Lucene search
K

213680 matches found

Prion
Prion
added 2024/02/26 4:27 p.m.31 views

Null pointer dereference

In the Linux kernel, the following vulnerability has been resolved: thermal: core: Fix NULL pointer dereference in zone registration error path If deviceregister in thermalzonedeviceregisterwithtrips returns an error, the tz variable is set to NULL and subsequently dereferenced in kfreetz-tzp...

7.1AI score0.00272EPSS
Exploits0References3
Prion
Prion
added 2024/02/26 4:27 p.m.26 views

Sql injection

A vulnerability was found in SourceCodester Employee Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /cancel.php. The manipulation of the argument id with the input 1%20or%201=1 leads to sql injection. The attack can ...

6.5CVSS7.7AI score0.00628EPSS
Exploits0References3
Prion
Prion
added 2024/02/26 4:27 p.m.15 views

Unrestricted file upload

Unrestricted Upload of File with Dangerous Type vulnerability in bPlugins LLC Icons Font Loader.This issue affects Icons Font Loader: from n/a through 1.1.4...

5.8CVSS7.2AI score0.00603EPSS
Exploits0References1
Prion
Prion
added 2024/02/26 4:27 p.m.15 views

Authentication flaw

A vulnerability has been identified in armeria-saml versions less than 1.27.2, allowing the use of malicious SAML messages to bypass authentication. All users who rely on armeria-saml older than version 1.27.2 must upgrade to 1.27.2 or later...

6.4CVSS7AI score0.00834EPSS
Exploits0References1
Prion
Prion
added 2024/02/26 4:27 p.m.22 views

Design/Logic Flaw

Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Prior to versions 6.0.16 and 7.0.3, an attacker can craft traffic to cause Suricata to use far more CPU and memory for processing the traffic than needed, which can lead to extrem...

5CVSS7AI score0.01164EPSS
Exploits0References19
Prion
Prion
added 2024/02/26 4:27 p.m.17 views

Spoofing

In the Linux kernel, the following vulnerability has been resolved: class: fix use-after-free in classregister The lockclasskey is still registered and can be found in lockkeyshash hlist after subsysprivate is freed in error handler path.A task who iterate over the lockkeyshash later may cause...

7.1AI score0.00275EPSS
Exploits0References3
Prion
Prion
added 2024/02/26 4:27 p.m.29 views

Spoofing

In the Linux kernel, the following vulnerability has been resolved: net: hso: fix null-ptr-deref during tty device unregistration Multiple ttys try to claim the same the minor number causing a double unregistration of the same device. The first unregistration succeeds but the next one results in ...

7.1AI score0.00256EPSS
Exploits0References8
Prion
Prion
added 2024/02/26 4:27 p.m.14 views

Cross site scripting

A DOM based cross-site scripting XSS vulnerability in the component generator.html of tabatkins/railroad-diagrams before commit ea9a123 allows attackers to execute arbitrary Javascript via sending a crafted URL...

6.2AI score0.00429EPSS
Exploits0References1
Prion
Prion
added 2024/02/26 4:27 p.m.33 views

Information disclosure

IBM Cognos Analytics 11.1.7, 11.2.4, and 12.0.0 could be vulnerable to information leakage due to unverified sources in messages sent between Windows objects of different origins. IBM X-Force ID: 254290...

5CVSS6.3AI score0.00422EPSS
Exploits0References2
Prion
Prion
added 2024/02/26 4:27 p.m.28 views

Design/Logic Flaw

IBM Cognos Analytics 11.1.7, 11.2.4, and 12.0.0 is vulnerable to form action hijacking where it is possible to modify the form action to reference an arbitrary path. IBM X-Force ID: 255898...

4.3CVSS6.6AI score0.0038EPSS
Exploits0References2
Prion
Prion
added 2024/02/26 4:27 p.m.19 views

Cross site request forgery (csrf)

Cross-Site Request Forgery vulnerability in SMA Cluster Controller, affecting version 01.05.01.R. This vulnerability could allow an attacker to send a malicious link to an authenticated user to perform actions with these user permissions on the affected device...

6.8CVSS6.9AI score0.00305EPSS
Exploits0References1
Prion
Prion
added 2024/02/26 4:27 p.m.14 views

Sql injection

A vulnerability was found in SourceCodester Employee Management System 1.0. It has been classified as critical. Affected is an unknown function of the file /psubmit.php. The manipulation of the argument pid with the input '+or+1%3d1%23 leads to sql injection. It is possible to launch the attack...

7.5CVSS7.7AI score0.00729EPSS
Exploits0References3
Prion
Prion
added 2024/02/26 4:27 p.m.23 views

Code injection

Exposure of sensitive data by by crafting a malicious EventFactory and providing a custom ExchangeCreatedEvent that exposes sensitive data. Vulnerability in Apache Camel.This issue affects Apache Camel: from 3.21.X through 3.21.3, from 3.22.X through 3.22.0, from 4.0.X through 4.0.3, from 4.X...

