Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

23 matches found

Vulnrichment
Vulnrichmentadded 2024/08/21 12:0 a.m.11 views

CVE-2024-40453

squirrellyjs squirrelly v9.0.0 and fixed in v.9.0.1 was discovered to contain a code injection vulnerability via the component options.varName...

7.8AI score0.0348EPSS
Exploits2References3
CVE
CVEadded 2024/08/21 12:0 a.m.49 views

CVE-2024-40453

CVE-2024-40453 affects squirrellyjs (v9.0.0) with a code injection vulnerability via the component option varName. An exploit exists (POC) demonstrating remote code execution-like behavior; see exploit repo: https://github.com/BwithE/CVE-2024-40453. Remediation per sources: upgrade to v9.0.1 or l...

9.8CVSS7.5AI score0.0348EPSS
Exploits2References3Affected Software1
Prion
Prionadded 2023/08/01 2:15 a.m.10 views

Code injection

LavaLite CMS v 9.0.0 is vulnerable to Sensitive Data Exposure...

5CVSS7.5AI score0.00169EPSS
Exploits0References2Affected Software1
CVE
CVEadded 2023/08/01 12:0 a.m.30 views

CVE-2023-36984

CVE-2023-36984 affects LavaLite CMS v9.0.0. The provided documents identify a sensitive data exposure due to lack of access restrictions (no explicit exploit details). Public sources indicate this is a vulnerability in LavaLite CMS 9.0.0 with no confirmed fix in the supplied materials; one entry ...

7.5CVSS7.5AI score0.00221EPSS
Exploits0References2Affected Software1
OSV
OSVadded 2023/05/18 3:30 a.m.12 views

GHSA-H538-R9X6-RCMC LavaLite vulnerable to Cross Site Scripting

LavaLite v9.0.0 is vulnerable to Cross Site Scripting XSS...

5.4CVSS5.2AI score0.00198EPSS
Exploits1References3
Github Security Blog
Github Security Blogadded 2023/05/18 3:30 a.m.15 views

LavaLite vulnerable to Cross Site Scripting

LavaLite v9.0.0 is vulnerable to Cross Site Scripting XSS...

5.4CVSS6.5AI score0.00198EPSS
Exploits1References3Affected Software1
OSV
OSVadded 2023/05/18 1:15 a.m.8 views

CVE-2023-30124

LavaLite v9.0.0 is vulnerable to Cross Site Scripting XSS...

5.4CVSS6.6AI score
Exploits0References1
NVD
NVDadded 2023/05/18 1:15 a.m.7 views

CVE-2023-30124

LavaLite v9.0.0 is vulnerable to Cross Site Scripting XSS...

5.4CVSS5.3AI score0.00198EPSS
Exploits1References1
Prion
Prionadded 2023/05/18 1:15 a.m.10 views

Cross site scripting

LavaLite v9.0.0 is vulnerable to Cross Site Scripting XSS...

4.9CVSS5.3AI score0.00198EPSS
Exploits1References1Affected Software1
CVE
CVEadded 2023/05/18 12:0 a.m.103 views

CVE-2023-30124

LavaLite v9.0.0 is vulnerable to Cross Site Scripting (XSS) due to lack of proper filtering and escaping of user-provided data in the account name, enabling execution of arbitrary scripts in the browser. No official fix/version is provided in the supplied documents; CVSS v3.1 base score 5.4 (Medi...

5.4CVSS5.3AI score0.00198EPSS
Exploits1References1Affected Software1
Cvelist
Cvelistadded 2023/05/18 12:0 a.m.7 views

CVE-2023-30124

LavaLite v9.0.0 is vulnerable to Cross Site Scripting XSS...

5.6AI score0.00198EPSS
Exploits1References1
0day.today
0day.todayadded 2023/03/27 12:0 a.m.200 views

Lavalite v9.0.0 - XSRF-TOKEN cookie File path traversal Vulnerability

Exploit Title: Lavalite v9.0.0 - XSRF-TOKEN cookie File path traversal Exploit Author: nu11secur1ty Vendor: https://lavalite.org/ Software: https://github.com/LavaLite/cms/releases/tag/v9.0.0 Reference: https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/LavaLite Description: The...

