Lucene search
+L

104 matches found

RedhatCVE
RedhatCVE
added 2025/05/22 10:13 p.m.9 views

CVE-2022-20936

Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center FMC Software could allow an authenticated, remote attacker to conduct a stored cross-site scripting XSS attack against a user of the interface of an affected device. These vulnerabilities are due t...

4.8CVSS5.9AI score0.00446EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 5:41 p.m.10 views

CVE-2020-1790

GaussDB 200 with version of 6.5.1 have a command injection vulnerability. The software constructs part of a command using external input from users, but the software does not sufficiently validate the user input. Successful exploit could allow the attacker to inject certain commands...

8.8CVSS7.3AI score0.01093EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/22 4:34 p.m.7 views

CVE-2020-26713

REDCap 10.3.4 contains a XSS vulnerability in the ToDoList function with parameter sort. The information submitted by the user is immediately returned in the response and not escaped leading to the reflected XSS vulnerability. Attackers can exploit vulnerabilities to steal login session informati...

6.1CVSS6.1AI score0.01171EPSS
Exploits1
RedhatCVE
RedhatCVE
added 2025/05/22 10:26 a.m.8 views

CVE-2019-10790

taffydb npm module, vulnerable in all versions up to and including 2.7.3, allows attackers to forge adding additional properties into user-input processed by taffy which can allow access to any data items in the DB. taffy sets an internal index for each data item in its DB. However, it is found...

7.5CVSS6.7AI score0.01861EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 2:34 a.m.7 views

CVE-2018-1000649

LibreHealthIO lh-ehr version REL-2.0.0 contains a Authenticated Unrestricted File Write in letter.php 2 vulnerability in Patient file letter functions that can result in Write files with malicious content and may lead to remote code execution. This attack appear to be exploitable via User...

8.8CVSS7.8AI score0.02797EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2025/05/08 12:0 a.m.9 views

PT-2025-20375 · WordPress · Nex-Forms

Name of the Vulnerable Software and Affected Versions: NEX-Forms – Ultimate Form Builder – Contact forms and much more plugin for WordPress versions up to, and including, 8.9.1 Description: The issue is related to Limited Code Execution due to the unsanitized use of user-supplied input in the cal...

6.3CVSS7.2AI score0.00282EPSS
Exploits0References10
Positive Technologies
Positive Technologies
added 2025/04/08 12:0 a.m.14 views

PT-2025-15381

Name of the Vulnerable Software and Affected Versions: 3DPrint Lite plugin for WordPress versions up to, and including, 2.1.3.6 Description: The issue allows unauthenticated attackers to perform SQL Injection via the coating text parameter due to insufficient escaping of user-supplied input and...

4.9CVSS7.2AI score0.00386EPSS
Exploits0References10
NVD
NVD
added 2025/03/20 10:15 a.m.9 views

CVE-2024-10188

A vulnerability in BerriAI/litellm, as of commit 26c03c9, allows unauthenticated users to cause a Denial of Service DoS by exploiting the use of ast.literaleval to parse user input. This function is not safe and is prone to DoS attacks, which can crash the litellm Python server...

7.5CVSS0.00526EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/03/20 10:10 a.m.7 views

CVE-2024-7957 Arbitrary File Overwrite in danswer-ai/danswer

An arbitrary file overwrite vulnerability exists in the ZulipConnector of danswer-ai/danswer, affecting the latest version. The vulnerability arises from the loadcredentials method, where user-controlled input for realmname and zuliprccontent is used to construct file paths and write file content...

9.1CVSS9.2AI score0.00879EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/03/20 10:10 a.m.16 views

CVE-2024-7957 Arbitrary File Overwrite in danswer-ai/danswer

An arbitrary file overwrite vulnerability exists in the ZulipConnector of danswer-ai/danswer, affecting the latest version. The vulnerability arises from the loadcredentials method, where user-controlled input for realmname and zuliprccontent is used to construct file paths and write file content...

9.1CVSS0.00879EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/03/20 10:9 a.m.9 views

CVE-2024-10812 Open Redirect in binary-husky/gpt_academic

An open redirect vulnerability exists in binary-husky/gptacademic version 3.83. The vulnerability occurs when a user is redirected to a URL specified by user-controlled input in the 'file' parameter without proper validation or sanitization. This can be exploited by attackers to conduct phishing...

