Lucene search
K

213680 matches found

Prion
Prion
added 2024/02/29 1:43 a.m.22 views

Design/Logic Flaw

A flaw was found in Keycloak. In certain conditions, this issue may allow a remote unauthenticated attacker to block other accounts from logging in...

2.6CVSS7.2AI score0.00771EPSS
Exploits0References2
Prion
Prion
added 2024/02/29 1:43 a.m.12 views

Design/Logic Flaw

A vulnerability in the Link Layer Discovery Protocol LLDP feature of Cisco FXOS Software and Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to cause a denial of service DoS condition on an affected device. This vulnerability is due to improper handling of specific fields i...

2.9CVSS7.2AI score0.00318EPSS
Exploits0References1
Prion
Prion
added 2024/02/29 1:43 a.m.20 views

Type confusion

Type Confusion in V8 in Google Chrome prior to 122.0.6261.94 allowed a remote attacker to potentially exploit object corruption via a crafted HTML page. Chromium security severity: High...

6.2AI score0.00833EPSS
Exploits1References5
Prion
Prion
added 2024/02/29 1:43 a.m.31 views

Cross site scripting

The Email Encoder – Protect Email Addresses and Phone Numbers plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in all versions up to, and including, 2.2.0 due to insufficient input sanitization and output escaping on user supplied attributes. This make...

5.5CVSS6AI score0.00443EPSS
Exploits0References5
Prion
Prion
added 2024/02/29 1:43 a.m.29 views

Type confusion

Type Confusion in V8 in Google Chrome prior to 122.0.6261.94 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: High...

6.3AI score0.02557EPSS
Exploits2References5
Prion
Prion
added 2024/02/29 1:43 a.m.15 views

Improper access control

A vulnerability in the access control list ACL programming for port channel subinterfaces of Cisco Nexus 3000 and 9000 Series Switches in standalone NX-OS mode could allow an unauthenticated, remote attacker to send traffic that should be blocked through an affected device. This vulnerability is...

5CVSS7.3AI score0.0089EPSS
Exploits0References1
Prion
Prion
added 2024/02/29 1:42 a.m.13 views

Input validation

The jose2go component before 1.6.0 for Go allows attackers to cause a denial of service CPU consumption via a large p2c aka PBES2 Count value...

7AI score0.00824EPSS
Exploits0References2
Prion
Prion
added 2024/02/29 1:42 a.m.25 views

Race condition

btsockrecvmsg in net/bluetooth/afbluetooth.c in the Linux kernel through 6.6.8 has a use-after-free because of a btsockioctl race condition...

7.1AI score0.0026EPSS
Exploits0References1
Prion
Prion
added 2024/02/29 1:42 a.m.29 views

Sql injection

A vulnerability was found in code-projects E-Commerce Website 1.0. It has been classified as critical. Affected is an unknown function of the file indexsearch.php. The manipulation of the argument search leads to sql injection. It is possible to launch the attack remotely. The exploit has been...

5.8CVSS7.9AI score0.00871EPSS
Exploits1References3
Prion
Prion
added 2024/02/29 1:42 a.m.29 views

Design/Logic Flaw

The PKCS7 parser in OpenVPN 3 Core Library versions through 3.8.3 did not properly validate the parsed data, which would result in the application crashing...

7.4AI score0.00778EPSS
Exploits0References1
Prion
Prion
added 2024/02/29 1:42 a.m.30 views

Cross site scripting

The Starbox plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Job Settings user profile fields in all versions up to, and including, 3.4.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with subscriber-level...

5.5CVSS6AI score0.00427EPSS
Exploits0References2
Prion
Prion
added 2024/02/29 1:42 a.m.25 views

Design/Logic Flaw

The jose4j component before 0.9.4 for Java allows attackers to cause a denial of service CPU consumption via a large p2c aka PBES2 Count value...

7AI score0.00879EPSS
Exploits1References1
Prion
Prion
added 2024/02/29 1:42 a.m.11 views

Sql injection

A vulnerability, which was classified as critical, has been found in code-projects Library Management System 2.0. This issue affects some unknown processing of the file login.php. The manipulation of the argument student leads to sql injection. The attack may be initiated remotely. The exploit ha...

