Lucene search
K

213680 matches found

Prion
Prion
added 2024/03/05 9:15 a.m.13 views

Design/Logic Flaw

swftools v0.9.2 was discovered to contain a segmentation violation via the function compileSWFActionCode at swftools/lib/action/actioncompiler.c...

7.6AI score0.00274EPSS
Exploits1References1
Prion
Prion
added 2024/03/05 8:15 a.m.25 views

Race condition

Use after free vulnerability in pubcryptorecvmsg prior to SMR Mar-2024 Release 1 due to race condition allows local attackers with system privilege to cause memory corruption...

0.8CVSS4.8AI score0.00106EPSS
Exploits0References1
Prion
Prion
added 2024/03/05 8:15 a.m.19 views

Design/Logic Flaw

swftools v0.9.2 was discovered to contain a segmentation violation via the function freelines at swftools/lib/modules/swfshape.c...

7.6AI score0.00275EPSS
Exploits1References1
Prion
Prion
added 2024/03/05 6:15 a.m.26 views

Hardcoded credentials

Maintenance Server, in Cybellum's QCOW air-gapped distribution China Edition, versions 2.15.5 through 2.27, was compiled with a hard-coded private cryptographic key. An attacker with administrative privileges & access to the air-gapped server could potentially use this key to run commands on the...

3.4CVSS4.6AI score0.00139EPSS
Exploits0References1
Prion
Prion
added 2024/03/05 5:15 a.m.18 views

Heap overflow

Heap overflow in Little Kernel in bootloader prior to SMR Mar-2024 Release 1 allows a privileged attacker to execute arbitrary code...

3.4CVSS7.9AI score0.00164EPSS
Exploits1References1
Prion
Prion
added 2024/03/05 5:15 a.m.18 views

Design/Logic Flaw

Missing proper interaction for opening deeplink in Samsung Internet prior to version v24.0.0.0 allows remote attackers to open an application without proper interaction...

5.8CVSS7.2AI score0.00348EPSS
Exploits0References1
Prion
Prion
added 2024/03/05 5:15 a.m.20 views

Out-of-bounds

Out of bounds Read vulnerability in ssmisgetfrm in libsubextractor.so prior to SMR Mar-2024 Release 1 allows local attackers to read out of bounds memory...

1.9CVSS6.8AI score0.00158EPSS
Exploits0References1
Prion
Prion
added 2024/03/05 5:15 a.m.21 views

Stack overflow

Stack overflow in Little Kernel in bootloader prior to SMR Mar-2024 Release 1 allows a privileged attackers to execute arbitrary code...

3.4CVSS7.9AI score0.00154EPSS
Exploits0References1
Prion
Prion
added 2024/03/05 5:15 a.m.15 views

Input validation

Improper handling of granting permission for Trusted Web Activities in Samsung Internet prior to version 24.0.0.41 allows local attackers to grant permission to their own TWA WebApps without user interaction...

4.3CVSS6.9AI score0.00148EPSS
Exploits0References1
Prion
Prion
added 2024/03/05 5:15 a.m.13 views

Input validation

Improper input validation in IpcTxSndSetLoopbackCtrl in libsec-ril prior to SMR Sep-2023 Release 1 allows local attackers to write out-of-bounds memory...

4.6CVSS6.9AI score0.0016EPSS
Exploits0References1
Prion
Prion
added 2024/03/05 5:15 a.m.14 views

Improper access control

Improper access control in Samsung Voice Recorder prior to versions 21.5.16.01 in Android 12 and Android 13, 21.4.51.02 in Android 14 allows physical attackers using hardware keyboard to use VoiceRecorder on the lock screen...

2.6CVSS6.8AI score0.00228EPSS
Exploits0References1
Prion
Prion
added 2024/03/05 5:15 a.m.19 views

Default configuration

Incorrect default permission in AppLock prior to SMR MAr-2024 Release 1 allows local attackers to configure AppLock settings...

4.3CVSS6.9AI score0.00136EPSS
Exploits0References1
Prion
Prion
added 2024/03/05 5:15 a.m.17 views

Improper access control

Improper access control in Samsung Voice Recorder prior to versions 21.5.16.01 in Android 12 and Android 13, 21.4.51.02 in Android 14 allows physical attackers to access recording files on the lock screen...

