Lucene search
K
PrionMost viewed

213680 matches found

Prion
Prion
added 2024/01/11 9:15 a.m.35 views

Cross site scripting

The LiteSpeed Cache plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'esi' shortcode in versions up to, and including, 5.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with...

4.9CVSS5.9AI score0.19684EPSS
Exploits2References4Affected Software1
Prion
Prion
added 2024/01/03 11:15 p.m.35 views

Design/Logic Flaw

Amazon Ion is a Java implementation of the Ion data notation. Prior to version 1.10.5, a potential denial-of-service issue exists in ion-java for applications that use ion-java to deserialize Ion text encoded data, or deserialize Ion text or binary encoded data into the IonValue model and then...

5CVSS7.2AI score0.0082EPSS
Exploits0References1Affected Software1
Prion
Prion
added 2023/12/15 4:15 p.m.35 views

Cross site request forgery (csrf)

Cross-Site Request Forgery CSRF vulnerability in Gift Up Gift Up Gift Cards for WordPress and WooCommerce.This issue affects Gift Up Gift Cards for WordPress and WooCommerce: from n/a through 2.21.3...

6.8CVSS7.3AI score0.00249EPSS
Exploits0References1Affected Software1
Prion
Prion
added 2023/12/13 11:15 p.m.35 views

Command injection

IBM AIX 7.2, 7.3, and VIOS 3.1 could allow a privileged local user to exploit a vulnerability in the qdaemon command to escalate privileges or cause a denial of service. IBM X-Force ID: 267972...

4.3CVSS6.7AI score0.00237EPSS
Exploits0References2Affected Software2
Prion
Prion
added 2023/12/13 8:15 a.m.35 views

Design/Logic Flaw

Design document functions which receive a user http request object may expose authorization or session cookie headers of the user who accesses the document. These design document functions are: list show rewrite update An attacker can leak the session component using an HTML-like output,...

3.5CVSS6.9AI score0.01232EPSS
Exploits0References2Affected Software1
Prion
Prion
added 2023/12/10 6:15 p.m.35 views

Design/Logic Flaw

A memory disclosure vulnerability was found in PostgreSQL that allows remote users to access sensitive information by exploiting certain aggregate function calls with 'unknown'-type arguments. Handling 'unknown'-type values from string literals without type designation can disclose bytes,...

4CVSS6.5AI score0.02775EPSS
Exploits0References26Affected Software16
Prion
Prion
added 2023/12/07 9:15 a.m.35 views

Design/Logic Flaw

An attacker can manipulate file upload params to enable paths traversal and under some circumstances this can lead to uploading a malicious file which can be used to perform Remote Code Execution. Users are recommended to upgrade to versions Struts 2.5.33 or Struts 6.3.0.2 or greater to fix this...

7.5CVSS7.3AI score0.80819EPSS
Exploits15References4Affected Software1
Prion
Prion
added 2023/12/05 11:15 p.m.35 views

Design/Logic Flaw

microsoft-graph-core the Microsoft Graph Library for PHP. The Microsoft Graph Beta PHP SDK published packages which contained test code that enabled the use of the phpInfo function from any application that could access and execute the file at...

5CVSS7AI score0.02203EPSS
Exploits0References5Affected Software1
Prion
Prion
added 2023/12/05 5:15 p.m.36 views

Design/Logic Flaw

Before Go 1.20, the RSA based TLS key exchanges used the math/big library, which is not constant time. RSA blinding was applied to prevent timing attacks, but analysis shows this may not have been fully effective. In particular it appears as if the removal of PKCS1 padding may leak timing...

5CVSS6.9AI score0.0125EPSS
Exploits0References6Affected Software1
Prion
Prion
added 2023/11/10 3:15 p.m.36 views

Design/Logic Flaw

Discourse is an open source platform for community discussion. Prior to version 3.1.3 of the stable branch and version 3.2.0.beta3 of the beta and tests-passed branches, if a user has been quoted and uses a | in their full name, they might be able to trigger a bug that generates a lot of duplicat...

