Lucene search
K

795 matches found

NVD
NVD
added 2024/07/02 9:15 p.m.19 views

CVE-2024-39325

aimeos/ai-controller-frontend is the Aimeos frontend controller. Prior to versions 2024.04.2, 2023.10.9, 2022.10.8, 2021.10.8, and 2020.10.15, aimeos/ai-controller-frontend doesn't reset the payment status of a user's basket after the user completes a purchase. Versions 2024.04.2, 2023.10.9,...

5.3CVSS0.0043EPSS
Exploits0References6
Cvelist
Cvelist
added 2024/07/02 8:36 p.m.21 views

CVE-2024-39325 aimeos/ai-controller-frontend doesn't reset payment status in basket

aimeos/ai-controller-frontend is the Aimeos frontend controller. Prior to versions 2024.04.2, 2023.10.9, 2022.10.8, 2021.10.8, and 2020.10.15, aimeos/ai-controller-frontend doesn't reset the payment status of a user's basket after the user completes a purchase. Versions 2024.04.2, 2023.10.9,...

5.3CVSS0.0043EPSS
Exploits0References6
Github Security Blog
Github Security Blog
added 2024/06/30 6:30 p.m.20 views

Reflected Cross-Site Scripting (XSS) in zenml

A reflected Cross-Site Scripting XSS vulnerability was identified in zenml-io/zenml version 0.57.1. The vulnerability exists due to improper neutralization of input during web page generation, specifically within the survey redirect parameter. This flaw allows an attacker to redirect users to a...

6.1CVSS5.7AI score0.00388EPSS
Exploits1References5Affected Software1
NVD
NVD
added 2024/06/27 7:15 p.m.24 views

CVE-2024-5933

A Cross-site Scripting XSS vulnerability exists in the chat functionality of parisneo/lollms-webui in the latest version. This vulnerability allows an attacker to inject malicious scripts via chat messages, which are then executed in the context of the user's browser...

6.1CVSS0.00351EPSS
Exploits1References1
OSV
OSV
added 2024/06/26 12:12 p.m.7 views

USN-6843-1 plasma-workspace vulnerability

Fabian Vogt discovered that Plasma Workspace incorrectly handled connections via ICE. A local attacker could possibly use this issue to gain access to another user's session manager and execute arbitrary code...

7.8CVSS6AI score0.00293EPSS
Exploits0References2
Veracode
Veracode
added 2024/06/21 6:8 a.m.7 views

CSV Injection

silverstripe/framework is vulnerable to CSV injection. The vulnerability is due to the potential inclusion of executable macros and scripts in the exported CSV files, which allows an attacker to execute arbitrary code or commands on the user's system...

8.4AI score
Exploits0
Vulnrichment
Vulnrichment
added 2024/06/18 5:0 p.m.17 views

CVE-2024-38351 Password auth and OAuth2 unverified email linking

Pocketbase is an open source web backend written in go. In affected versions a malicious user may be able to compromise other user accounts. In order to be exploited users must have both OAuth2 and Password auth methods enabled. A possible attack scenario could be: 1. a malicious actor register...

5.4CVSS6.6AI score0.00289EPSS
Exploits0References2
Cvelist
Cvelist
added 2024/06/14 7:48 a.m.29 views

CVE-2024-5961 Reflected XSS in 2ClickPortal

Improper neutralization of input during web page generation vulnerability in 2ClickPortal software allows reflected cross-site scripting XSS. An attacker might trick somebody into using a crafted URL, which will cause a script to be run in user's browser. This issue affects 2ClickPortal software...

5.3CVSS0.01281EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2024/06/06 6:24 p.m.21 views

CVE-2024-3402 Stored XSS vulnerability in gaizhenbiao/chuanhuchatgpt

A stored Cross-Site Scripting XSS vulnerability existed in version 20240121 of gaizhenbiao/chuanhuchatgpt due to inadequate sanitization and validation of model output data. Despite user-input validation efforts, the application fails to properly sanitize or validate the output from the model,...

6.8CVSS6AI score0.00458EPSS
Exploits1References1
CVE
CVE
added 2024/06/06 6:21 p.m.81 views

CVE-2024-5133

CVE-2024-5133 affects lunary-ai/lunary v1.2.4, where the password recovery token (recovery_token) is exposed in API responses for GET /v1/users/me/org, listing all users in a team. Any authenticated user could capture another user’s recovery token and change their password, enabling account takeo...

