Lucene search
K

213680 matches found

Prion
Prion
added 2024/02/22 3:15 p.m.12 views

Command injection

Netis WF2780 v2.1.40144 was discovered to contain a command injection vulnerability via the configsequence parameter in otherpara of cgitest.cgi...

8.4AI score0.01936EPSS
Exploits1References2
Prion
Prion
added 2024/02/22 3:15 p.m.16 views

Command injection

Netis WF2780 v2.1.40144 was discovered to contain a command injection vulnerability via the wpsapssid5g parameter...

8.4AI score0.19074EPSS
Exploits1References2
Prion
Prion
added 2024/02/22 3:15 p.m.16 views

Cross site scripting

Utilizing a 302 redirect, an attacker could have conducted a Universal Cross-Site Scripting UXSS on a victim website, if the victim had a link to the attacker's website. This vulnerability affects Focus for iOS 123...

6.3AI score0.00324EPSS
Exploits1References2
Prion
Prion
added 2024/02/22 2:15 p.m.13 views

Cross site request forgery (csrf)

flusity-CMS v2.33 was discovered to contain a Cross-Site Request Forgery CSRF via the component /core/tools/addplaces.php...

7.9AI score0.00335EPSS
Exploits1References1
Prion
Prion
added 2024/02/22 2:15 p.m.13 views

Cross site request forgery (csrf)

Flusity-CMS v2.33 was discovered to contain a Cross-Site Request Forgery CSRF via the component /cover/addons/infomediagallery/action/editaddonpost.php...

7.8AI score0.00296EPSS
Exploits0References1
Prion
Prion
added 2024/02/22 2:15 p.m.14 views

Cross site request forgery (csrf)

flusity-CMS v2.33 was discovered to contain a Cross-Site Request Forgery CSRF via the component /core/tools/updatecontactformsettings.php...

7.9AI score0.00328EPSS
Exploits1References1
Prion
Prion
added 2024/02/22 2:15 p.m.16 views

Cross site request forgery (csrf)

flusity-CMS v2.33 was discovered to contain a Cross-Site Request Forgery CSRF via the component /core/tools/deletetranslation.php...

7.9AI score0.00303EPSS
Exploits1References1
Prion
Prion
added 2024/02/22 2:15 p.m.9 views

Design/Logic Flaw

Enhavo v0.13.1 was discovered to contain an HTML injection vulnerability in the Author text field under the Blockquote module. This vulnerability allows attackers to execute arbitrary code via a crafted payload...

8.6AI score0.00482EPSS
Exploits1References2
Prion
Prion
added 2024/02/22 2:15 p.m.19 views

Cross site scripting

A cross-site scripting XSS vulnerability in the Header module of Enhavo CMS v0.13.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Title text field...

6.1AI score0.00443EPSS
Exploits1References2
Prion
Prion
added 2024/02/22 2:15 p.m.13 views

Cross site scripting

A cross-site scripting XSS vulnerability in the Header module of Enhavo CMS v0.13.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Undertitle text field...

6.1AI score0.00424EPSS
Exploits1References2
Prion
Prion
added 2024/02/22 2:15 p.m.7 views

Cross site request forgery (csrf)

flusity-CMS v2.33 was discovered to contain a Cross-Site Request Forgery CSRF via the component /core/tools/deleteplace.php...

7.9AI score0.0022EPSS
Exploits1References1
Prion
Prion
added 2024/02/22 2:15 p.m.10 views

Cross site request forgery (csrf)

flusity-CMS v2.33 was discovered to contain a Cross-Site Request Forgery CSRF via the component /core/tools/updateplace.php...

7.9AI score0.00196EPSS
Exploits0References1
Prion
Prion
added 2024/02/22 2:15 p.m.10 views

Cross site scripting

A cross-site scripting XSS vulnerability in the New/Edit Article module of Enhavo CMS v0.13.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Create Tag text field...

6.1AI score0.00397EPSS
Exploits1References2
Prion
Prion
added 2024/02/22 1:15 p.m.22 views

Design/Logic Flaw

A flaw was found in Open vSwitch where multiple versions are vulnerable to crafted Geneve packets, which may result in a denial of service and invalid memory accesses. Triggering this issue requires that hardware offloading via the netlink path is enabled...