7.5CVSS7.9AI score0.00961EPSS
Exploits1References3
Prion
Prion
added 2024/02/29 1:42 a.m.11 views

Design/Logic Flaw

BACnet Stack before 1.3.2 has a decode function APDU buffer over-read in bacappdecodeapplicationdata in bacapp.c...

7.6AI score0.01053EPSS
Exploits0References5
Prion
Prion
added 2024/02/29 1:42 a.m.28 views

Cross site scripting

A vulnerability classified as problematic has been found in code-projects E-Commerce Website 1.0. This affects an unknown part of the file usersignup.php. The manipulation of the argument firstname with the input leads to cross site scripting. It is possible to initiate the attack remotely. The...

5CVSS6.6AI score0.00833EPSS
Exploits1References3
Prion
Prion
added 2024/02/29 1:42 a.m.34 views

Design/Logic Flaw

The InfiniteWP Client plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.12.3 via the multi-call backup option. This makes it possible for unauthenticated attackers to extract sensitive data from a temporary SQL file via repeated GET...

2.6CVSS7.8AI score0.00642EPSS
Exploits0References2
Prion
Prion
added 2024/02/29 1:42 a.m.25 views

Buffer overflow

Possible buffer overflow in ismountpoint...

4.6CVSS8AI score0.00438EPSS
Exploits1References1
Prion
Prion
added 2024/02/29 1:42 a.m.13 views

Design/Logic Flaw

An issue was discovered in Couchbase Server before 7.2.4. nsserver admin credentials are leaked in encoded form in the diag.log file. The earliest affected version is 7.1.5...

7.2AI score0.00237EPSS
Exploits0References3
Prion
Prion
added 2024/02/29 1:42 a.m.21 views

Sql injection

A vulnerability was found in code-projects E-Commerce Website 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file productdetails.php?prodid=11. The manipulation of the argument prodid leads to sql injection. The attack can be launched...

6.5CVSS7.9AI score0.00776EPSS
Exploits1References3
Prion
Prion
added 2024/02/29 1:42 a.m.15 views

Design/Logic Flaw

An issue was discovered in Couchbase Server before 7.2.x before 7.2.4. otpCookie is shown with full admin on pools/default/serverGroups and engageCluster2...

7.2AI score0.00683EPSS
Exploits0References3
Prion
Prion
added 2024/02/29 1:42 a.m.19 views

Sql injection

A vulnerability classified as critical was found in code-projects Library Management System 2.0. This vulnerability affects unknown code of the file /admin/login.php. The manipulation of the argument username leads to sql injection. The attack can be initiated remotely. The exploit has been...

7.5CVSS8.1AI score0.00974EPSS
Exploits1References3
Prion
Prion
added 2024/02/29 1:42 a.m.40 views

Cross site scripting

The Matomo Analytics – Ethical Stats. Powerful Insights. plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the idsite parameter in all versions up to, and including, 4.15.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticate...

5.8CVSS6.6AI score0.00499EPSS
Exploits0References2
Prion
Prion
added 2024/02/29 1:42 a.m.22 views

Design/Logic Flaw

The json-jwt aka JSON::JWT gem 1.16.3 for Ruby sometimes allows bypass of identity checks via a sign/encryption confusion attack. For example, JWE can sometimes be used to bypass JSON::JWT.decode...

7.1AI score0.00233EPSS
Exploits1References1
Prion
Prion
added 2024/02/29 1:42 a.m.45 views

Code injection

An issue in TRENDnet TEW-822DRE v.1.03B02 allows a local attacker to execute arbitrary code via the parameters ipv4ping in the /boafrm/formSystemCheck...

8.1AI score0.07319EPSS
Exploits1References2
Prion
Prion
added 2024/02/29 1:42 a.m.23 views

Sql injection

A vulnerability was found in code-projects E-Commerce Website 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file usersignup.php. The manipulation of the argument firstname/middlename/email/address/contact/username leads to sql injection. The attac...

7.5CVSS7.9AI score0.00924EPSS
Exploits1References3
Prion
Prion
added 2024/02/29 1:42 a.m.22 views

Path traversal

Debian's cpio contains a path traversal vulnerability. This issue was introduced by reverting CVE-2015-1197 patches which had caused a regression in --no-absolute-filenames. Upstream has since provided a proper fix to --no-absolute-filenames...

3.3CVSS6.8AI score0.02906EPSS
Exploits4References5
Prion
Prion
added 2024/02/29 1:41 a.m.22 views

Input validation

Adobe InDesign versions ID18.5 and earlier and ID17.4.2 and earlier are affected by a Improper Input Validation vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve an application denial-of-service in the context of the current user. Exploitation of this issue...

1.9CVSS6.5AI score0.00313EPSS
Exploits0References1
Prion
Prion
added 2024/02/29 1:41 a.m.24 views

Null pointer dereference

Adobe InDesign versions ID18.5 and earlier and ID17.4.2 and earlier are affected by a NULL Pointer Dereference vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve an application denial-of-service in the context of the current user. Exploitation of this issue...

1.9CVSS6.5AI score0.00313EPSS
Exploits0References1
Prion
Prion
added 2024/02/29 1:41 a.m.15 views

Design/Logic Flaw

Concrete CMS before 9.2.3 allows Stored XSS on the Admin Dashboard via /dashboard/system/basics/name. 8.5 and earlier are unaffected...

2.8CVSS6.2AI score0.0055EPSS
Exploits0References3
Prion
Prion
added 2024/02/29 1:41 a.m.28 views

Race condition

Decidim is a participatory democracy framework. Starting in version 0.10.0 and prior to versions 0.26.9, 0.27.5, and 0.28.0, a race condition in the endorsement of resources for instance, a proposal allows a user to make more than once endorsement. To exploit this vulnerability, the request to se...

2.1CVSS7.2AI score0.00444EPSS
Exploits0References4
Prion
Prion
added 2024/02/29 1:41 a.m.23 views

Null pointer dereference

Adobe InDesign versions ID18.5 and earlier and ID17.4.2 and earlier are affected by a NULL Pointer Dereference vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve an application denial-of-service in the context of the current user. Exploitation of this issue...

1.9CVSS6.5AI score0.00313EPSS
Exploits0References1
Prion
Prion
added 2024/02/29 1:41 a.m.18 views

Design/Logic Flaw

An issue was discovered in Couchbase Server through 7.2.2. A data reader may cause a denial of service outage of reader threads...

7.1AI score0.00755EPSS
Exploits0References3
Prion
Prion
added 2024/02/29 1:41 a.m.13 views

Cross site request forgery (csrf)

Concrete CMS 9 before 9.2.3 is vulnerable to Cross Site Request Forgery CSRF at /ccm/system/dialogs/file/delete/1/submit...

7.5AI score0.00276EPSS
Exploits0References2
Prion
Prion
added 2024/02/29 1:41 a.m.21 views

Design/Logic Flaw

Adobe InDesign versions ID18.5 and earlier and ID17.4.2 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user...

1.9CVSS6.2AI score0.00339EPSS
Exploits0References1
Prion
Prion
added 2024/02/29 1:41 a.m.14 views

Design/Logic Flaw

Adobe InDesign versions ID18.5 and earlier and ID17.4.2 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user...

1.9CVSS6.2AI score0.00339EPSS
Exploits0References1
Prion
Prion
added 2024/02/29 1:41 a.m.26 views

Design/Logic Flaw

Adobe InDesign versions ID18.5 and earlier and ID17.4.2 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user...

1.9CVSS6.2AI score0.00339EPSS
Exploits0References1
Prion
Prion
added 2024/02/29 1:41 a.m.13 views

Design/Logic Flaw

An issue was discovered in Couchbase Server before 7.2.4. cURL calls to /diag/eval are not sufficiently restricted...

7.1AI score0.00902EPSS
Exploits0References3
Prion
Prion
added 2024/02/29 1:41 a.m.14 views

Cross site request forgery (csrf)

Concrete CMS before 8.5.14 and 9 before 9.2.3 allows Cross Site Request Forgery CSRF via ccm/calendar/dialogs/event/delete/submit. An attacker can force an admin to delete events on the site because the event ID is numeric and sequential...

7.4AI score0.00276EPSS
Exploits0References2
Prion
Prion
added 2024/02/29 1:41 a.m.18 views

Design/Logic Flaw

An issue was discovered in Couchbase Server before 7.2.4. An attacker can bypass SQL++ N1QL cURL host restrictions...

7.2AI score0.0053EPSS
Exploits0References3
Prion
Prion
added 2024/02/29 1:41 a.m.16 views

Design/Logic Flaw

Adobe InDesign versions ID18.5 and earlier and ID17.4.2 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user...

1.9CVSS6.2AI score0.00339EPSS
Exploits0References1
Prion
Prion
added 2024/02/29 1:41 a.m.18 views

Design/Logic Flaw

An issue was discovered in Couchbase Server before 7.2.4. SQL++ cURL calls to /diag/eval are not sufficiently restricted...

7.1AI score0.0091EPSS
Exploits0References3
Prion
Prion
added 2024/02/29 1:41 a.m.16 views

Code injection

An issue was discovered in Couchbase Server through 7.1.4 before 7.1.5 and before 7.2.1. There are Unauthenticated RMI Service Ports Exposed in Analytics...

7.2AI score0.00441EPSS
Exploits0References4
Prion
Prion
added 2024/02/29 1:41 a.m.15 views

Cross site scripting

Concrete CMS before 8.5.14 and 9 before 9.2.3 is vulnerable to an admin adding a stored XSS payload via the Layout Preset name...

6.1AI score0.0049EPSS
Exploits0References2
Prion
Prion
added 2024/02/29 1:40 a.m.19 views

Design/Logic Flaw

An issue was discovered in Stormshield Network Security SNS 3.7.0 through 3.7.38 before 3.7.39, 3.10.0 through 3.11.26 before 3.11.27, 4.0 through 4.3.21 before 4.3.22, and 4.4.0 through 4.6.8 before 4.6.9. An administrator with write access to the SNS firewall can configure a login disclaimer wi...

7.3AI score0.00412EPSS
Exploits0References1
Prion
Prion
added 2024/02/29 1:40 a.m.32 views

Cross site scripting

A cross-site scripting XSS vulnerability in the Web Reports component of HCL BigFix Platform can possibly allow an attacker to execute malicious javascript code into a form field of a webpage by a user with privileged access...

3.2CVSS6.2AI score0.00359EPSS
Exploits0References1
Prion
Prion
added 2024/02/29 1:40 a.m.21 views

Authentication flaw

An unauthorized attacker who has obtained an IBM Watson IoT Platform 1.0 security authentication token can use it to impersonate an authorized platform user. IBM X-Force ID: 261201...

2.6CVSS6.9AI score0.00643EPSS
Exploits0References2
Prion
Prion
added 2024/02/29 1:40 a.m.38 views

Cross site scripting

A cross-site scripting XSS vulnerability in the Web Reports component of HCL BigFix Platform can possibly allow an attacker to execute malicious javascript code into a webpage trying to retrieve cookie stored information. This is not the same vulnerability as identified in CVE-2023-37530...

2.1CVSS5.7AI score0.00335EPSS
Exploits0References1
Prion
Prion
added 2024/02/29 1:40 a.m.34 views

Cross site scripting

A cross-site scripting XSS vulnerability in the Web Reports component of HCL BigFix Platform can possibly allow an attacker to execute malicious javascript code into a webpage trying to retrieve cookie stored information...

2.1CVSS5.7AI score0.00335EPSS
Exploits0References1
Prion
Prion
added 2024/02/29 1:40 a.m.36 views

Design/Logic Flaw

Internet passwords stored in Person documents in the Domino® Directory created using the "Add Person" action on the People & Groups tab in the Domino® Administrator are secured using a cryptographically weak hash algorithm. This could enable attackers with access to the hashed value to determine ...

2.6CVSS7AI score0.00466EPSS
Exploits0References1
Prion
Prion
added 2024/02/29 1:39 a.m.16 views

Improper access control

In Stormshield Network Security SNS 1.0.0 through 3.7.36 before 3.7.37, 3.8.0 through 3.11.24 before 3.11.25, 4.0.0 through 4.3.18 before 4.3.19, 4.4.0 through 4.6.5 before 4.6.6, and 4.7.0 before 4.7.1, the usage of a Network object created from an inactive DHCP interface in the filtering slot...

7.4AI score0.00513EPSS
Exploits0References1
Total number of security vulnerabilities213680