Lucene search
K

213680 matches found

Prion
Prion
added 2024/03/14 4:15 a.m.11 views

Cross site scripting

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' in the SonicOS SSLVPN portal allows a remote authenticated attacker as a firewall 'admin' user to store and execute arbitrary JavaScript code...

7.4AI score0.01061EPSS
Exploits0References1
Prion
Prion
added 2024/03/14 4:15 a.m.8 views

Cross site scripting

This is a reflected cross site scripting vulnerability in the PaperCut NG/MF application server. An attacker can exploit this weakness by crafting a malicious URL that contains a script. When an unsuspecting user clicks on this malicious link, it could potentially lead to limited loss of...

6.8CVSS6.3AI score0.61472EPSS
Exploits0References1
Prion
Prion
added 2024/03/14 4:15 a.m.18 views

Improper access control

An issue in Advanced Plugins ultimateimagetool module for PrestaShop before v.2.2.01, allows a remote attacker to escalate privileges and obtain sensitive information via Improper Access Control...

7.1AI score0.0063EPSS
Exploits0References1
Prion
Prion
added 2024/03/14 4:15 a.m.13 views

Sql injection

SQL injection vulnerability in FME Modules quickproducttable module for PrestaShop v.1.2.1 and before, allows a remote attacker to escalate privileges and obtain information via the readCsv, displayAjaxProductChangeAttr, displayAjaxProductAddToCart, getSearchProducts, and displayAjaxProductSku...

8.3AI score0.00563EPSS
Exploits0References1
Prion
Prion
added 2024/03/14 4:15 a.m.20 views

Path traversal

An improper Limitation of a Pathname to a Restricted Directory Path Traversal vulnerability in SonicWall Email Security Appliance could allow a remote attacker with administrative privileges to conduct a directory traversal attack and delete arbitrary files from the appliance file system...

7.4AI score0.009EPSS
Exploits0References1
Prion
Prion
added 2024/03/14 3:15 a.m.20 views

Code injection

In Delinea PAM Secret Server 11.4, it is possible for a user with access to the Report functionality to gain unauthorized access to remote sessions created by legitimate users...

7.5AI score0.0059EPSS
Exploits0References1
Prion
Prion
added 2024/03/14 3:15 a.m.20 views

Improper access control

Broken Access Control in the Report functionality of Delinea PAM Secret Server 11.4 allows unprivileged users, when Unlimited Admin Mode is enabled, to view system reports and modify custom reports via the Report functionality in the Web UI...

7.1AI score0.00395EPSS
Exploits0References1
Prion
Prion
added 2024/03/14 3:15 a.m.10 views

Sql injection

SQL injection vulnerability in SunnyToo stproductcomments module for PrestaShop v.1.0.5 and before, allows a remote attacker to escalate privileges and obtain sensitive information via the StProductCommentClass::getListcomments method...

8AI score0.00832EPSS
Exploits1References1
Prion
Prion
added 2024/03/13 10:15 p.m.27 views

Authentication flaw

Improper authentication vulnerability in OpenText™ Exceed Turbo X affecting versions 12.5.0 and 12.5.1. The vulnerability could allow disclosure of restricted information in unauthenticated RPC...

5CVSS7.4AI score0.00498EPSS
Exploits0References1
Prion
Prion
added 2024/03/13 10:15 p.m.22 views

Cross site scripting

The Contact Form 7 plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘active-tab’ parameter in all versions up to, and including, 5.9 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web...

5.8CVSS6.6AI score0.013EPSS
Exploits2References2
Prion
Prion
added 2024/03/13 10:15 p.m.27 views

Hardcoded credentials

Use of Hard-coded Cryptographic Key vulnerability in OpenText™ Exceed Turbo X affecting versions 12.5.1 and 12.5.2. The vulnerability could compromise the cryptographic keys...

1CVSS7.4AI score0.00273EPSS
Exploits0References1
Prion
Prion
added 2024/03/13 10:15 p.m.12 views

Cross site scripting

The WPBakery Page Builder Addons by Livemesh plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'perlinemobile' shortcode in all versions up to, and including, 3.8.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes ...

5.5CVSS6AI score0.0032EPSS
Exploits0References2
Prion
Prion
added 2024/03/13 10:15 p.m.23 views

Cross site scripting

HTML injection in OpenText™ Exceed Turbo X affecting version 12.5.1. The vulnerability could result in Cross site scripting...

5.4CVSS7.1AI score0.00366EPSS
Exploits0References1
Prion
Prion
added 2024/03/13 10:15 p.m.18 views

Cross site scripting

Cross Site Scripting vulnerability in Leantime 3.0.6 allows a remote attacker to execute arbitrary code via the to-do title parameter...