5CVSS6.8AI score0.01033EPSS
Exploits0References2
Prion
Prion
added 2024/02/22 12:15 p.m.11 views

Open redirect

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority...

7.4AI score
Exploits0
Prion
Prion
added 2024/02/22 12:15 p.m.13 views

Design/Logic Flaw

An unauthenticated remote attacker can bypass the brute force prevention mechanism and disturb the webservice for all users...

5CVSS7.7AI score0.00745EPSS
Exploits0References1
Prion
Prion
added 2024/02/22 12:15 p.m.27 views

Code injection

IBM AIX 7.3, VIOS 4.1's Perl implementation could allow a non-privileged local user to exploit a vulnerability to execute arbitrary commands. IBM X-Force ID: 281320...

4.6CVSS7.3AI score0.00269EPSS
Exploits0References2
Prion
Prion
added 2024/02/22 11:15 a.m.12 views

Code injection

B&R Automation Studio Upgrade Service and B&R Technology Guarding use insufficient cryptography for communication to the upgrade and the licensing servers. A network-based attacker could exploit the vulnerability to execute arbitrary code on the products or sniff sensitive data. Missing Encryptio...

5.1CVSS8.4AI score0.00364EPSS
Exploits0References1
Prion
Prion
added 2024/02/22 10:15 a.m.17 views

Null pointer dereference

A null pointer dereference in Fortinet FortiOS version 7.2.0 through 7.2.4, 7.0.0 through 7.0.11, 6.4.0 through 6.4.12, Fortiproxy version 7.2.0 through 7.2.4, 7.0.0 through 7.0.10 allows attacker to denial of service via specially crafted HTTP requests...

4CVSS7AI score0.02454EPSS
Exploits0References1
Prion
Prion
added 2024/02/22 10:15 a.m.18 views

Format string

A use of externally-controlled format string in Fortinet FortiOS 7.2.0 through 7.2.4, 7.0.0 through 7.0.11, 6.4.0 through 6.4.12, 6.2.0 through 6.2.14, 6.0.0 through 6.0.16, FortiProxy 7.2.0 through 7.2.4, 7.0.0 through 7.0.10, 2.0.0 through 2.0.12, 1.2.0 through 1.2.13, 1.1.0 through 1.1.6, 1.0....

6.5CVSS7.7AI score0.00724EPSS
Exploits0References1
Prion
Prion
added 2024/02/22 10:15 a.m.28 views

Race condition

Concurrent Execution using Shared Resource with Improper Synchronization 'Race Condition' vulnerability in Apache Answer.This issue affects Apache Answer: through 1.2.1. Repeated submission during registration resulted in the registration of the same user. When users register, if they rapidly...

6.9AI score0.00895EPSS
Exploits0References2
Prion
Prion
added 2024/02/22 10:15 a.m.28 views

Unrestricted file upload

Unrestricted Upload of File with Dangerous Type vulnerability in Apache Answer.This issue affects Apache Answer: through 1.2.1. Pixel Flood Attack by uploading large pixel files will cause server out of memory. A logged-in user can cause such an attack by uploading an image when posting content...

6.7AI score0.0248EPSS
Exploits1References2
Prion
Prion
added 2024/02/22 10:15 a.m.20 views

Null pointer dereference

A null pointer dereference in Fortinet FortiOS version 7.2.0 through 7.2.4, 7.0.0 through 7.0.11, 6.4.0 through 6.4.12, 6.2.0 through 6.2.14, 6.0.0 through 6.0.16, FortiProxy 7.2.0 through 7.2.3, 7.0.0 through 7.0.10, 2.0.0 through 2.0.12, 1.2.0 through 1.2.13, 1.1.0 through 1.1.6, 1.0.0 through...

5CVSS7AI score0.0261EPSS
Exploits0References1
Prion
Prion
added 2024/02/22 10:15 a.m.32 views

Cross site scripting

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Apache Answer.This issue affects Apache Answer: through 1.2.1. XSS attack when user enters summary. A logged-in user, when modifying their own submitted question, can input malicious code in the...

6.9AI score0.01073EPSS
Exploits0References2
Prion
Prion
added 2024/02/22 6:15 a.m.27 views

Design/Logic Flaw

The Event Tickets and Registration plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'email' action in all versions up to, and including, 5.8.1. This makes it possible for authenticated attackers, with contributor-level access and above, to...

