Lucene search
K

1399 matches found

OSV
OSV
added 2022/09/01 9:15 p.m.3 views

DEBIAN-CVE-2022-32743

Samba does not validate the Validated-DNS-Host-Name right for the dNSHostName attribute which could permit unprivileged users to write it...

7.5CVSS7.2AI score0.01147EPSS
Exploits1References1
RedHat Linux
RedHat Linux
added 2022/09/01 2:21 p.m.5 views

mariadb: lack of validating the existence of an object prior to performing operations on the object

MariaDB CONNECT Storage Engine Use-After-Free Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of MariaDB. Authentication is required to exploit this vulnerability. The specific flaw exists within the processing of SQL...

7.8CVSS7.7AI score0.00603EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2022/08/09 12:23 p.m.11 views

mariadb: lack of validating the existence of an object prior to performing operations on the object

MariaDB CONNECT Storage Engine Use-After-Free Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of MariaDB. Authentication is required to exploit this vulnerability. The specific flaw exists within the processing of SQL...

7.8CVSS7.7AI score0.00603EPSS
Exploits0References4
CNNVD
CNNVD
added 2022/08/08 12:0 a.m.5 views

Simple E-Learning System 安全漏洞

Simple E-Learning System is a simple e-learning system by Carlo Montero's personal developer. simple E-Learning System is vulnerable to an arbitrary file download vulnerability, which stems from a lack of validation of external input data in the downloadFiles.php parameter download. validation. A...

7.5CVSS5.8AI score0.00656EPSS
Exploits1References3
BDU FSTEC
BDU FSTEC
added 2022/08/01 12:0 a.m.12 views

The vulnerability of the “Main” function in the TOTOLink A860R microcontroller software allows a intruder to execute any command they desire.

The vulnerability of the “Main” function in the TOTOLink A860R microcontroller software is related to the lack of measures for cleaning input data. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands through the QUERYSTRING parameter...

10CVSS8.2AI score0.03158EPSS
Exploits1References3Affected Software1
NVD
NVD
added 2022/07/18 7:15 p.m.12 views

CVE-2022-28683

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader 11.2.1.53537. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

7.8CVSS0.0113EPSS
Exploits0References2
OSV
OSV
added 2022/07/18 7:15 p.m.3 views

CVE-2022-28671

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader 11.2.1.53537. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

7.8CVSS7.5AI score0.01065EPSS
Exploits0References2
OSV
OSV
added 2022/07/17 11:15 a.m.6 views

CVE-2022-2133

The OAuth Single Sign On WordPress plugin before 6.22.6 doesn't validate that OAuth access token requests are legitimate, which allows attackers to log onto the site with the only knowledge of a user's email address...

5.3CVSS5.6AI score0.00988EPSS
Exploits2References1
OSV
OSV
added 2022/07/14 1:15 p.m.4 views

CVE-2022-28370

On Verizon 5G Home LVSKIHP OutDoorUnit ODU 3.33.101.0 devices, the RPC endpoint crtcfwupgrade provides a means of provisioning a firmware update for the device. /lib/functions/wncjsonsh/wnccrtcfw.sh has no cryptographic validation of the image, thus allowing an attacker to modify the installed...

7.5CVSS7.1AI score0.00323EPSS
Exploits1References2
CNNVD
CNNVD
added 2022/07/14 12:0 a.m.4 views

Verizon 5G Home LVSKIHP 数据伪造问题漏洞

The Verizon 5G Home LVSKIHP is an all-in-one integrated modem and router from Verizon Communications, Inc. It provides access to Verizon Wireless 5G wireless home Internet services. A data forgery issue vulnerability exists in the Verizon 5G Home LVSKIHP OutDoorUnit ODU version 3.33.101.0 device,...

7.5CVSS7.3AI score0.00323EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2022/07/12 12:0 a.m.6 views

PT-2022-22371 · Siemens · Simatic Cp 1542Sp-1 Irc +13

Name of the Vulnerable Software and Affected Versions: SIMATIC CP 1242-7 V2 versions prior to V3.3.46 SIMATIC CP 1243-1 versions prior to V3.3.46 SIMATIC CP 1243-7 LTE EU versions prior to V3.3.46 SIMATIC CP 1243-7 LTE US versions prior to V3.3.46 SIMATIC CP 1243-8 IRC versions prior to V3.3.46...

