Lucene search
K

795 matches found

CVE
CVE
added 2024/03/27 6:16 p.m.113 views

CVE-2024-28233

CVE-2024-28233 affects JupyterHub. An attacker can trigger a cross-site scripting (XSS) via a malicious subdomain, potentially gaining full access to the JupyterHub API and the user’s single-user server in affected deployments (single-origin or subdomain-based with user-controlled apps). The vuln...

8.1CVSS7.6AI score0.00329EPSS
Exploits0References2Affected Software1
Veracode
Veracode
added 2024/03/19 12:49 p.m.19 views

Man-in-the-middle Attack

Liferay Portal is vulnerable to Man-in-the-middle Attack. The vulnerability is due to the failure to obfuscate password reminder answers on the page, allowing attackers to exploit man-in-the-middle or shoulder-surfing attacks to steal user's password reminder answers...

6.3CVSS7.1AI score0.00284EPSS
Exploits0References2Affected Software4
Vulnrichment
Vulnrichment
added 2024/03/19 5:0 a.m.19 views

CVE-2024-21504

Versions of the package livewire/livewire from 3.3.5 and before 3.4.9 are vulnerable to Cross-site Scripting XSS when a page uses Url for a property. An attacker can inject HTML code in the context of the user's browser session by crafting a malicious link and convincing the user to click on it...

6.1CVSS6AI score0.00516EPSS
Exploits1References4
Prion
Prion
added 2024/03/13 9:15 p.m.23 views

Design/Logic Flaw

A potential DLL hijacking vulnerability in the SanDisk PrivateAccess application for Windows that could lead to arbitrary code execution in the context of the system user. This vulnerability is only exploitable locally if an attacker has access to a copy of the user's vault or has already gained...

3CVSS7.9AI score0.00186EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/03/13 8:43 p.m.21 views

CVE-2024-22167 SanDisk PrivateAccess DLL Hijacking Vulnerability

A potential DLL hijacking vulnerability in the SanDisk PrivateAccess application for Windows that could lead to arbitrary code execution in the context of the system user. This vulnerability is only exploitable locally if an attacker has access to a copy of the user's vault or has already gained...

7.9CVSS8.2AI score0.00186EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/03/11 9:14 p.m.28 views

CVE-2024-28120 API key leak in codeium-chrome

codeium-chrome is an open source code completion plugin for the chrome web browser. The service worker of the codeium-chrome extension doesn't check the sender when receiving an external message. This allows an attacker to host a website that will steal the user's Codeium api-key, and thus...

6.5CVSS6.8AI score0.00647EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2024/03/11 4:35 p.m.30 views

CVE-2024-0053

In getCustomPrinterIcon of PrintManagerService.java, there is a possible way to view other user's images due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation...

6.2AI score0.00118EPSS
Exploits0References2
OSV
OSV
added 2024/03/06 11:9 a.m.18 views

BIT-MOODLE-2021-36392

In Moodle, an SQL injection risk was identified in the library fetching a user's enrolled courses...

9.8CVSS9.7AI score0.00841EPSS
Exploits0References2
OSV
OSV
added 2024/03/06 11:9 a.m.19 views

BIT-DISCOURSE-2021-37703 Information exposure in Discourse

Discourse is an open-source platform for community discussion. In Discourse before versions 2.7.8 and 2.8.0.beta5, a user's read state for a topic such as the last read post number and the notification level is exposed...

4.3CVSS4.8AI score0.00844EPSS
Exploits0References3
OSV
OSV
added 2024/03/06 11:3 a.m.30 views

BIT-MOODLE-2022-35653

A reflected XSS issue was identified in the LTI module of Moodle. The vulnerability exists due to insufficient sanitization of user-supplied data in the LTI module. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's brows...

6.1CVSS6.3AI score0.03747EPSS
Exploits0References6
Veracode
Veracode
added 2024/03/01 5:36 a.m.16 views

HTML Injection

docassemblewebapp is vulnerable to HTML injection. The vulnerability is due to improper handling of user-added HTML including user's name field, allowing the input to be displayed on the screen as HTML which can also include...

6.1CVSS7.3AI score0.00434EPSS
Exploits0
NVD
NVD
added 2024/03/01 12:15 a.m.18 views

CVE-2024-2045

Session version 1.17.5 allows obtaining internal application files and public files from the user's device without the user's consent. This is possible because the application is vulnerable to Local File Read via chat attachments...

5.5CVSS4.7AI score0.00333EPSS
Exploits1References2
Prion
Prion
added 2024/03/01 12:15 a.m.21 views

Session fixation

Session version 1.17.5 allows obtaining internal application files and public files from the user's device without the user's consent. This is possible because the application is vulnerable to Local File Read via chat attachments...

1CVSS7.1AI score0.00333EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2024/02/26 12:0 a.m.7 views

CVE-2024-27455

In the Bentley ALIM Web application, certain configuration settings can cause exposure of a user's ALIM session token when the user attempts to download files. This is fixed in Assetwise ALIM Web 23.00.04.04 and Assetwise Information Integrity Server 23.00.02.03...

6.8AI score0.00645EPSS
Exploits0References1
CVE
CVE
added 2024/02/26 12:0 a.m.3847 views

CVE-2024-27455

The CVE-2024-27455 issue affects Bentley Assetwise ALIM Web and Assetwise Information Integrity Server. A configuration-related flaw can cause exposure of a user’s ALIM session token when downloading files. Affected versions are Assetwise ALIM Web prior to 23.00.04.04 and Assetwise Information In...

9.1CVSS6.6AI score0.00645EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/02/26 12:0 a.m.16 views

CVE-2024-27455

In the Bentley ALIM Web application, certain configuration settings can cause exposure of a user's ALIM session token when the user attempts to download files. This is fixed in Assetwise ALIM Web 23.00.04.04 and Assetwise Information Integrity Server 23.00.02.03...

6.7AI score0.00645EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/02/20 8:11 a.m.18 views

CVE-2024-25150

Information disclosure vulnerability in the Control Panel in Liferay Portal 7.2.0 through 7.4.2, and older unsupported versions, and Liferay DXP 7.3 before update 4, 7.2 before fix pack 19, and older unsupported versions allows remote authenticated users to obtain a user's full name from the page...

4.3CVSS6.3AI score0.00439EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/02/20 8:0 a.m.31 views

CVE-2024-25973 Multiple Stored Cross-Site Scripting Vulnerabilities

The Frentix GmbH OpenOlat LMS is affected by multiple stored Cross-Site Scripting XSS vulnerabilities. An attacker with rights to create or edit groups can create a course with a name that contains an XSS payload. Furthermore, attackers with the permissions to create or rename a catalog...

5.1AI score0.00561EPSS
Exploits3References2
NVD
NVD
added 2024/02/16 2:15 a.m.39 views

CVE-2023-40122

In applyCustomDescription of SaveUi.java, there is a possible way to view other user's images due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation...

5.3CVSS5.9AI score0.0029EPSS
Exploits0References2
Prion
Prion
added 2024/02/16 2:15 a.m.15 views

Information disclosure

In applyCustomDescription of SaveUi.java, there is a possible way to view other user's images due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation...

6.6AI score0.0029EPSS
Exploits0References2
Rows per page
Query Builder