Lucene search
K

213680 matches found

Prion
Prion
•added 2024/02/29 6:15 a.m.•20 views

Null pointer dereference

In the Linux kernel, the following vulnerability has been resolved: usb: hub: Guard against accesses to uninitialized BOS descriptors Many functions in drivers/usb/core/hub.c and drivers/usb/core/hub.h access fields inside udev-bos without checking if it was allocated and initialized. If...

6.5AI score0.00231EPSS
Exploits0References8
Prion
Prion
•added 2024/02/29 5:15 a.m.•18 views

Cross site request forgery (csrf)

Cross-Site Request Forgery CSRF vulnerability in GS Plugins Logo Slider – Logo Showcase, Logo Carousel, Logo Gallery and Client Logo Presentation.This issue affects Logo Slider – Logo Showcase, Logo Carousel, Logo Gallery and Client Logo Presentation: from n/a through 3.5.1...

4.3CVSS7.2AI score0.00241EPSS
Exploits0References1
Prion
Prion
•added 2024/02/29 5:15 a.m.•23 views

Cross site request forgery (csrf)

Cross-Site Request Forgery CSRF vulnerability in Senol Sahin AI Power: Complete AI Pack – Powered by GPT-4.This issue affects AI Power: Complete AI Pack – Powered by GPT-4: from n/a through 1.8.12...

4.3CVSS7.2AI score0.00241EPSS
Exploits0References1
Prion
Prion
•added 2024/02/29 5:15 a.m.•17 views

Cross site request forgery (csrf)

Cross-Site Request Forgery CSRF vulnerability in HasThemes HT Mega – Absolute Addons For Elementor.This issue affects HT Mega – Absolute Addons For Elementor: from n/a through 2.3.3...

4.3CVSS7.2AI score0.00241EPSS
Exploits0References1
Prion
Prion
•added 2024/02/29 5:15 a.m.•26 views

Code injection

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Tainacan.Org Tainacan.This issue affects Tainacan: from n/a through 0.20.6...

5CVSS5.3AI score0.00515EPSS
Exploits0References1
Prion
Prion
•added 2024/02/29 5:15 a.m.•16 views

Cross site scripting

The Advanced iFrame plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's advancediframe shortcode in all versions up to, and including, 2024.1 due to the plugin allowing users to include JS files from external sources through the additionaljs attribute. This makes it...

3.6CVSS6AI score0.00282EPSS
Exploits0References2
Prion
Prion
•added 2024/02/29 5:15 a.m.•25 views

Cross site request forgery (csrf)

Cross-Site Request Forgery CSRF vulnerability in ?leanTalk - Anti-Spam Protection Spam protection, Anti-Spam, FireWall by CleanTalk.This issue affects Spam protection, Anti-Spam, FireWall by CleanTalk: from n/a through 6.20...

4.3CVSS7.1AI score0.00241EPSS
Exploits0References1
Prion
Prion
•added 2024/02/29 5:15 a.m.•21 views

Cross site request forgery (csrf)

Cross-Site Request Forgery CSRF vulnerability in Thrive Themes Thrive Automator.This issue affects Thrive Automator: from n/a through 1.17...

5.8CVSS7.2AI score0.00234EPSS
Exploits0References1
Prion
Prion
•added 2024/02/29 4:15 a.m.•32 views

Input validation

The Avada | Website Builder For WordPress & WooCommerce theme for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the ajaximportoptions function in all versions up to, and including, 7.11.4. This makes it possible for authenticated attackers, with...

6.5CVSS7.9AI score0.01161EPSS
Exploits0References2
Prion
Prion
•added 2024/02/29 3:15 a.m.•19 views

Cross site scripting

The Custom Field Suite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via a meta import in all versions up to, and including, 2.6.4 due to insufficient input sanitization and output escaping on the meta values. This makes it possible for authenticated attackers, with...

3.2CVSS5.9AI score0.00342EPSS
Exploits0References2
Prion
Prion
•added 2024/02/29 3:15 a.m.•42 views

Information disclosure

IBM Cloud Pak for Security CP4S 1.10.0.0 through 1.10.6.0 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle...

5.4AI score0.00449EPSS
Exploits0References2
Prion
Prion
•added 2024/02/29 2:15 a.m.•28 views

Cross site scripting

Cross Site Scripting XSS vulnerability in the Simple Student Attendance System v.1.0 allows a remote attacker to execute arbitrary code via a crafted payload to the page or classmonth parameter in the /php-attendance/attendancereport component...

6.6AI score0.00615EPSS
Exploits1References1
Prion
Prion
•added 2024/02/29 2:15 a.m.•14 views

Design/Logic Flaw

An issue in Clojure versions 1.20 to 1.12.0-alpha5 allows an attacker to cause a denial of service DoS via the clojure.core$partial$fn5920 function...

7AI score0.01533EPSS
Exploits1References1
Prion
Prion
•added 2024/02/29 2:15 a.m.•28 views

Sql injection

SQL Injection vulnerability in the Simple Student Attendance System v.1.0 allows a remote attacker to execute arbitrary code via a crafted payload to the id parameter in the studentform.php and the classform.php pages...

9.1AI score0.01182EPSS
Exploits2References1
Prion
Prion
•added 2024/02/29 2:15 a.m.•36 views

Code injection

IBM Cloud Pak Foundational Services Identity Provider idP API IBM Cloud Pak for Automation 18.0.0, 18.0.1, 18.0.2, 19.0.1, 19.0.2, 19.0.3, 20.0.1, 20.0.2, 20.0.3, 21.0.1, 21.0.2, 21.0.3, 22.0.1, and 22.0.2 allows CRUD Operations with an invalid token. This could allow an unauthenticated attacker ...

6.4CVSS6.8AI score0.00341EPSS
Exploits0References2
Prion
Prion
•added 2024/02/29 2:15 a.m.•13 views

Information disclosure

IBM Watson CloudPak for Data Data Stores information disclosure 4.6.0 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 248947...

2.1CVSS5.6AI score0.00195EPSS
Exploits0References2
Prion
Prion
•added 2024/02/29 2:15 a.m.•20 views

Cross site scripting

Cross Site Scripting XSS vulnerability in School Fees Management System v.1.0 allows a remote attacker to execute arbitrary code via a crafted payload to the mainsettings component in the phone, address, bank, accname, accnumber parameters, newclass and cname parameter, addnewparent function in t...

6.6AI score0.00628EPSS
Exploits1References1
Prion
Prion
•added 2024/02/29 1:44 a.m.•20 views

Cross site scripting

KLiK SocialMediaWebsite version 1.0.1 from msaad1999 has a reflected cross-site scripting XSS vulnerability which may allow remote attackers to execute arbitrary JavaScript in the web browser of a user, by including a malicious payload into the 'selector' or 'validator' parameters of...

6.1AI score0.00549EPSS
Exploits0References2
Prion
Prion
•added 2024/02/29 1:44 a.m.•23 views

Path traversal

Possible path traversal in Apache OFBiz allowing file inclusion. Users are recommended to upgrade to version 18.12.12, that fixes the issue...

5CVSS7.1AI score0.03146EPSS
Exploits0References6Affected Software1
Prion
Prion
•added 2024/02/29 1:44 a.m.•98 views

Deserialization of untrusted data

Dataease is an open source data visualization analysis tool. A deserialization vulnerability exists in the DataEase datasource, which can be exploited to execute arbitrary code. The location of the vulnerability code is core/core-backend/src/main/java/io/dataease/datasource/type/Mysql.java. The...

6.4CVSS8.3AI score0.01211EPSS
Exploits1References3
Prion
Prion
•added 2024/02/29 1:44 a.m.•20 views

Cross site scripting

F-logic DataCube3 Version 1.0 is affected by a reflected cross-site scripting XSS vulnerability due to improper input sanitization. An authenticated, remote attacker can execute arbitrary JavaScript code in the web management interface...

6.3AI score0.00551EPSS
Exploits1References1
Prion
Prion
•added 2024/02/29 1:44 a.m.•18 views

Cross site scripting

Webasyst 2.9.9 has a Cross-Site Scripting XSS vulnerability, Attackers can create blogs containing malicious code after gaining blog permissions...

6.5AI score0.00426EPSS
Exploits1References1
Prion
Prion
•added 2024/02/29 1:44 a.m.•19 views

Cross site scripting

A reflected cross-site scripting XSS vulnerability in SocialMediaWebsite v1.0.1 allows attackers to inject malicious JavaScript into the web browser of a victim via the poll parameter in poll.php...

6AI score0.00451EPSS
Exploits0References2
Prion
Prion
•added 2024/02/29 1:44 a.m.•22 views

Cross site request forgery (csrf)

Cross-Site Request Forgery CSRF vulnerability in M&S Consulting Email Before Download.This issue affects Email Before Download: from n/a through 6.9.7...

