Lucene search
+L

196 matches found

Vulnrichment
Vulnrichment
added 2024/04/15 10:31 a.m.12 views

CVE-2024-28099

VT STUDIO Ver.8.32 and earlier contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries. As a result, arbitrary code may be executed with the privileges of the running application...

7AI score0.00188EPSS
Exploits0References2
Cvelist
Cvelist
added 2024/04/15 10:31 a.m.19 views

CVE-2024-28099

VT STUDIO Ver.8.32 and earlier contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries. As a result, arbitrary code may be executed with the privileges of the running application...

7.3AI score0.00188EPSS
Exploits0References2
CVE
CVE
added 2024/04/15 10:31 a.m.62 views

CVE-2024-28099

CVE-2024-28099 affects VT STUDIO versions 8.32 and earlier. The root cause is an insecure DLL search path that may allow loading malicious DLLs, enabling arbitrary code execution with the application’s privileges. Reported across multiple sources (Red Hat, NVD, JVN/JVNVU, PT-Security, and others)...

7.8CVSS7.3AI score0.00188EPSS
Exploits0References2Affected Software1
Openbugbounty
Openbugbounty
added 2024/04/05 3:37 a.m.10 views

ver-nieuws.nl Cross Site Scripting vulnerability OBB-3903351

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

6.2AI score
Exploits0
Cvelist
Cvelist
added 2024/03/26 9:37 a.m.22 views

CVE-2024-28048

OS command injection vulnerability exists in ffBull ver.4.11, which may allow a remote unauthenticated attacker to execute an arbitrary OS command with the privilege of the running web server. Note that the developer was unreachable, therefore, users should consider stop using ffBull ver.4.11...

7.8AI score0.01284EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/03/26 9:29 a.m.10 views

CVE-2024-28131

EasyRange Ver 1.41 contains an issue with the executable file search path when displaying an extracted file on Explorer, which may lead to loading an executable file resides in the same folder where the extracted file is placed. If this vulnerability is exploited, arbitrary code may be executed...

7.4AI score0.00188EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/03/26 9:29 a.m.26 views

CVE-2024-28131

EasyRange Ver 1.41 contains an issue with the executable file search path when displaying an extracted file on Explorer, which may lead to loading an executable file resides in the same folder where the extracted file is placed. If this vulnerability is exploited, arbitrary code may be executed...

7.3AI score0.00188EPSS
Exploits0References1
NVD
NVD
added 2024/03/25 4:15 a.m.11 views

CVE-2024-29071

HGW BL1500HM Ver 002.001.013 and earlier contains a use of week credentials issue. A network-adjacent unauthenticated attacker may change the system settings...

8.8CVSS6.7AI score0.00361EPSS
Exploits0References3
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2024/03/25 12:0 a.m.22 views

JVN#17176449: ffBull vulnerable to OS command injection

ffBull according to the original report submitted by the reporter provided by Fortunefield is a bulletin board system BBS. ffBull contains an OS command injection vulnerability CWE-78. Impact A remote unauthenticated attacker may execute an arbitrary OS command with the privilege of the running w...

9.8CVSS9.9AI score0.01284EPSS
Exploits0
Cvelist
Cvelist
added 2024/03/12 7:20 a.m.21 views

CVE-2024-21805

Improper access control vulnerability exists in the specific folder of SKYSEA Client View versions from Ver.16.100 prior to Ver.19.2. If this vulnerability is exploited, an arbitrary file may be placed in the specific folder by a user who can log in to the PC where the product's Windows client is...

7.1AI score0.00236EPSS
Exploits0References2
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2024/03/08 12:0 a.m.35 views

JVN#48443978: a-blog cms vulnerable to directory traversal

a-blog cms provided by appleple Inc. is a content management system CMS. a-blog cms contains a directory traversal vulnerability CWE-22. Impact A user with editor or higher privilege who can log in to the product may obtain arbitrary files on the server including password files. Solution Update t...

