Lucene search
K

213680 matches found

Prion
Prion
•added 2024/02/27 5:15 p.m.•15 views

Out-of-bounds

A vulnerability was found in Ctcms 2.1.2. It has been declared as critical. This vulnerability affects unknown code of the file ctcms/apps/controllers/admin/Upsys.php. The manipulation leads to unrestricted upload. The attack can be initiated remotely. The complexity of an attack is rather high...

4.6CVSS7.3AI score0.00597EPSS
Exploits0References3
Prion
Prion
•added 2024/02/27 5:15 p.m.•14 views

Information disclosure

Sensitive information disclosure due to insecure folder permissions. The following products are affected: Acronis Cyber Protect 16 Linux, Windows before build 37391...

1.7CVSS6.7AI score0.00157EPSS
Exploits0References1
Prion
Prion
•added 2024/02/27 5:15 p.m.•16 views

Cross site scripting

Stored cross-site scripting XSS vulnerability in unit name. The following products are affected: Acronis Cyber Protect 16 Linux, Windows before build 37391...

4.3CVSS5.9AI score0.00334EPSS
Exploits0References1
Prion
Prion
•added 2024/02/27 5:15 p.m.•14 views

Sql injection

A vulnerability was found in CodeAstro Membership Management System 1.0. It has been classified as critical. This affects an unknown part of the file /getmembershipamount.php. The manipulation of the argument membershipTypeId leads to sql injection. It is possible to initiate the attack remotely...

6.5CVSS7.7AI score0.00475EPSS
Exploits1References3
Prion
Prion
•added 2024/02/27 5:15 p.m.•31 views

Input validation

Improper input validation allows for header injection in MIME4J library when using MIME4J DOM for composing message. This can be exploited by an attacker to add unintended headers to MIME messages...

7.4AI score0.01082EPSS
Exploits0References2
Prion
Prion
•added 2024/02/27 5:15 p.m.•20 views

Sql injection

In the module "Import/Update Bulk Product from any Csv/Excel File Pro" baimporter up to version 1.1.28 from Buy Addons for PrestaShop, a guest can perform SQL injection in affected versions...

8.2AI score0.00574EPSS
Exploits0References2
Prion
Prion
•added 2024/02/27 5:15 p.m.•14 views

Cross site scripting

In the module "So Flexibilite" soflexibilite from Common-Services for PrestaShop 4.1.26, a guest authenticated customer can perform Cross Site Scripting XSS injection...

6.7AI score0.00385EPSS
Exploits1References2
Prion
Prion
•added 2024/02/27 5:15 p.m.•19 views

Design/Logic Flaw

In the module "Product Catalog CSV, Excel Import" simpleimportproduct = 6.7.0 from MyPrestaModules for PrestaShop, a guest can upload files with extensions .php...

7.3AI score0.00789EPSS
Exploits1References2
Prion
Prion
•added 2024/02/27 5:15 p.m.•19 views

Sql injection

A vulnerability was found in SourceCodester Free and Open Source Inventory Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /app/ajax/searchsalesreport.php. The manipulation of the argument customer leads to sql injection. The attack may...

6.5CVSS7.7AI score0.00634EPSS
Exploits1References3
Prion
Prion
•added 2024/02/27 5:15 p.m.•22 views

Xxe

XML External Entity injection in apache ambari versions = 2.7.7, Users are recommended to upgrade to version 2.7.8, which fixes this issue. More Details: Oozie Workflow Scheduler had a vulnerability that allowed for root-level file reading and privilege escalation from low-privilege users. The...

7.9AI score0.00865EPSS
Exploits0References2
Prion
Prion
•added 2024/02/27 4:15 p.m.•14 views

Memory corruption

Atheme 7.2.12 contains a memory leak vulnerability in /atheme/src/crypto-benchmark/main.c...

7.1AI score0.00744EPSS
Exploits1References1
Prion
Prion
•added 2024/02/27 4:15 p.m.•21 views

Sql injection

Subrion CMS 4.2.1 is vulnerable to SQL Injection via ia.core.mysqli.php...

8.7AI score0.00654EPSS
Exploits1References3
Prion
Prion
•added 2024/02/27 4:15 p.m.•13 views

Design/Logic Flaw

Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none...

6.8AI score
Exploits0
Prion
Prion
•added 2024/02/27 4:15 p.m.•22 views

Cross site scripting

A vulnerability has been found in SourceCodester Online Job Portal 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /Employer/ManageJob.php of the component Manage Job Page. The manipulation of the argument Qualification/Description leads t...

