Lucene search
K

353 matches found

Exploit DB
Exploit DB
added 2024/02/19 12:0 a.m.304 views

Employee Management System v1 - 'email' SQL Injection

Exploit Title: Employee Management System v1 - 'email' SQL Injection Google Dork: N/A Application: Employee Management System Date: 19.02.2024 Bugs: SQL Injection Exploit Author: SoSPiro Vendor Homepage: https://www.sourcecodester.com/ Software Link:...

7.4AI score
Exploits0
NVD
NVD
added 2024/02/15 5:15 a.m.25 views

CVE-2022-23084

The total size of the user-provided nmreq to nmreqcopyin was first computed and then trusted during the copyin. This time-of-check to time-of-use bug could lead to kernel memory corruption. On systems configured to include netmap in their devfsruleset, a privileged process running in a jail can...

7.8CVSS6.2AI score0.00243EPSS
Exploits0References2
Prion
Prion
added 2024/02/09 11:15 p.m.137 views

Design/Logic Flaw

nonebot2 is a cross-platform Python asynchronous chatbot framework written in Python. This security advisory pertains to a potential information leak e.g., environment variables in instances where developers utilize MessageTemplate and incorporate user-provided data into templates. The identified...

4.3CVSS6.8AI score0.00492EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2024/02/09 11:15 p.m.17 views

PYSEC-2024-37

nonebot2 is a cross-platform Python asynchronous chatbot framework written in Python. This security advisory pertains to a potential information leak e.g., environment variables in instances where developers utilize MessageTemplate and incorporate user-provided data into templates. The identified...

6.5CVSS6.8AI score0.00492EPSS
Exploits0References2
OSV
OSV
added 2024/02/09 10:16 p.m.24 views

CVE-2024-21624 Potential Information Leak in User-Constructed Message Templates in nonebot2

nonebot2 is a cross-platform Python asynchronous chatbot framework written in Python. This security advisory pertains to a potential information leak e.g., environment variables in instances where developers utilize MessageTemplate and incorporate user-provided data into templates. The identified...

5.7CVSS6.2AI score0.00492EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2024/02/09 10:16 p.m.17 views

CVE-2024-21624 Potential Information Leak in User-Constructed Message Templates in nonebot2

nonebot2 is a cross-platform Python asynchronous chatbot framework written in Python. This security advisory pertains to a potential information leak e.g., environment variables in instances where developers utilize MessageTemplate and incorporate user-provided data into templates. The identified...

5.7CVSS6.5AI score0.00492EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2024/02/09 3:4 p.m.23 views

NoneBot Potential Information Leak in User-Constructed Message Templates

Impact This security advisory pertains to a potential information leak e.g., environment variables in instances where developers utilize MessageTemplate and incorporate user-provided data into templates. Patches The identified vulnerability has been remedied in fix 2509 and will be included in...

6.5CVSS6.9AI score0.00492EPSS
Exploits0References6Affected Software1
Cvelist
Cvelist
added 2024/01/26 5:28 p.m.38 views

CVE-2024-20253

A vulnerability in multiple Cisco Unified Communications and Contact Center Solutions products could allow an unauthenticated, remote attacker to execute arbitrary code on an affected device. This vulnerability is due to the improper processing of user-provided data that is being read into memory...

9.9CVSS9.9AI score0.02057EPSS
Exploits0References1
The Hacker News
The Hacker News
added 2024/01/26 5:13 a.m.61 views

Critical Cisco Flaw Lets Hackers Remotely Take Over Unified Comms Systems

Cisco has released patches to address a critical security flaw impacting Unified Communications and Contact Center Solutions products that could permit an unauthenticated, remote attacker to execute arbitrary code on an affected device. Tracked as CVE-2024-20253 CVSS score: 9.9, the issue stems...

10CVSS8.5AI score0.02057EPSS
Exploits0
Veracode
Veracode
added 2024/01/04 7:57 a.m.30 views

Privilege Escalation

craftcms/cms is vulnerable to Privilege Escalation. The vulnerability is due to the actionSave function within ElementsController.php, because there are no checks for save permissions before and after applying POST params to the element, as well as the actionSaveUser function within...