4.3CVSS7.2AI score0.00277EPSS
Exploits0References1
Prion
Prion
•added 2024/02/29 1:44 a.m.•19 views

Sql injection

livehelperchat 4.28v is vulnerable to Server-Side Template Injection SSTI...

7.7AI score0.01472EPSS
Exploits0References1
Prion
Prion
•added 2024/02/29 1:44 a.m.•18 views

Design/Logic Flaw

A host header injection vulnerability in the forgot password function of FullStackHero's WebAPI Boilerplate v1.0.0 and v1.0.1 allows attackers to leak the password reset token via a crafted request...

7.7AI score0.0104EPSS
Exploits1References3
Prion
Prion
•added 2024/02/29 1:44 a.m.•24 views

Cross site scripting

Flask-AppBuilder is an application development framework, built on top of Flask. A Cross-Site Scripting XSS vulnerability has been discovered on the OAuth login page. An attacker could trick a user to follow a specially crafted URL to the OAuth login page. This URL could inject and execute...

4.3CVSS6.3AI score0.00567EPSS
Exploits0References2
Prion
Prion
•added 2024/02/29 1:44 a.m.•90 views

Code injection

http-swagger before 1.2.6 allows XSS via PUT requests, because a file that has been uploaded via httpSwagger.WrapHandler and webdav.memFile can subsequently be accessed via a GET request. NOTE: this is independently fixable with respect to CVE-2022-24863, because if a solution continued to allow...

6AI score0.02333EPSS
Exploits1References2
Prion
Prion
•added 2024/02/29 1:44 a.m.•25 views

Memory corruption

Kerberos 5 aka krb5 1.21.2 contains a memory leak in /krb5/src/lib/rpc/pmaprmt.c...

7.1AI score0.00815EPSS
Exploits1References1
Prion
Prion
•added 2024/02/29 1:44 a.m.•45 views

Heap overflow

texlive-bin commit c515e was discovered to contain heap buffer overflow via the function ttfLoadHDMX:ttfdump. This vulnerability allows attackers to cause a Denial of Service DoS via supplying a crafted TTF file...

8AI score0.00902EPSS
Exploits0References2
Prion
Prion
•added 2024/02/29 1:44 a.m.•14 views

Memory corruption

Bento4 v1.5.1-628 contains a Memory leak on AP4Movie::AP4Movie, parsing tracks and added into mTracks list, but mp42aac cannot correctly delete when we got an no audio track found error. This vulnerability allows attackers to cause a Denial of Service DoS via a crafted mp4 file...

6.9AI score0.00643EPSS
Exploits1References1
Prion
Prion
•added 2024/02/29 1:44 a.m.•30 views

Cross site scripting

Inadequate escaping of mail addresses lead to XSS vulnerabilities in various components...

6.4AI score0.3221EPSS
Exploits0References1
Prion
Prion
•added 2024/02/29 1:44 a.m.•15 views

Design/Logic Flaw

Couchbase Server before 7.2.4 has a private key leak in goxdcr.log...

7.1AI score0.00748EPSS
Exploits0References3
Prion
Prion
•added 2024/02/29 1:44 a.m.•17 views

Sql injection

F-logic DataCube3 v1.0 is vulnerable to unauthenticated SQL injection, which could allow an unauthenticated malicious actor to execute arbitrary SQL queries in database...

8.7AI score0.02831EPSS
Exploits1References1
Prion
Prion
•added 2024/02/29 1:44 a.m.•24 views

Path traversal

F-logic DataCube3 v1.0 is vulnerable to Incorrect Access Control due to an improper directory access restriction. An unauthenticated, remote attacker can exploit this, by sending a URI that contains the path of the configuration file. A successful exploit could allow the attacker to extract the...

7.5AI score0.2403EPSS
Exploits5References1
Prion
Prion
•added 2024/02/29 1:44 a.m.•29 views

Input validation

Inadequate input validation for media selection fields lead to XSS vulnerabilities in various extensions...

6.4AI score0.00513EPSS
Exploits0References1
Prion
Prion
•added 2024/02/29 1:44 a.m.•35 views

Design/Logic Flaw

Element Android is an Android Matrix Client. Element Android version 1.4.3 through 1.6.10 is vulnerable to intent redirection, allowing a third-party malicious application to start any internal activity by passing some extra parameters. Possible impact includes making Element Android display an...