4CVSS6.5AI score0.00515EPSS
Exploits1References4
Prion
Prion
•added 2024/02/27 4:15 p.m.•15 views

Race condition

In Srelay the SOCKS proxy and Relay v.0.4.8p3, a specially crafted network payload can trigger a denial of service condition and disrupt the service...

7.3AI score0.00746EPSS
Exploits1References2
Prion
Prion
•added 2024/02/27 4:15 p.m.•18 views

Design/Logic Flaw

Rails is a web-application framework. Starting in version 7.1.0, there is a possible ReDoS vulnerability in the Accept header parsing routines of Action Dispatch. This vulnerability is patched in 7.1.3.1. Ruby 3.2 has mitigations for this problem, so Rails applications using Ruby 3.2 or newer are...

5CVSS7AI score0.01498EPSS
Exploits0References4
Prion
Prion
•added 2024/02/27 4:15 p.m.•27 views

Design/Logic Flaw

Rails is a web-application framework. There is a possible XSS vulnerability when using the translation helpers in Action Controller. Applications using translation methods like translate, or t on a controller, with a key ending in "html", a :default key which contains untrusted user input, and th...

5.8CVSS6.1AI score0.01034EPSS
Exploits1References5
Prion
Prion
•added 2024/02/27 4:15 p.m.•16 views

Sql injection

A vulnerability was found in SourceCodester Simple Student Attendance System 1.0 and classified as critical. Affected by this issue is the function deleteclass/deletestudent of the file /ajax-api.php of the component List of Classes Page. The manipulation of the argument id with the input...

6.5CVSS6.8AI score0.00829EPSS
Exploits1References3
Prion
Prion
•added 2024/02/27 4:15 p.m.•17 views

Information disclosure

Rails is a web-application framework. Starting with version 5.2.0, there is a possible sensitive session information leak in Active Storage. By default, Active Storage sends a Set-Cookie header along with the user's session cookie when serving blobs. It also sets Cache-Control to public. Certain...

5CVSS6.5AI score0.01119EPSS
Exploits0References5
Prion
Prion
•added 2024/02/27 4:15 p.m.•17 views

Cross site scripting

Subrion CMS 4.2.1 is vulnerable to Cross Site Scripting XSS via adminer.php...

6.5AI score0.00345EPSS
Exploits0References1
Prion
Prion
•added 2024/02/27 4:15 p.m.•29 views

Authentication flaw

In OpenEdge Authentication Gateway and AdminServer prior to 11.7.19, 12.2.14, 12.8.1 on all platforms supported by the OpenEdge product, an authentication bypass vulnerability has been identified. The vulnerability is a bypass to authentication based on a failure to properly handle username and...

7.5CVSS7.5AI score0.03272EPSS
Exploits1References2
Prion
Prion
•added 2024/02/27 3:15 p.m.•14 views

Design/Logic Flaw

ZenML Server in the ZenML machine learning package before 0.46.7 for Python allows remote privilege escalation because the /api/v1/users/usernameorid/activate REST API endpoint allows access on the basis of a valid username along with a new password in the request body. These are also patched...

7.8AI score0.70581EPSS
Exploits1References5
Prion
Prion
•added 2024/02/27 3:15 p.m.•23 views

Design/Logic Flaw

A vulnerability, which was classified as critical, was found in osuuu LightPicture up to 1.2.2. Affected is an unknown function of the file /app/controller/Setup.php. The manipulation leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been disclosed to the...

5.8CVSS7.2AI score0.00607EPSS
Exploits0References3
Prion
Prion
•added 2024/02/27 3:15 p.m.•12 views

Cross site request forgery (csrf)

Rejected reason: Accidental Request...

7.2AI score
Exploits0
Prion
Prion
•added 2024/02/27 3:15 p.m.•10 views

Memory corruption

libLAS 1.8.1 contains a memory leak vulnerability in /libLAS/apps/ts2las.cpp...

7.1AI score0.01158EPSS
Exploits1References3
Prion
Prion
•added 2024/02/27 3:15 p.m.•24 views

Remote code execution

UNSUPPORTED WHEN ASSIGNED Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Aurora. An endpoint exposing internals to unauthenticated users can be used as a "padding oracle" allowing an anonymous attacker to construct a valid authentication cookie. Potentially thi...

8.1AI score0.01471EPSS
Exploits0References2
Prion
Prion
•added 2024/02/27 2:15 p.m.•16 views

Design/Logic Flaw

Enable exports of the database and associated exported information of the system via the default user role. The attacked would have to have been granted access to the system prior to the attack. It is worth noting that the deterministic nature of the export name is lower risk as the UI for...

5.5CVSS7.2AI score0.00562EPSS
Exploits1References2
Prion
Prion
•added 2024/02/27 2:15 p.m.•31 views

Design/Logic Flaw

Apache James prior to versions 3.8.1 and 3.7.5 is vulnerable to SMTP smuggling. A lenient behaviour in line delimiter handling might create a difference of interpretation between the sender and the receiver which can be exploited by an attacker to forge an SMTP envelop, allowing for instance to...

7AI score0.01045EPSS
Exploits0References4
Prion
Prion
•added 2024/02/27 2:15 p.m.•22 views

Hardcoded credentials

A vulnerability, which was classified as critical, has been found in osuuu LightPicture up to 1.2.2. This issue affects the function handle of the file /app/middleware/TokenVerify.php. The manipulation leads to use of hard-coded cryptographic key . The attack may be initiated remotely. The...

5.1CVSS7.1AI score0.00748EPSS
Exploits0References3
Prion
Prion
•added 2024/02/27 2:15 p.m.•24 views

Input validation

Improper initialization of default settings in TeamViewer Remote Client prior version 15.51.5 for Windows, Linux and macOS, allow a low privileged user to elevate privileges by changing the personal password setting and establishing a remote connection to a logged-in admin account...

4.1CVSS7.7AI score0.00196EPSS
Exploits0References1
Prion
Prion
•added 2024/02/27 2:15 p.m.•12 views

Cross site scripting

A vulnerability classified as problematic was found in SourceCodester Online Job Portal 1.0. This vulnerability affects unknown code of the file /Employer/ManageWalkin.php of the component Manage Walkin Page. The manipulation of the argument Job Title leads to cross site scripting. The attack can...

4CVSS6.6AI score0.00546EPSS
Exploits1References3
Prion
Prion
•added 2024/02/27 1:15 p.m.•18 views

Out-of-bounds

A vulnerability has been found in Beijing Baichuo Smart S42 Management Platform up to 20240219 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /useratte/userattestation.php. The manipulation of the argument hidwel leads to unrestricted upload. Th...

5.8CVSS7AI score0.02333EPSS
Exploits0References3
Prion
Prion
•added 2024/02/27 1:15 p.m.•19 views

Design/Logic Flaw

A flaw in the installer for Thales SafeNet Sentinel HASP LDK prior to 9.16 on Windows allows an attacker to escalate their privilege level via local access...

4.4CVSS7.1AI score0.00433EPSS
Exploits1References1
Prion
Prion
•added 2024/02/27 11:15 a.m.•14 views

Authentication flaw

A flaw in the Windows Installer in Thales SafeNet Authentication Client prior to 10.8 R10 on Windows allows an attacker to escalate their privilege level via local access...

4.4CVSS7.2AI score0.00173EPSS
Exploits0References1
Prion
Prion
•added 2024/02/27 11:15 a.m.•20 views

Cross site request forgery (csrf)

The Categorify plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.7.4. This is due to missing or incorrect nonce validation on the categorifyAjaxDeleteCategory function. This makes it possible for unauthenticated attackers to delete categori...

4.3CVSS6.7AI score0.00202EPSS
Exploits0References2
Prion
Prion
•added 2024/02/27 11:15 a.m.•11 views

Design/Logic Flaw

The Categorify plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the categorifyAjaxRenameCategory function in all versions up to, and including, 1.0.7.4. This makes it possible for authenticated attackers, with subscriber-level access and...

4CVSS6.7AI score0.0034EPSS
Exploits0References2
Prion
Prion
•added 2024/02/27 11:15 a.m.•25 views

Cross site request forgery (csrf)

The Categorify plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.7.4. This is due to missing or incorrect nonce validation on the categorifyAjaxAddCategory function. This makes it possible for unauthenticated attackers to add categories via...

4.3CVSS6.7AI score0.00204EPSS
Exploits0References2
Prion
Prion
•added 2024/02/27 11:15 a.m.•17 views

Cross site request forgery (csrf)

The Categorify plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.7.4. This is due to missing or incorrect nonce validation on the categorifyAjaxClearCategory function. This makes it possible for unauthenticated attackers to clear categories...

4.3CVSS6.7AI score0.00202EPSS
Exploits0References2
Prion
Prion
•added 2024/02/27 11:15 a.m.•14 views

Design/Logic Flaw

The Categorify plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the categorifyAjaxDeleteCategory function in all versions up to, and including, 1.0.7.4. This makes it possible for authenticated attackers, with subscriber-level access and...

