Lucene search
K

213680 matches found

Prion
Prion
added 2024/03/15 12:17 a.m.46 views

Improper access control

Broken access control in the component /admin/management/users of School Fees Management System v1.0 allows attackers to escalate privileges and perform Administrative actions, including adding and deleting user accounts...

7.6AI score0.00842EPSS
Exploits1References2
Prion
Prion
added 2024/03/15 12:17 a.m.40 views

Cross site scripting

A cross-site scripting XSS vulnerability in the component /management/class of School Fees Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the name parameter...

6.1AI score0.00574EPSS
Exploits1References2
Prion
Prion
added 2024/03/15 12:17 a.m.43 views

Authorization

A directory listing vulnerability in Best Student Result Management System v1.0 allows attackers to list directories and sensitive files within the application without requiring authorization...

7.2AI score0.00745EPSS
Exploits1References2
Prion
Prion
added 2024/03/15 12:17 a.m.44 views

Cross site scripting

A cross-site scripting XSS vulnerability in the component /management/settings of School Fees Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the name parameter...

6.1AI score0.00483EPSS
Exploits1References2
Prion
Prion
added 2024/03/15 12:17 a.m.35 views

Authorization

A directory listing vulnerability in Customer Support System v1 allows attackers to list directories and sensitive files within the application without requiring authorization...

7.2AI score0.00745EPSS
Exploits1References2
Prion
Prion
added 2024/03/15 12:17 a.m.45 views

Improper access control

Incorrect access control in Customer Support System v1 allows non-administrator users to access administrative pages and execute actions reserved for administrators...

7.6AI score0.00835EPSS
Exploits1References2
Prion
Prion
added 2024/03/14 11:51 p.m.43 views

Sql injection

SQL injection vulnerability in Vanderbilt REDCap before v.13.8.0 allows a remote attacker to obtain sensitive information via the password reset mechanism in MyCapMobileApp/update.php...

8.1AI score0.00952EPSS
Exploits1References2
Prion
Prion
added 2024/03/14 11:45 p.m.49 views

Input validation

IBM Cloud Pak for Automation 18.0.0, 18.0.1, 18.0.2, 19.0.1, 19.0.2, 19.0.3, 20.0.1, 20.0.2, 20.0.3, 21.0.1, 21.0.2, 21.0.3, 22.0.1, and 22.0.2 is potentially vulnerable to CSV Injection. A remote attacker could execute arbitrary commands on the system, caused by improper validation of csv file...

7.6AI score0.00644EPSS
Exploits0References2Affected Software1
Prion
Prion
added 2024/03/14 10:54 p.m.35 views

CVE-2024-28746

RESERVED This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided...

7.2AI score0.01332EPSS
Exploits0
Prion
Prion
added 2024/03/14 10:54 p.m.23 views

CVE-2024-28323

RESERVED This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided...

7.3AI score0.00411EPSS
Exploits1
Prion
Prion
added 2024/03/14 10:54 p.m.38 views

CVE-2024-28251

RESERVED This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided...

5.1CVSS7.3AI score0.00239EPSS
Exploits0
Prion
Prion
added 2024/03/14 10:54 p.m.35 views

CVE-2024-28418

RESERVED This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided...

7.3AI score0.0044EPSS
Exploits1
Prion
Prion
added 2024/03/14 10:54 p.m.32 views

CVE-2024-28417

RESERVED This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided...

7.3AI score0.00347EPSS
Exploits1
Prion
Prion
added 2024/03/14 10:54 p.m.20 views

CVE-2024-28383

RESERVED This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided...

7.3AI score0.00818EPSS
Exploits1
Prion
Prion
added 2024/03/14 10:53 p.m.77 views

Design/Logic Flaw

The Apollo Router is a graph router written in Rust to run a federated supergraph that uses Apollo Federation. Versions 0.9.5 until 1.40.2 are subject to a Denial-of-Service DoS type vulnerability. When receiving compressed HTTP payloads, affected versions of the Router evaluate the...

7.1AI score0.0077EPSS
Exploits0References2Affected Software1
Prion
Prion
added 2024/03/14 10:53 p.m.32 views

Out-of-bounds

Wasmi is an efficient and lightweight WebAssembly interpreter with a focus on constrained and embedded systems. In the WASMI Interpreter, an Out-of-bounds Buffer Write will arise if the host calls or resumes a Wasm function with more parameters than the default limit 128, as it will surpass the...

7.1AI score0.00798EPSS
Exploits0References3Affected Software1
Prion
Prion
added 2024/03/14 10:53 p.m.41 views

CVE-2024-27986

RESERVED This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided...

6CVSS7.3AI score0.00333EPSS
Exploits0
Prion
Prion
added 2024/03/14 10:53 p.m.50 views

Code injection

JWCrypto implements JWK, JWS, and JWE specifications using python-cryptography. Prior to version 1.5.6, an attacker can cause a denial of service attack by passing in a malicious JWE Token with a high compression ratio. When the server processes this token, it will consume a lot of memory and...

6.9AI score0.0098EPSS
Exploits1References2Affected Software1
Prion
Prion
added 2024/03/14 10:53 p.m.34 views

Cross site scripting

Deno is a JavaScript, TypeScript, and WebAssembly runtime. Starting in version 1.35.1 and prior to version 1.36.3, a vulnerability in Deno's Node.js compatibility runtime allows for cross-session data contamination during simultaneous asynchronous reads from Node.js streams sourced from sockets o...

7.3AI score0.00722EPSS
Exploits1References3Affected Software1
Prion
Prion
added 2024/03/14 10:53 p.m.49 views

Design/Logic Flaw

Deno is a JavaScript, TypeScript, and WebAssembly runtime with secure defaults. Starting in version 1.32.1 and prior to version 1.41 of the denoruntime library, maliciously crafted permission request can show the spoofed permission prompt by inserting a broken ANSI escape sequence into the reques...

7AI score0.00943EPSS
Exploits1References3Affected Software1
Prion
Prion
added 2024/03/14 10:53 p.m.34 views

Design/Logic Flaw

Deno is a JavaScript, TypeScript, and WebAssembly runtime. Starting in version 1.36.2 and prior to version 1.40.3, use of inherently unsafe const cvoid and ExternalPointer leads to use-after-free access of the underlying structure, resulting in arbitrary code execution. Use of inherently unsafe...

8.2AI score0.00392EPSS
Exploits1References1Affected Software1
Prion
Prion
added 2024/03/14 10:53 p.m.34 views

Design/Logic Flaw

Deno is a JavaScript, TypeScript, and WebAssembly runtime. In version 1.39.0, use of raw file descriptors in opnodeipcpipe leads to premature close of arbitrary file descriptors, allowing standard input to be re-opened as a different resource resulting in permission prompt bypass. Node childproce...

7.9AI score0.02276EPSS
Exploits1References10Affected Software1
Prion
Prion
added 2024/03/14 10:53 p.m.42 views

Design/Logic Flaw

RSSHub is an open source RSS feed generator. Starting in version 1.0.0-master.cbbd829 and prior to version 1.0.0-master.d8ca915, ahen the specially crafted image is supplied to the internal media proxy, it proxies the image without handling XSS vulnerabilities, allowing for the execution of...

6.4AI score0.00521EPSS
Exploits0References2Affected Software1
Prion
Prion
added 2024/03/14 10:53 p.m.36 views

Design/Logic Flaw

Deno is a JavaScript, TypeScript, and WebAssembly runtime. Starting in version 1.8.0 and prior to version 1.40.4, Deno improperly checks that an import specifier's hostname is equal to or a child of a token's hostname, which can cause tokens to be sent to servers they shouldn't be sent to. An aut...

7.1AI score0.00594EPSS
Exploits1References3Affected Software1
Prion
Prion
added 2024/03/14 10:53 p.m.39 views

Authentication flaw

Coder allows oragnizations to provision remote development environments via Terraform. Prior to versions 2.6.1, 2.7.3, and 2.8.4, a vulnerability in Coder's OIDC authentication could allow an attacker to bypass the CODEROIDCEMAILDOMAIN verification and create an account with an email not in the...

7.3AI score0.00965EPSS
Exploits0References5Affected Software1
Prion
Prion
added 2024/03/14 10:53 p.m.58 views

Design/Logic Flaw

RSSHub is an open source RSS feed generator. Prior to version 1.0.0-master.a429472, RSSHub allows remote attackers to use the server as a proxy to send HTTP GET requests to arbitrary targets and retrieve information in the internal network or conduct Denial-of-Service DoS attacks. The attacker ca...

6.9AI score0.01044EPSS
Exploits1References6Affected Software1
Prion
Prion
added 2024/03/14 10:53 p.m.35 views

Design/Logic Flaw

Minder is a software supply chain security platform. Prior to version 0.0.33, a Minder user can use the endpoints GetRepositoryByName, DeleteRepositoryByName, and GetArtifactByName to access any repository in the database, irrespective of who owns the repo and any permissions present. The databas...

6.8AI score0.00666EPSS
Exploits1References4Affected Software1
Prion
Prion
added 2024/03/14 10:53 p.m.40 views

Input validation

Grav is a content management system CMS. Prior to version 1.7.43, users who may write a page may use the frontmatter feature due to insufficient permission validation and inadequate file name validation. This may lead to remote code execution. Version 1.7.43 fixes this issue...

7.9AI score0.01357EPSS
Exploits1References2Affected Software1
Prion
Prion
added 2024/03/14 10:53 p.m.49 views

Code injection

TOMP Bare Server implements the TompHTTP bare server. A vulnerability in versions prior to 2.0.2 relates to insecure handling of HTTP requests by the @tomphttp/bare-server-node package. This flaw potentially exposes the users of the package to manipulation of their web traffic. The impact may var...

7AI score0.00823EPSS
Exploits0References1Affected Software1
Prion
Prion
added 2024/03/14 10:53 p.m.32 views

Cross site scripting

A Reflected Cross-Site Scripting XSS vulnerability has been identified in Dotclear version 2.29. The flaw exists within the Search functionality of the Admin Panel...

6.1AI score0.00429EPSS
Exploits0References1
Prion
Prion
added 2024/03/14 10:52 p.m.33 views

CVE-2024-25650

RESERVED This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided...

7.3AI score0.0025EPSS
Exploits0
Prion
Prion
added 2024/03/14 10:52 p.m.29 views

CVE-2024-25651

RESERVED This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided...

7.3AI score0.00476EPSS
Exploits0
Prion
Prion
added 2024/03/14 10:52 p.m.30 views

CVE-2024-25649

RESERVED This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided...

7.3AI score0.00076EPSS
Exploits0
Prion
Prion
added 2024/03/14 10:52 p.m.35 views

Design/Logic Flaw

An issue in zuoxingdong lagom v.0.1.2 allows a local attacker to execute arbitrary code via the pickleload function of the serialize.py file...

8AI score0.00306EPSS
Exploits0References1
Prion
Prion
added 2024/03/14 10:52 p.m.27 views

CVE-2024-25228

RESERVED This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided...

7.2AI score0.25887EPSS
Exploits2
Prion
Prion
added 2024/03/14 10:51 p.m.40 views

Default credentials

EspoCRM is an Open Source Customer Relationship Management software. An attacker can inject arbitrary IP or domain in "Password Change" page and redirect victim to malicious page that could lead to credential stealing or another attack. This vulnerability is fixed in 8.1.2...

7.3AI score0.00615EPSS
Exploits1References2Affected Software1
Prion
Prion
added 2024/03/14 10:51 p.m.31 views

Sql injection

SQL Injection vulnerability in crmebjava before v1.3.4 allows attackers to run arbitrary SQL commands via crafted GET request to the component /api/front/spread/people...

8.9AI score0.00613EPSS
Exploits1References1
Prion
Prion
added 2024/03/14 10:49 p.m.31 views

Information disclosure

IBM InfoSphere Information Server 11.7 stores potentially sensitive information in log files that could be read by a local user. IBM X-Force ID: 280361...

5.7AI score0.00495EPSS
Exploits0References2Affected Software1
Prion
Prion
added 2024/03/14 10:47 p.m.20 views

Design/Logic Flaw

The Artica Proxy administrative web application will deserialize arbitrary PHP objects supplied by unauthenticated users and subsequently enable code execution as the "www-data" user. This issue was demonstrated on version 4.50 of the The Artica-Proxy administrative web application attempts to...

7.9AI score0.44579EPSS
Exploits4References2Affected Software1
Prion
Prion
added 2024/03/14 10:47 p.m.36 views

Code injection

The Artica-Proxy administrative web application will deserialize arbitrary PHP objects supplied by unauthenticated users and subsequently enable code execution as the "www-data" user...

8.1AI score0.8126EPSS
Exploits9References2Affected Software1
Prion
Prion
added 2024/03/14 10:46 p.m.15 views

CVE-2024-1654

RESERVED This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided...

5.8CVSS7.3AI score0.01308EPSS
Exploits0
Prion
Prion
added 2024/03/14 10:46 p.m.35 views

CVE-2024-1222

RESERVED This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided...

7.5CVSS7.5AI score0.63984EPSS
Exploits0
Prion
Prion
added 2024/03/14 10:46 p.m.30 views

CVE-2024-1223

RESERVED This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided...

4CVSS7.5AI score0.00445EPSS
Exploits0
Prion
Prion
added 2024/03/14 10:46 p.m.27 views

CVE-2024-1221

RESERVED This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided...

2.1CVSS7.5AI score0.00546EPSS
Exploits0
Prion
Prion
added 2024/03/14 10:46 p.m.25 views

Authentication flaw

UNSUPPPORTED WHEN ASSIGNED Authentication Bypass by Primary Weakness vulnerability in XPodas Octopod allows Authentication Bypass.This issue affects Octopod: before v1. NOTE: The vendor was contacted and it was learned that the product is not supported...

7.4AI score0.00894EPSS
Exploits0References1Affected Software1
Prion
Prion
added 2024/03/14 10:45 p.m.27 views

CVE-2024-1176

RESERVED This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided...

5CVSS7.5AI score0.00611EPSS
Exploits0
Prion
Prion
added 2024/03/14 10:45 p.m.27 views

Path traversal

Path Traversal in Sonatype IQ Server from version 143 allows remote authenticated attackers to overwrite or delete files via a specially crafted request. Version 171 fixes this issue...

7AI score0.00714EPSS
Exploits0References1Affected Software1
Prion
Prion
added 2024/03/14 4:15 a.m.15 views

Server side request forgery (ssrf)

This is a Server-Side Request Forgery SSRF vulnerability in the PaperCut NG/MF server-side module that allows an attacker to induce the server-side application to make HTTP requests to an arbitrary domain of the attacker's choosing...

6.4CVSS7.2AI score0.37934EPSS
Exploits0References1
Prion
Prion
added 2024/03/14 4:15 a.m.23 views

Remote code execution

This vulnerability allows an already authenticated admin user to create a malicious payload that could be leveraged for remote code execution on the server hosting the PaperCut NG/MF application server...

5.8CVSS7.8AI score0.01411EPSS
Exploits0References1
Prion
Prion
added 2024/03/14 4:15 a.m.16 views

Integer overflow

An Integer-based buffer overflow vulnerability in the SonicOS via IPSec allows a remote attacker in specific conditions to cause Denial of Service DoS and potentially execute arbitrary code by sending a specially crafted IKEv2 payload...

8.5AI score0.01122EPSS
Exploits0References1
Total number of security vulnerabilities213680