Lucene search
K

213680 matches found

Prion
Prion
added 2024/02/21 6:15 p.m.14 views

Cross site scripting

A XSS vulnerability was found in the ChurchCRM v.5.5.0 functionality, edit your event, where malicious JS or HTML code can be inserted in the Event Sermon field in EventEditor.php...

6.4AI score0.00355EPSS
Exploits1References1
Prion
Prion
added 2024/02/21 6:15 p.m.25 views

Code injection

A vulnerability was found in Shopwind up to 4.6. It has been rated as critical. This issue affects the function actionCreate of the file /public/install/controllers/DefaultController.php of the component Installation. The manipulation leads to code injection. The attack may be initiated remotely...

5.1CVSS7.6AI score0.00594EPSS
Exploits0References3
Prion
Prion
added 2024/02/21 6:15 p.m.22 views

Command injection

Unauthenticated remote attackers can access the system through the LoadMaster management interface, enabling arbitrary system command execution...

7.5CVSS7.8AI score0.95388EPSS
Exploits9References4
Prion
Prion
added 2024/02/21 5:15 p.m.16 views

Cross site request forgery (csrf)

An issue exists in all supported versions of IdentityIQ Lifecycle Manager that can result if an entitlement with a value containing leading or trailing whitespace is requested by an authenticated user in an access request...

4.6CVSS6.8AI score0.00344EPSS
Exploits0References1
Prion
Prion
added 2024/02/21 5:15 p.m.16 views

Design/Logic Flaw

php-svg-lib is a scalable vector graphics SVG file parsing/rendering library. Prior to version 0.5.2, php-svg-lib fails to validate that font-family doesn't contain a PHAR url, which might leads to RCE on PHP 8.0, and doesn't validate if external references are allowed. This might leads to bypass...

4.6CVSS8AI score0.00932EPSS
Exploits0References3
Prion
Prion
added 2024/02/21 5:15 p.m.19 views

Path traversal

A vulnerability was found in ZhongBangKeJi CRMEB 5.2.2. It has been classified as problematic. This affects the function openfile of the file /adminapi/system/file/openfile. The manipulation leads to absolute path traversal. The exploit has been disclosed to the public and may be used. The...

2.7CVSS7AI score0.00707EPSS
Exploits1References3
Prion
Prion
added 2024/02/21 5:15 p.m.14 views

Design/Logic Flaw

An issue in Wireshark before 4.2.0 allows a remote attacker to cause a denial of service via the packet-bgp.c, dissectbgpopentvbuffttvb, prototreetree, packetinfopinfo, optlen components. NOTE: this is disputed by the vendor because neither release 4.2.0 nor any other release was affected...

6.8AI score0.00979EPSS
Exploits0References3
Prion
Prion
added 2024/02/21 5:15 p.m.15 views

Information disclosure

The XWiki licensor application, which manages and enforce application licenses for paid extensions, includes the document Licenses.Code.LicenseJSON that provides information for admins regarding active licenses. This document is public and thus exposes this information publicly. The information...

5CVSS7AI score0.00492EPSS
Exploits0References3
Prion
Prion
added 2024/02/21 5:15 p.m.14 views

Input validation

Pymatgen Python Materials Genomics is an open-source Python library for materials analysis. A critical security vulnerability exists in the JonesFaithfulTransformation.fromtransformationstr method within the pymatgen library prior to version 2024.2.20. This method insecurely utilizes eval for...

4.6CVSS7.8AI score0.03816EPSS
Exploits8References3
Prion
Prion
added 2024/02/21 5:15 p.m.28 views

Sql injection

A vulnerability was found in keerti1924 PHP-MYSQL-User-Login-System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /edit.php. The manipulation leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the publi...

6.5CVSS7.4AI score0.00662EPSS
Exploits1References3
Prion
Prion
added 2024/02/21 5:15 p.m.13 views

Sql injection

SLIMS Senayan Library Management Systems 9 Bulian v9.6.1 is vulnerable to SQL Injection via pop-scope-vocabolary.php...

8.7AI score0.00549EPSS
Exploits1References2
Prion
Prion
added 2024/02/21 5:15 p.m.18 views

Design/Logic Flaw

EventStoreDB ESDB is an operational database built to store events. A vulnerability has been identified in the projections subsystem in versions 20 prior to 20.10.6, 21 prior to 21.10.11, 22 prior to 22.10.5, and 23 prior to 23.10.1. Only database instances that use custom projections are affecte...

