Lucene search
+L

436 matches found

Vulnrichment
Vulnrichment
added 2024/06/06 8:45 p.m.30 views

CVE-2024-22074

Dynamsoft Service 1.8.1025 through 1.8.2013, 1.7.0330 through 1.7.2531, 1.6.0428 through 1.6.1112, 1.5.0625 through 1.5.3116, 1.4.0618 through 1.4.1230, and 1.0.516 through 1.3.0115 has Incorrect Access Control. This is fixed in 1.8.2014, 1.7.4212, 1.6.3212, 1.5.31212, 1.4.3212, and 1.3.3212...

7.1AI score0.00447EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2024/05/31 12:0 a.m.41 views

Amazon Linux 2 : git (ALAS-2024-2548)

The version of git installed on the remote host is prior to 2.40.1-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2024-2548 advisory. Git is a revision control system. Prior to versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4, repositories...

9CVSS7.5AI score0.25334EPSS
Exploits34References12
OSV
OSV
added 2024/03/18 9:46 p.m.8 views

CVE-2024-28855 ZITADEL vulnerable to improper HTML sanitization

ZITADEL, open source authentication management software, uses Go templates to render the login UI. Due to a improper use of the text/template instead of the html/template package, the Login UI did not sanitize input parameters prior to versions 2.47.3, 2.46.1, 2.45.1, 2.44.3, 2.43.9, 2.42.15, and...

8.1CVSS8.1AI score0.00779EPSS
Exploits0References10
OSV
OSV
added 2024/02/20 4:45 p.m.11 views

CVE-2023-47635 Decidim vulnerable to possible CSRF attack at questionnaire templates preview

Decidim is a participatory democracy framework. Starting in version 0.23.0 and prior to versions 0.27.5 and 0.28.0, the CSRF authenticity token check is disabled for the questionnaire templates preview. The issue does not imply a serious security thread as you need to have access also to the...

4.5CVSS5.1AI score0.00313EPSS
Exploits0References10
Vulnrichment
Vulnrichment
added 2024/01/28 11:9 p.m.7 views

CVE-2024-23782

Cross-site scripting vulnerability exists in a-blog cms Ver.3.1.x series versions prior to Ver.3.1.7, Ver.3.0.x series versions prior to Ver.3.0.29, Ver.2.11.x series versions prior to Ver.2.11.58, Ver.2.10.x series versions prior to Ver.2.10.50, and Ver.2.9.0 and earlier versions. If this...

5.6AI score0.00298EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2023/12/26 7:21 a.m.6 views

CVE-2023-50175

Stored cross-site scripting vulnerability exists in the App Settings /admin/app page, the Markdown Settings /admin/markdown page, and the Customize /admin/customize page of GROWI versions prior to v6.0.0. If this vulnerability is exploited, an arbitrary script may be executed on the web browser o...

6.2AI score0.00303EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2023/07/14 12:0 a.m.4 views

PT-2023-25676 · Froxlor · Froxlor

Name of the Vulnerable Software and Affected Versions: froxlor versions prior to 2.0.21 Description: The issue is related to improper encoding or escaping of output in the GitHub repository froxlor/froxlor. Recommendations: For versions prior to 2.0.21, update to version 2.0.21 or later to resolv...

9.1CVSS7.9AI score0.01008EPSS
Exploits1References9
Vulnrichment
Vulnrichment
added 2023/06/07 1:51 a.m.35 views

CVE-2019-25142 Mesmerize <= 1.6.89 & Materialis <= 1.0.172 - Authenticated Arbitrary Options Update

The Mesmerize & Materialis themes for WordPress are vulnerable to authenticated options change in versions up to, and including,1.6.89 Mesmerize and 1.0.172 Materialis. This is due to 'companiondisablepopup' function only checking the nonce while sending user input to the 'updateoption' function...

8.8CVSS7.2AI score0.0131EPSS
Exploits1References7
Vulnrichment
Vulnrichment
added 2023/05/10 12:0 a.m.4 views

CVE-2023-32573

In Qt before 5.15.14, 6.0.x through 6.2.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.1, QtSvg QSvgFont munitsPerEm initialization is mishandled...

6.6AI score0.00877EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2023/05/09 3:31 p.m.9 views

CVE-2023-32069 XWiki Platform privilege escalation (PR)/RCE from account through class sheet

XWiki Platform is a generic wiki platform. Starting in version 3.3-milestone-2 and prior to versions 14.10.4 and 15.0-rc-1, it's possible for a user to execute anything with the right of the author of the XWiki.ClassSheet document. This has been patched in XWiki 15.0-rc-1 and 14.10.4. There are n...

