Lucene search
K

213680 matches found

Prion
Prion
•added 2024/03/04 1:15 a.m.•47 views

Sql injection

A vulnerability was found in SourceCodester Best POS Management System 1.0. It has been classified as critical. Affected is an unknown function of the file adminclass.php. The manipulation of the argument img leads to sql injection. It is possible to launch the attack remotely. The exploit has be...

6.5CVSS6.9AI score0.00556EPSS
Exploits0References3
Prion
Prion
•added 2024/03/04 1:15 a.m.•30 views

Sql injection

A vulnerability, which was classified as critical, was found in SourceCodester Online Mobile Management Store 1.0. This affects an unknown part of the file /admin/orders/vieworder.php. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The...

6.5CVSS6.9AI score0.0066EPSS
Exploits1References3
Prion
Prion
•added 2024/03/04 12:15 a.m.•15 views

Sql injection

A vulnerability, which was classified as critical, has been found in SourceCodester Online Mobile Management Store 1.0. Affected by this issue is some unknown functionality of the file /admin/product/manageproduct.php. The manipulation of the argument id leads to sql injection. The attack may be...

5.8CVSS7.7AI score0.00621EPSS
Exploits1References3
Prion
Prion
•added 2024/03/04 12:15 a.m.•27 views

Directory traversal

LangChain through 0.1.10 allows ../ directory traversal by an actor who is able to control the final part of the path parameter in a loadchain call. This bypasses the intended behavior of loading configurations only from the hwchase17/langchain-hub GitHub repository. The outcome can be disclosure...

7.5AI score0.0174EPSS
Exploits1References3
Prion
Prion
•added 2024/03/04 12:15 a.m.•31 views

Input validation

A vulnerability classified as problematic was found in SourceCodester Online Mobile Management Store 1.0. Affected by this vulnerability is an unknown functionality of the component Product Price Handler. The manipulation of the argument quantity with the input -1 leads to business logic errors...

4CVSS4.9AI score0.00546EPSS
Exploits1References3
Prion
Prion
•added 2024/03/03 9:15 p.m.•20 views

Input validation

An issue was discovered in Cloud Native Computing Foundation CNCF Helm through 3.13.3. It displays values of secrets when the --dry-run flag is used. This is a security concern in some use cases, such as a --dry-run call by a CI/CD tool. NOTE: the vendor's position is that this behavior was...

7.4AI score0.00675EPSS
Exploits0References2
Prion
Prion
•added 2024/03/03 9:15 p.m.•10 views

Design/Logic Flaw

p2putil.c in iNet wireless daemon IWD through 2.15 allows attackers to cause a denial of service daemon crash or possibly have unspecified other impact because of initialization issues in situations where parsing of advertised service information fails...

7.8AI score0.00937EPSS
Exploits0References2
Prion
Prion
•added 2024/03/03 6:15 p.m.•21 views

Design/Logic Flaw

A vulnerability, which was classified as critical, has been found in SourceCodester Insurance Management System 1.0. This issue affects some unknown processing. The manipulation of the argument page leads to file inclusion. The attack may be initiated remotely. The exploit has been disclosed to t...

5CVSS7.2AI score0.00607EPSS
Exploits0References3
Prion
Prion
•added 2024/03/03 6:15 p.m.•15 views

Sql injection

A vulnerability classified as critical was found in CodeAstro Membership Management System 1.0. This vulnerability affects unknown code of the file settings.php. The manipulation of the argument currency leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed ...

5.8CVSS7.9AI score0.00624EPSS
Exploits1References3
Prion
Prion
•added 2024/03/03 5:15 p.m.•17 views

Design/Logic Flaw

A vulnerability classified as critical has been found in SourceCodester Online Mobile Management Store 1.0. This affects an unknown part of the file /classes/Users.php. The manipulation of the argument img leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit h...