9.1CVSS8.7AI score0.00543EPSS
Exploits1References1Affected Software1
Vulnrichment
Vulnrichment
added 2024/06/06 6:21 p.m.14 views

CVE-2024-5133 Account Takeover via Exposed Recovery Token in lunary-ai/lunary

In lunary-ai/lunary version 1.2.4, an account takeover vulnerability exists due to the exposure of password recovery tokens in API responses. Specifically, when a user initiates the password reset process, the recovery token is included in the response of the GET /v1/users/me/org endpoint, which...

9.1CVSS6.8AI score0.00543EPSS
Exploits1References1
Veracode
Veracode
added 2024/06/03 7:25 a.m.7 views

Cross-Site Scripting (XSS)

typo3/cms-core is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to insecurely encoding information from external sources in language pack handling, which allows attackers to execute malicious scripts in the context of the user’s browser...

6.5AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2024/06/03 12:0 a.m.14 views

RHEL 5 : libuser (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 5 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - libuser: TOCTOU race conditions by copying and removing directory trees CVE-2012-5630 - libuser: Security...

6.3CVSS6.5AI score0.06797EPSS
Exploits10References4
Tenable Nessus
Tenable Nessus
added 2024/05/17 12:0 a.m.17 views

GitLab 12.2 < 13.4.7 / 13.5 < 13.5.5 / 13.6 < 13.6.2 (CVE-2020-26408)

The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - A limited information disclosure vulnerability exists in Gitlab CE/EE from = 12.2 to =13.5 to =13.6 to = 12.2 to =13.5 to =13.6 to 13.6.2 that allows an attacker to view limited information in user's...

5.3CVSS5.7AI score0.01018EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2024/05/14 8:51 a.m.19 views

CVE-2024-3579 XSS in Online Shopping System Advanced

Open-source project Online Shopping System Advanced is vulnerable to Reflected Cross-Site Scripting XSS. An attacker might trick somebody into using a crafted URL, which will cause a script to be run in user's browser...

6.2AI score0.00271EPSS
Exploits0References2
NVD
NVD
added 2024/04/19 1:15 p.m.9 views

CVE-2024-3654

An XSS vulnerability has been found in Teimas Global's Teixo, version 1.42.42-stable. This vulnerability could allow an attacker to send a specially crafted JavaScript payload via the "seconds" parameter in the program's URL, resulting in a possible takeover of a registered user's session...

6.3CVSS6AI score0.00311EPSS
Exploits0References1
OwnCloud
OwnCloud
added 2024/04/19 12:0 a.m.19 views

Improper Validation in the User's Avatar Mechanism - ownCloud

Improper Validation in the User’s Avatar Mechanism may allow an authenticated attacker to edit their own profile in a way that consumes a substantial amount of resources, creating a Denial of Service...

4.3CVSS6.8AI score
Exploits0Affected Software1
CVE
CVE
added 2024/04/12 4:59 p.m.66 views

CVE-2024-0157

Dell Storage Resource Manager (SRM) for Windows includes a Session Fixation vulnerability in the SRM Windows Host Agent affecting version 4.9.0.0 and earlier. An unauthenticated attacker on an adjacent network could potentially hijack a targeted user’s application session. Public details in conne...

6.5CVSS6.8AI score0.00399EPSS
Exploits0References1Affected Software2
CNVD
CNVD
added 2024/04/12 12:0 a.m.28 views

Adobe Commerce Input Validation Error Vulnerability (CNVD-2024-19008)

Adobe Commerce is the United States of America Odobie Adobe company's a business and brand-oriented global leader in digital commerce solutions. Adobe Commerce has an input validation error vulnerability that stems from vulnerability to incorrect input validation vulnerability, which could lead t...

9CVSS9.2AI score0.01418EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/04/10 5:8 p.m.16 views

CVE-2024-3570 Stored XSS leading to Admin Account Takeover in mintplex-labs/anything-llm

A stored Cross-Site Scripting XSS vulnerability exists in the chat functionality of the mintplex-labs/anything-llm repository, allowing attackers to execute arbitrary JavaScript in the context of a user's session. By manipulating the ChatBot responses, an attacker can inject malicious scripts to...

5.7AI score0.00313EPSS
Exploits1References2
Rows per page
Query Builder