Lucene search
K

896 matches found

Vulnrichment
Vulnrichment
added 2025/04/11 12:0 a.m.7 views

CVE-2025-32809

W. W. Norton InQuizitive through 2025-04-08 allows students to conduct stored XSS attacks against educators via a bonus description, feedback.choicefb, or questionid...

6.4CVSS6.1AI score0.00256EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2025/04/11 12:0 a.m.6 views

CVE-2025-32808

W. W. Norton InQuizitive through 2025-04-08 allows students to insert arbitrary records of their quiz performance into the backend, because only client-side access control exists...

7.7CVSS7.6AI score0.00371EPSS
Exploits1References1
CVE
CVE
added 2025/04/11 12:0 a.m.58 views

CVE-2025-32808

Affected software: W. W. Norton InQuizitive (through 2025-04-08). The vulnerability arises from client-side access control, allowing a student to insert arbitrary quiz records into the backend, with integrity impact (I=HIGH) and no confidentiality impact (C=NONE). CVSS details: CVSS 3.1 base scor...

7.7CVSS7AI score0.00371EPSS
Exploits1References1Affected Software1
CVE
CVE
added 2025/04/11 12:0 a.m.68 views

CVE-2025-32809

InQuizitive (W. W. Norton) is affected by CVE-2025-32809 through 2025-04-08, which allows stored cross-site scripting via user-supplied data in bonus description, feedback.choice_fb[], or question_id. The issue is described across multiple sources as a stored XSS vulnerability; exploitation appea...

6.4CVSS5.9AI score0.00256EPSS
Exploits1References1Affected Software1
Snyk
Snyk
added 2025/04/08 4:43 a.m.4 views

Out-of-bounds Read

Overview Affected versions of this package are vulnerable to Out-of-bounds Read due to the stbhwbuildtilesetfromimage function. An attacker can read memory locations that should be inaccessible by manipulating the w argument. Remediation There is no fixed version for stb. References - GitHub Issu...

6.5CVSS6.9AI score0.00545EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/03/05 12:0 a.m.19 views

Linux Distros Unpatched Vulnerability : CVE-2024-47745

"The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - mm: call the securitymmapfile LSM hook in remapfilepages The remapfilepages syscall handler calls dommap directly, which doesn't contain the LSM security check...

7.8CVSS6.6AI score0.00299EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2025/02/05 7:28 p.m.9 views

CVE-2022-0401

Path Traversal in NPM w-zip prior to 1.0.12...

9.8CVSS6.6AI score0.01623EPSS
Exploits1References1
CNNVD
CNNVD
added 2025/01/17 12:0 a.m.4 views

Online Exam System 安全漏洞

Online Exam System is an online exam system by oretnom23 individual developers. A security vulnerability exists in Online Exam System, which stems from a cross-site scripting vulnerability that allows remote attackers to obtain sensitive information via the parameter w. The vulnerability is cause...

6.1CVSS6AI score0.00312EPSS
Exploits0References4
CNNVD
CNNVD
added 2025/01/09 12:0 a.m.6 views

HouseRent 安全漏洞

HouseRent is a house rental management system by Mr.W individual developer. An auto-caching JWK-Set HTTP client is provided. A security vulnerability exists in HouseRent version 1.0, which stems from unknown functionality in the file src/main/java/com/house/wym/controller/AdminController.java tha...

8.8CVSS6.5AI score0.00369EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2024/12/09 1:15 p.m.5 views

CVE-2023-32094

Missing Authorization vulnerability in Felix W. Extended Post Status extended-post-status allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Extended Post Status: from n/a through = 1.0.19...

5.4CVSS5.8AI score0.00333EPSS
Exploits0References3
CVE
CVE
added 2024/11/27 9:39 a.m.290 views

CVE-2024-11667

CVE-2024-11667 involves a directory traversal flaw in Zyxel firewalls' web management interface (ATP, USG FLEX, USG FLEX 50(W), USG20(W)-VPN) affecting firmware V5.00–V5.38 (and related ranges). The vulnerability could allow an attacker to download or upload files via a crafted URL, with impact t...

9.8CVSS6.9AI score0.03017EPSS
In wildExploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2024/11/27 12:0 a.m.136 views

CVE-2024-11667

A directory traversal vulnerability in the web management interface of Zyxel ATP series firmware versions V5.00 through V5.38, USG FLEX series firmware versions V5.00 through V5.38, USG FLEX 50W series firmware versions V5.10 through V5.38, and USG20W-VPN series firmware versions V5.10 through...

9.8CVSS7AI score0.03017EPSS
In wildExploits0References3
Debian CVE
Debian CVE
added 2024/11/10 12:0 a.m.16 views

CVE-2024-46952

An issue was discovered in pdf/pdfxref.c in Artifex Ghostscript before 10.04.0. There is a buffer overflow during handling of a PDF XRef stream related to W array values...

8.4CVSS7.8AI score0.00316EPSS
Exploits0
OSV
OSV
added 2024/11/09 3:15 p.m.3 views

CVE-2024-51606

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Blrt Blrt WP Embed allows SQL Injection.This issue affects Blrt WP Embed: from n/a through 1.6.9...

8.8CVSS5.8AI score0.00533EPSS
Exploits0References1
OSV
OSV
added 2024/10/30 12:0 a.m.5 views

UBUNTU-CVE-2024-46952

An issue was discovered in pdf/pdfxref.c in Artifex Ghostscript before 10.04.0. There is a buffer overflow during handling of a PDF XRef stream related to W array values...

8.4CVSS7.4AI score0.00316EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2024/10/23 1:24 p.m.4 views

SUSE CVE-2024-46952

An issue was discovered in pdf/pdfxref.c in Artifex Ghostscript before 10.04.0. There is a buffer overflow during handling of a PDF XRef stream related to W array values...

7.8CVSS7.5AI score0.00316EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 2024/10/21 3:40 p.m.20 views

CVE-2024-47745

A flaw was found in the remapfilepages function in mm/mmap.c in the Linux kernel, where it does not properly restrict execute access. This vulnerability allows local users to bypass intended SELinux W^X policy restrictions. Mitigation The issue exists if SELinux W^X policy restrictions are being...

4.7CVSS7.2AI score0.00285EPSS
Exploits0References4
NVD
NVD
added 2024/10/21 1:15 p.m.22 views

CVE-2024-47745

In the Linux kernel, the following vulnerability has been resolved: mm: call the securitymmapfile LSM hook in remapfilepages The remapfilepages syscall handler calls dommap directly, which doesn't contain the LSM security check. And if the process has called personalityREADIMPLIESEXEC before and...

7.8CVSS0.00285EPSS
Exploits0References6
OSV
OSV
added 2024/10/21 1:15 p.m.2 views

DEBIAN-CVE-2024-47745

In the Linux kernel, the following vulnerability has been resolved: mm: call the securitymmapfile LSM hook in remapfilepages The remapfilepages syscall handler calls dommap directly, which doesn't contain the LSM security check. And if the process has called personalityREADIMPLIESEXEC before and...

7.8CVSS5.5AI score0.00285EPSS
Exploits0References1
NVD
NVD
added 2024/10/21 12:15 p.m.12 views

CVE-2024-47716

In the Linux kernel, the following vulnerability has been resolved: ARM: 9410/1: vfp: Use asm volatile in fmrx/fmxr macros Floating point instructions in userspace can crash some arm kernels built with clang/LLD 17.0.6: BUG: unsupported FP instruction in kernel mode FPEXC == 0xc0000780 Internal...

5.5CVSS0.00218EPSS
Exploits0References4
Rows per page
Query Builder