Lucene search
+L

321 matches found

veracode
veracode
added 2023/05/17 8:32 a.m.52 views

SQL Injection

moodle/moodle is vulnerable to SQL Injection attacks. The vulnerability exists in getsubwikipages function of external.php due to lack of sanitization of user inputs which allows an attacker to inject and execute arbitrary sql queries...

7.3CVSS8.2AI score0.01142EPSS
Exploits0References12Affected Software1
veracode
veracode
added 2023/05/17 7:36 a.m.24 views

Cross-Site Scripting (XSS)

thorsten/phpmyfaq is vulnerable to Cross-Site Scripting XSS. The vulnerability exists in record.questions.php due to lack of sanitization of the user inputs of mail parameter which allows an attacker to inject and execute arbitrary javascript...

4.8CVSS6.5AI score0.0046EPSS
Exploits1References5Affected Software1
veracode
veracode
added 2023/05/10 9:41 a.m.18 views

Cross-site Scripting (XSS)

pimcore/pimcore is vulnerable to Cross-site Scripting XSS. The vulnerability exists in getLinkContent of link.js due to improper sanitization of user inputs which allows an attacker to inject and execute arbitrary javascript...

5.4CVSS6.8AI score0.00563EPSS
Exploits1References6Affected Software1
veracode
veracode
added 2023/05/09 6:24 a.m.27 views

Remote Code Execution (RCE)

appium-desktop is vulnerable to Remote Code Execution RCE. Lack of proper checking of supplied user inputs allows an attacker to upload and execute malicious code on the system when Appium Desktop's open ports are exposed to the wider internet...

9.8CVSS9.6AI score0.22014EPSS
Exploits2References3Affected Software1
veracode
veracode
added 2023/04/07 7:45 a.m.20 views

Cross-Site Scripting (XSS)

phpmyfaq is vulnerable to Cross-Site Scripting XSS. The library does not properly escape the user inputs through $editData parameter in configuration.php, before it output to the front end, allowing an attacker to inject and execute malicious javascript on victim's browser...

5.4CVSS5.4AI score0.00615EPSS
Exploits1References3Affected Software2
veracode
veracode
added 2023/03/02 3:4 a.m.17 views

Cross-Site Scripting (XSS)

microweber/microweber is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to a lack of santization of user inputs in the admin settings, which allows an admin authenticated attacker to inject and execute arbitrary JavaScript into the system...

4.8CVSS5.3AI score0.00434EPSS
Exploits0References3Affected Software1
vulnrichment
vulnrichment
added 2023/02/14 3:18 a.m.8 views

CVE-2023-24525

SAP CRM WebClient UI - versions WEBCUIF 748, 800, 801, S4FND 102, 103, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting XSS vulnerability. On successful exploitation an authenticated attacker can cause limited impact on confidentiality of the application...

4.3CVSS5.3AI score0.00345EPSS
Exploits0References2
veracode
veracode
added 2023/02/07 5:46 a.m.124 views

Cross-Site Scripting (XSS)

github.com/grafana/grafana is vulnerable to Cross-Site Scripting XSS. The vulnerability exists due to improper sanitization of user inputs in the originalUrl parameter which allows an attacker to inject and execute arbitrary JavaScript...

6.7CVSS6.8AI score0.00828EPSS
Exploits0References7Affected Software2
veracode
veracode
added 2023/02/06 7:2 a.m.23 views

Cross-Site Scripting (XSS)

jsuites is vulnerable to Cross-Site Scripting XSS. The vulnerability exists due to improper sanitization of user inputs in the Editor function of jsuites.js, which allows an attacker to inject and execute arbitrary JavaScript...

6.1CVSS6.1AI score0.00617EPSS
Exploits1References3Affected Software1
veracode
veracode
added 2023/01/25 10:55 a.m.16 views

Cross-Site Scripting (XSS)

@builder.io/qwik is vulnerable to Cross-Site Scripting XSS. The vulnerability exists due to improper sanitization of user inputs in render-ssr.ts, which allows an attacker to inject and execute arbitrary JavaScript...