4.7CVSS7.2AI score0.00615EPSS
Exploits0References6
Prion
Prion
added 2024/02/21 5:15 p.m.19 views

Improper access control

A vulnerability in the Live Data server of Cisco Unified Intelligence Center could allow an unauthenticated, local attacker to read and modify data in a repository that belongs to an internal service on an affected device. This vulnerability is due to insufficient access control implementations o...

3.6CVSS6.8AI score0.00142EPSS
Exploits0References1
Prion
Prion
added 2024/02/21 5:15 p.m.40 views

Null pointer dereference

cryptography is a package designed to expose cryptographic primitives and recipes to Python developers. Starting in version 38.0.0 and prior to version 42.0.4, if pkcs12.serializekeyandcertificates is called with both a certificate whose public key did not match the provided private key and an...

5CVSS7.2AI score0.00831EPSS
Exploits0References3
Prion
Prion
added 2024/02/21 4:15 p.m.28 views

Path traversal

ConnectWise ScreenConnect 23.9.7 and prior are affected by path-traversal vulnerability, which may allow an attacker the ability to execute remote code or directly impact confidential data or critical systems...

5.4CVSS8AI score0.87624EPSS
Exploits5References2Affected Software1
Prion
Prion
added 2024/02/21 4:15 p.m.29 views

Authentication flaw

ConnectWise ScreenConnect 23.9.7 and prior are affected by an Authentication Bypass Using an Alternate Path or Channel vulnerability, which may allow an attacker direct access to confidential information or critical systems...

7.5CVSS6.8AI score0.99959EPSS
Exploits8References10Affected Software1
Prion
Prion
added 2024/02/21 4:15 p.m.13 views

Open redirect

An issue was discovered in LIVEBOX Collaboration vDesk through v031. A URL Redirection to an Untrusted Site Open Redirect can occur under the /api/v1/notification/createnotification endpoint, allowing an authenticated user to send an arbitrary push notification to any other user of the system. Th...

7AI score0.00265EPSS
Exploits0References1
Prion
Prion
added 2024/02/21 4:15 p.m.21 views

Design/Logic Flaw

Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2024-1709. Reason: This candidate is a duplicate of CVE-2024-1709. Notes: All CVE users should reference CVE-2024-1709 instead of this candidate. All references and descriptions in this candidate have been removed to prevent...

7.2AI score0.99959EPSS
Exploits9
Prion
Prion
added 2024/02/21 4:15 p.m.12 views

Out-of-bounds

Trusted Firmware-A TF-A before 2.10 has a potential read out-of-bounds in the SDEI service. The input parameter passed in register x1 is not validated well enough in the function sdeiinterruptbind. The parameter is passed to a call to platicgetinterrupttype. It can be any arbitrary value passing...

7.2AI score0.00224EPSS
Exploits0References3
Prion
Prion
added 2024/02/21 4:15 p.m.24 views

Cross site scripting

An issue was discovered in LIVEBOX Collaboration vDesk through v031. A basic XSS vulnerability exists under the /api/v1/vdeskintegration/todo/createorupdate endpoint via the title parameter and /dashboard/reminders. A remote user authenticated to the product can store arbitrary HTML code in the...

6.5AI score0.00397EPSS
Exploits0References1
Prion
Prion
added 2024/02/21 4:15 p.m.19 views

Improper access control

A vulnerability has been found in keerti1924 PHP-MYSQL-User-Login-System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /edit.php. The manipulation leads to improper access controls. The attack can be launched remotely. The exploit has been...

5CVSS7AI score0.00808EPSS
Exploits1References3
Prion
Prion
added 2024/02/21 4:15 p.m.14 views

Design/Logic Flaw

discourse-microsoft-auth is a plugin that enables authentication via Microsoft. On sites with the discourse-microsoft-auth plugin enabled, an attack can potentially take control of a victim's Discourse account. Sites that have configured their application's account type to any options other than...

5.1CVSS7.3AI score0.00798EPSS
Exploits0References3
Prion
Prion
added 2024/02/21 4:15 p.m.13 views

Cross site scripting

An issue was discovered in Terminalfour 7.4 through 7.4.0004 QP3 and 8 through 8.3.19, and Formbank through 2.1.10-FINAL. Unauthenticated Stored Cross-Site Scripting can occur, with resultant Admin Session Hijacking. The attack vectors are Form Builder and Form Preview...