5.5CVSS6.8AI score0.00999EPSS
Exploits0References3Affected Software1
Prion
Prion
added 2023/11/02 8:15 a.m.35 views

Design/Logic Flaw

Net-NTLM leak via HTML injection in FireFlow VisualFlow workflow editor allows an attacker to obtain victim’s domain credentials and Net-NTLM hash which can lead to relay domain attacks. Fixed in A32.20 b570 or above, A32.50 b390 or above...

4.9CVSS5.7AI score0.00301EPSS
Exploits0References1Affected Software1
Prion
Prion
added 2023/10/19 10:15 a.m.35 views

Design/Logic Flaw

Lack of cryptographic integrity check on TETRA air-interface encrypted traffic. Since a stream cipher is employed, this allows an active adversary to manipulate cleartext data in a bit-by-bit fashion...

5CVSS7.5AI score0.00218EPSS
Exploits0References1
Prion
Prion
added 2023/10/13 1:15 p.m.35 views

Code injection

Nextcloud Server provides data storage for Nextcloud, an open source cloud platform. In Nextcloud Server starting with 25.0.0 and prior to 25.09 and 26.04; as well as Nextcloud Enterprise Server starting with 22.0.0 and prior to 22.2.10.14, 23.0.12.9, 24.0.12.5, 25.0.9, and 26.0.4; missing...

5CVSS7.5AI score0.00575EPSS
Exploits0References3Affected Software1
Prion
Prion
added 2023/10/12 5:15 p.m.35 views

Code injection

Babel is a compiler for writingJavaScript. In @babel/traverse prior to versions 7.23.2 and 8.0.0-alpha.4 and all versions of babel-traverse, using Babel to compile code that was specifically crafted by an attacker can lead to arbitrary code execution during compilation, when using plugins that re...

4.3CVSS8.7AI score0.0052EPSS
Exploits0References7Affected Software9
Prion
Prion
added 2023/10/11 4:15 p.m.35 views

Command injection

A command execution vulnerability exists in the validate.so diagpingstart functionality of Yifan YF325 v1.020221108. A specially crafted network request can lead to command execution. An attacker can send a network request to trigger this vulnerability...

7.5CVSS9.5AI score0.01212EPSS
Exploits0References1Affected Software1
Prion
Prion
added 2023/10/10 6:15 p.m.35 views

Remote code execution

Azure Identity SDK Remote Code Execution Vulnerability...

6.5CVSS8.9AI score0.02243EPSS
Exploits0References1Affected Software1
Prion
Prion
added 2023/10/10 6:15 p.m.35 views

Remote code execution

Microsoft SQL OLE DB Remote Code Execution Vulnerability...

4.4CVSS8AI score0.00982EPSS
Exploits0References1Affected Software2
Prion
Prion
added 2023/10/10 6:15 p.m.35 views

Input validation

Incomplete Cleanup vulnerability in Apache Tomcat.When recycling various internal objects in Apache Tomcat from 11.0.0-M1 through 11.0.0-M11, from 10.1.0-M1 through 10.1.13, from 9.0.0-M1 through 9.0.80 and from 8.5.0 through 8.5.93, an error could cause Tomcat to skip some parts of the recycling...

5CVSS6.1AI score0.0216EPSS
Exploits1References6Affected Software2
Prion
Prion
added 2023/10/03 5:15 p.m.35 views

Race condition

A local non-privileged user can make improper GPU processing operations to exploit a software race condition. If the system’s memory is carefully prepared by the user, then this in turn could give them access to already freed memory...

1CVSS4.6AI score0.00292EPSS
Exploits0References1Affected Software3
Prion
Prion
added 2023/09/13 5:15 p.m.35 views

Design/Logic Flaw

This CVE exists because of an incomplete fix for CVE-2021-3750. More specifically, the qemu-kvm package as released for Red Hat Enterprise Linux 9.1 via RHSA-2022:7967 included a version of qemu-kvm that was actually missing the fix for CVE-2021-3750...

