Lucene search
K

1395 matches found

Positive Technologies
Positive Technologies
added 2023/05/23 12:0 a.m.6 views

PT-2023-2951 · Cscape · Cscape Envision Rv +1

Name of the Vulnerable Software and Affected Versions: Cscape EnvisionRV affected versions not specified Cscape affected versions not specified Description: The issue is related to a lack of proper validation of user-supplied data when parsing font files, such as FNT. This can lead to an...

7.8CVSS7.8AI score0.00227EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2023/05/23 12:0 a.m.9 views

PT-2023-2950 · Horner Automation · Horner Automation Cscape Envisionrv +1

Name of the Vulnerable Software and Affected Versions: Horner Automation Cscape EnvisionRV affected versions not specified Cscape affected versions not specified Description: The issue is related to a lack of proper validation of user-supplied data when parsing project files, such as CSP. This ca...

7.8CVSS7.6AI score0.00238EPSS
Exploits0References6
OSV
OSV
added 2023/05/22 8:15 p.m.3 views

CVE-2023-28649

The Hub in the Snap One OvrC cloud platform is a device used to centralize and manage nested devices connected to it. A vulnerability exists in which an attacker could impersonate a hub and send device requests to claim already claimed devices. The OvrC cloud platform receives the requests but do...

7.5CVSS7.4AI score0.00517EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2023/05/20 12:0 a.m.5 views

PT-2023-21078 · WordPress · Groundhogg

Name of the Vulnerable Software and Affected Versions: Groundhogg plugin for WordPress versions up to, and including, 2.7.9.8 Description: The issue is due to missing nonce validation in the ajax edit contact function, making it possible for authenticated attackers to elevate verified user...

8CVSS7.9AI score0.00399EPSS
Exploits0References8
OSV
OSV
added 2023/05/16 5:15 p.m.4 views

CVE-2023-32993

Jenkins SAML Single Sign OnSSO Plugin 2.0.2 and earlier does not perform hostname validation when connecting to miniOrange or the configured IdP to retrieve SAML metadata, which could be abused using a man-in-the-middle attack to intercept these connections...

4.8CVSS5.8AI score0.00209EPSS
Exploits0References1
CNVD
CNVD
added 2023/05/11 12:0 a.m.4 views

Ghost Directory Traversal Vulnerability

Ghost is an open source content management system . Ghost suffers from a directory traversal vulnerability that stems from a lack of validity checking of paths in frontend/web/middleware/static-theme.js when processing directory requests, which can be exploited by an attacker to read arbitrary...

7.5CVSS6.9AI score0.39078EPSS
Exploits3References1
CNNVD
CNNVD
added 2023/05/01 12:0 a.m.3 views

Apache StreamPark 代码问题漏洞

Apache StreamPark is a streaming media application development framework from the Apache Foundation. Apache StreamPark suffers from a code issue vulnerability that stems from allowing any user to upload a jar as an application, but not forcing validation of the uploaded file type, leading to the...

9.8CVSS8.6AI score0.01308EPSS
Exploits0References2
OSV
OSV
added 2023/04/27 10:15 p.m.4 views

CVE-2023-1967

Keysight N8844A Data Analytics Web Service deserializes untrusted data without sufficiently verifying the resulting data will be valid...

9.8CVSS7.3AI score0.00799EPSS
Exploits0References1
OSV
OSV
added 2023/04/25 1:15 p.m.7 views

CVE-2023-26058

An XXE issue was discovered in Nokia NetAct before 22 FP2211 via an XML document to a Performance Manager page. Input validation and a proper XML parser configuration are missing. For an external attacker, it is very difficult to exploit this, because a few dynamically created parameters such as...

6.5CVSS5.7AI score0.00486EPSS
Exploits0References2
OSV
OSV
added 2023/04/24 6:15 p.m.4 views

CVE-2023-26059

An issue was discovered in Nokia NetAct before 22 SP1037. On the Site Configuration Tool tab, attackers can upload a ZIP file which, when processed, exploits Stored XSS. The upload option of the Site Configuration tool does not validate the file contents. The application is in a demilitarised zon...

5.4CVSS6AI score0.00371EPSS
Exploits0References2
OSV
OSV
added 2023/04/06 8:15 p.m.3 views

CVE-2023-1924

The WP Fastest Cache plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.2. This is due to missing or incorrect nonce validation on the wpfctoolbarsavesettingscallback function. This makes it possible for unauthenticated attackers to change cache...

4.3CVSS6.5AI score0.00227EPSS
Exploits0References2
OSV
OSV
added 2023/04/05 7:15 p.m.4 views

CVE-2023-0670

Ulearn version a5a7ca20de859051ea0470542844980a66dfc05d allows an attacker with administrator permissions to obtain remote code execution on the server through the image upload functionality. This occurs because the application does not validate that the uploaded image is actually an image...

7.2CVSS6.4AI score0.01018EPSS
Exploits0References1
OSV
OSV
added 2023/04/05 2:15 p.m.7 views

CVE-2023-1866

The YourChannel plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.2.3. This is due to missing or incorrect nonce validation on the clearKeys function. This makes it possible for unauthenticated attackers to reset the plugin's channel settings via...

4.3CVSS6.5AI score0.00296EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2023/03/31 12:0 a.m.9 views

PT-2023-14274 · Bentley · Bentley View

Name of the Vulnerable Software and Affected Versions: Bentley View affected versions not specified Description: This issue allows remote attackers to execute arbitrary code on affected installations of Bentley View. It requires user interaction, where the target must visit a malicious page or op...

7.8CVSS8AI score0.00313EPSS
Exploits0References4
OSV
OSV
added 2023/03/29 7:15 p.m.1 views

CVE-2022-43637

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader 12.0.1.12430. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

7.8CVSS6.2AI score0.01091EPSS
Exploits0References2
OSV
OSV
added 2023/03/29 7:15 p.m.2 views

CVE-2022-37381

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

7.8CVSS6.2AI score0.01016EPSS
Exploits0References2
OSV
OSV
added 2023/03/29 7:15 p.m.2 views

CVE-2022-37359

This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of...

7.8CVSS6.2AI score0.0077EPSS
Exploits0References2
OSV
OSV
added 2023/03/24 11:15 p.m.3 views

CVE-2022-45597

ComponentSpace.Saml2 4.4.0 Missing SSL Certificate Validation. NOTE: the vendor does not consider this a vulnerability because the report is only about use of certificates at the application layer not the transport layer and "Certificates are exchanged in a controlled fashion between entities...

9.8CVSS5.7AI score0.007EPSS
Exploits0References3
CNNVD
CNNVD
added 2023/03/24 12:0 a.m.3 views

ComponentSpace SAML 信任管理问题漏洞

ComponentSpace SAML is ComponentSpace's SAML and OpenID solution for ASP.NET and ASP.NET Core. A trust management issue vulnerability exists in ComponentSpace SAML version 4.4.0, which stems from a lack of SSL certificate validation...

9.8CVSS8.4AI score0.007EPSS
Exploits0References4
OSV
OSV
added 2023/03/17 3:15 p.m.4 views

CVE-2023-1472

The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.7.1. This is due to missing or incorrect nonce validation on its AJAX actions. This makes it possible for unauthenticated attackers to invoke those functions...

6.3CVSS6.7AI score
Exploits0References2
Rows per page
Query Builder