6.5CVSS7.2AI score0.00832EPSS
Exploits1References3
Prion
Prion
•added 2024/03/03 5:15 p.m.•21 views

Sql injection

A vulnerability was found in SourceCodester Online Mobile Management Store 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /admin/login.php. The manipulation of the argument username leads to sql injection. The attack may be launched remotely...

7.5CVSS7.7AI score0.00847EPSS
Exploits1References3
Prion
Prion
•added 2024/03/03 4:15 p.m.•13 views

Code injection

IBM QRadar WinCollect Agent 10.0 through 10.1.2 could allow a privileged user to cause a denial of service. IBM X-Force ID: 240151...

6.5AI score0.00169EPSS
Exploits0References2
Prion
Prion
•added 2024/03/03 4:15 p.m.•18 views

Design/Logic Flaw

IBM Watson CP4D Data Stores 4.6.0, 4.6.1, 4.6.2, and 4.6.3 does not encrypt sensitive or critical information before storage or transmission which could allow an attacker to obtain sensitive information. IBM X-Force ID: 248740...

2.8CVSS6.2AI score0.00333EPSS
Exploits0References2
Prion
Prion
•added 2024/03/03 4:15 p.m.•20 views

Input validation

IBM Watson CP4D Data Stores 4.6.0, 4.6.1, and 4.6.2 could allow an attacker with specific knowledge about the system to manipulate data due to improper input validation. IBM X-Force ID: 250396...

2.6CVSS6.6AI score0.00547EPSS
Exploits0References2
Prion
Prion
•added 2024/03/03 3:15 p.m.•14 views

Cross site scripting

A vulnerability was found in SourceCodester Online Mobile Management Store 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /?p=products. The manipulation of the argument search leads to cross site scripting. The attack can be launch...

4CVSS6.5AI score0.00566EPSS
Exploits1References3
Prion
Prion
•added 2024/03/03 3:15 p.m.•20 views

Design/Logic Flaw

As a default user on a multi-user instance of AnythingLLM, you could execute a call to the /export-data endpoint of the system and then unzip and read that export that would enable you do exfiltrate data of the system at that save state. This would require the attacked to be granted explicit acce...

5.5CVSS7.3AI score0.00579EPSS
Exploits1References2
Prion
Prion
•added 2024/03/03 2:15 p.m.•15 views

Cross site scripting

A vulnerability was found in SourceCodester Online Mobile Management Store 1.0. It has been classified as problematic. Affected is an unknown function of the file /endpoint/update-tracker.php. The manipulation of the argument firstname leads to cross site scripting. It is possible to launch the...

4CVSS6.5AI score0.00582EPSS
Exploits1References3
Prion
Prion
•added 2024/03/03 1:15 p.m.•20 views

Design/Logic Flaw

IBM QRadar Suite Products 1.10.12.0 through 1.10.18.0 and IBM Cloud Pak for Security 1.10.0.0 through 1.10.11.0 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 280781...

2.6CVSS6.8AI score0.0041EPSS
Exploits0References2
Prion
Prion
•added 2024/03/03 1:15 p.m.•17 views

Code injection

IBM QRadar Suite Products 1.10.12.0 through 1.10.18.0 and IBM Cloud Pak for Security 1.10.0.0 through 1.10.11.0 could disclose sensitive information using man in the middle techniques due to not correctly enforcing all aspects of certificate validation in some circumstances. IBM X-Force ID: 27253...

2.6CVSS6.2AI score0.00246EPSS
Exploits0References2
Prion
Prion
•added 2024/03/03 1:15 p.m.•20 views

Cross site scripting

IBM Engineering Test Management 7.0.2 and 7.0.3 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-For...

5.5CVSS6.1AI score0.00303EPSS
Exploits0References2
Prion
Prion
•added 2024/03/03 12:15 p.m.•25 views

Command injection

IBM MQ Operator 2.0.0 LTS, 2.0.18 LTS, 3.0.0 CD, 3.0.1 CD, 2.4.0 through 2.4.7, 2.3.0 through 2.3.3, 2.2.0 through 2.2.2, and 2.3.0 through 2.3.3 stores or transmits user credentials in plain clear text which can be read by a local user using a trace command. IBM X-Force ID: 272638...