4.6CVSS7.4AI score0.00473EPSS
Exploits0References4
Prion
Prion
•added 2024/02/29 1:44 a.m.•51 views

Design/Logic Flaw

Element Android is an Android Matrix Client. A third-party malicious application installed on the same phone can force Element Android, version 0.91.0 through 1.6.12, to share files stored under the files directory in the application's private data directory to an arbitrary room. The impact of th...

2.1CVSS6.8AI score0.00387EPSS
Exploits0References3
Prion
Prion
•added 2024/02/29 1:44 a.m.•75 views

Directory traversal

XenForo before 2.2.14 allows Directory Traversal with write access by an authenticated user who has permissions to administer styles, and uses a ZIP archive for Styles Import...

7.2AI score0.0102EPSS
Exploits0References3
Prion
Prion
•added 2024/02/29 1:44 a.m.•53 views

Cross site request forgery (csrf)

Cross Site Request Forgery vulnerability in FlyCms v.1.0 allows a remote attacker to execute arbitrary code via the system/article/categoryedit component...

8.4AI score0.0069EPSS
Exploits1References2
Prion
Prion
•added 2024/02/29 1:44 a.m.•26 views

Cross site request forgery (csrf)

Cross-Site Request Forgery CSRF vulnerability in Heureka Group Heureka.This issue affects Heureka: from n/a through 1.0.8...

4.3CVSS7.5AI score0.00277EPSS
Exploits0References1
Prion
Prion
•added 2024/02/29 1:44 a.m.•56 views

Design/Logic Flaw

An issue in WuKongOpenSource WukongCRM v.72crm9.0.120191202 allows a remote attacker to execute arbitrary code via the parseObject function in the fastjson component...

8.4AI score0.04872EPSS
Exploits1References2
Prion
Prion
•added 2024/02/29 1:44 a.m.•58 views

Cross site scripting

Cross-site scripting XSS vulnerability in Parents & Student Portal in Genesis School Management Systems in Genesis AIMS Student Information Systems v.3053 allows remote attackers to inject arbitrary web script or HTML via the message parameter...

6.2AI score0.00555EPSS
Exploits1References2
Prion
Prion
•added 2024/02/29 1:44 a.m.•21 views

Unrestricted file upload

F-logic DataCube3 v1.0 is vulnerable to unrestricted file upload, which could allow an authenticated malicious actor to upload a file of dangerous type by manipulating the filename extension...

7.2AI score0.12825EPSS
Exploits5References1
Prion
Prion
•added 2024/02/29 1:44 a.m.•20 views

Cross site scripting

A reflected cross-site scripting XSS vulnerability in zhimengzhe iBarn v1.5 allows attackers to inject malicious JavaScript into the web browser of a victim via the search parameter in offer.php...

6AI score0.0046EPSS
Exploits0References2
Prion
Prion
•added 2024/02/29 1:44 a.m.•26 views

Memory corruption

Kerberos 5 aka krb5 1.21.2 contains a memory leak vulnerability in /krb5/src/lib/gssapi/krb5/k5sealv3.c...

7.1AI score0.01128EPSS
Exploits1References1
Prion
Prion
•added 2024/02/29 1:44 a.m.•24 views

Cross site request forgery (csrf)

Cross-Site Request Forgery CSRF vulnerability in W3speedster W3SPEEDSTER.This issue affects W3SPEEDSTER: from n/a through 7.19...

4.3CVSS7.2AI score0.0025EPSS
Exploits0References1
Prion
Prion
•added 2024/02/29 1:44 a.m.•26 views

Cross site request forgery (csrf)

Cross-Site Request Forgery CSRF vulnerability in Native Grid LLC A no-code page builder for beautiful performance-based content.This issue affects A no-code page builder for beautiful performance-based content: from n/a through 2.1.20...

4.3CVSS7.2AI score0.00277EPSS
Exploits0References1
Prion
Prion
•added 2024/02/29 1:44 a.m.•17 views

Memory corruption

A memory leak issue discovered in parseSWFDEFINEBUTTON in libming v0.4.8 allows attackers to cause s denial of service via a crafted SWF file...

4.3CVSS6.8AI score0.00747EPSS
Exploits1References1Affected Software1
Prion
Prion
•added 2024/02/29 1:44 a.m.•24 views

Design/Logic Flaw

Hoppscotch is an API development ecosystem. Due to lack of validation for fields like Label Edit Team - TeamName, bad actors can send emails with Spoofed Content as Hoppscotch. Part of payload external link is presented in clickable form - easier to achieve own goals by malicious actors. This iss...

4.9CVSS7.2AI score0.00608EPSS
Exploits1References3
Total number of security vulnerabilities213680