7.6AI score0.00542EPSS
Exploits1References1
Prion
Prion
added 2024/03/13 10:15 p.m.15 views

Code injection

Allocation of Resources Without Limits or Throttling vulnerability in OpenText NetIQ Privileged Account Manager on Linux, Windows, 64 bit allows Flooding.This issue affects NetIQ Privileged Account Manager: before 3.7.0.2...

5CVSS7.2AI score0.007EPSS
Exploits0References1
Prion
Prion
added 2024/03/13 9:16 p.m.20 views

Cross site scripting

Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. Due to the improper URL protocols filtering of links specified in the link.argocd.argoproj.io annotations in the application summary component, an attacker can achieve cross-site scripting with elevated permissions. All...

6CVSS6.1AI score0.00654EPSS
Exploits0References2
Prion
Prion
added 2024/03/13 9:16 p.m.26 views

Design/Logic Flaw

yourspotify is an open source, self hosted Spotify tracking dashboard. YourSpotify version 1.8.0 allows users to create a public token in the settings, which can be used to provide guest-level access to the information of that specific user in YourSpotify. The /me API endpoint discloses Spotify A...

4CVSS6.7AI score0.0064EPSS
Exploits1References1
Prion
Prion
added 2024/03/13 9:16 p.m.23 views

Sql injection

yourspotify is an open source, self hosted Spotify tracking dashboard. YourSpotify version 1.8.0 is vulnerable to NoSQL injection in the public access token processing logic. Attackers can fully bypass the public token authentication mechanism, regardless if a public token has been generated befo...

5CVSS7.5AI score0.00603EPSS
Exploits1References1
Prion
Prion
added 2024/03/13 9:16 p.m.10 views

Cross site scripting

A Cross Site Scripting vulnerability exists in Piwigo before 14.3.0 script because of missing sanitization in createtag in admin/include/functions.php...

6.8AI score0.00434EPSS
Exploits0References3
Prion
Prion
added 2024/03/13 9:15 p.m.22 views

Design/Logic Flaw

A potential DLL hijacking vulnerability in the SanDisk PrivateAccess application for Windows that could lead to arbitrary code execution in the context of the system user. This vulnerability is only exploitable locally if an attacker has access to a copy of the user's vault or has already gained...

3CVSS7.9AI score0.00186EPSS
Exploits0References1
Prion
Prion
added 2024/03/13 9:15 p.m.15 views

Sql injection

SQL Injection vulnerability in Code-projects Computer Science Time Table System 1.0 allows attackers to run arbitrary code via adminFormvalidation.php...

8.8AI score0.00347EPSS
Exploits0References1
Prion
Prion
added 2024/03/13 9:15 p.m.15 views

Sql injection

SQL Injection vulnerability in code-projects Agro-School Management System 1.0 allows attackers to run arbitrary code via the Login page...

8.7AI score0.00569EPSS
Exploits0References1
Prion
Prion
added 2024/03/13 9:15 p.m.14 views

Format string

A user endpoint didn't perform filtering on an incoming parameter, which was added directly to the application log. This could lead to an attacker injecting false log entries or corrupt the log file format. This has been fixed in the CKAN versions 2.9.11 and 2.10.4. Users are advised to upgrade...

4.3CVSS7AI score0.00434EPSS
Exploits0References2
Prion
Prion
added 2024/03/13 9:15 p.m.14 views

Design/Logic Flaw

Insecure Direct Object Reference IDOR in Bagisto v.1.5.1 allows an attacker to obtain sensitive information via the invoice ID parameter...

6.7AI score0.00541EPSS
Exploits1References1
Prion
Prion
added 2024/03/13 9:15 p.m.13 views

Sql injection

SQL Injection vulnerability in Student Enrollment In PHP 1.0 allows attackers to run arbitrary code via the Student Search function...

8.8AI score0.00683EPSS
Exploits1References1
Prion
Prion
added 2024/03/13 9:15 p.m.23 views

Input validation

Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. "Local sync" is an Argo CD feature that allows developers to temporarily override an Application's manifests with locally-defined manifests. Use of the feature should generally be limited to highly-trusted users, since it...

5.5CVSS7AI score0.00532EPSS
Exploits0References3
Prion
Prion
added 2024/03/13 9:15 p.m.16 views

Privilege escalation

An arbitrary file upload vulnerability in the Add Student's Profile Picture function of Student Enrollment In PHP v1.0 allows attackers to execute arbitrary code via uploading a crafted PHP file...

