Lucene search
K

522 matches found

RedhatCVE
RedhatCVE
added 2025/05/23 9:29 a.m.6 views

CVE-2024-27622

A remote code execution vulnerability has been identified in the User Defined Tags module of CMS Made Simple version 2.2.19 / 2.2.21. This vulnerability arises from inadequate sanitization of user-supplied input in the 'Code' section of the module. As a result, authenticated users with...

7.2CVSS8.1AI score0.01997EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/23 9:13 a.m.6 views

CVE-2024-31870

IBM Db2 for i 7.2, 7.3, 7.4, and 7.5 supplies user defined table function is vulnerable to user enumeration by a local authenticated attacker, without having authority to the related USRPRF objects. This can be used by a malicious actor to gather information about users that can be targeted in...

3.3CVSS6AI score0.00171EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 6:22 a.m.7 views

CVE-2024-55554

Intrexx Portal Server before 12.0.2 allows XSS via a user-defined portlet...

5.4CVSS5.8AI score0.00213EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 5:31 a.m.9 views

CVE-2023-29051

User-defined OXMF templates could be used to access a limited part of the internal OX App Suite Java API. The existing switch to disable the feature by default was not effective in this case. Unauthorized users could discover and modify application state, including objects related to other users...

8.1CVSS6.9AI score0.00546EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 5:13 a.m.11 views

CVE-2023-41710

User-defined script code could be stored for a upsell related shop URL. This code was not correctly sanitized when adding it to DOM. Attackers could lure victims to user accounts with malicious script code and make them execute it in the context of a trusted domain. We added sanitization for this...

5.4CVSS6.9AI score0.00436EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/23 4:44 a.m.12 views

CVE-2023-41706

Processing time of drive search expressions now gets monitored, and the related request is terminated if a resource threshold is reached. Availability of OX App Suite could be reduced due to high processing load. Please deploy the provided updates and patch releases. Processing of user-defined...

6.5CVSS7AI score0.00785EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 3:36 a.m.8 views

CVE-2023-28480

An issue was discovered in Tigergraph Enterprise 3.7.0. The TigerGraph platform allows users to define new User Defined Functions UDFs from C/C++ code. To support this functionality TigerGraph allows users to upload custom C/C++ code which is then compiled and installed into the platform. An...

6.5CVSS7.1AI score0.00534EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/23 3:19 a.m.5 views

CVE-2023-28483

An issue was discovered in Tigergraph Enterprise 3.7.0. The GSQL query language provides users with the ability to write data to files on a remote TigerGraph server. The locations that a query is allowed to write to are configurable via the GSQL.FileOutputPolicy configuration setting. GSQL querie...

8.8CVSS7AI score0.00741EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 9:49 p.m.7 views

CVE-2022-30331

The User-Defined Functions UDF feature in TigerGraph 3.6.0 allows installation of a query in the GSQL query language without proper validation. Consequently, an attacker can execute arbitrary C++ code. NOTE: the vendor's position is "GSQL was behaving as expected."...

8.8CVSS7.5AI score0.00906EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 4:33 p.m.9 views

CVE-2020-25234

A vulnerability has been identified in LOGO! 8 BM incl. SIPLUS variants All versions V8.3, LOGO! Soft Comfort All versions V8.3. The LOGO! program files generated and used by the affected components offer the possibility to save user-defined functions UDF in a password protected way. This...

7.7CVSS6.5AI score0.00301EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/22 12:27 a.m.7 views

CVE-2012-6565

Cross-site scripting XSS vulnerability in REDCap before 4.14.3 allows remote authenticated users to inject arbitrary web script or HTML via uppercase characters in JavaScript events within user-defined labels...

3.5CVSS5.5AI score0.00944EPSS
Exploits0References1
Snyk
Snyk
added 2025/05/14 12:31 p.m.5 views

Arbitrary Code Injection

Overview org.apache.iotdb:iotdb-server is a data management system for time series data, which can provide users specific services, such as, data collection, storage and analysis. Affected versions of this package are vulnerable to Arbitrary Code Injection through the registration of user-defined...