4CVSS8AI score0.0053EPSS
Exploits1References3Affected Software1
Prion
Prion
added 2023/09/12 5:15 p.m.35 views

Privilege escalation

Visual Studio Elevation of Privilege Vulnerability...

7.5CVSS9.4AI score0.01354EPSS
Exploits0References1Affected Software1
Prion
Prion
added 2023/09/11 9:15 p.m.35 views

Deserialization of untrusted data

In checkKeyIntentParceledCorrectly of AccountManagerService.java, there is a possible way to control other running activities due to unsafe deserialization. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for...

4.3CVSS7.7AI score0.001EPSS
Exploits0References2Affected Software1
Prion
Prion
added 2023/09/08 12:15 p.m.35 views

Design/Logic Flaw

Issue summary: The POLY1305 MAC message authentication code implementation contains a bug that might corrupt the internal state of applications on the Windows 64 platform when running on newer X8664 processors supporting the AVX512-IFMA instructions. Impact summary: If in an application that uses...

4.3CVSS7.6AI score0.00862EPSS
Exploits0References5Affected Software1
Prion
Prion
added 2023/09/07 1:15 p.m.35 views

Hardcoded credentials

A vulnerability in RDPngFileUpload.dll, as used in the IRM Next Generation booking system, allows a remote attacker to upload arbitrary content such as a web shell component to the SQL database and execute it with SYSTEM privileges. This vulnerability requires authentication to be exploited but c...

6.5CVSS9AI score0.00737EPSS
Exploits0References1Affected Software1
Prion
Prion
added 2023/08/24 7:15 a.m.35 views

Design/Logic Flaw

BT SDP dissector infinite loop in Wireshark 4.0.0 to 4.0.7 and 3.6.0 to 3.6.15 allows denial of service via packet injection or crafted capture file...

5CVSS7.3AI score0.00438EPSS
Exploits0References6Affected Software1
Prion
Prion
added 2023/08/17 8:15 p.m.35 views

Code injection

A PHP External Variable Modification vulnerability in J-Web of Juniper Networks Junos OS on EX Series and SRX Series allows an unauthenticated, network-based attacker to remotely execute code. Using a crafted request which sets the variable PHPRC an attacker is able to modify the PHP execution...

7.5CVSS7.5AI score0.93546EPSS
Exploits25References3Affected Software1
Prion
Prion
added 2023/08/15 4:15 p.m.35 views

Code injection

The use of module.constructor.createRequire can bypass the policy mechanism and require modules outside of the policy.json definition for a given module. This vulnerability affects all users using the experimental policy mechanism in all active release lines: 16.x, 18.x, and, 20.x. Please note th...

6.5CVSS9AI score0.01273EPSS
Exploits0References4Affected Software2
Prion
Prion
added 2023/08/14 3:15 a.m.35 views

Double free

An issue was discovered in l2capsockrelease in net/bluetooth/l2capsock.c in the Linux kernel before 6.4.10. There is a use-after-free because the children of an sk are mishandled...

4.3CVSS7.1AI score0.0056EPSS
Exploits0References10Affected Software3
Prion
Prion
added 2023/08/10 2:15 a.m.35 views

Improper access control

Improper access control in Telecom prior to SMR Aug-2023 Release 1 allows local attackers to call silenceRinger API without permission...

1.7CVSS4.1AI score0.00137EPSS
Exploits0References1Affected Software1
Prion
Prion
added 2023/08/08 6:15 p.m.35 views

Remote code execution

Windows Lightweight Directory Access Protocol LDAP Remote Code Execution Vulnerability...