6.1CVSS6.2AI score0.00574EPSS
Exploits1References1
CVE
CVE
added 2025/03/20 10:9 a.m.83 views

CVE-2024-10812

CVE-2024-10812 affects binary-husky/gpt_academic (v3.83) with an open redirect via the file parameter. The Nuclei template for GPT Academic v1.3.9 confirms the issue arises from user-controlled input that redirects to attacker-controlled URLs, enabling phishing, malware distribution, and credenti...

6.1CVSS6.2AI score0.00574EPSS
Exploits1References1Affected Software1
Huntr
Huntr
added 2025/02/27 9:33 a.m.8 views

Command injection in LLama-Index CLI

Description There is an OS command injection vulnerability in the LLama-Index CLI. Because of pasting the --files argument directly into os.system, an attacker who controls the content of this argument can inject shell commands. The vulnerability was marked as "Local" in the CVSS rating because t...

7.8CVSS8.7AI score0.0103EPSS
Exploits1
CNVD
CNVD
added 2025/02/19 12:0 a.m.29 views

Linksys E5600 PRF_Table_content Component Cross-Site Scripting Vulnerability

Linksys E5600 is a powerful, compact and reliable WiFi 5 router from Linksys USA. A cross-site scripting vulnerability exists in Linksys E5600 Ver.1.1.0.26. The vulnerability stems from the application's lack of effective filtering and escaping of user-supplied data, which can be exploited by an...

4.8CVSS6.3AI score0.00277EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/02/05 11:49 a.m.9 views

CVE-2024-7099

netease-youdao/qanything version 1.4.1 contains a vulnerability where unsafe data obtained from user input is concatenated in SQL queries, leading to SQL injection. The affected functions include getknowledgebasename, fromstatustostatus, deletefiles, and getfilebystatus. An attacker can exploit...

9.8CVSS7.7AI score0.00608EPSS
Exploits1References1
Cvelist
Cvelist
added 2025/01/29 12:0 a.m.31 views

CVE-2024-48761

Reflected XSS vulnerability in Celk Sistemas Celk Saude v.3.1.252.1 allows a remote attacker to inject arbitrary JavaScript code via the "erro" parameter...

0.00552EPSS
Exploits1References1
CVE
CVE
added 2025/01/07 3:21 a.m.45 views

CVE-2024-11437

CVE-2024-11437 affects Timeline Designer for WordPress. The timeline plugin is vulnerable to SQL Injection via the 's' parameter in all versions up to 1.4 due to insufficient escaping and improper query preparation. This could allow unauthenticated attackers to append additional SQL queries into ...

4.9CVSS5.4AI score0.0049EPSS
Exploits0References3
OSV
OSV
added 2025/01/02 10:43 p.m.29 views

GHSA-WW33-JPPQ-QFRP phpMyFAQ Vulnerable to Stored HTML Injection at FAQ

Summary Due to insufficient validation on the content of new FAQ posts, it is possible for authenticated users to inject malicious HTML or JavaScript code that can impact other users viewing the FAQ. This vulnerability arises when user-provided inputs in FAQ entries are not sanitized or escaped...

5.2CVSS6.2AI score0.00403EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2025/01/01 12:0 a.m.5 views

PT-2025-21253

Name of the Vulnerable Software and Affected Versions Node.js versions 20.x through 24.x Description Node.js is susceptible to a remote crash issue due to a flaw in the SignTraits::DeriveBits function. This flaw can be triggered by malformed crypto input in background threads, leading to a...

7.8CVSS6.9AI score0.00763EPSS
Exploits1References132
Veracode
Veracode
added 2024/12/02 6:25 a.m.5 views

Cross-site Scripting (XSS)

calibreweb to Cross-site Scripting XSS. The vulnerability is due to insufficient sanitization of user input in the editbooks.js file when editing book properties, such as uploading a cover or format. This allows attackers to execute arbitrary JavaScript code...

6.1CVSS6.8AI score0.00356EPSS
Exploits1References3Affected Software1
Rows per page
Query Builder