6.5CVSS6.7AI score0.00832EPSS
Exploits0
Vulnrichment
Vulnrichment
added 2024/03/01 12:0 a.m.15 views

CVE-2024-27497

Linksys E2000 Ver.1.0.06 build 1 is vulnerable to authentication bypass via the position.js file...

7AI score0.2646EPSS
Exploits0References1
CVE
CVE
added 2024/03/01 12:0 a.m.3545 views

CVE-2024-27497

Linksys E2000 router (Firmware 1.0.06 build 1) is affected by CVE-2024-27497 due to an authentication bypass in the position.js file. The vulnerability enables unauthorized access to the device. Remediation is to upgrade to a patched firmware version as indicated in the connected documents; explo...

8.8CVSS6.9AI score0.2646EPSS
In wildExploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2024/02/15 4:32 a.m.13 views

CVE-2024-25559

URL spoofing vulnerability exists in a-blog cms Ver.3.1.0 to Ver.3.1.8. If an attacker sends a specially crafted request, the administrator of the product may be forced to access an arbitrary website when clicking a link in the audit log...

6.8AI score0.00448EPSS
Exploits0References2
CVE
CVE
added 2024/02/15 4:32 a.m.86 views

CVE-2024-25559

CVE-2024-25559 affects a-blog cms versions 3.1.0 through 3.1.8.1 The vulnerability is a URL spoofing issue that can force the administrator to visit an arbitrary website when clicking a link in the audit log, triggered by a specially crafted request. The root cause is exposure of trusted navigati...

4.7CVSS6.7AI score0.00448EPSS
Exploits0References2Affected Software1
NVD
NVD
added 2024/01/28 11:15 p.m.27 views

CVE-2024-23782

Cross-site scripting vulnerability exists in a-blog cms Ver.3.1.x series versions prior to Ver.3.1.7, Ver.3.0.x series versions prior to Ver.3.0.29, Ver.2.11.x series versions prior to Ver.2.11.58, Ver.2.10.x series versions prior to Ver.2.10.50, and Ver.2.9.0 and earlier versions. If this...

5.4CVSS5.5AI score0.00298EPSS
Exploits0References2
Prion
Prion
added 2023/10/23 5:15 a.m.21 views

Xxe

CX-Designer Ver.3.740 and earlier included in CX-One CXONE-ALD-V4 contains an improper restriction of XML external entity reference XXE vulnerability. If a user opens a specially crafted project file created by an attacker, sensitive information in the file system where CX-Designer is installed m...

1.9CVSS5.4AI score0.00195EPSS
Exploits0References2Affected Software1
Xen Project
Xen Project
added 2023/10/10 12:0 p.m.65 views

Possible deadlock in Linux kernel event handling

ISSUE DESCRIPTION Closing of an event channel in the Linux kernel can result in a deadlock. This happens when the close is being performed in parallel to an unrelated Xen console action and the handling of a Xen console interrupt in an unprivileged guest. The closing of an event channel is e.g...

4.9CVSS6.4AI score0.00888EPSS
Exploits0
Prion
Prion
added 2023/10/03 1:15 a.m.20 views

Cross site scripting

Cross-site scripting vulnerability in FURUNO SYSTEMS wireless LAN access point devices allows an authenticated user to inject an arbitrary script via a crafted configuration. Affected products and versions are as follows: ACERA 1210 firmware ver.02.36 and earlier, ACERA 1150i firmware ver.01.35 a...

4.9CVSS5.3AI score0.00303EPSS
Exploits0References2Affected Software12
Cvelist
Cvelist
added 2023/08/03 12:56 p.m.32 views

CVE-2023-22317

Use after free vulnerability exists in CX-Programmer Ver.9.79 and earlier. By having a user open a specially crafted CXP file, information disclosure and/or arbitrary code execution may occur. This vulnerability is different from CVE-2023-22277 and CVE-2023-22314...

8.2AI score0.00236EPSS
Exploits0References1
Rows per page
Query Builder