Lucene search
K

1178 matches found

Prion
Prion
added 2023/02/14 11:15 a.m.14 views

Information disclosure

A vulnerability has been identified in Mendix Applications using Mendix 7 All versions V7.23.34, Mendix Applications using Mendix 8 All versions V8.18.23, Mendix Applications using Mendix 9 All versions V9.22.0, Mendix Applications using Mendix 9 V9.12 All versions V9.12.10, Mendix Applications...

5CVSS7.4AI score0.00498EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2023/02/14 10:36 a.m.6 views

CVE-2023-23835

A vulnerability has been identified in Mendix Applications using Mendix 7 All versions V7.23.34, Mendix Applications using Mendix 8 All versions V8.18.23, Mendix Applications using Mendix 9 All versions V9.22.0, Mendix Applications using Mendix 9 V9.12 All versions V9.12.10, Mendix Applications...

5.9CVSS7.3AI score0.00498EPSS
Exploits0References1
Cvelist
Cvelist
added 2023/02/14 10:36 a.m.26 views

CVE-2023-23835

A vulnerability has been identified in Mendix Applications using Mendix 7 All versions V7.23.34, Mendix Applications using Mendix 8 All versions V8.18.23, Mendix Applications using Mendix 9 All versions V9.22.0, Mendix Applications using Mendix 9 V9.12 All versions V9.12.10, Mendix Applications...

5.9CVSS7.5AI score0.00498EPSS
Exploits0References1
CVE
CVE
added 2023/02/14 10:36 a.m.56 views

CVE-2023-23835

Siemens Mendix Runtime suffers an improper access control vulnerability (CVE-2023-23835) that can allow bypassing XPath constraints to retrieve information via error-triggering XPath queries. Affected products include Mendix Application runtimes prior to: 7.23.34, 8.18.23, 9.22.0, 9.12.x before 9...

7.5CVSS7.3AI score0.00498EPSS
Exploits0References1Affected Software1
CNVD
CNVD
added 2023/02/14 12:0 a.m.18 views

Siemens Mendix Runtime Access Control Improper Vulnerability

Mendix is a highly productive application platform that enables you to build and continuously improve mobile and web applications at scale.An improper access control vulnerability exists in Siemens Mendix Runtime, which could be exploited by an attacker to bypass XPath constraints and retrieve...

7.5CVSS2.8AI score0.00498EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2023/02/14 12:0 a.m.6 views

PT-2023-6756 · Mendix · Mendix

Name of the Vulnerable Software and Affected Versions: Mendix versions prior to 7.23.34 Mendix versions prior to 8.18.23 Mendix versions prior to 9.22.0 Mendix 9.12 versions prior to 9.12.10 Mendix 9.18 versions prior to 9.18.4 Mendix 9.6 versions prior to 9.6.15 Description: The issue is related...

7.5CVSS7.3AI score0.00498EPSS
Exploits0References4
CNNVD
CNNVD
added 2023/02/14 12:0 a.m.5 views

Siemens Mendix 访问控制错误漏洞

Mendix is a highly productive application platform that enables you to build and continuously improve mobile and web applications at scale.An improper access control vulnerability exists in Siemens Mendix Runtime, which could be exploited by an attacker to bypass XPath constraints and retrieve...

7.5CVSS6.5AI score0.00498EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2022/12/27 3:15 p.m.1 views

CVE-2022-4725

A vulnerability was found in AWS SDK 2.59.0. It has been rated as critical. This issue affects the function XpathUtils of the file aws-android-sdk-core/src/main/java/com/amazonaws/util/XpathUtils.java of the component XML Parser. The manipulation leads to server-side request forgery. Upgrading to...

9.8CVSS5.9AI score0.00669EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2022/12/24 12:0 a.m.6 views

PT-2022-28039 · Amazon · Aws Sdk

Name of the Vulnerable Software and Affected Versions: AWS SDK version 2.59.0 Description: A critical issue affects the function XpathUtils of the file aws-android-sdk-core/src/main/java/com/amazonaws/util/XpathUtils.java of the component XML Parser. The manipulation leads to server-side request...

9.8CVSS5.9AI score0.00669EPSS
Exploits0References11
Fedora
Fedora
added 2022/12/18 1:41 a.m.38 views

[SECURITY] Fedora 36 Update: rubygem-nokogiri-1.13.10-1.fc36

Nokogiri parses and searches XML/HTML very quickly, and also has correctly implemented CSS3 selector support as well as XPath support. Nokogiri also features an Hpricot compatibility layer to help ease the change to using correct CSS and XPath...