6.4AI score0.00369EPSS
Exploits0References2
Prion
Prion
added 2024/02/21 4:15 p.m.20 views

Design/Logic Flaw

An issue was discovered in LIVEBOX Collaboration vDesk through v031. An Observable Response Discrepancy can occur under the /api/v1/vdeskintegration/user/isenableuser endpoint, the /api/v1/sharedsearch?search=NAME+SURNAME endpoint, and the /login endpoint. The web application provides different...

6.8AI score0.00539EPSS
Exploits0References1
Prion
Prion
added 2024/02/21 4:15 p.m.20 views

Cross site scripting

A vulnerability, which was classified as problematic, was found in keerti1924 PHP-MYSQL-User-Login-System 1.0. Affected is an unknown function of the file /signup.php. The manipulation of the argument username with the input alert"xss" leads to cross site scripting. It is possible to launch the...

5CVSS6.3AI score0.00584EPSS
Exploits1References3
Prion
Prion
added 2024/02/21 4:15 p.m.16 views

Cross site scripting

In WSFTP Server versions before 8.8.5, reflected cross-site scripting issues have been identified on various user supplied inputs on the WSFTP Server administrative interface...

5.1CVSS6.7AI score0.0045EPSS
Exploits0References2
Prion
Prion
added 2024/02/21 3:15 p.m.11 views

Design/Logic Flaw

IBM InfoSphere Information Server 11.7 could allow an authenticated privileged user to obtain the absolute path of the web server installation which could aid in further attacks against the system. IBM X-Force ID: 275777...

2.2CVSS6.2AI score0.00595EPSS
Exploits0References2
Prion
Prion
added 2024/02/21 3:15 p.m.35 views

Spoofing

In the Linux kernel, the following vulnerability has been resolved: tls: fix race between async notify and socket close The submitting thread one which called recvmsg/sendmsg may exit as soon as the async crypto handler calls complete so any code past that point risks touching already freed data...

7.6AI score0.00177EPSS
Exploits0References4
Prion
Prion
added 2024/02/21 3:15 p.m.15 views

Cross site scripting

IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 256544...

4.9CVSS6.2AI score0.0036EPSS
Exploits0References2
Prion
Prion
added 2024/02/21 3:15 p.m.10 views

Denial of service

HackMD CodiMD 2.5.2 is vulnerable to Denial of Service...

7.1AI score0.00695EPSS
Exploits1References1
Prion
Prion
added 2024/02/21 3:15 p.m.35 views

Design/Logic Flaw

In the Linux kernel, the following vulnerability has been resolved: net: tls: fix use-after-free with partial reads and async decrypt tlsdecryptsg doesn't take a reference on the pages from clearskb, so the putpage in tlsdecryptdone releases them, and we trigger a use-after-free in processrxlist...

7.1AI score0.00254EPSS
Exploits0References4
Prion
Prion
added 2024/02/21 3:15 p.m.22 views

Spoofing

In the Linux kernel, the following vulnerability has been resolved: tls: fix race between tx work scheduling and socket close Similarly to previous commit, the submitting thread recvmsg/sendmsg may exit as soon as the async crypto handler calls complete. Reorder scheduling the work before calling...

1CVSS7.3AI score0.0019EPSS
Exploits0References3
Prion
Prion
added 2024/02/21 3:15 p.m.32 views

Spoofing

In the Linux kernel, the following vulnerability has been resolved: net: tls: handle backlogging of crypto requests Since we're setting the CRYPTOTFMREQMAYBACKLOG flag on our requests to the crypto API, cryptoaeadencrypt,decrypt can return -EBUSY instead of -EINPROGRESS in valid situations. For...

7.3AI score0.00246EPSS
Exploits0References3
Prion
Prion
added 2024/02/21 2:15 p.m.13 views

Cross site scripting

Stored cross-site scripting XSS vulnerability in the Document and Media widget in Liferay Portal 7.4.3.18 through 7.4.3.101, and Liferay DXP 2023.Q3 before patch 6, and 7.4 update 18 through 92 allows remote authenticated users to inject arbitrary web script or HTML via a crafted payload injected...

6CVSS5.2AI score0.00614EPSS
Exploits0References1
Prion
Prion
added 2024/02/21 11:15 a.m.25 views

Design/Logic Flaw

The OpenVPN GUI installer before version 2.6.9 did not set the proper access control restrictions to the installation directory of OpenVPN binaries when using a non-standard installation path, which allows an attacker to replace binaries to run arbitrary executables...