10CVSS9.7AI score0.01523EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2022/07/02 12:0 a.m.8 views

PT-2022-6290 · WordPress · Wicked Folders

Name of the Vulnerable Software and Affected Versions: Wicked Folders plugin for WordPress versions up to, and including, 2.18.16 Description: The issue is related to Cross-Site Request Forgery due to missing or incorrect nonce validation on the ajax save state function. This allows unauthenticat...

6.4CVSS5.3AI score0.00308EPSS
Exploits0References9
OSV
OSV
added 2022/06/27 9:15 a.m.3 views

CVE-2022-1574

The HTML2WP WordPress plugin through 1.0.0 does not have authorisation and CSRF checks when importing files, and does not validate them, as a result, unauthenticated attackers can upload arbitrary files such as PHP on the remote server...

9.8CVSS5.9AI score0.11866EPSS
Exploits2References1
CNNVD
CNNVD
added 2022/06/23 12:0 a.m.2 views

Jfinal CMS 跨站脚本漏洞

Jfinal CMS is a java development of powerful information consulting website , using a simple and powerful JFinal as the web framework , template engine with beetl, database with mysql, front-end bootstrap framework. Jfinal CMS v5.1.0 version of the cross-site scripting vulnerability , the...

5.4CVSS5.6AI score0.00475EPSS
Exploits1References2
CNNVD
CNNVD
added 2022/06/23 12:0 a.m.4 views

74cms 跨站脚本漏洞

74cms is a PHP and MySQL-based online recruitment system from China Xunyi Technology Company. 74cmsSE version v3.5.1 contains a cross-site scripting vulnerability, which originates from the path /company/service/increment/add/im missing data validation filters for user-supplied data and output. A...

6.1CVSS5.7AI score0.00617EPSS
Exploits1References2
CNNVD
CNNVD
added 2022/06/22 12:0 a.m.27 views

Jenkins Plugin ThreadFix 跨站请求伪造漏洞

Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is a software application . An open source automation server Jenkins provides hundreds of plugins to support building, deploying and automating any project.Jenkins Plugin is an application software. An authorization issue...

6.5CVSS5.7AI score0.0057EPSS
Exploits0References4
CNNVD
CNNVD
added 2022/06/21 12:0 a.m.3 views

Contec SolarView Compact 跨站脚本漏洞

Contec SolarView Compact is an application from Contec Japan, Inc. Contec SolarView Compact v6.0 contains a cross-site scripting vulnerability that originates in the component SolarAiConf.php, which lacks a data validation filter for user-supplied data and output. An attacker could exploit this...

6.1CVSS5.5AI score0.05119EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2022/06/20 12:0 a.m.5 views

PT-2022-9675 · Bestwebsoft · Rating By Bestwebsoft Wordpress Plugin

Name of the Vulnerable Software and Affected Versions: The Rating by BestWebSoft WordPress plugin versions prior to 1.6 Description: The issue allows submission of a long integer as a rating, causing a Denial of Service on the post/page when such a rating is submitted. This occurs due to the lack...

6.5CVSS6.4AI score0.01176EPSS
Exploits2References6
CNNVD
CNNVD
added 2022/06/14 12:0 a.m.5 views

Fast Food Ordering System 路径遍历漏洞

Fast Food Ordering System is a fast food ordering system from Carlo Montero's personal developer. version 1.0 of Fast Food Ordering System is vulnerable to an arbitrary file deletion vulnerability, which originates in /ffos/classes/Master.php?f=deleteimg page lacks valid validation and can be...

9.1CVSS5.8AI score0.01147EPSS
Exploits1References2
CNNVD
CNNVD
added 2022/06/14 12:0 a.m.2 views

Patient Records Management System SQL注入漏洞

Sourcecodester Hospital Patient Records Management System is a web-based application that provides an automated platform for hospitals to store and manage their patient records. sourcecodester Hospital Patient Records Management System is vulnerable to a SQL injection vulnerability that originate...

7.2CVSS6AI score0.00909EPSS
Exploits1References2
Rows per page
Query Builder