6.8AI score
Exploits0
Exploit DB
Exploit DBadded 2023/03/25 12:0 a.m.136 views

Lavalite v9.0.0 - XSRF-TOKEN cookie File path traversal

Exploit Title: Lavalite v9.0.0 - XSRF-TOKEN cookie File path traversal Exploit Author: nu11secur1ty Date: 09.29.2022 Vendor: https://lavalite.org/ Software: https://github.com/LavaLite/cms/releases/tag/v9.0.0 Reference: https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/LavaLite...

7AI score
Exploits0
ATTACKERKB
ATTACKERKBadded 2022/05/26 8:15 p.m.0 views

CVE-2022-29632

An arbitrary file upload vulnerability in the component /course/api/upload/pic of Roncoo Education v9.0.0 allows attackers to execute arbitrary code via a crafted file...

9.8CVSS6.2AI score0.01169EPSS
Exploits1References2
Prion
Prionadded 2022/05/26 8:15 p.m.12 views

Privilege escalation

An arbitrary file upload vulnerability in the component /course/api/upload/pic of Roncoo Education v9.0.0 allows attackers to execute arbitrary code via a crafted file...

7.5CVSS9.5AI score0.01169EPSS
Exploits1References1Affected Software1
CVE
CVEadded 2022/05/26 7:55 p.m.681 views

CVE-2022-29632

CVE-2022-29632 affects Roncoo Education v9.0.0. The vulnerability is an arbitrary file upload in the component /course/api/upload/pic, enabling attackers to execute arbitrary code via a crafted file. According to NVD, the CVSS-3.1 base score is 9.8 (CRITICAL) with network access, no privileges re...

9.8CVSS9.5AI score0.01169EPSS
Exploits1References1Affected Software1
Github Security Blog
Github Security Blogadded 2021/08/25 8:53 p.m.22 views

Soundness issue in raw-cpuid

VendorInfo::asstring, SoCVendorBrand::asstring, and ExtendedFunctionInfo::processorbrandstring construct byte slices using std::slice::fromrawparts, with data coming from reprRust structs. This is always undefined behavior. This flaw has been fixed in v9.0.0, by making the relevant structs reprC...

7.5CVSS7.3AI score0.00389EPSS
Exploits0References5Affected Software1
OSV
OSVadded 2021/08/25 8:53 p.m.18 views

GHSA-HVQC-PC78-X9WH Soundness issue in raw-cpuid

VendorInfo::asstring, SoCVendorBrand::asstring, and ExtendedFunctionInfo::processorbrandstring construct byte slices using std::slice::fromrawparts, with data coming from reprRust structs. This is always undefined behavior. This flaw has been fixed in v9.0.0, by making the relevant structs reprC...

7.5CVSS6.2AI score0.00389EPSS
Exploits1References5
OSV
OSVadded 2021/08/25 8:53 p.m.12 views

GHSA-JRF8-CMGG-GV2M Error on unsupported architectures in raw-cpuid

nativecpuid::cpuidcount exposes the unsafe cpuidcount intrinsic from core::arch::x86 or core::arch::x8664 as a safe function, and uses it internally, without checking the safety requirement: The CPU the program is currently running on supports the function being called. CPUID is available in most...

5.5CVSS6.2AI score0.00389EPSS
Exploits1References7
Prion
Prionadded 2020/12/11 9:15 p.m.11 views

Code injection

Brocade Fabric OS versions before v9.0.0 and after version v8.1.0, configured in Virtual Fabric mode contain a weakness in the ldap implementation that could allow a remote ldap user to login in the Brocade Fibre Channel SAN switch with "user" privileges if it is not associated with any groups...

4CVSS4.6AI score0.00226EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder