Lucene search
K

213680 matches found

Prion
Prion
added 2024/02/29 8:15 p.m.34 views

Null pointer dereference

D-Link DIR-823G A1V1.0.2B05 was discovered to contain Null-pointer dereferences in sub4484A8. This vulnerability allows attackers to cause a Denial of Service DoS via a crafted input...

7AI score0.00644EPSS
Exploits1References1
Prion
Prion
added 2024/02/29 8:15 p.m.15 views

Null pointer dereference

D-Link DIR-823G A1V1.0.2B05 was discovered to contain Null-pointer dereferences in sub42AF30. This vulnerability allows attackers to cause a Denial of Service DoS via a crafted input...

7.5AI score0.00644EPSS
Exploits1References1
Prion
Prion
added 2024/02/29 8:15 p.m.23 views

Null pointer dereference

D-Link DIR-823G A1V1.0.2B05 was discovered to contain Null-pointer dereferences in sub4484A8. This vulnerability allows attackers to cause a Denial of Service DoS via a crafted input...

7.5AI score0.00427EPSS
Exploits1References1
Prion
Prion
added 2024/02/29 6:15 p.m.32 views

Privilege escalation

The vulnerability, if exploited, could allow a malicious entity with access to the file system to achieve arbitrary code execution and privilege escalation by tricking AVEVA Edge to load an unsafe DLL...

4.1CVSS7.6AI score0.00193EPSS
Exploits0References2
Prion
Prion
added 2024/02/29 6:15 p.m.25 views

Cross site request forgery (csrf)

An issue discovered in pdfmake 0.2.9 allows remote attackers to run arbitrary code via crafted POST request to the path '/pdf'...

7.5AI score0.01024EPSS
Exploits2References1
Prion
Prion
added 2024/02/29 5:15 p.m.15 views

Design/Logic Flaw

Acrobat Reader versions 20.005.30539, 23.008.20470 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file...

4.4CVSS7.8AI score0.00562EPSS
Exploits0References1
Prion
Prion
added 2024/02/29 3:15 p.m.18 views

Design/Logic Flaw

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Wake DMCUB before sending a command Why We can hang in place trying to send commands when the DMCUB isn't powered on. How For functions that execute within a DC context or DC lock we can wrap the direct calls to...

7.7AI score0.00214EPSS
Exploits0References2
Prion
Prion
added 2024/02/29 2:15 p.m.18 views

Cross site scripting

A Cross-Site Scripting vulnerability in Cockpit CMS affecting version 2.7.0. This vulnerability could allow an authenticated user to upload an infected PDF file and store a malicious JavaScript payload to be executed when the file is uploaded...

6CVSS6.5AI score0.00323EPSS
Exploits0References1
Prion
Prion
added 2024/02/29 1:15 p.m.16 views

Input validation

Enabling Simple Ajax Uploader plugin included in Laragon open-source software allows for a remote code execution RCE attack via an improper input validation in a fileupload.php file which serves as an example. By default, Laragon is not vulnerable until a user decides to use the aforementioned...

8.1AI score0.01366EPSS
Exploits0References3
Prion
Prion
added 2024/02/29 12:15 p.m.18 views

Null pointer dereference

In the Linux kernel, the following vulnerability has been resolved: drm/bridge: sii902x: Fix probing race issue A null pointer dereference crash has been observed rarely on TI platforms using sii9022 bridge: 53.271356 sii902xgetedid+0x34/0x70 sii902x 53.276066 sii902xbridgegetedid+0x14/0x20 sii90...

7AI score0.00232EPSS
Exploits0References4
Prion
Prion
added 2024/02/29 11:15 a.m.16 views

Race condition

A race condition in Mattermost versions 8.1.x before 8.1.9, and 9.4.x before 9.4.2 allows an authenticated attacker to gain unauthorized access to individual posts' contents via carefully timed post creation while another user deletes posts...

2.1CVSS7.3AI score0.00266EPSS
Exploits0References1
Prion
Prion
added 2024/02/29 11:15 a.m.12 views

Code injection

Mattermost version 8.1.x before 8.1.9 fails to sanitize data associated with permalinks when a plugin updates an ephemeral post, allowing an authenticated attacker who can control the ephemeral post update to access individual posts' contents in channels they are not a member of...

2.1CVSS7.1AI score0.00367EPSS
Exploits0References1
Prion
Prion
added 2024/02/29 11:15 a.m.22 views

Security feature bypass

Apache Airflow, versions before 2.8.2, has a vulnerability that allows authenticated users to view DAG code and import errors of DAGs they do not have permission to view through the API and the UI. Users of Apache Airflow are recommended to upgrade to version 2.8.2 or newer to mitigate the risk...

7AI score0.00343EPSS
Exploits0References4
Prion
Prion
added 2024/02/29 11:15 a.m.17 views

Cross site request forgery (csrf)

Mattermost versions 8.1.x before 8.1.9, 9.2.x before 9.2.5, 9.3.0, and 9.4.x before 9.4.2 fail to limit the number of role names requested from the API, allowing an authenticated attacker to cause the server to run out of memory and crash by issuing an unusually large HTTP request...

4CVSS7.1AI score0.00508EPSS
Exploits0References1
Prion
Prion
added 2024/02/29 11:15 a.m.11 views

Design/Logic Flaw

Mattermost versions 8.1.x before 8.1.9, 9.2.x before 9.2.5, and 9.3.0 fail to sanitize the metadata on posts containing permalinks under specific conditions, which allows an authenticated attacker to access the contents of individual posts in channels they are not a member of...

4CVSS7AI score0.0036EPSS
Exploits0References1
Prion
Prion
added 2024/02/29 10:15 a.m.19 views

Security feature bypass

Kaspersky has fixed a security issue in the Kaspersky Security 8.0 for Linux Mail Server. The issue was that an attacker could potentially force an administrator to click on a malicious link to perform unauthorized actions...

5.8CVSS7.3AI score0.00379EPSS
Exploits0References1
Prion
Prion
added 2024/02/29 9:15 a.m.12 views

Denial of service

Mattermost fails to check the "inviteguest" permission when inviting guests of other teams to a team, allowing a member with permissions to add other members but not to add guests to add a guest to a team as long as the guest was already a guest in another team of the server...

4CVSS7.2AI score0.00331EPSS
Exploits0References1
Prion
Prion
added 2024/02/29 8:15 a.m.11 views

Code injection

Mattermost fails to properly authorize the requests fetching team associated AD/LDAP groups, allowing a user to fetch details of AD/LDAP groups of a team that they are not a member of...

4CVSS7.3AI score0.00389EPSS
Exploits0References1
Prion
Prion
added 2024/02/29 8:15 a.m.11 views

Code injection

Mattermost fails to properly validate the length of the emoji value in the custom user status, allowing an attacker to send multiple times a very long string as an emoji value causing high resource consumption and possibly crashing the server...

4CVSS7.3AI score0.0068EPSS
Exploits0References1
Prion
Prion
added 2024/02/29 8:15 a.m.10 views

Design/Logic Flaw

Mattermost fails to check if compliance export is enabled when fetching posts of public channels allowing a user that is not a member of the public channel to fetch the posts, which will not be audited in the compliance export...

4CVSS7.2AI score0.00331EPSS
Exploits0References1
Prion
Prion
added 2024/02/29 8:15 a.m.13 views

Code injection

Mattermost fails to properly restrict the access of files attached to posts in an archived channel, resulting in members being able to access files of archived channels even if the “Allow users to view archived channels” option is disabled...

2.1CVSS7.2AI score0.00314EPSS
Exploits0References1
Prion
Prion
added 2024/02/29 7:15 a.m.32 views

Sql injection

The Migration, Backup, Staging – WPvivid plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the getrestoreprogress and restore functions in all versions up to, and including, 0.9.68. This makes it possible for unauthenticated attackers to exploit a SQL...

6.4CVSS6.6AI score0.00832EPSS
Exploits1References3
Prion
Prion
added 2024/02/29 7:15 a.m.32 views

Sql injection

The Migration, Backup, Staging – WPvivid plugin for WordPress is vulnerable to SQL Injection via the 'tableprefix' parameter in version 0.9.68 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for...

7.5CVSS9.6AI score0.01075EPSS
Exploits1References3
Prion
Prion
added 2024/02/29 7:15 a.m.18 views

Cross site scripting

Cross-site scripting XSS vulnerability in RenderTune v1.1.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Upload Title parameter...

6.1AI score0.01485EPSS
Exploits2References1
Prion
Prion
added 2024/02/29 7:15 a.m.23 views

Cross site scripting

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Savvy Wordpress Development MyWaze allows Stored XSS.This issue affects MyWaze: from n/a through 1.6...

6CVSS6.6AI score0.00317EPSS
Exploits0References1
Prion
Prion
added 2024/02/29 7:15 a.m.21 views

Code injection

Deskfiler v1.2.3 allows attackers to execute arbitrary code via uploading a crafted plugin...

7.8AI score0.01598EPSS
Exploits2References1
Prion
Prion
added 2024/02/29 7:15 a.m.33 views

Server side request forgery (ssrf)

The Friends plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 2.8.5 via the discoveravailablefeeds function. This makes it possible for authenticated attackers, with administrator-level access and above, to make web requests to arbitrary...

4.7CVSS5.3AI score0.00459EPSS
Exploits0References3
Prion
Prion
added 2024/02/29 6:15 a.m.30 views

Cross site scripting

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Melapress WP Activity Log allows Stored XSS.This issue affects WP Activity Log: from n/a through 4.6.1...

6.8CVSS7AI score0.00331EPSS
Exploits0References1
Prion
Prion
added 2024/02/29 6:15 a.m.23 views

Spoofing

In the Linux kernel, the following vulnerability has been resolved: arm64: errata: Add Cortex-A520 speculative unprivileged load workaround Implement the workaround for ARM Cortex-A520 erratum 2966298. On an affected Cortex-A520 core, a speculatively executed unprivileged load might leak data fro...

6.9AI score0.00602EPSS
Exploits0References3
Prion
Prion
added 2024/02/29 6:15 a.m.27 views

Cross site request forgery (csrf)

The Marketing Optimizer plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 20200925. This is due to missing or incorrect nonce validation via the admin/main-settings-page.php file. This makes it possible for unauthenticated attackers to update t...

4.3CVSS4.3AI score0.00202EPSS
Exploits0References2
Prion
Prion
added 2024/02/29 6:15 a.m.16 views

Cross site scripting

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in José Fernandez Adsmonetizer allows Reflected XSS.This issue affects Adsmonetizer: from n/a through 3.1.2...

6.8CVSS6.9AI score0.00351EPSS
Exploits0References1
Prion
Prion
added 2024/02/29 6:15 a.m.23 views

Code injection

An issue in EpointWebBuilder 5.1.0-sp1, 5.2.1-sp1, 5.4.1 and 5.4.2 allows a remote attacker to execute arbitrary code via the infoid parameter of the URL...

7.9AI score0.01092EPSS
Exploits0References1
Prion
Prion
added 2024/02/29 6:15 a.m.21 views

Cross site scripting

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Jordy Meow Media Alt Renamer allows Stored XSS.This issue affects Media Alt Renamer: from n/a through 0.0.1...

5.4CVSS5.7AI score0.00336EPSS
Exploits0References1
Prion
Prion
added 2024/02/29 6:15 a.m.28 views

Cross site scripting

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Honeywell MPA2 Access Panel Web server modules allows XSS Using Invalid Characters.This issue affects MPA2 Access Panel all version prior to R1.00.08.05. Honeywell released firmware update package...

5.8CVSS7.7AI score0.00372EPSS
Exploits0References2
Prion
Prion
added 2024/02/29 6:15 a.m.33 views

Cross site scripting

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Shopfiles Ltd Ebook Store allows Stored XSS.This issue affects Ebook Store: from n/a through 5.788...

5.4CVSS5.7AI score0.00336EPSS
Exploits0References1
Prion
Prion
added 2024/02/29 6:15 a.m.28 views

Stack overflow

In the Linux kernel, the following vulnerability has been resolved: x86/srso: Add SRSO mitigation for Hygon processors Add mitigation for the speculative return stack overflow vulnerability which exists on Hygon processors too...

7.3AI score0.00257EPSS
Exploits0References4
Prion
Prion
added 2024/02/29 6:15 a.m.29 views

Authorization

Missing Authorization vulnerability in Perfmatters.This issue affects Perfmatters: from n/a through 2.1.6...

5.5CVSS5.5AI score0.00408EPSS
Exploits0References1
Prion
Prion
added 2024/02/29 6:15 a.m.25 views

Unrestricted file upload

Unrestricted Upload of File with Dangerous Type vulnerability in Mollie Mollie Payments for WooCommerce.This issue affects Mollie Payments for WooCommerce: from n/a through 7.3.11...

5.8CVSS9.2AI score0.00603EPSS
Exploits0References1
Prion
Prion
added 2024/02/29 6:15 a.m.22 views

Design/Logic Flaw

In the Linux kernel, the following vulnerability has been resolved: HID: logitech-hidpp: Fix kernel crash on receiver USB disconnect hidppconnectevent has four time-of-check vs time-of-use TOCTOU races when it races with itself. hidppconnectevent primarily runs from a workqueue but it also runs o...

6.8AI score0.00171EPSS
Exploits0References8
Prion
Prion
added 2024/02/29 6:15 a.m.28 views

Design/Logic Flaw

In the Linux kernel, the following vulnerability has been resolved: mctp: perform route lookups under a RCU read-side lock Our current route lookups mctproutelookup and mctproutelookupnull traverse the net's route list without the RCU read lock held. This means the route lookup is subject to...

6.6AI score0.00231EPSS
Exploits0References4
Prion
Prion
added 2024/02/29 6:15 a.m.21 views

Spoofing

In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix uaf in smb20oplockbreakack drop reference after use opinfo...

6.7AI score0.00233EPSS
Exploits0References4
Prion
Prion
added 2024/02/29 6:15 a.m.20 views

Spoofing

In the Linux kernel, the following vulnerability has been resolved: Input: powermate - fix use-after-free in powermateconfigcomplete syzbot has found a use-after-free bug 1 in the powermate driver. This happens when the device is disconnected, which leads to a memory free from the powermatedevice...

6.8AI score0.00243EPSS
Exploits0References8
Prion
Prion
added 2024/02/29 6:15 a.m.17 views

Race condition

In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix race condition between session lookup and expire Thread A + Thread B ksmbdsessionlookup | smb2sesssetup sess = xaload | | | xaerase&conn-sessions, sess-id; | | ksmbdsessiondestroysess -- kfreesess | // UAF! |...

6.7AI score0.0018EPSS
Exploits0References4
Prion
Prion
added 2024/02/29 6:15 a.m.23 views

Cross site scripting

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Paul Jura & Nicolas Montigny PJ News Ticker allows Stored XSS.This issue affects PJ News Ticker: from n/a through 1.9.5...

6CVSS6.6AI score0.0031EPSS
Exploits0References1
Prion
Prion
added 2024/02/29 6:15 a.m.24 views

Cross site scripting

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Pascal Bajorat PB oEmbed HTML5 Audio – with Cache Support allows Stored XSS.This issue affects PB oEmbed HTML5 Audio – with Cache Support: from n/a through 2.6...

6CVSS6.6AI score0.0031EPSS
Exploits0References1
Prion
Prion
added 2024/02/29 6:15 a.m.21 views

Cross site scripting

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Milan Petrovic GD Rating System allows Stored XSS.This issue affects GD Rating System: from n/a through 3.5...

6.8CVSS6.8AI score0.00398EPSS
Exploits0References1
Prion
Prion
added 2024/02/29 6:15 a.m.24 views

Cross site request forgery (csrf)

Cross-Site Request Forgery CSRF vulnerability in Ernest Marcinko Ajax Search Lite allows Reflected XSS.This issue affects Ajax Search Lite: from n/a through 4.11.4...

6.8CVSS6.8AI score0.00199EPSS
Exploits0References1
Prion
Prion
added 2024/02/29 6:15 a.m.26 views

Spoofing

In the Linux kernel, the following vulnerability has been resolved: perf/x86/lbr: Filter vsyscall addresses We found that a panic can occur when a vsyscall is made while LBR sampling is active. If the vsyscall is interrupted NMI for perf sampling, this call sequence can occur most recent at top:...

6.5AI score0.00228EPSS
Exploits0References4
Prion
Prion
added 2024/02/29 6:15 a.m.24 views

Design/Logic Flaw

In the Linux kernel, the following vulnerability has been resolved: iommu/arm-smmu-v3: Fix soft lockup triggered by armsmmumminvalidaterange When running an SVA case, the following soft lockup is triggered: -------------------------------------------------------------------- watchdog: BUG: soft...

6.9AI score0.00173EPSS
Exploits0References4
Prion
Prion
added 2024/02/29 6:15 a.m.26 views

Cross site scripting

The Restaurant Solutions – Checklist plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Checklist points in version 1.0.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access, to inje...

3.2CVSS4.4AI score0.0042EPSS
Exploits1References2
Total number of security vulnerabilities213680