7.5CVSS7.6AI score0.0168EPSS
Exploits0
OSV
OSV
added 2022/12/06 12:30 a.m.16 views

GHSA-7VX2-5349-QJ99 Withdrawn: ConcreteCMS vulnerable to Xpath injection attacks

Withdrawn This advisory has been withdrawn because it has been found not to be a security issue and withdrawn by its CNA. Please see the message from NVD here for more information. This link is maintained to preserve external references. Original Description ConcreteCMS v9.1.3 was discovered to b...

7.5CVSS6.8AI score
Exploits0References3
Github Security Blog
Github Security Blog
added 2022/12/06 12:30 a.m.22 views

Withdrawn: ConcreteCMS vulnerable to Xpath injection attacks

Withdrawn This advisory has been withdrawn because it has been found not to be a security issue and withdrawn by its CNA. Please see the message from NVD here for more information. This link is maintained to preserve external references. Original Description ConcreteCMS v9.1.3 was discovered to b...

6.6AI score
Exploits0References3Affected Software1
Packet Storm
Packet Storm
added 2022/11/29 12:0 a.m.559 views

Concrete CMS 9.1.3 XPATH Injection

Title: concretecms-9.1.3 Xpath injection Author: nu11secur1ty Date: 11.28.2022 Vendor: https://www.concretecms.org/ Software: https://www.concretecms.org/download Reference: https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/concretecms.org/2022/concretecms-9.1.3 Description: The...

0.1AI score
Exploits0
Fedora
Fedora
added 2022/11/13 1:14 a.m.78 views

[SECURITY] Fedora 37 Update: libxml2-2.10.3-2.fc37

This library allows to manipulate XML files. It includes support to read, modify and write XML and HTML files. There is DTDs support this includes parsing and validation even with complex DtDs, either at parse time or later once the document has been modified. The output can be a simple SAX strea...

7.8CVSS0.5AI score0.22791EPSS
Exploits2
Openbugbounty
Openbugbounty
added 2022/11/04 1:47 a.m.14 views

stacks.hpcf.upr.edu Cross Site Scripting vulnerability OBB-3035104

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

6.2AI score
Exploits0
GithubExploit
GithubExploit
added 2022/10/31 1:24 p.m.828 views

Exploit for Improper Verification of Cryptographic Signature in Passport-Saml_Project Passport-Saml

Exploiting CVE-2022-39299 Signature bypass via multiple ro...

8.1CVSS8.4AI score0.03025EPSS
Exploits1
The Hacker News
The Hacker News
added 2022/10/28 2:30 p.m.155 views

High-Severity Flaws in Juniper Junos OS Affect Enterprise Networking Devices

Multiple high-severity security flaws have been disclosed as affecting Juniper Networks devices, some of which could be exploited to achieve code execution. Chief among them is a remote pre-authenticated PHP archive file deserialization vulnerability CVE-2022-22241, CVSS score: 8.1 in the J-Web...

9.8CVSS1.6AI score0.98975EPSS
Exploits12
OpenVAS
OpenVAS
added 2022/10/27 12:0 a.m.33 views

Fedora: Security Advisory for libxml2 (FEDORA-2022-aeafd24818)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.8CVSS7.4AI score0.22791EPSS
Exploits2References2
Fedora
Fedora
added 2022/10/25 1:13 p.m.49 views

[SECURITY] Fedora 36 Update: libxml2-2.10.3-1.fc36

This library allows to manipulate XML files. It includes support to read, modify and write XML and HTML files. There is DTDs support this includes parsing and validation even with complex DtDs, either at parse time or later once the document has been modified. The output can be a simple SAX strea...

7.8CVSS0.5AI score0.22791EPSS
Exploits2
OSV
OSV
added 2022/10/18 3:15 a.m.6 views

CVE-2022-22243

An XPath Injection vulnerability due to Improper Input Validation in the J-Web component of Juniper Networks Junos OS allows an authenticated attacker to add an XPath command to the XPath stream, which may allow chaining to other unspecified vulnerabilities, leading to a partial loss of...

4.3CVSS5.8AI score0.00435EPSS
Exploits0References1
Rows per page
Query Builder