8.1AI score0.00788EPSS
Exploits0References1
Prion
Prion
added 2024/03/13 9:15 p.m.30 views

Design/Logic Flaw

Wings is the server control plane for Pterodactyl Panel. This vulnerability impacts anyone running the affected versions of Wings. The vulnerability can potentially be used to access files and directories on the host system. The full scope of impact is exactly unknown, but reading files outside o...

6.5CVSS7.1AI score0.0055EPSS
Exploits0References2
Prion
Prion
added 2024/03/13 8:15 p.m.19 views

Improper access control

Improper access control in the installer for Zoom Rooms Client for Windows before version 5.17.5 may allow an authenticated user to conduct a denial of service via local access...

2.4CVSS6.8AI score0.00182EPSS
Exploits0References1
Prion
Prion
added 2024/03/13 8:15 p.m.22 views

Race condition

Race condition in the installer for Zoom Rooms Client for Windows before version 5.17.5 may allow an authenticated user to conduct a denial of service via local access...

1CVSS6.8AI score0.00102EPSS
Exploits0References1
Prion
Prion
added 2024/03/13 7:15 p.m.10 views

Denial of service

A denial of service vulnerability exists in Arcserve Unified Data Protection 9.2 and 8.1 in ASNative.dll...

5CVSS7.1AI score0.41843EPSS
Exploits1References1
Prion
Prion
added 2024/03/13 7:15 p.m.26 views

Design/Logic Flaw

yourspotify is an open source, self hosted Spotify tracking dashboard. YourSpotify versions 1.8.0 use a hardcoded JSON Web Token JWT secret to sign authentication tokens. Attackers can use this well-known value to forge valid authentication tokens for arbitrary users. This vulnerability allows...

6.4CVSS7.3AI score0.00823EPSS
Exploits1References1
Prion
Prion
added 2024/03/13 7:15 p.m.25 views

Authentication flaw

An authentication bypass vulnerability exists in Arcserve Unified Data Protection 9.2 and 8.1 in the edge-app-base-webui.jar!com.ca.arcserve.edge.app.base.ui.server.EdgeLoginServiceImpl.doLogin function within wizardLogin...

7.5CVSS7.5AI score0.04342EPSS
Exploits1References1
Prion
Prion
added 2024/03/13 7:15 p.m.11 views

Path traversal

A path traversal vulnerability exists in Arcserve Unified Data Protection 9.2 and 8.1 in edge-app-base-webui.jar!com.ca.arcserve.edge.app.base.ui.server.servlet.ImportNodeServlet...

6.5CVSS7.2AI score0.01034EPSS
Exploits1References1
Prion
Prion
added 2024/03/13 6:15 p.m.11 views

Cross site request forgery (csrf)

yourspotify is an open source, self hosted Spotify tracking dashboard. YourSpotify versions 1.9.0 do not protect the API and login flow against Cross-Site Request Forgery CSRF. Attackers can use this to execute CSRF attacks on victims, allowing them to retrieve, modify or delete data on the...

5.8CVSS7.3AI score0.0037EPSS
Exploits1References2
Prion
Prion
added 2024/03/13 6:15 p.m.18 views

Design/Logic Flaw

yourspotify is an open source, self hosted Spotify tracking dashboard. YourSpotify version 1.9.0 does not prevent other pages from displaying it in an iframe and is thus vulnerable to clickjacking. Clickjacking can be used to trick an existing user of YourSpotify to trigger actions, such as...

4.3CVSS6.8AI score0.00436EPSS
Exploits1References1
Prion
Prion
added 2024/03/13 5:15 p.m.21 views

Race condition

A vulnerability in the Layer 2 Ethernet services of Cisco IOS XR Software could allow an unauthenticated, adjacent attacker to cause the line card network processor to reset, resulting in a denial of service DoS condition. This vulnerability is due to the incorrect handling of specific Ethernet...

3.3CVSS7.1AI score0.00328EPSS
Exploits0References1
Prion
Prion
added 2024/03/13 5:15 p.m.16 views

Code injection

A vulnerability in the UDP forwarding code of Cisco IOS XR Software could allow an unauthenticated, adjacent attacker to bypass configured management plane protection policies and access the Simple Network Management Plane SNMP server of an affected device. This vulnerability is due to incorrect...

3.3CVSS7.3AI score0.0025EPSS
Exploits0References1
Prion
Prion
added 2024/03/13 5:15 p.m.26 views

Input validation

A vulnerability in the SSH client feature of Cisco IOS XR Software for Cisco 8000 Series Routers and Cisco Network Convergence System NCS 540 Series and 5700 Series Routers could allow an authenticated, local attacker to elevate privileges on an affected device. This vulnerability is due to...

4.3CVSS7AI score0.00194EPSS
Exploits0References1
Prion
Prion
added 2024/03/13 5:15 p.m.28 views

Design/Logic Flaw

A vulnerability in the DHCP version 4 DHCPv4 server feature of Cisco IOS XR Software could allow an unauthenticated, remote attacker to trigger a crash of the dhcpd process, resulting in a denial of service DoS condition. This vulnerability exists because certain DHCPv4 messages are improperly...

5CVSS7.4AI score0.0064EPSS
Exploits0References1
Prion
Prion
added 2024/03/13 5:15 p.m.18 views

Design/Logic Flaw

Dell PowerEdge Server BIOS and Dell Precision Rack BIOS contain an improper parameter initialization vulnerability. A local low privileged attacker could potentially exploit this vulnerability to read the contents of non-SMM stack memory...

1.7CVSS6.6AI score0.00169EPSS
Exploits0References1
Prion
Prion
added 2024/03/13 5:15 p.m.20 views

Race condition

Dell PowerEdge Server BIOS and Dell Precision Rack BIOS contain a TOCTOU race condition vulnerability. A local low privileged attacker could potentially exploit this vulnerability to gain access to otherwise unauthorized resources...

3.5CVSS7AI score0.00115EPSS
Exploits0References1
Prion
Prion
added 2024/03/13 5:15 p.m.17 views

Improper access control

A vulnerability in the access control list ACL processing on MPLS interfaces in the ingress direction of Cisco IOS XR Software could allow an unauthenticated, remote attacker to bypass a configured ACL. This vulnerability is due to improper assignment of lookup keys to internal interface contexts...

5CVSS7.3AI score0.00519EPSS
Exploits0References1
Prion
Prion
added 2024/03/13 5:15 p.m.20 views

Design/Logic Flaw

A vulnerability in the Secure Copy Protocol SCP and SFTP feature of Cisco IOS XR Software could allow an authenticated, local attacker to create or overwrite files in a system directory, which could lead to a denial of service DoS condition. The attacker would require valid user credentials to...

1.7CVSS7.1AI score0.00146EPSS
Exploits0References1
Prion
Prion
added 2024/03/13 5:15 p.m.17 views

Design/Logic Flaw

Dell PowerEdge Server BIOS and Dell Precision Rack BIOS contain an Improper SMM communication buffer verification vulnerability. A local low privileged attacker could potentially exploit this vulnerability leading to out-of-bound read/writes to SMRAM...

3.5CVSS7AI score0.00151EPSS
Exploits0References1
Prion
Prion
added 2024/03/13 5:15 p.m.22 views

Authorization

Missing Authorization vulnerability in Cool Plugins Cryptocurrency Widgets – Price Ticker & Coins List.This issue affects Cryptocurrency Widgets – Price Ticker & Coins List: from n/a through 2.6.8...

5.8CVSS7.2AI score0.00402EPSS
Exploits0References1
Prion
Prion
added 2024/03/13 5:15 p.m.17 views

Design/Logic Flaw

Dell PowerEdge Server BIOS and Dell Precision Rack BIOS contain an improper parameter initialization vulnerability. A local low privileged attacker could potentially exploit this vulnerability to read the contents of non-SMM stack memory...

1.7CVSS6.6AI score0.00203EPSS
Exploits0References1
Prion
Prion
added 2024/03/13 5:15 p.m.19 views

Design/Logic Flaw

A vulnerability in the PPP over Ethernet PPPoE termination feature of Cisco IOS XR Software for Cisco ASR 9000 Series Aggregation Services Routers could allow an unauthenticated, adjacent attacker to crash the pppma process, resulting in a denial of service DoS condition. This vulnerability is du...

3.3CVSS7.2AI score0.00336EPSS
Exploits0References1
Prion
Prion
added 2024/03/13 5:15 p.m.20 views

Cross site scripting

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in WP Codeus Advanced Sermons allows Reflected XSS.This issue affects Advanced Sermons: from n/a through 3.2...

6.8CVSS7.2AI score0.00397EPSS
Exploits0References1
Prion
Prion
added 2024/03/13 5:15 p.m.18 views

Improper access control

A vulnerability in the access control list ACL processing on Pseudowire interfaces in the ingress direction of Cisco IOS XR Software could allow an unauthenticated, remote attacker to bypass a configured ACL. This vulnerability is due to improper assignment of lookup keys to internal interface...

5CVSS7.3AI score0.00486EPSS
Exploits0References1
Total number of security vulnerabilities213680