4CVSS4.4AI score0.00396EPSS
Exploits0References2
Prion
Prion
added 2024/02/22 6:15 a.m.24 views

Cross site scripting

A cross-site scripting XSS vulnerability in the Addon JD Flusity 'Media Gallery with description' module of flusity-CMS v2.33 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Gallery name text field...

5.8AI score0.00436EPSS
Exploits1References1
Prion
Prion
added 2024/02/22 6:15 a.m.17 views

Cross site scripting

A cross-site scripting XSS vulnerability in the Addon JD Flusity 'Social block links' module of flusity-CMS v2.33 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Profile Name text field...

5.8AI score0.00413EPSS
Exploits1References1
Prion
Prion
added 2024/02/22 6:15 a.m.25 views

Cross site scripting

A cross-site scripting XSS vulnerability in the Addon JD Simple module of flusity-CMS v2.33 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Title text field...

5.8AI score0.00408EPSS
Exploits1References1
Prion
Prion
added 2024/02/22 6:15 a.m.17 views

Cross site scripting

The User Feedback – Create Interactive Feedback Form, User Surveys, and Polls in Seconds plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'pagesubmitted' 'link' value in all versions up to, and including, 1.0.13 due to insufficient input sanitization and output escaping...

5.8CVSS5.4AI score0.00438EPSS
Exploits0References2
Prion
Prion
added 2024/02/22 5:15 a.m.17 views

Design/Logic Flaw

SKINsoft S-Museum 7.02.3 allows XSS via the filename of an uploaded file. Unlike in CVE-2024-25802, the attack payload is in the name not the content of a file...

5.7AI score0.00562EPSS
Exploits0References1
Prion
Prion
added 2024/02/22 5:15 a.m.17 views

Cross site scripting

A stored cross-site scripting XSS vulnerability in the Edit Content Layout module of Kirby CMS v4.1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Link field. NOTE: the vendor's position is that this issue did not affect any version of Kirby CM...

5.6AI score0.00429EPSS
Exploits1References2
Prion
Prion
added 2024/02/22 5:15 a.m.14 views

Design/Logic Flaw

A maliciously crafted IGS file when tbb.dll parsed through Autodesk AutoCAD can be used in user-after-free vulnerability. This vulnerability, along with other vulnerabilities, could lead to code execution in the current process...

7.5AI score0.00488EPSS
Exploits0References1
Prion
Prion
added 2024/02/22 5:15 a.m.12 views

Design/Logic Flaw

An HTML injection vulnerability exists in the Edit Content Layout module of Kirby CMS v4.1.0. NOTE: the vendor disputes the significance of this report because some HTML formatting such as with an H1 element is allowed, but there is backend sanitization such that the reporter's mentioned "injecti...

6.9AI score0.0032EPSS
Exploits1References1
Prion
Prion
added 2024/02/22 5:15 a.m.17 views

Cross site scripting

Kirby CMS v4.1.0 was discovered to contain a reflected self-XSS vulnerability via the URL parameter...

7.1AI score0.00405EPSS
Exploits1References2
Prion
Prion
added 2024/02/22 5:15 a.m.15 views

Security feature bypass

A maliciously crafted STP or SLDPRT file when ODXSWDLL.dll parsed through Autodesk AutoCAD can be used to uninitialized variable. This vulnerability, along with other vulnerabilities, could lead to code execution in the current process...

7.6AI score0.00968EPSS
Exploits0References1
Prion
Prion
added 2024/02/22 5:15 a.m.13 views

Design/Logic Flaw

A maliciously crafted SLDPRT file when ASMkern228A.dll parsed through Autodesk AutoCAD can be used in user-after-free vulnerability. This vulnerability, along with other vulnerabilities, could lead to code execution in the current process...

7.5AI score0.00478EPSS
Exploits0References1
Prion
Prion
added 2024/02/22 5:15 a.m.17 views

Null pointer dereference

A maliciously crafted STP file when ASMKERN228A.dll parsed through Autodesk AutoCAD can be used to dereference an untrusted pointer. This vulnerability, along with other vulnerabilities, could lead to code execution in the current process...

7.5AI score0.00439EPSS
Exploits0References1
Prion
Prion
added 2024/02/22 5:15 a.m.18 views

Design/Logic Flaw

A vulnerability was discovered in Veritas eDiscovery Platform before 10.2.5. The application administrator can upload potentially malicious files to arbitrary locations on the server on which the application is installed...