2.1CVSS6.8AI score0.00252EPSS
Exploits0References1
Prion
Prion
added 2024/03/05 5:15 a.m.19 views

Improper access control

Improper access control vulnerability in CustomFrequencyManagerService prior to SMR Mar-2024 Release 1 allows local attackers to execute privileged behaviors...

2.1CVSS7.1AI score0.0014EPSS
Exploits0References1
Prion
Prion
added 2024/03/05 5:15 a.m.28 views

Input validation

Improper validation vulnerability in Samsung Internet prior to version 24.0.3.2 allows local attackers to execute arbitrary code...

4.6CVSS7.6AI score0.00182EPSS
Exploits0References1
Prion
Prion
added 2024/03/05 5:15 a.m.25 views

Information disclosure

The sensitive information exposure vulnerability in WlanTest prior to SMR Mar-2024 Release 1 allows local attackers to access MAC address without proper permission...

1.7CVSS6.4AI score0.0014EPSS
Exploits0References1
Prion
Prion
added 2024/03/05 5:15 a.m.18 views

Input validation

Improper Handling of Insufficient Privileges in Samsung Account prior to version 14.8.00.3 allows local attackers to access data...

3.6CVSS6.9AI score0.00171EPSS
Exploits0References1
Prion
Prion
added 2024/03/05 3:15 a.m.26 views

Code injection

Improper neutralization of special elements in output CWE-74 used by the email generation feature of the Command Centre Server could lead to HTML code injection in emails generated by Command Centre. This issue affects: Gallagher Command Centre 9.00 prior to vEL9.00.1774 MR2, 8.90 prior to...

3.5CVSS6.7AI score0.00304EPSS
Exploits0References1
Prion
Prion
added 2024/03/05 3:15 a.m.40 views

Design/Logic Flaw

Missing release of resource after effective lifetime CWE-772 in the Controller 7000 resulted in HBUS connected T-Series readers to not automatically recover after coming under attack over the RS-485 interface, resulting in a persistent denial of service. This issue affects: All variants of the...

2.1CVSS6.2AI score0.00173EPSS
Exploits0References1
Prion
Prion
added 2024/03/05 3:15 a.m.20 views

Command injection

Insufficiently protected credentials CWE-522 for third party DVR integrations to the Command Centre Server are accessible to authenticated but unprivileged users. This issue affects: Gallagher Command Centre 9.00 prior to vEL9.00.1774 MR2, 8.90 prior to vEL8.90.1751 MR3, 8.80 prior to vEL8.80.152...

6.5CVSS9AI score0.00334EPSS
Exploits0References1
Prion
Prion
added 2024/03/05 2:15 a.m.25 views

Cross site scripting

The Blue Triad EZAnalytics plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'btwebid' parameter in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrar...

5.8CVSS6AI score0.00374EPSS
Exploits0References2
Prion
Prion
added 2024/03/05 2:15 a.m.18 views

Design/Logic Flaw

The JM Twitter Cards plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 12 via the meta description data. This makes it possible for unauthenticated attackers to view password protected post content when viewing the page source...

5CVSS5.3AI score0.00611EPSS
Exploits0References2
Prion
Prion
added 2024/03/05 2:15 a.m.27 views

Design/Logic Flaw

The Maintenance Mode plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.5.0 via the REST API. This makes it possible for unauthenticated attackers to obtain post and page content via API thus bypassing the content protection provided by th...

5CVSS5.2AI score0.00532EPSS
Exploits0References2
Prion
Prion
added 2024/03/05 2:15 a.m.25 views

Deserialization of untrusted data

The Vimeography: Vimeo Video Gallery WordPress Plugin plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 2.3.2 via deserialization of untrusted input via the vimeographyduplicategalleryserialized in the duplicategallery function. This makes it possibl...

6.5CVSS8.6AI score0.00893EPSS
Exploits0References2
Prion
Prion
added 2024/03/05 2:15 a.m.27 views

Design/Logic Flaw

The Build & Control Block Patterns – Boost up Gutenberg Editor plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the settingsexport function in all versions up to, and including, 1.3.5.4. This makes it possible for unauthenticated attackers to...

