Lucene search
K

353 matches found

UbuntuCve
UbuntuCve
added 2024/05/30 4:15 p.m.37 views

CVE-2024-36953

In the Linux kernel, the following vulnerability has been resolved: KVM: arm64: vgic-v2: Check for non-NULL vCPU in vgicv2parseattr vgicv2parseattr is responsible for finding the vCPU that matches the user-provided CPUID, which of course may not be valid. If the ID is invalid, kvmgetvcpubyid...

5.5CVSS6.3AI score0.00231EPSS
Exploits0References30
Positive Technologies
Positive Technologies
added 2024/05/06 12:0 a.m.4 views

PT-2024-18896 · Qualcomm · Snapdragon +48

Name of the Vulnerable Software and Affected Versions: Software affected versions not specified Description: The issue is related to memory corruption that occurs when a channel ID provided by a user is not properly validated and is subsequently used. This can lead to potential security risks...

7.8CVSS7.1AI score0.00128EPSS
Exploits0References5
CVE
CVE
added 2024/05/03 5:39 p.m.69 views

CVE-2023-28952

Summary: CVE-2023-28952 affects IBM Controller (IBM Cognos Controller) versions 10.4.1, 10.4.2, and 11.0.0. The issue is an injection in application logging caused by not sanitizing user-provided data, with a base CVSS v3.1 score of 5.3 (Medium). The underlying problem is unsanitized input in log...

5.3CVSS6.5AI score0.00357EPSS
Exploits0References2Affected Software1
NVD
NVD
added 2024/05/02 9:16 p.m.41 views

CVE-2024-25047

IBM Cognos Analytics 11.2.0 through 11.2.4 and 12.0.0 through 12.0.2 is vulnerable to injection attacks in application logging by not sanitizing user provided data. This could lead to further attacks against the system. IBM X-Force ID: 282956...

8.6CVSS8.4AI score0.00643EPSS
Exploits0References3
CVE
CVE
added 2024/05/02 8:9 p.m.81 views

CVE-2024-25047

IBM Cognos Analytics is affected by CVE-2024-25047: injection attacks in application logging due to unsanitized user-supplied data. Affected versions are 11.2.0–11.2.4 and 12.0.0–12.0.2. Root cause is improper sanitization in logging code, enabling potential follow-on attacks. IBM recommends upgr...

8.6CVSS6.5AI score0.00643EPSS
Exploits0References3Affected Software1
Veracode
Veracode
added 2024/05/02 8:48 a.m.18 views

Reflected Cross-Site Scripting (Reflected XSS)

nautobot is vulnerable to Reflected Cross-Site Scripting Reflected XSS. The vulnerability is due to improper handling and escaping of user-provided query parameters, allowing a maliciously crafted Nautobot URL to potentially execute malicious scripts against users...

7.5CVSS6.4AI score0.00491EPSS
Exploits0References7Affected Software1
Veracode
Veracode
added 2024/05/02 6:3 a.m.20 views

Cross Site Scripting (XSS)

phlex is vulnerable to Cross Site Scripting XSS. The vulnerability is due to insufficient sanitization of user-provided data in HTML attributes. If an application renders an tag within a href attribute thats set to a user provided link, arbitrary JavaScript execution may occur due to overly...

7.1CVSS6.3AI score0.00713EPSS
Exploits0References6Affected Software1
OSV
OSV
added 2024/05/01 9:36 a.m.17 views

GHSA-JXGR-GCJ5-CQQG nautobot has reflected Cross-site Scripting potential in all object list views

Impact It was discovered that due to improper handling and escaping of user-provided query parameters, a maliciously crafted Nautobot URL could potentially be used to execute a Reflected Cross-Site Scripting Reflected XSS attack against users. All filterable object-list views in Nautobot are...

7.5CVSS7.2AI score0.00491EPSS
Exploits0References9
Github Security Blog
Github Security Blog
added 2024/04/17 12:20 a.m.27 views

Cross-site Scripting (XSS) possible due to improper sanitisation of `href` attributes on `<a>` tags

Summary There is a potential cross-site scripting XSS vulnerability that can be exploited via maliciously crafted user data. Our filter to detect and prevent the use of the javascript: URL scheme in the href attribute of an tag could be bypassed with tab \t or newline \n characters between the...

7.1CVSS5.9AI score0.00575EPSS
Exploits0References7Affected Software1
Veracode
Veracode
added 2024/03/29 6:30 a.m.73 views

Open Redirect

express is vulnerable to Open Redirect. The vulnerability is due to improper handling of user-provided URLs during redirection in Express.js, which performs encoding using the encodeurl library before passing it to the 'location' header. It allows bypass of an improperly implemented allow lists a...