9.8CVSS8.1AI score0.01304EPSS
Exploits0References2
Snyk
Snyk
added 2025/05/14 12:31 p.m.3 views

Arbitrary Code Injection

Overview Affected versions of this package are vulnerable to Arbitrary Code Injection through the registration of user-defined functions UDFs from untrusted sources. An attacker with the privilege to create UDFs can execute arbitrary code by registering a malicious function. Remediation Upgrade...

9.8CVSS8.1AI score0.01304EPSS
Exploits0References2
OSV
OSV
added 2025/05/14 12:31 p.m.8 views

GHSA-F4RQ-F4J9-F6RM Apache IoTDB Vulnerable to Remote Code Execution

Remote Code Execution with untrusted URI of UDF vulnerability in Apache IoTDB. The attacker who has privilege to create UDF can register malicious function from untrusted URI. This issue affects Apache IoTDB: from 1.0.0 before 1.3.4. Users are recommended to upgrade to version 1.3.4, which fixes...

9.8CVSS7.4AI score0.01304EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2025/05/14 11:15 a.m.5 views

CVE-2024-24780

Remote Code Execution with untrusted URI of UDF vulnerability in Apache IoTDB. The attacker who has privilege to create UDF can register malicious function from untrusted URI. This issue affects Apache IoTDB: from 1.0.0 before 1.3.4. Users are recommended to upgrade to version 1.3.4, which fixes...

9.8CVSS5.9AI score0.01304EPSS
Exploits0References2Affected Software1
PyPA
PyPA
added 2025/05/14 11:15 a.m.10 views

PYSEC-2025-59

Remote Code Execution with untrusted URI of UDF vulnerability in Apache IoTDB. The attacker who hasprivilege to create UDF can register malicious function fromuntrusted URI.This issue affects Apache IoTDB: from 1.0.0 before 1.3.4.Users are recommended to upgrade to version 1.3.4, which fixes the...

9.8CVSS7.5AI score0.01304EPSS
Exploits0References4Affected Software1
Vulnrichment
Vulnrichment
added 2025/05/14 10:42 a.m.12 views

CVE-2024-24780 Apache IoTDB: Remote Code Execution with untrusted URI of User-defined function

Remote Code Execution with untrusted URI of UDF vulnerability in Apache IoTDB. The attacker who has privilege to create UDF can register malicious function from untrusted URI. This issue affects Apache IoTDB: from 1.0.0 before 1.3.4. Users are recommended to upgrade to version 1.3.4, which fixes...

9.7AI score0.01304EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/05/14 10:42 a.m.43 views

CVE-2024-24780 Apache IoTDB: Remote Code Execution with untrusted URI of User-defined function

Remote Code Execution with untrusted URI of UDF vulnerability in Apache IoTDB. The attacker who has privilege to create UDF can register malicious function from untrusted URI. This issue affects Apache IoTDB: from 1.0.0 before 1.3.4. Users are recommended to upgrade to version 1.3.4, which fixes...

0.01304EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2025/05/13 12:0 a.m.29 views

Amazon Linux 2023 : lemon, sqlite, sqlite-analyzer (ALAS2023-2025-971)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2025-971 advisory. SQLite through 3.40.0, when relying on --safe for execution of an untrusted CLI script, does not properly implement the azProhibitedFunctions protection mechanism, and instead allows UDF functions such ...

7.3CVSS6.5AI score0.00425EPSS
Exploits1References4
RedhatCVE
RedhatCVE
added 2025/05/03 2:31 p.m.16 views

CVE-2025-37770

In the Linux kernel, the following vulnerability has been resolved: drm/amd/pm: Prevent division by zero The user can set any speed value. If speed is greater than UINTMAX/8, division by zero is possible. Found by Linux Verification Center linuxtesting.org with SVACE...

7AI score0.00171EPSS
Exploits0
Rows per page
Query Builder