2.1CVSS6.3AI score0.00116EPSS
Exploits0References2
Prion
Prion
•added 2024/03/03 12:15 p.m.•22 views

Code injection

IBM MQ Operator 2.0.0 LTS, 2.0.18 LTS, 3.0.0 CD, 3.0.1 CD, 2.4.0 through 2.4.7, 2.3.0 through 2.3.3, 2.2.0 through 2.2.2, and 2.3.0 through 2.3.3 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 283905...

2.6CVSS6.5AI score0.00261EPSS
Exploits0References2
Prion
Prion
•added 2024/03/03 10:15 a.m.•16 views

Server side request forgery (ssrf)

Server-Side Request Forgery SSRF vulnerability in Tunis Soft "Product Designer" productdesigner module for PrestaShop before version 1.178.36, allows remote attackers to cause a denial of service DoS and escalate privileges via the url parameter in the postProcess method...

7.6AI score0.00311EPSS
Exploits0References1
Prion
Prion
•added 2024/03/03 9:15 a.m.•15 views

Information disclosure

An issue was discovered in Webbax "Super Newsletter" supernewsletter module for PrestaShop versions 1.4.21 and before, allows local attackers to escalate privileges and obtain sensitive information...

7.1AI score0.00453EPSS
Exploits0References1
Prion
Prion
•added 2024/03/03 9:15 a.m.•15 views

Design/Logic Flaw

An issue was discovered in Presta World "Account Manager - Sales Representative & Dealers - CRM" prestasalesmanager module for PrestaShop before version 9.0, allows remote attackers to escalate privilege and obtain sensitive information via the uploadLogo and postProcess methods...

7.2AI score0.0055EPSS
Exploits0References1
Prion
Prion
•added 2024/03/03 9:15 a.m.•15 views

Sql injection

SQL Injection vulnerability in MyPrestaModules "Product Catalog CSV, Excel Import" simpleimportproduct modules for PrestaShop versions 6.5.0 and before, allows attackers to escalate privileges and obtain sensitive information via Send::construct and importProducts::addDataToDb methods...

8.2AI score0.00532EPSS
Exploits0References1
Prion
Prion
•added 2024/03/03 9:15 a.m.•18 views

Design/Logic Flaw

An issue was discovered in Tunis Soft "Product Designer" productdesigner module for PrestaShop before version 1.178.36, allows remote attackers to execute arbitrary code, escalate privileges, and obtain sensitive information via the postProcess method...

7.9AI score0.00934EPSS
Exploits0References1
Prion
Prion
•added 2024/03/03 8:15 a.m.•15 views

Cross site scripting

Cross Site Scripting XSS vulnerability in sourcecodester Simple Student Attendance System v1.0 allows attackers to execute arbitrary code via crafted GET request to web application URL...

6.7AI score0.0038EPSS
Exploits0References1
Prion
Prion
•added 2024/03/03 8:15 a.m.•16 views

Design/Logic Flaw

An issue was discovered in Common-Services "So Flexibilite" soflexibilite module for PrestaShop before version 4.1.26, allows remote attackers to escalate privileges and obtain sensitive information via debug file...

7.1AI score0.0055EPSS
Exploits0References1
Prion
Prion
•added 2024/03/03 8:15 a.m.•15 views

Path traversal

Path Traversal vulnerability in Tunis Soft "Product Designer" productdesigner module for PrestaShop before version 1.178.36, allows a remote attacker to escalate privileges and obtain sensitive information via the ajaxProcessCropImage method...

7AI score0.0072EPSS
Exploits0References1
Prion
Prion
•added 2024/03/03 4:15 a.m.•22 views

Code injection

IBM MQ and IBM MQ Appliance 9.0, 9.1, 9.2, 9.3 LTS and 9.3 CD could allow a remote unauthenticated attacker to cause a denial of service due to incorrect buffering logic. IBM X-Force ID: 281279...