4.6CVSS8.6AI score0.0132EPSS
Exploits0References1Affected Software2
Prion
Prion
added 2023/08/08 9:15 a.m.35 views

Privilege escalation

In MongoDB Ops Manager v5.0 prior to 5.0.22 and v6.0 prior to 6.0.17 it is possible for an authenticated user with project owner or project user admin access to generate an API key with the privileges of org owner resulting in privilege escalation...

5.8CVSS6.9AI score0.00614EPSS
Exploits0References3Affected Software1
Prion
Prion
added 2023/08/07 4:15 a.m.35 views

Out-of-bounds

In IOMMU, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: DTV03692061; Issue ID: DTV03692061...

4CVSS6.7AI score0.00087EPSS
Exploits0References1Affected Software2
Prion
Prion
added 2023/08/03 10:15 p.m.35 views

Xxe

The Foundry Magritte plugin rest-source was found to be vulnerable to an an XML external Entity attack XXE...

4CVSS6.5AI score0.00375EPSS
Exploits0References1Affected Software1
Prion
Prion
added 2023/08/03 12:15 p.m.35 views

Race condition

In multiple Codesys products in multiple versions, after successful authentication as a user, specific crafted network communication requests with inconsistent content can cause the CmpApp component to read internally from an invalid address, potentially leading to a denial-of-service condition...

4CVSS6.3AI score0.00519EPSS
Exploits0References1Affected Software16
Prion
Prion
added 2023/08/02 8:15 p.m.35 views

Code injection

Extremely large RSA keys in certificate chains can cause a client/server to expend significant CPU time verifying signatures. With fix, the size of RSA keys transmitted during handshakes is restricted to = 8192 bits. Based on a survey of publicly trusted RSA keys, there are currently only three...

5CVSS6.3AI score0.01328EPSS
Exploits0References6Affected Software1
Prion
Prion
added 2023/07/26 9:15 p.m.35 views

Design/Logic Flaw

Multi-Remote Next Generation Connection Manager mRemoteNG is free software that enables users to store and manage multi-protocol connection configurations to remotely connect to systems. mRemoteNG configuration files can be stored in an encrypted state on disk. mRemoteNG version = v1.76.20 and =...

5CVSS7.5AI score0.00431EPSS
Exploits4References4Affected Software1
Prion
Prion
added 2023/07/24 4:15 p.m.35 views

Race condition

A race condition vulnerability was found in the vmwgfx driver in the Linux kernel. The flaw exists within the handling of GEM objects. The issue results from improper locking when performing operations on an object. This flaw allows a local privileged user to disclose information in the context o...

0.8CVSS5.5AI score0.0034EPSS
Exploits0References6Affected Software4
Prion
Prion
added 2023/07/20 3:15 p.m.35 views

Race condition

An infinite loop vulnerability was found in Samba's mdssvc RPC service for Spotlight. When parsing Spotlight mdssvc RPC packets sent by the client, the core unmarshalling function slunpackloop did not validate a field in the network packet that contains the count of elements in an array-like...

5CVSS7.1AI score0.62015EPSS
Exploits0References11Affected Software4
Prion
Prion
added 2023/07/19 8:15 p.m.35 views

Design/Logic Flaw

aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. aiohttp v3.8.4 and earlier are bundled with llhttp v6.0.6. Vulnerable code is used by aiohttp for its HTTP request parser when available which is the default case when installing from a wheel. This vulnerability only...

5CVSS7.5AI score0.01422EPSS
Exploits1References4Affected Software1
Prion
Prion
added 2023/07/13 10:15 a.m.35 views

Input validation

URL validation scheme receives input from a user and then parses it to identify its various components. The validation scheme can ensure that all URL components comply with internet standards...

4.9CVSS5.4AI score0.00467EPSS
Exploits0References2Affected Software1
Prion
Prion
added 2023/07/13 9:15 a.m.35 views

Design/Logic Flaw

JavaScript pre-processing can be used by the attacker to gain access to the file system read-only access on behalf of user "zabbix" on the Zabbix Server or Zabbix Proxy, potentially leading to unauthorized access to sensitive data...