5.8CVSS7.5AI score0.00678EPSS
Exploits0References1
Prion
Prion
added 2024/02/22 5:15 a.m.24 views

Design/Logic Flaw

An arbitrary file upload vulnerability in the Profile Image module of Kirby CMS v4.1.0 allows attackers to execute arbitrary code via a crafted PDF file...

8.2AI score0.00966EPSS
Exploits1References2
Prion
Prion
added 2024/02/22 4:15 a.m.22 views

Memory corruption

A maliciously crafted STP file in ASMDATAX228A.dll when parsed through Autodesk AutoCAD could lead to a memory corruption vulnerability by write access violation. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process...

7.8AI score0.00255EPSS
Exploits0References1
Prion
Prion
added 2024/02/22 4:15 a.m.14 views

Memory corruption

A maliciously crafted STP file in atfdwgconsumer.dll when parsed through Autodesk AutoCAD could lead to a memory corruption vulnerability by write access violation. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process...

7.8AI score0.00602EPSS
Exploits0References1
Prion
Prion
added 2024/02/22 4:15 a.m.22 views

Memory corruption

A maliciously crafted STP file in ASMKERN228A.dll or ASMDATAX228A.dll when parsed through Autodesk AutoCAD could lead to a memory corruption vulnerability by write access violation. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the...

7.8AI score0.00515EPSS
Exploits0References1
Prion
Prion
added 2024/02/22 4:15 a.m.22 views

Memory corruption

A maliciously crafted SLDASM, or SLDPRT files in ODXSWDLL.dll when parsed through Autodesk AutoCAD could lead to a memory corruption vulnerability by write access violation. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current...

7.8AI score0.00526EPSS
Exploits0References1
Prion
Prion
added 2024/02/22 4:15 a.m.17 views

Memory corruption

A maliciously crafted MODEL file in libodxdll.dll when parsed through Autodesk AutoCAD could lead to a memory corruption vulnerability by write access violation. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process...

7.8AI score0.00515EPSS
Exploits0References1
Prion
Prion
added 2024/02/22 4:15 a.m.14 views

Memory corruption

A maliciously crafted MODEL 3DM, STP or SLDASM files in opennurbs.dll when parsed through Autodesk AutoCAD could lead to a memory corruption vulnerability by write access violation. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the...

7.8AI score0.00401EPSS
Exploits0References1
Prion
Prion
added 2024/02/22 3:15 a.m.18 views

Stack overflow

A maliciously crafted SLDPRT file when parsed ODXSWDLL.dll through Autodesk AutoCAD can be used to cause a Stack-based Overflow. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process...

7.6AI score0.00396EPSS
Exploits0References1
Prion
Prion
added 2024/02/22 3:15 a.m.16 views

Heap overflow

A maliciously crafted MODEL, SLDPRT or SLDASM file when parsed VCRUNTIME140.dll through Autodesk AutoCAD can be used to cause a Heap-based Overflow. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current...

7.6AI score0.00515EPSS
Exploits0References1
Prion
Prion
added 2024/02/22 3:15 a.m.21 views

Out-of-bounds

A maliciously crafted STP file in ASMIMPORT228A.dll when parsed through Autodesk AutoCAD can force an Out-of-Bound Write. A malicious actor can leverage this vulnerability to cause a crash, write sensitive data, or execute arbitrary code in the context of the current process...

7.4AI score0.00554EPSS
Exploits0References2
Prion
Prion
added 2024/02/22 3:15 a.m.24 views

Stack overflow

A maliciously crafted CATPART file when parsed CC5Dll.dll through Autodesk AutoCAD can be used to cause a Stack-based Overflow. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process...

7.6AI score0.00418EPSS
Exploits0References1
Prion
Prion
added 2024/02/22 2:15 a.m.23 views

Design/Logic Flaw

A maliciously crafted 3DM file in opennurbs.dll when parsed through Autodesk AutoCAD can force an Out-of-Bound Write. A malicious actor can leverage this vulnerability to cause a crash, write sensitive data, or execute arbitrary code in the context of the current process...

7.4AI score0.00652EPSS
Exploits0References2
Total number of security vulnerabilities213680