5CVSS6.9AI score0.00849EPSS
Exploits0References2
Prion
Prion
•added 2024/03/03 3:15 a.m.•15 views

Cross site scripting

A vulnerability was found in Bdtask Hospita AutoManager up to 20240223 and classified as problematic. This issue affects some unknown processing of the file /hospitalactivities/birth/form of the component Hospital Activities Page. The manipulation of the argument Description with the input leads ...

3.3CVSS6.3AI score0.00543EPSS
Exploits1References3
Prion
Prion
•added 2024/03/03 1:15 a.m.•14 views

Cross site request forgery (csrf)

A vulnerability has been found in Bdtask Hospita AutoManager up to 20240223 and classified as problematic. This vulnerability affects unknown code of the file /investigation/delete/ of the component Investigation Report Handler. The manipulation leads to cross-site request forgery. The attack can...

5CVSS7AI score0.00372EPSS
Exploits1References3
Prion
Prion
•added 2024/03/03 12:15 a.m.•12 views

Cross site scripting

A vulnerability, which was classified as problematic, was found in Bdtask Isshue Multi Store eCommerce Shopping Cart Solution 4.0. This affects an unknown part of the file /dashboard/Cinvoice/manageinvoice of the component Manage Sale Page. The manipulation of the argument Title leads to cross si...

3.3CVSS6.4AI score0.00483EPSS
Exploits0References3
Prion
Prion
•added 2024/03/02 10:15 p.m.•20 views

Spoofing

In the Linux kernel, the following vulnerability has been resolved: btrfs: remove BUG after failure to insert delayed dir index item Instead of calling BUG when we fail to insert a delayed dir index item into the delayed node's tree, we can just release all the resources we have allocated/acquire...

7.3AI score0.00239EPSS
Exploits0References3
Prion
Prion
•added 2024/03/02 10:15 p.m.•20 views

Spoofing

In the Linux kernel, the following vulnerability has been resolved: vt: fix memory overlapping when deleting chars in the buffer A memory overlapping copy occurs when deleting a long line. This memory overlapping copy can cause data corruption when scrmemcpyw is optimized to memcpy because memcpy...

7.4AI score0.00278EPSS
Exploits0References4
Prion
Prion
•added 2024/03/02 10:15 p.m.•26 views

Design/Logic Flaw

In the Linux kernel, the following vulnerability has been resolved: mm/damon/vaddr-test: fix memory leak in damondotestapplythreeregions When CONFIGDAMONVADDRKUNITTEST=y and making CONFIGDEBUGKMEMLEAK=y and CONFIGDEBUGKMEMLEAKAUTOSCAN=y, the below memory leak is detected. Since commit 9f86d624292...

7.3AI score0.00253EPSS
Exploits0References3
Prion
Prion
•added 2024/03/02 10:15 p.m.•13 views

Cross site scripting

Cross Site Scripting XSS vulnerability in hexo-theme-anzhiyu v1.6.12, allows remote attackers to execute arbitrary code via the algolia search function...

6.8AI score0.00534EPSS
Exploits1References1
Prion
Prion
•added 2024/03/02 10:15 p.m.•20 views

Spoofing

In the Linux kernel, the following vulnerability has been resolved: cifs: Fix UAF in cifsdemultiplexthread There is a UAF when xfstests on cifs: BUG: KASAN: use-after-free in smb2isnetworknamedeleted+0x27/0x160 Read of size 4 at addr ffff88810103fc08 by task cifsd/923 CPU: 1 PID: 923 Comm: cifsd...

7.3AI score0.00225EPSS
Exploits0References3
Prion
Prion
•added 2024/03/02 10:15 p.m.•26 views

Spoofing

In the Linux kernel, the following vulnerability has been resolved: arm64: dts: qcom: sdm845-db845c: Mark cont splash memory region as reserved Adding a reserved memory region for the framebuffer memory the splash memory region set up by the bootloader. It fixes a kernel panic arm-smmu: Unhandled...