1.2CVSS7AI score0.00695EPSS
Exploits0References1
Prion
Prion
added 2024/02/26 4:27 p.m.37 views

Null pointer dereference

In the Linux kernel, the following vulnerability has been resolved: mfd: syscon: Fix null pointer dereference in ofsysconregister kasprintf returns a pointer to dynamically allocated memory which can be NULL upon failure...

7.1AI score0.00278EPSS
Exploits0References6
Prion
Prion
added 2024/02/26 4:27 p.m.16 views

Command injection

Splinefont in FontForge through 20230101 allows command injection via crafted archives or compressed files...

8AI score0.0187EPSS
Exploits2References3
Prion
Prion
added 2024/02/26 4:27 p.m.13 views

Path traversal

In Indo-Sol PROFINET-INspektor NT through 2.4.0, a path traversal vulnerability in the httpuploadd service of the firmware allows remote attackers to write to arbitrary files via a crafted filename parameter in requests to the /upload endpoint...

7.5AI score0.00664EPSS
Exploits0References2
Prion
Prion
added 2024/02/26 4:27 p.m.23 views

Design/Logic Flaw

In the Linux kernel, the following vulnerability has been resolved: drivers/amd/pm: fix a use-after-free in kvparsepowertable When ps allocated by kzalloc equals to NULL, kvparsepowertable frees adev-pm.dpm.ps that allocated before. However, after the control flow goes through the following call...

7.3AI score0.00291EPSS
Exploits0References8
Prion
Prion
added 2024/02/24 5:15 a.m.26 views

Null pointer dereference

Versions of the package fastecdsa before 2.3.2 are vulnerable to Use of Uninitialized Variable on the stack, via the curvemathmul function in src/curveMath.c, due to being used and interpreted as user-defined type. Depending on the variable's actual value it could be arbitrary free, arbitrary...

5CVSS7.2AI score0.01025EPSS
Exploits1References4
Prion
Prion
added 2024/02/24 5:15 a.m.16 views

Cross site scripting

The Archivist – Custom Archive Templates plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘shortcodeattributes' parameter in all versions up to, and including, 1.7.5 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated...

5.8CVSS6.6AI score0.00378EPSS
Exploits0References2
Prion
Prion
added 2024/02/24 5:15 a.m.21 views

Design/Logic Flaw

Versions of the package sanitize-html before 2.12.1 are vulnerable to Information Exposure when used on the backend and with the style attribute allowed, allowing enumeration of files in the system including project dependencies. An attacker could exploit this vulnerability to gather details abou...

5CVSS6.9AI score0.01018EPSS
Exploits1References6
Prion
Prion
added 2024/02/24 12:15 a.m.22 views

Improper access control

Improper access control vulnerability has been identified in the SMA100 SSL-VPN virtual office portal, which in specific conditions could potentially enable a remote authenticated attacker to associate another user's MFA mobile application...

6.5CVSS7AI score0.00433EPSS
Exploits0References1
Prion
Prion
added 2024/02/23 11:15 p.m.21 views

Sql injection

SQL Injection vulnerability in CRMEB crmebjava v.1.3.4 and before allows a remote attacker to obtain sensitive information via the latitude and longitude parameters in the api/front/store/list component...

8.1AI score0.00786EPSS
Exploits1References2
Prion
Prion
added 2024/02/23 11:15 p.m.26 views

Information disclosure

Microsoft Edge Chromium-based Information Disclosure Vulnerability...

5.8CVSS7.1AI score0.0152EPSS
Exploits0References1
Prion
Prion
added 2024/02/23 11:15 p.m.20 views

Design/Logic Flaw

An issue in zkteco zkbio WDMS v.8.0.5 allows an attacker to execute arbitrary code via the /files/backup/ component...

8.3AI score0.00815EPSS
Exploits0References2
Prion
Prion
added 2024/02/23 11:15 p.m.27 views

Spoofing

Microsoft Edge Chromium-based Spoofing Vulnerability...

4.3CVSS7.2AI score0.00826EPSS
Exploits0References1
Prion
Prion
added 2024/02/23 11:15 p.m.23 views

Hardcoded credentials

Insecure AES key in Yealink Configuration Encrypt Tool below verrsion 1.2. A single, vendorwide, hardcoded AES key in the configuration tool used to encrypt provisioning documents was leaked leading to a compromise of confidentiality of provisioning documents...