4CVSS6.7AI score0.0034EPSS
Exploits0References2
Prion
Prion
•added 2024/02/27 11:15 a.m.•16 views

Design/Logic Flaw

The Categorify plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the categorifyAjaxUpdateFolderPosition in all versions up to, and including, 1.0.7.4. This makes it possible for authenticated attackers, with subscriber-level access and...

4CVSS6.8AI score0.0034EPSS
Exploits0References2
Prion
Prion
•added 2024/02/27 11:15 a.m.•16 views

Authentication flaw

A flaw in Thales SafeNet Authentication Client prior to 10.8 R10 on Windows allows an attacker to execute code at a SYSTEM level via local access...

4.4CVSS7.3AI score0.00341EPSS
Exploits0References1
Prion
Prion
•added 2024/02/27 11:15 a.m.•18 views

Design/Logic Flaw

The Categorify plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the categorifyAjaxClearCategory function in all versions up to, and including, 1.0.7.4. This makes it possible for authenticated attackers, with subscriber-level access and...

4CVSS6.7AI score0.0034EPSS
Exploits0References2
Prion
Prion
•added 2024/02/27 11:15 a.m.•22 views

Cross site request forgery (csrf)

The Categorify plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.7.4. This is due to missing or incorrect nonce validation on the categorifyAjaxRenameCategory function. This makes it possible for unauthenticated attackers to rename categori...

4.3CVSS6.7AI score0.00202EPSS
Exploits0References2
Prion
Prion
•added 2024/02/27 11:15 a.m.•17 views

Cross site request forgery (csrf)

The Categorify plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.7.4. This is due to missing or incorrect nonce validation on the categorifyAjaxUpdateFolderPosition function. This makes it possible for unauthenticated attackers to update th...

4.3CVSS6.7AI score0.00202EPSS
Exploits0References2
Prion
Prion
•added 2024/02/27 10:15 a.m.•22 views

Spoofing

In the Linux kernel, the following vulnerability has been resolved: locking/qrwlock: Fix ordering in queuedwritelockslowpath While this code is executed with the waitlock held, a reader can acquire the lock without holding waitlock. The writer side loops checking the value with the...

7.1AI score0.00228EPSS
Exploits0References5
Prion
Prion
•added 2024/02/27 10:15 a.m.•13 views

Spoofing

In the Linux kernel, the following vulnerability has been resolved: binder: fix asyncfreespace accounting for empty parcels In 4.13, commit 74310e06be4d "android: binder: Move buffer out of area shared with user space" fixed a kernel structure visibility issue. As part of that patch, sizeofvoid w...

7.1AI score0.00229EPSS
Exploits0References6
Prion
Prion
•added 2024/02/27 10:15 a.m.•9 views

Design/Logic Flaw

In the Linux kernel, the following vulnerability has been resolved: sctp: use callrcu to free endpoint This patch is to delay the endpoint free by calling callrcu to fix another use-after-free issue in sctpsockdump: BUG: KASAN: use-after-free in lockacquire+0x36d9/0x4c20 Call Trace:...

7.2AI score0.00248EPSS
Exploits0References6
Prion
Prion
•added 2024/02/27 10:15 a.m.•19 views

Spoofing

In the Linux kernel, the following vulnerability has been resolved: i2c: validate user data in compat ioctl Wrong user data may cause warning in i2ctransfer, ex: zero msgs. Userspace should not be able to trigger warnings, so this patch adds validation checks for user data in compact ioctl to...

7AI score0.00233EPSS
Exploits0References5
Prion
Prion
•added 2024/02/27 10:15 a.m.•23 views

Spoofing

In the Linux kernel, the following vulnerability has been resolved: NFC: st21nfca: Fix memory leak in device probe and remove 'phy-pendingskb' is alloced when device probe, but forgot to free in the error handling path and remove path, this cause memory leak as follows: unreferenced object...

7AI score0.00226EPSS
Exploits0References6
Prion
Prion
•added 2024/02/27 10:15 a.m.•18 views

Stack overflow

In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: Wrap the tx reporter dump callback to extract the sq Function mlx5etxreporterdumpsq casts its void argument to struct mlx5etxqsq , but in TX-timeout-recovery flow the argument is actually of type struct mlx5etxtimeoutc...

7.2AI score0.00243EPSS
Exploits0References3
Total number of security vulnerabilities213680