6.1CVSS6AI score0.00458EPSS
Exploits0References4Affected Software1
veracode
veracode
added 2023/01/25 9:12 a.m.17 views

Path Traversal

github.com/uber/kraken is vulnerable to Path Traversal. The vulnerability exists because the downloadHandler parameter in the server.go does not properly sanitize the relative file paths and user inputs, allowing an attacker to write arbitrary files outside the expected directory...

7.5CVSS7.3AI score0.00799EPSS
Exploits1References2Affected Software1
veracode
veracode
added 2023/01/17 1:7 p.m.24 views

Cross-Site Scripting (XSS)

@mattkrick/sanitize-svg is vulnerable to Cross-Site Scripting XSS. The vulnerability exists due to improper sanitization of user inputs in the deny-list-pattern which allows an attacker to inject and execute arbitrary JavaScript...

7.6CVSS6.1AI score0.00571EPSS
Exploits1References3Affected Software1
veracode
veracode
added 2023/01/12 9:4 a.m.16 views

SQL Injection

webpa is vulnerable to sql injection. The vulnerability exists because the user provided inputs are not properly validated which allows an attacker to inject and execute malicious SQL queries...

9.8CVSS4.2AI score0.00681EPSS
Exploits0References6Affected Software1
veracode
veracode
added 2022/12/12 4:21 a.m.31 views

Arbitrary Code Injection

akeneo/pim-community-dev is vulnerable to arbitrary code injection. The vulnerability exists in Location parameter in httpd.conf because of not properly validate user inputs which allows an attacker to inject and execute malicious code into the system...

8.8CVSS8.9AI score0.01406EPSS
Exploits1References6Affected Software1
veracode
veracode
added 2022/11/22 10:57 a.m.21 views

Denial Of Service (DoS)

tensorflow is vulnerable to denial of service DoS attacks. An attacker is able to cause denial of service conditions due to improper validation of user Inputs, densefeatures and examplestatedata, resulting in a CHECK fail in SdcaOptimizer...

7.5CVSS7.1AI score0.0044EPSS
Exploits1References9Affected Software3
veracode
veracode
added 2022/11/14 7:37 a.m.16 views

SQL Injection

matrix-appservice-irc is vulnerable to sql injection. The vulnerability exists in getRoomVisibility function in PgDataStore.ts because the user provided inputs are not properly validated which allows an attacker to inject and execute arbitrary SQL commands...

5.6CVSS6.7AI score0.00509EPSS
Exploits0References6Affected Software1
vulnrichment
vulnrichment
added 2022/10/27 12:0 a.m.6 views

CVE-2022-42992

Multiple stored cross-site scripting XSS vulnerabilities in Train Scheduler App v1.0 allow attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Train Code, Train Name, and Destination text fields...

5.5AI score0.00447EPSS
Exploits1References1
veracode
veracode
added 2022/10/25 5:42 a.m.15 views

Denial Of Service (DoS)

parse-server is vulnerable to denial of service. The vulnerability exists in multiple functions due to user inputs not properly validated which allows an attacker to send a file download request with an invalid byte range causing an application crash...

7.5CVSS6.6AI score0.00689EPSS
Exploits0References5Affected Software1
vulnrichment
vulnrichment
added 2022/10/25 12:0 a.m.9 views

CVE-2022-39321 GitHub Actions Runner vulnerable to Docker Command Escaping

GitHub Actions Runner is the application that runs a job from a GitHub Actions workflow. The actions runner invokes the docker cli directly in order to run job containers, service containers, or container actions. A bug in the logic for how the environment is encoded into these docker commands wa...

8.8CVSS9.7AI score0.01474EPSS
Exploits0References3
nessus
nessus
added 2022/10/14 12:0 a.m.46 views

SAP BusinessObjects Business Intelligence Platform 4.2 < 4.2 SP9 P10 / 4.3 < 4.3 SP2 P6 Multiple Vulnerabilities

The version of SAP BusinessObjects Business Intelligence Platform installed on the remote Windows host is prior to 4.2 SP9 P10, 4.3 SP2 P6 or 4.3 SP3. It is, therefore, affected by multiple vulnerabilities: - Under certain conditions an authenticated attacker can get access to OS credentials...

7.6CVSS6.6AI score0.00601EPSS
Exploits0References7
Rows per page
Query Builder