7.2AI score0.01025EPSS
Exploits1References1
Prion
Prion
added 2024/02/23 10:15 p.m.11 views

Sql injection

In the module "Generate barcode on invoice / delivery slip" ecgeneratebarcode from Ether Creation = 1.2.0 for PrestaShop, a guest can perform SQL injection...

8.6AI score0.00499EPSS
Exploits0References2
Prion
Prion
added 2024/02/23 10:15 p.m.16 views

Information disclosure

Microsoft Edge Chromium-based Information Disclosure Vulnerability...

4CVSS7.1AI score0.00585EPSS
Exploits0References1
Prion
Prion
added 2024/02/23 10:15 p.m.14 views

Design/Logic Flaw

Insufficient sanitization in MLflow leads to XSS when running an untrusted recipe. This issue leads to a client-side RCE when running an untrusted recipe in Jupyter Notebook. The vulnerability stems from lack of sanitization over template variables...

5.1CVSS7.1AI score0.00871EPSS
Exploits1References2
Prion
Prion
added 2024/02/23 10:15 p.m.13 views

Design/Logic Flaw

Insufficient sanitization in MLflow leads to XSS when running a recipe that uses an untrusted dataset. This issue leads to a client-side RCE when running the recipe in Jupyter Notebook. The vulnerability stems from lack of sanitization over dataset table fields...

5.1CVSS7.1AI score0.00651EPSS
Exploits1References2
Prion
Prion
added 2024/02/23 10:15 p.m.15 views

Design/Logic Flaw

In the module "Survey TMA" ecomizsurveytma up to version 2.0.0 from Ecomiz for PrestaShop, a guest can download personal information without restriction...

7.1AI score0.00581EPSS
Exploits0References2
Prion
Prion
added 2024/02/23 10:15 p.m.17 views

Design/Logic Flaw

Hitron CODA-4582 and CODA-4589 devices have default PSKs that are generated from 5-digit hex values concatenated with a "Hitron" substring, resulting in insufficient entropy only about one million possibilities...

7.5AI score0.00864EPSS
Exploits0References7
Prion
Prion
added 2024/02/23 9:15 p.m.10 views

Open redirect

Rejected reason: This is unused...

6.8AI score
Exploits0
Prion
Prion
added 2024/02/23 9:15 p.m.13 views

Open redirect

Rejected reason: This is unused...

6.8AI score
Exploits0
Prion
Prion
added 2024/02/23 9:15 p.m.11 views

Open redirect

Rejected reason: This is unused...

6.8AI score
Exploits0
Prion
Prion
added 2024/02/23 9:15 p.m.13 views

Open redirect

Rejected reason: This is unused...

6.8AI score
Exploits0
Prion
Prion
added 2024/02/23 9:15 p.m.19 views

Open redirect

Rejected reason: This is unused...

6.8AI score0.00546EPSS
Exploits0
Prion
Prion
added 2024/02/23 9:15 p.m.16 views

Open redirect

Rejected reason: This is unused...

6.8AI score
Exploits0
Prion
Prion
added 2024/02/23 9:15 p.m.14 views

Open redirect

Rejected reason: This is unused...

6.8AI score
Exploits0
Prion
Prion
added 2024/02/23 9:15 p.m.13 views

Open redirect

Rejected reason: This is unused...

6.8AI score
Exploits0
Prion
Prion
added 2024/02/23 9:15 p.m.19 views

Open redirect

Rejected reason: This is unused...

6.8AI score
Exploits0
Prion
Prion
added 2024/02/23 9:15 p.m.14 views

Open redirect

Rejected reason: This is unused...

6.8AI score
Exploits0
Prion
Prion
added 2024/02/23 9:15 p.m.12 views

Open redirect

Rejected reason: This is unused...

6.8AI score
Exploits0
Prion
Prion
added 2024/02/23 9:15 p.m.13 views

Open redirect

Rejected reason: This is unused...

6.8AI score
Exploits0
Prion
Prion
added 2024/02/23 9:15 p.m.15 views

Open redirect

Rejected reason: This is unused...

6.8AI score
Exploits0
Prion
Prion
added 2024/02/23 9:15 p.m.12 views

Open redirect

Rejected reason: This is unused...

6.8AI score
Exploits0
Prion
Prion
added 2024/02/23 9:15 p.m.11 views

Open redirect

Rejected reason: This is unused...

6.8AI score
Exploits0
Prion
Prion
added 2024/02/23 9:15 p.m.19 views

Open redirect

Rejected reason: This is unused...

6.8AI score
Exploits0
Prion
Prion
added 2024/02/23 9:15 p.m.13 views

Open redirect

Rejected reason: This is unused...

6.8AI score
Exploits0
Prion
Prion
added 2024/02/23 9:15 p.m.14 views

Open redirect

Rejected reason: This is unused...

6.8AI score
Exploits0
Total number of security vulnerabilities213680