Lucene search
+L

247 matches found

RedhatCVE
RedhatCVE
added 2025/05/23 1:50 a.m.10 views

CVE-2023-21412

User provided input is not sanitized on the AXIS License Plate Verifier specific “search.cgi” allowing for SQL injections...

8.8CVSS7.7AI score0.00492EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 12:58 a.m.10 views

CVE-2022-46905

Insufficient processing of user input in WebSoft HCM 2021.2.3.327 allows an unauthenticated attacker to inject arbitrary HTML tags into the page processed by the user's browser, including scripts in the JavaScript programming language, which leads to Reflected XSS...

6.1CVSS6.8AI score0.00385EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 12:50 a.m.9 views

CVE-2022-20836

Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center FMC Software could allow an authenticated, remote attacker to conduct a stored cross-site scripting XSS attack against a user of the interface of an affected device. These vulnerabilities are due t...

4.8CVSS5.9AI score0.00446EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 12:0 a.m.10 views

CVE-2022-24568

Novel-plus v3.6.0 was discovered to be vulnerable to Server-Side Request Forgery SSRF via user-supplied crafted input...

9.8CVSS7.2AI score0.01151EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 11:31 p.m.6 views

CVE-2022-1702

SonicWall SMA1000 series firmware 12.4.0, 12.4.1-02965 and earlier versions accept a user-controlled input that specifies a link to an external site and uses that link in a redirect which leads to Open redirection vulnerability...

6.1CVSS6.9AI score0.0862EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 7:22 p.m.8 views

CVE-2021-24579

The btbbgetgrid AJAX action of the Bold Page Builder WordPress plugin before 3.1.6 passes user input into the unserialize function without any validation or sanitisation, which could lead to a PHP Object Injection. Even though the plugin did not contain a suitable gadget to fully exploit the issu...

8.8CVSS6.9AI score0.08215EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2025/05/22 6:50 p.m.6 views

CVE-2021-43783

@backstage/plugin-scaffolder-backend is the backend for the default Backstage software templates. In affected versions a malicious actor with write access to a registered scaffolder template is able to manipulate the template in a way that writes files to arbitrary paths on the scaffolder-backend...

8.5CVSS6.8AI score0.01206EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/22 6:45 p.m.4 views

CVE-2021-40909

Cross site scripting XSS vulnerability in sourcecodester PHP CRUD without Refresh/Reload using Ajax and DataTables Tutorial v1 by oretnom23, allows remote attackers to execute arbitrary code via the firstname, lastname, and email parameters to /ajaxcrud...

9.6CVSS6.7AI score0.02181EPSS
Exploits1
RedhatCVE
RedhatCVE
added 2025/05/22 4:42 p.m.6 views

CVE-2020-5203

In Fat-Free Framework 3.7.1, attackers can achieve arbitrary code execution if developers choose to pass user controlled input e.g., $REQUEST, $GET, or $POST to the framework's Clear method...

9.8CVSS7.7AI score0.02137EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/22 3:41 p.m.4 views

CVE-2020-6836

grammar-parser.jison in the hot-formula-parser package before 3.0.1 for Node.js is vulnerable to arbitrary code injection. The package fails to sanitize values passed to the parse function and concatenates them in an eval call. If a value of the formula is taken from user-controlled input, it may...

9.8CVSS7.8AI score0.02148EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 10:8 a.m.10 views

CVE-2019-19729

An issue was discovered in the BSON ObjectID aka bson-objectid package 1.3.0 for Node.js. ObjectID allows an attacker to generate a malformed objectid by inserting an additional property to the user-input, because bson-objectid will return early if it detects bsontype==ObjectID in the user-input...

7.5CVSS7AI score0.01085EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 5:36 a.m.5 views

CVE-2013-7289

Multiple cross-site scripting XSS vulnerabilities in register.php in Andy's PHP Knowledgebase Aphpkb before 0.95.8 allow remote attackers to inject arbitrary web script or HTML via the 1 firstname, 2 lastname, 3 email, or 4 username parameter...

4.3CVSS6AI score0.01161EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 4:54 a.m.10 views

CVE-2019-1072

A remote code execution vulnerability exists when Azure DevOps Server and Team Foundation Server TFS improperly handle user input, aka 'Azure DevOps Server and Team Foundation Server Remote Code Execution Vulnerability'...

9.8CVSS8.3AI score0.12442EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 4:33 a.m.6 views

CVE-2019-14672

Firefly III 4.7.17.5 is vulnerable to stored XSS due to the lack of filtration of user-supplied data in the liability name field. The JavaScript code is executed upon an error condition during a visit to the account show page...

5.4CVSS5.9AI score0.00744EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 4:20 a.m.6 views

CVE-2019-10783

All versions including 0.0.4 of lsof npm module are vulnerable to Command Injection. Every exported method used by the package uses the exec function to parse user input...

9.8CVSS6.9AI score0.02642EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 4:10 a.m.7 views

CVE-2019-0311

Automotive Dealer Portal in SAP R/3 Enterprise Application versions: 600, 602, 603, 604, 605, 606, 616, 617 does not sufficiently encode user-controlled inputs, this makes it possible for an attacker to send unwanted scripts to the browser of the victim using unwanted input and execute malicious...

6.1CVSS6.2AI score0.008EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 1:48 a.m.8 views

CVE-2013-3616

Cross-site scripting XSS vulnerability in the KnowledgeView Editorial and Management application allows remote attackers to inject arbitrary web script or HTML via the username parameter...

4.3CVSS5.9AI score0.01012EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 1:18 a.m.7 views

CVE-2017-1002010

Vulnerability in wordpress plugin Membership Simplified v1.58, The code in membership-simplified-for-oap-members-only/updateDB.php is vulnerable to blind SQL injection because it doesn't sanitize user input via recordId in the deletemedia function...

9.8CVSS8.1AI score0.02277EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/17 5:2 a.m.19 views

CVE-2025-3053

The UiPress lite | Effortless custom dashboards, admin themes and pages plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 3.5.07 via the uipprocessforminput function. This is due to the function taking user supplied inputs to execute arbitrary...

8.8CVSS8.1AI score0.00881EPSS
Exploits0References1
OSV
OSV
added 2025/05/16 1:48 p.m.1 views

SUSE-SU-2025:1571-1 Security update for gimp

This update for gimp fixes the following issues: - CVE-2025-2761: unvalidated user input in FLI file parsing may lead to an out-of-bounds write bsc1241691...

7.8CVSS8.5AI score0.01584EPSS
Exploits0References3
Rows per page
Query Builder