8.8CVSS7.2AI score0.00588EPSS
Exploits0References8Affected Software1
Veracode
Veracode
added 2023/10/13 8:41 a.m.18 views

Cross Site Scripting

Microweber is vulnerable to Cross-site Scripting XSS .The vulnerability is due to not sanitizing user provided types and title fields during web page generation. This may lead to an attacker injecting malicious scripts that are executed by the victim's browser by sending a crafted URL that reflec...

6.1CVSS6AI score0.01061EPSS
Exploits0References2Affected Software1
RedHat Linux
RedHat Linux
added 2023/10/09 10:29 a.m.5 views

nodejs: process interuption due to invalid Public Key information in x509 certificates

A vulnerability has been identified in the Node.js, where an invalid public key is used to create an x509 certificate using the crypto.X509Certificate API a non-expect termination occurs making it susceptible to DoS attacks when the attacker could force interruptions of application processing, as...

5.3CVSS7AI score0.01157EPSS
Exploits0References4
Cvelist
Cvelist
added 2023/08/30 12:0 a.m.33 views

CVE-2023-40847

Tenda AC6 USAC6V1.0BRV15.03.05.16multiTD01.bin is vulnerable to Buffer Overflow via the function "initIpAddrInfo." In the function, it reads in a user-provided parameter, and the variable is passed to the function without any length check...

9.6AI score0.0057EPSS
Exploits0References1
Code423n4
Code423n4
added 2023/07/10 12:0 a.m.9 views

Pool address predictability creates many problems

Lines of code Vulnerability details Impact The Aquifer.boreWell function is responsible for creating new Well. This is done using the LibClone.cloneDeterministic function. The address of the new Well depends solely on the salt and/or immutableData parameter provided by the user. Once a user creat...

6.7AI score
Exploits0
OSV
OSV
added 2023/06/14 1:15 p.m.18 views

CVE-2023-35141

In Jenkins 2.399 and earlier, LTS 2.387.3 and earlier, POST requests are sent in order to load the list of context actions. If part of the URL includes insufficiently escaped user-provided values, a victim may be tricked into sending a POST request to an unexpected endpoint by opening a context...

8CVSS6.9AI score0.0086EPSS
Exploits0References2
NVD
NVD
added 2023/06/14 1:15 p.m.21 views

CVE-2023-35141

In Jenkins 2.399 and earlier, LTS 2.387.3 and earlier, POST requests are sent in order to load the list of context actions. If part of the URL includes insufficiently escaped user-provided values, a victim may be tricked into sending a POST request to an unexpected endpoint by opening a context...

8CVSS8.7AI score0.0086EPSS
Exploits0References2
AlpineLinux
AlpineLinux
added 2023/06/14 1:15 p.m.34 views

CVE-2023-35141

In Jenkins 2.399 and earlier, LTS 2.387.3 and earlier, POST requests are sent in order to load the list of context actions. If part of the URL includes insufficiently escaped user-provided values, a victim may be tricked into sending a POST request to an unexpected endpoint by opening a context...

8CVSS6.9AI score0.0086EPSS
Exploits0
Cvelist
Cvelist
added 2023/06/14 12:53 p.m.23 views

CVE-2023-35141

In Jenkins 2.399 and earlier, LTS 2.387.3 and earlier, POST requests are sent in order to load the list of context actions. If part of the URL includes insufficiently escaped user-provided values, a victim may be tricked into sending a POST request to an unexpected endpoint by opening a context...

7.9AI score0.0086EPSS
Exploits0References2
Code423n4
Code423n4
added 2023/06/09 12:0 a.m.14 views

When deploying contracts in PermissionedNodeRegistry.deployWithdrawVault(), PermissionlessNodeRegistry.deployWithdrawVault(), an attacker can find out in advance the address of the future deployed contract and deploy his own at this address

Lines of code Vulnerability details Impact The address of the new contract depends solely on the salt parameter, which is calculated from user-provided data. Once a user's create transaction is broadcast, the parameters for calculating salt can be viewed by anyone viewing the public mempool. This...

6.8AI score
Exploits0
ATTACKERKB
ATTACKERKB
added 2023/05/23 8:15 p.m.3 views

CVE-2023-2703

Exposure of Private Personal Information to an Unauthorized Actor vulnerability in Finex Media Competition Management System allows Retrieve Embedded Sensitive Data, Collect Data as Provided by Users. This issue affects Competition Management System: before 23.07...

7.5CVSS7.1AI score0.00565EPSS
Exploits0References3
Rows per page
Query Builder