5CVSS5.2AI score0.00475EPSS
Exploits0References2
Prion
Prion
added 2024/03/05 2:15 a.m.23 views

Information disclosure

The Password Protected Store for WooCommerce plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.9 via the REST API. This makes it possible for unauthenticated attackers to extract sensitive data including post titles and content...

5CVSS5.2AI score0.00577EPSS
Exploits0References2
Prion
Prion
added 2024/03/05 2:15 a.m.30 views

Design/Logic Flaw

The Page Builder Sandwich – Front End WordPress Page Builder Plugin plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'gambitbuildersavecontent' function in all versions up to, and including, 5.1.0. This makes it possible for...

4CVSS6.1AI score0.00431EPSS
Exploits0References2
Prion
Prion
added 2024/03/05 2:15 a.m.24 views

Design/Logic Flaw

The Change Memory Limit plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the adminlogic function hooked via admininit in all versions up to, and including, 1.0. This makes it possible for unauthenticated attackers to update the memory...

5CVSS5.2AI score0.00427EPSS
Exploits0References2
Prion
Prion
added 2024/03/05 2:15 a.m.32 views

Cross site scripting

The Easy!Appointments plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in all versions up to, and including, 1.3.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attacker...

5.5CVSS5.6AI score0.00408EPSS
Exploits0References2
Prion
Prion
added 2024/03/05 2:15 a.m.17 views

Deserialization of untrusted data

The Auto Refresh Single Page plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.1 via deserialization of untrusted input from the arspoptions post meta option. This makes it possible for authenticated attackers, with contributor-level access and...

6.5CVSS8.6AI score0.00851EPSS
Exploits0References2
Prion
Prion
added 2024/03/05 2:15 a.m.23 views

Code injection

The Page Builder Sandwich – Front End WordPress Page Builder Plugin plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 5.1.0. This makes it possible for authenticated attackers, with subscriber access and higher, to extract sensitive user or...

4CVSS6.2AI score0.00491EPSS
Exploits0References2
Prion
Prion
added 2024/03/05 2:15 a.m.37 views

Command injection

TYPO3 before 13.0.1 allows an authenticated admin user with system maintainer privileges to execute arbitrary shell commands with the privileges of the web server via a command injection vulnerability in form fields of the Install Tool. The fixed versions are 8.7.57 ELTS, 9.5.46 ELTS, 10.4.43 ELT...

7.9AI score0.02017EPSS
Exploits0References3
Prion
Prion
added 2024/03/05 2:15 a.m.25 views

Design/Logic Flaw

The SportsPress – Sports Club & League Manager plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the settingssave function in all versions up to, and including, 2.7.17. This makes it possible for unauthenticated attackers to update the...

5CVSS5.2AI score0.00431EPSS
Exploits0References2
Prion
Prion
added 2024/03/05 1:15 a.m.21 views

Memory corruption

libheif = 1.17.6 contains a memory leak in the function JpegEncoder::Encode. This flaw allows an attacker to cause a denial of service attack...

6.5AI score0.00687EPSS
Exploits1References1
Prion
Prion
added 2024/03/05 12:15 a.m.19 views

Sql injection

Customer Support System v1 was discovered to contain a SQL injection vulnerability via the lastname parameter at /customersupport/ajax.php?action=saveuser...

8.6AI score0.00761EPSS
Exploits1References2
Prion
Prion
added 2024/03/05 12:15 a.m.24 views

Path traversal

iA Path Traversal vulnerability exists in iDURAR v2.0.0, that allows unauthenticated attackers to expose sensitive files via the download functionality...

6.7AI score0.00869EPSS
Exploits1References2
Prion
Prion
added 2024/03/05 12:15 a.m.14 views

Sql injection

Customer Support System v1 was discovered to contain a SQL injection vulnerability via the username parameter at /customersupport/ajax.php?action=login...

8.6AI score0.0115EPSS
Exploits1References2
Prion
Prion
added 2024/03/05 12:15 a.m.24 views

Sql injection

Customer Support System v1 was discovered to contain a SQL injection vulnerability via the subject parameter at /customersupport/ajax.php?action=saveticket...