7.3AI score0.00225EPSS
Exploits0References3
Prion
Prion
•added 2024/03/02 10:15 p.m.•12 views

Open redirect

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority...

6.8AI score
Exploits0
Prion
Prion
•added 2024/03/02 10:15 p.m.•16 views

Spoofing

In the Linux kernel, the following vulnerability has been resolved: drm/meson: fix memory leak on -hpdnotify callback The EDID returned by drmbridgegetedid needs to be freed...

7.3AI score0.00222EPSS
Exploits0References4
Prion
Prion
•added 2024/03/02 10:15 p.m.•9 views

Cross site scripting

Cross-site Scripting XSS - DOM in GitHub repository langchain-ai/chat-langchain prior to 0.0.0...

4.6CVSS6.4AI score
Exploits0References2
Prion
Prion
•added 2024/03/02 10:15 p.m.•25 views

Spoofing

In the Linux kernel, the following vulnerability has been resolved: ieee802154: ca8210: Fix a potential UAF in ca8210probe If ofclkaddprovider fails in ca8210registerextclock, it calls clkunregister to release priv-clk and returns an error. However, the caller ca8210probe then calls ca8210remove,...

7.6AI score0.00242EPSS
Exploits0References8
Prion
Prion
•added 2024/03/02 10:15 p.m.•11 views

Authentication flaw

If an attacked was given access to an instance with the admin or manager role there is no backend authentication that would prevent the attacked from creating a new user with an admin role and then be able to use this new account to have elevated privileges on the instance...

5.8CVSS7.3AI score0.00945EPSS
Exploits1References2
Prion
Prion
•added 2024/03/02 10:15 p.m.•24 views

Spoofing

In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: fix potential key use-after-free When ieee80211keylink is called by ieee80211gtkrekeyadd but returns 0 due to KRACK protection identical key reinstall, ieee80211gtkrekeyadd will still return a pointer into the key...

7.5AI score0.00233EPSS
Exploits0References3
Prion
Prion
•added 2024/03/02 10:15 p.m.•20 views

Design/Logic Flaw

In the Linux kernel, the following vulnerability has been resolved: pinctrl: nuvoton: wpcm450: fix out of bounds write Write into 'pctrl-gpiobank' happens before the check for GPIO index validity, so out of bounds write may happen. Found by Linux Verification Center linuxtesting.org with SVACE...

7.5AI score0.00222EPSS
Exploits0References3
Prion
Prion
•added 2024/03/02 10:15 p.m.•41 views

Memory corruption

In the Linux kernel, the following vulnerability has been resolved: wifi: iwlwifi: mvm: Fix a memory corruption issue A few lines above, space is kzalloc'ed for: sizeofstruct iwlnvmdata + sizeofstruct ieee80211channel + sizeofstruct ieee80211rate 'mvm-nvmdata' is a 'struct iwlnvmdata', so it is...

7.5AI score0.00237EPSS
Exploits0References4
Prion
Prion
•added 2024/03/02 10:15 p.m.•18 views

Spoofing

In the Linux kernel, the following vulnerability has been resolved: LoongArch: Set all reserved memblocks on Node0 at initialization After commit 61167ad5fecdea "mm: pass nid to reservebootmemregion" we get a panic if DEFERREDSTRUCTPAGEINIT is enabled: 0.000000 CPU 0 Unable to handle kernel pagin...

7.2AI score0.00222EPSS
Exploits0References3
Prion
Prion
•added 2024/03/02 10:15 p.m.•25 views

Design/Logic Flaw

In the Linux kernel, the following vulnerability has been resolved: x86/alternatives: Disable KASAN in applyalternatives Fei has reported that KASAN triggers during applyalternatives on a 5-level paging machine: BUG: KASAN: out-of-bounds in rcuiswatching Read of size 4 at addr ff110003ee6419a0 by...

7.3AI score0.00275EPSS
Exploits0References7
Total number of security vulnerabilities213680