9.9CVSS9.6AI score0.00779EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2023/05/09 11:51 a.m.4 views

Node.js: Permissions policies can be bypassed via process.mainModule

A privilege escalation vulnerability exists in Node.js 19.6.1, 18.14.1, 16.19.1 and 14.21.3 that made it possible to bypass the experimental Permissions https://nodejs.org/api/permissions.html feature in Node.js and access non authorized modules by using process.mainModule.require. This only...

7.5CVSS7.2AI score0.02023EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2023/04/14 12:0 a.m.10 views

CVE-2023-27654

An issue found in WHOv.1.0.28, v.1.0.30, v.1.0.32 allows an attacker to cause a escalation of privileges via the TTMultiProvider component...

9.6AI score0.01117EPSS
Exploits1References3
OSV
OSV
added 2022/12/13 10:39 a.m.4 views

SUSE-SU-2022:4453-1 Security update for wireshark

This update for wireshark fixes the following issues: Update to version 3.6.10: - CVE-2022-3725: OPUS dissector crash bsc1204822. - Multiple dissector infinite loops bsc1206189. - Kafka dissector memory exhaustion bsc1206190...

7.5CVSS7.5AI score0.008EPSS
Exploits1References5
OSV
OSV
added 2022/11/14 11:29 a.m.7 views

SUSE-SU-2022:3967-1 Security update for nodejs16

This update for nodejs16 fixes the following issues: - Update to LTS versino 16.18.1. - CVE-2022-43548: Fixed DNS rebinding in --inspect via invalid octal IP address bsc1205119. - Update to LTS version 16.18.0: http: throw error on content-length mismatch stream: add ReadableByteStream.tee deps:...

8.1CVSS8.2AI score0.14024EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2022/11/04 10:19 p.m.12 views

CVE-2022-43562 Host Header Injection in Splunk Enterprise

In Splunk Enterprise versions below 8.1.12, 8.2.9, and 9.0.2, Splunk Enterprise fails to properly validate and escape the Host header, which could let a remote authenticated user conduct various attacks against the system, including cross-site scripting and cache poisoning...

3CVSS6AI score0.00412EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2022/10/17 12:0 a.m.7 views

CVE-2022-3279

An unhandled exception in job log parsing in GitLab CE/EE affecting all versions prior to 15.2.5, 15.3 prior to 15.3.4, and 15.4 prior to 15.4.1 allows an attacker to prevent access to job logs...

2.7CVSS6.8AI score0.00946EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2022/09/21 12:0 a.m.5 views

PT-2022-25751 · Jenkins · Jenkins Wildfly Deployer Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins WildFly Deployer Plugin versions 1.0.2 and earlier Description: The issue allows agent processes to read arbitrary files on the Jenkins controller file system. This is only exploitable in certain versions of Jenkins, specifically 2.31...

6.5CVSS5.1AI score0.00578EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2022/05/17 6:15 p.m.6 views

CVE-2022-23675

A remote authenticated stored cross-site scripting xss vulnerability was discovered in Aruba ClearPass Policy Manager versions: 6.10.4 and below, 6.9.9 and below, 6.8.9-HF2 and below, 6.7.x and below. Aruba has released updates to ClearPass Policy Manager that address this security vulnerability...

4.8CVSS5.7AI score0.00537EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2022/04/12 12:0 a.m.8 views

PT-2022-3549 · Aethon · Aethon Tug Home Base Server

Name of the Vulnerable Software and Affected Versions: Aethon TUG Home Base Server versions prior to version 24 Description: The issue is related to weaknesses in the authorization procedure of the server. It allows a remote attacker to gain unauthorized access to hashed user credentials...

8.5CVSS7.5AI score0.0069EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2022/02/18 5:50 p.m.6 views

CVE-2022-21143 Airspan Networks Mimosa OS Command Injection

MMP: All versions prior to v1.0.3, PTP C-series: Device versions prior to v2.8.6.1, and PTMP C-series and A5x: Device versions prior to v2.5.4.1 does not properly sanitize user input on several locations, which may allow an attacker to inject arbitrary commands...

7.5CVSS9.4AI score0.01163EPSS
Exploits0References1
Rows per page
Query Builder