8.2AI score0.00818EPSS
Exploits1References2
Prion
Prion
added 2024/03/05 12:15 a.m.20 views

Sql injection

Customer Support System v1 was discovered to contain a SQL injection vulnerability via the id parameter at /customersupport/index.php?page=editcustomer...

8.2AI score0.00519EPSS
Exploits1References2
Prion
Prion
added 2024/03/05 12:15 a.m.18 views

Sql injection

Customer Support System v1 was discovered to contain a SQL injection vulnerability via the email parameter at /customersupport/ajax.php...

8.6AI score0.00761EPSS
Exploits1References2
Prion
Prion
added 2024/03/05 12:15 a.m.19 views

Sql injection

Customer Support System v1 was discovered to contain a SQL injection vulnerability via the id parameter at /customersupport/managedepartment.php...

8.6AI score0.00456EPSS
Exploits1References2
Prion
Prion
added 2024/03/05 12:15 a.m.25 views

Hardcoded credentials

The Elink Smart eSmartCam com.cn.dq.ipc application 2.1.5 for Android contains hardcoded AES encryption keys that can be extracted from a binary file. Thus, encryption can be defeated by an attacker who can observe packet data e.g., over Wi-Fi...

6.8AI score0.00496EPSS
Exploits0References2
Prion
Prion
added 2024/03/05 12:15 a.m.28 views

Sql injection

SQL Injection vulnerability in Baizhuo Network Smart s200 Management Platform v.S200 allows a local attacker to obtain sensitive information and escalate privileges via the /importexport.php component...

7.4AI score0.01101EPSS
Exploits0References1
Prion
Prion
added 2024/03/04 10:15 p.m.17 views

Input validation

An improper export vulnerability was reported in the Motorola Carrier Services application that could allow a malicious, local application to read files without authorization...

1.5CVSS6.8AI score0.00154EPSS
Exploits0References1
Prion
Prion
added 2024/03/04 10:15 p.m.13 views

Input validation

An improper export vulnerability was reported in the Motorola OTA update application, that could allow a malicious, local application to inject an HTML-based message on screen UI...

3.6CVSS6.9AI score0.00162EPSS
Exploits0References1
Prion
Prion
added 2024/03/04 10:15 p.m.25 views

Design/Logic Flaw

The encrypted subject of an email message could be incorrectly and permanently assigned to an arbitrary other email message in Thunderbird's local cache. Consequently, when replying to the contaminated email message, the user might accidentally leak the confidential subject to a third party. Whil...

8AI score0.00682EPSS
Exploits1References2
Prion
Prion
added 2024/03/04 9:15 p.m.22 views

Code injection

The Event Tickets and Registration WordPress plugin before 5.8.1, Events Tickets Plus WordPress plugin before 5.9.1 does not prevent users with at least the contributor role from leaking the existence of certain events they shouldn't have access to. e.g. draft, private, pending review,...

6.7AI score0.00604EPSS
Exploits2References1
Prion
Prion
added 2024/03/04 9:15 p.m.19 views

Default credentials

The Events Tickets Plus WordPress plugin before 5.9.1 does not prevent users with at least the contributor role from leaking the attendees list on any post type regardless of status. e.g. draft, private, pending review, password-protected, and trashed posts...

6.7AI score0.00456EPSS
Exploits2References1
Prion
Prion
added 2024/03/04 9:15 p.m.35 views

Sql injection

A vulnerability was found in SourceCodester Online Tours & Travels Management System 1.0. It has been classified as critical. Affected is an unknown function of the file /admin/operations/expensecategory.php of the component HTTP POST Request Handler. The manipulation of the argument status leads...

5.8CVSS5.4AI score0.00639EPSS
Exploits1References3
Prion
Prion
added 2024/03/04 8:15 p.m.35 views

Authentication flaw

Vault and Vault Enterprise “Vault” TLS certificate auth method did not correctly validate client certificates when configured with a non-CA certificate as trusted certificate. In this configuration, an attacker may be able to craft a malicious certificate that could be used to bypass...

5.1CVSS7.9AI score0.00447EPSS
Exploits0References1
Total number of security vulnerabilities213680