 - Server Side XSS to LFR via URL

Browsershot version 3.57.2 allows an external attacker to remotely obtain arbitrary local files. This is possible because the application does not validate the URL protocol passed to the Browsershot::url method...

8.3AI score0.0061EPSS
Exploits1References2
CVE
CVE
added 2022/11/25 12:0 a.m.99 views

CVE-2022-41706

CVE-2022-41706 affects Browsershot version 3.57.2, where the URL protocol passed to Browsershot::url is not validated. This allows an external attacker to remotely obtain arbitrary local files. The available documents describe the vulnerability and impact (remote local file access) but do not pro...

8.2CVSS8AI score0.0061EPSS
Exploits1References2Affected Software1
VulnCheck KEV
VulnCheck KEV
added 2022/08/09 12:0 a.m.4 views

VulnCheck KEV: CVE-2022-34713

A remote code execution vulnerability exists when Microsoft Windows MSDT is called using the URL protocol from a calling application...

7.8CVSS7.9AI score0.6798EPSS
Exploits1References1
CISA KEV Catalog
CISA KEV Catalog
added 2022/08/09 12:0 a.m.58 views

Microsoft Windows Support Diagnostic Tool (MSDT) Remote Code Execution Vulnerability

A remote code execution vulnerability exists when Microsoft Windows MSDT is called using the URL protocol from a calling application...

7.8CVSS3.7AI score0.6798EPSS
In wildExploits1
Positive Technologies
Positive Technologies
added 2022/07/25 12:0 a.m.11 views

PT-2022-23374 · Obsidian · Obsidian

Name of the Vulnerable Software and Affected Versions: Obsidian versions 0.14.x through 0.15.4 Description: The issue allows remote code execution due to the use of window.open without checking the URL, specifically with the obsidian://hook-get-address protocol. This can lead to unauthorized code...

9.8CVSS9.8AI score0.19589EPSS
Exploits1References6
CISA KEV Catalog
CISA KEV Catalog
added 2022/06/14 12:0 a.m.47 views

Microsoft Windows Support Diagnostic Tool (MSDT) Remote Code Execution Vulnerability

A remote code execution vulnerability exists when MSDT is called using the URL protocol from a calling application such as Word. An attacker who successfully exploits this vulnerability can run code with the privileges of the calling application...

9.3CVSS8.2AI score0.99374EPSS
In wildExploits62
NVD
NVD
added 2022/06/03 6:15 a.m.13 views

CVE-2022-32271

In Real Player 20.0.8.310, there is a DCP:// URI Remote Arbitrary Code Execution Vulnerability. This is an internal URL Protocol used by Real Player to reference a file that contains an URL. It is possible to inject script code to arbitrary domains. It is also possible to reference arbitrary loca...

9.6CVSS0.02706EPSS
Exploits1References2
Talos Blog
Talos Blog
added 2022/06/02 2:53 p.m.86 views

Threat Advisory: Zero-day vulnerability in Microsoft diagnostic tool MSDT could lead to code execution

A recently discovered zero-day vulnerability in the Microsoft Windows Support Diagnostic Tool MSDT made headlines over the past few days. CVE-2022-30190, also known under the name "Follina," exists when MSDT is called using the URL protocol from an application, such as Microsoft Office,...

9.3CVSS2.1AI score0.99374EPSS
Exploits62
NVD
NVD
added 2022/06/01 8:15 p.m.35 views

CVE-2022-30190

A remote code execution vulnerability exists when MSDT is called using the URL protocol from a calling application such as Word. An attacker who successfully exploits this vulnerability can run arbitrary code with the privileges of the calling application. The attacker can then install programs,...

9.3CVSS0.99374EPSS
Exploits62References4
Prion
Prion
added 2022/06/01 8:15 p.m.41 views

Remote code execution

A remote code execution vulnerability exists when MSDT is called using the URL protocol from a calling application such as Word. An attacker who successfully exploits this vulnerability can run arbitrary code with the privileges of the calling application. The attacker can then install programs,...

9.3CVSS8.3AI score0.99374EPSS
Exploits62References2Affected Software4
ThreatPost
ThreatPost
added 2022/06/01 10:38 a.m.3994 views

Microsoft Releases Workaround for ‘One-Click’ 0Day Under Active Attack

Microsoft has released a workaround for a zero-day flaw that was initially flagged in April and that attackers already have used to target organizations in Russia and Tibet, researchers said. The remote control execution RCE flaw, tracked as CVE-2022-3019, is associated with the Microsoft Support...

9.3CVSS8AI score0.99374EPSS
Exploits91References17
ATTACKERKB
ATTACKERKB
added 2022/06/01 12:0 a.m.1167 views

CVE-2022-30190

A remote code execution vulnerability exists when MSDT is called using the URL protocol from a calling application such as Word. An attacker who successfully exploits this vulnerability can run arbitrary code with the privileges of the calling application. The attacker can then install programs,...

9.3CVSS7.7AI score0.99374EPSS
In wildExploits90References5
Rapid7 Blog
Rapid7 Blog
added 2022/05/31 3:15 p.m.187 views

CVE-2022-30190: "Follina" Microsoft Support Diagnostic Tool Vulnerability

On May 30, 2022, Microsoft Security Response Center MSRC published a blog on CVE-2022-30190, an unpatched vulnerability in the Microsoft Support Diagnostic Tool msdt in Windows. Microsoft’s advisory on CVE-2022-30190 indicates that exploitation has been detected in the wild. According to Microsof...

9.3CVSS1.1AI score0.99374EPSS
Exploits62
The Hacker News
The Hacker News
added 2022/05/31 5:12 a.m.114 views

Microsoft Releases Workarounds for Office Vulnerability Under Active Exploitation

Microsoft on Monday published guidance for a newly discovered zero-day security flaw in its Office productivity suite that could be exploited to achieve code execution on affected systems. The weakness, now assigned the identifier CVE-2022-30190, is rated 7.8 out of 10 for severity on the CVSS...

1.5AI score0.99374EPSS
Exploits62
VulnCheck KEV
VulnCheck KEV
added 2022/05/30 12:0 a.m.6 views

VulnCheck KEV: CVE-2022-30190

A remote code execution vulnerability exists when MSDT is called using the URL protocol from a calling application such as Word. An attacker who successfully exploits this vulnerability can run code with the privileges of the calling application...

9.3CVSS7.5AI score0.99374EPSS
Exploits62References1
Tenable Nessus
Tenable Nessus
added 2022/03/12 12:0 a.m.48 views

AlmaLinux 8 : firefox (ALSA-2022:0130)

The remote AlmaLinux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the ALSA-2022:0130 advisory. - Mozilla developers Calixte Denizet, Kershaw Chang, Christian Holler, Jason Kratzer, Gabriele Svelto, Tyson Smith, Simon Giesecke, and Steve Fink reporte...

10CVSS7.8AI score0.0134EPSS
Exploits6References13
Tenable Nessus
Tenable Nessus
added 2022/03/11 12:0 a.m.48 views

AlmaLinux 8 : thunderbird (ALSA-2022:0129)

The remote AlmaLinux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the ALSA-2022:0129 advisory. - Mozilla developers Calixte Denizet, Kershaw Chang, Christian Holler, Jason Kratzer, Gabriele Svelto, Tyson Smith, Simon Giesecke, and Steve Fink reporte...

10CVSS7.8AI score0.0134EPSS
Exploits6References13
Rows per page
Query Builder