6.1CVSS6.7AI score0.00786EPSS
Exploits0References6Affected Software2
OSV
OSV
added 2024/03/25 9:15 p.m.5 views

AZL-44361 CVE-2024-29041 affecting package nodejs-nodemon 2.0.3-5

Express.js minimalist web framework for node. Versions of Express.js prior to 4.19.0 and all pre-release alpha and beta versions of 5.0 are affected by an open redirect vulnerability using malformed URLs. When a user of Express performs a redirect using a user-provided URL Express performs an...

6.1CVSS6.6AI score0.00786EPSS
Exploits0References1
RubySec
RubySec
added 2024/03/12 12:0 a.m.14 views

Cross-site Scripting (XSS) possible with maliciously formed HTML attribute names and values in Phlex

There is a potential cross-site scripting XSS vulnerability that can be exploited via maliciously crafted user data. This was due to improper case-sensitivity in the code that was meant to prevent these attacks. Impact If you render an tag with an href attribute set to a user-provided link, that...

7.1CVSS5.8AI score0.00604EPSS
Exploits0References1Affected Software1
Prion
Prion
added 2024/03/11 11:15 p.m.32 views

Cross site scripting

phlex is an open source framework for building object-oriented views in Ruby. There is a potential cross-site scripting XSS vulnerability that can be exploited via maliciously crafted user data. This was due to improper case-sensitivity in the code that was meant to prevent these attacks. If you...

5.8CVSS6.4AI score0.00604EPSS
Exploits0References4
Fedora
Fedora
added 2024/03/07 10:32 p.m.25 views

[SECURITY] Fedora 40 Update: CardManager-3-29.fc40

This is free, open source multiplatform java application which allows you to play ANY card game. The game is designed especially to play collectible card games like Magic the Gathering or Doomtrooper over network. To play those games you need to own scanned images of card, which are not p art of...

8.8CVSS9.1AI score0.02557EPSS
Exploits3
NVD
NVD
added 2024/03/06 8:15 p.m.18 views

CVE-2024-27307

JSONata is a JSON query and transformation language. Starting in version 1.4.0 and prior to version 1.8.7 and 2.0.4, a malicious expression can use the transform operator to override properties on the Object constructor and prototype. This may lead to denial of service, remote code execution or...

9.8CVSS9.8AI score0.01422EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2024/03/06 7:24 p.m.17 views

CVE-2024-27307 JSONata expression can pollute the "Object" prototype

JSONata is a JSON query and transformation language. Starting in version 1.4.0 and prior to version 1.8.7 and 2.0.4, a malicious expression can use the transform operator to override properties on the Object constructor and prototype. This may lead to denial of service, remote code execution or...

9.8CVSS7.6AI score0.01422EPSS
Exploits0References5
Cvelist
Cvelist
added 2024/03/06 7:24 p.m.28 views

CVE-2024-27307 JSONata expression can pollute the "Object" prototype

JSONata is a JSON query and transformation language. Starting in version 1.4.0 and prior to version 1.8.7 and 2.0.4, a malicious expression can use the transform operator to override properties on the Object constructor and prototype. This may lead to denial of service, remote code execution or...

9.8CVSS9.9AI score0.01422EPSS
Exploits0References5
OSV
OSV
added 2024/03/06 7:24 p.m.25 views

CVE-2024-27307 JSONata expression can pollute the "Object" prototype

JSONata is a JSON query and transformation language. Starting in version 1.4.0 and prior to version 1.8.7 and 2.0.4, a malicious expression can use the transform operator to override properties on the Object constructor and prototype. This may lead to denial of service, remote code execution or...

9.8CVSS8.7AI score0.01422EPSS
Exploits0References7
Veracode
Veracode
added 2024/03/05 8:16 a.m.24 views

Object Constructor And Prototype Override

jsonata is vulnerable to Object Constructor And Prototype Override. The vulnerability is due to a malicious expression leveraging the transform operator to override properties on the Object constructor and prototype. This may lead to denial of service, remote code execution, or other unexpected...

9.8CVSS7.7AI score0.01422EPSS
Exploits0
0day.today
0day.today
added 2024/02/19 12:0 a.m.343 views

Employee Management System v1 - (email) SQL Injection Vulnerability

Exploit Title: Employee Management System v1 - 'email' SQL Injection Application: Employee Management System Date: 19.02.2024 Bugs: SQL Injection Exploit Author: SoSPiro Vendor Homepage: https://www.sourcecodester.com/ Software Link:...

7.4AI score
Exploits0
Rows per page
Query Builder