Lucene search
K

13 matches found

Snyk
Snyk
added 2026/03/19 4:28 p.m.4 views

Permissive Cross-domain Policy with Untrusted Domains

Overview Affected versions of this package are vulnerable to Permissive Cross-domain Policy with Untrusted Domains via a misconfigured CORS policy that reflects arbitrary origins and allows credentials. An attacker can gain unauthorized access to sensitive data and perform actions on behalf of...

9.6CVSS6AI score0.00257EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/10/23 12:0 a.m.28 views

CVE-2025-56009

Cross site request forgery CSRF vulnerability in KeeneticOS before 4.3 at "/rci" API endpoint allows attackers to take over the device via adding additional users with full permissions by managing the victim to open page with exploit...

0.00169EPSS
Exploits1References3
Tenable Nessus
Tenable Nessus
added 2025/03/05 12:0 a.m.10 views

Linux Distros Unpatched Vulnerability : CVE-2024-0564

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw was found in the Linux kernel's memory deduplication mechanism. The max page sharing of Kernel Samepage Merging KSM, added in Linux kernel version...

6.5CVSS6.7AI score0.00623EPSS
Exploits1References4
SUSE CVE
SUSE CVE
added 2024/06/04 12:44 p.m.2 views

SUSE CVE-2022-24917

An authenticated user can create a link with reflected Javascript code inside it for services' page and send it to other users. The payload can be executed only with a known CSRF token value of the victim, which is changed periodically and is difficult to predict. Malicious code has access to all...

3.7CVSS5.4AI score0.00779EPSS
Exploits0References5
OSV
OSV
added 2024/01/30 3:15 p.m.5 views

DEBIAN-CVE-2024-0564

A flaw was found in the Linux kernel's memory deduplication mechanism. The max page sharing of Kernel Samepage Merging KSM, added in Linux kernel version 4.4.0-96.119, can create a side channel. When the attacker and the victim share the same host and the default setting of KSM is "max page...

6.5CVSS6.9AI score0.00623EPSS
Exploits1References1
OSV
OSV
added 2024/01/30 3:15 p.m.1 views

UBUNTU-CVE-2024-0564

A flaw was found in the Linux kernel's memory deduplication mechanism. The max page sharing of Kernel Samepage Merging KSM, added in Linux kernel version 4.4.0-96.119, can create a side channel. When the attacker and the victim share the same host and the default setting of KSM is "max page...

6.5CVSS7.2AI score0.00623EPSS
Exploits1References5
SUSE CVE
SUSE CVE
added 2024/01/23 2:46 a.m.3 views

SUSE CVE-2024-0564

A flaw was found in the Linux kernel's memory deduplication mechanism. The max page sharing of Kernel Samepage Merging KSM, added in Linux kernel version 4.4.0-96.119, can create a side channel. When the attacker and the victim share the same host and the default setting of KSM is "max page...

6.5CVSS8.3AI score0.00623EPSS
Exploits1References3
OSV
OSV
added 2023/12/15 11:15 a.m.4 views

CVE-2023-48483

Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting DOM-based XSS vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the...

5.4CVSS5.7AI score0.00562EPSS
Exploits0References1
OSV
OSV
added 2022/03/09 8:15 p.m.2 views

DEBIAN-CVE-2022-24349

An authenticated user can create a link with reflected XSS payload for actions’ pages, and send it to other users. Malicious code has access to all the same objects as the rest of the web page and can make arbitrary modifications to the contents of the page being displayed to a victim. This attac...

4.4CVSS5.8AI score0.00779EPSS
Exploits0References1
OSV
OSV
added 2022/03/09 8:15 p.m.1 views

DEBIAN-CVE-2022-24917

An authenticated user can create a link with reflected Javascript code inside it for services’ page and send it to other users. The payload can be executed only with a known CSRF token value of the victim, which is changed periodically and is difficult to predict. Malicious code has access to all...

4.4CVSS5.9AI score0.00779EPSS
Exploits0References1
OSV
OSV
added 2022/03/09 8:15 p.m.3 views

UBUNTU-CVE-2022-24349

An authenticated user can create a link with reflected XSS payload for actions’ pages, and send it to other users. Malicious code has access to all the same objects as the rest of the web page and can make arbitrary modifications to the contents of the page being displayed to a victim. This attac...

4.6CVSS6.3AI score0.00779EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2022/02/02 12:0 a.m.1 views

PT-2022-6478 · Zabbix +2 · Zabbix +2

Name of the Vulnerable Software and Affected Versions: Zabbix affected versions not specified Description: The issue is related to the lack of protection of the web page structure in Zabbix, allowing an authenticated user to create a link with a reflected XSS payload for actions' pages and send i...

9.9CVSS6.2AI score0.32304EPSS
Exploits5References119
Packet Storm
Packet Storm
added 2009/02/26 12:0 a.m.17 views

Great Shop Creator SQL Injection

--------------------------------------------------------- Portal Name: Great Shop Creator Vendor: http://www.etoshop.com Author : PouyaServer , [email protected] Website: http://Pouya-Server.ir Vulnerability : Auth Bypass SQL Injection Vulnerability...

0.5AI score
Exploits0
Rows per page
Query Builder