5CVSS7.6AI score0.0105EPSS
Exploits0References2Affected Software1
Prion
Prion
added 2023/07/11 8:15 p.m.35 views

Design/Logic Flaw

The HTTP/1 client does not fully validate the contents of the Host header. A maliciously crafted Host header can inject additional headers or entire requests. With fix, the HTTP/1 client now refuses to send requests containing an invalid Request.Host or Request.URL.Host value...

4.3CVSS6.8AI score0.0125EPSS
Exploits0References6Affected Software1
Prion
Prion
added 2023/07/11 5:15 p.m.35 views

Design/Logic Flaw

Redis is an in-memory database that persists on disk. In Redit 7.0 prior to 7.0.12, extracting key names from a command and a list of arguments may, in some cases, trigger a heap overflow and result in reading random heap memory, heap corruption and potentially remote code execution. Several...

6.5CVSS9AI score0.74822EPSS
Exploits0References5Affected Software2
Prion
Prion
added 2023/07/06 3:15 p.m.35 views

Buffer overflow

Multiple buffer overflow vulnerabilities exist in the vtyshubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to arbitrary code execution. An attacker with high privileges can send HTTP requests to trigger these...

5.8CVSS7.4AI score0.01318EPSS
Exploits1References1Affected Software1
Prion
Prion
added 2023/06/29 4:15 p.m.35 views

Command injection

An OS command injection vulnerability in D-Link DIR-823G firmware version 1.02B05 allows unauthorized attackers to execute arbitrary operating system commands via a crafted GET request to EXCUSHELL...

7.5CVSS9.7AI score0.31396EPSS
Exploits1References2Affected Software1
Prion
Prion
added 2023/06/22 1:15 p.m.35 views

Cross site scripting

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Kanban for WordPress Kanban Boards for WordPress plugin = 2.5.20 versions...

4.3CVSS4.9AI score0.00369EPSS
Exploits0References1Affected Software1
Prion
Prion
added 2023/06/09 8:15 p.m.35 views

Design/Logic Flaw

A use-after-free flaw was found in r592remove in drivers/memstick/host/r592.c in media access in the Linux Kernel. This flaw allows a local attacker to crash the system at device disconnect, possibly leading to a kernel information leak...

3.2CVSS6.5AI score0.00437EPSS
Exploits0References6Affected Software3
Prion
Prion
added 2023/06/09 6:15 a.m.35 views

Server side request forgery (ssrf)

The Getwid – Gutenberg Blocks plugin for WordPress is vulnerable to Server Side Request Forgery via the getremotecontent REST API endpoint in versions up to, and including, 1.8.3. This can allow authenticated attackers with subscriber-level permissions or above to make web requests to arbitrary...

5.5CVSS8.9AI score0.00606EPSS
Exploits2References2Affected Software1
Prion
Prion
added 2023/06/02 5:15 p.m.35 views

Design/Logic Flaw

When handling the filename directive in the Content-Disposition header, the filename would be truncated if the filename contained a NULL character. This could have led to reflected file download attacks potentially tricking users to install malware. This vulnerability affects Firefox 112, Focus f...

6.8CVSS7.8AI score0.00737EPSS
Exploits0References4Affected Software4
Prion
Prion
added 2023/06/02 2:15 p.m.35 views

Sql injection

In Progress MOVEit Transfer before 2021.0.6 13.0.6, 2021.1.4 13.1.4, 2022.0.4 14.0.4, 2022.1.5 14.1.5, and 2023.0.1 15.0.1, a SQL injection vulnerability has been found in the MOVEit Transfer web application that could allow an unauthenticated attacker to gain access to MOVEit Transfer's database...

7.5CVSS9.8AI score0.99934EPSS
Exploits15References3Affected Software2
Total number of security vulnerabilities5000