7.2AI score0.00214EPSS
Exploits0References1
Prion
Prion
added 2024/02/21 8:15 a.m.16 views

Cross site request forgery (csrf)

Cross-Site Request Forgery CSRF vulnerability in Frédéric GILLES FG PrestaShop to WooCommerce, Frédéric GILLES FG Drupal to WordPress, Frédéric GILLES FG Joomla to WordPress.This issue affects FG PrestaShop to WooCommerce: from n/a through 4.44.3; FG Drupal to WordPress: from n/a through 3.67.0; ...

4.3CVSS7.4AI score0.00276EPSS
Exploits0References3
Prion
Prion
added 2024/02/21 8:15 a.m.11 views

Cross site request forgery (csrf)

Cross-Site Request Forgery CSRF vulnerability in John Tendik JTRT Responsive Tables.This issue affects JTRT Responsive Tables: from n/a through 4.1.9...

4.3CVSS7.5AI score0.00227EPSS
Exploits0References1
Prion
Prion
added 2024/02/21 8:15 a.m.13 views

Cross site request forgery (csrf)

Cross-Site Request Forgery CSRF vulnerability in SoniNow Team Debug.This issue affects Debug: from n/a through 1.10...

4.3CVSS7.5AI score0.00227EPSS
Exploits0References1
Prion
Prion
added 2024/02/21 8:15 a.m.24 views

Spoofing

In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix slub overflow in ksmbddecodentlmsspauthblob If authblob-SessionKey.Length is bigger than session key sizeCIFSKEYSIZE, slub overflow can happen in key exchange codes. cifsarc4crypt copy to session key array from...

7.4AI score0.36685EPSS
Exploits1References5
Prion
Prion
added 2024/02/21 8:15 a.m.19 views

Command injection

In the Linux kernel, the following vulnerability has been resolved: ksmbd: validate session id and tree id in compound request smb2getmsg in smb2getksmbdtcon and smb2checkusersession will always return the first request smb2 header in a compound request. if SMB2TREECONNECTHE is the first command ...

7.2AI score0.17442EPSS
Exploits0References4
Prion
Prion
added 2024/02/21 8:15 a.m.19 views

Spoofing

In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix out of bounds in initsmb2rsphdr If client send smb2 negotiate request and then send smb1 negotiate request, initsmb2rsphdr is called for smb1 negotiate request since needneg is set to false. This patch ignore smb1...

7.1AI score0.00378EPSS
Exploits0References4
Prion
Prion
added 2024/02/21 7:15 a.m.14 views

Design/Logic Flaw

The issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.1, macOS Monterey 12.7.1, macOS Ventura 13.6.1. An app may be able to access user-sensitive data...

5.9AI score0.00245EPSS
Exploits0References3
Prion
Prion
added 2024/02/21 7:15 a.m.9 views

Design/Logic Flaw

The issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.1, macOS Monterey 12.7.1, macOS Ventura 13.6.1. An app may be able to access user-sensitive data...

5.9AI score0.00187EPSS
Exploits0References3
Prion
Prion
added 2024/02/21 7:15 a.m.14 views

Design/Logic Flaw

The issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.1, macOS Monterey 12.7.1, macOS Ventura 13.6.1. An app may be able to bypass certain Privacy preferences...

6AI score0.00343EPSS
Exploits0References3
Prion
Prion
added 2024/02/21 7:15 a.m.22 views

Default credentials

The issue was addressed with improved bounds checks. This issue is fixed in macOS Sonoma 14.1, tvOS 17.1, macOS Monterey 12.7.1, iOS 16.7.2 and iPadOS 16.7.2, iOS 17.1 and iPadOS 17.1, macOS Ventura 13.6.1. An app may be able to execute arbitrary code with kernel privileges...

7AI score0.00225EPSS
Exploits0References6
Prion
Prion
added 2024/02/21 7:15 a.m.13 views

Design/Logic Flaw

An access issue was addressed with improvements to the sandbox. This issue is fixed in macOS Ventura 13.6.3, macOS Sonoma 14.1, macOS Monterey 12.7.2. An app may be able to execute arbitrary code out of its sandbox or with certain elevated privileges...

7.5AI score0.00195EPSS
Exploits0References3
Prion
Prion
added 2024/02/21 7:15 a.m.12 views

Design/Logic Flaw

The issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.1, macOS Monterey 12.7.1, macOS Ventura 13.6.1. An app may be able to modify protected parts of the file system...

5.9AI score0.00186EPSS
Exploits0References3
Prion
Prion
added 2024/02/21 7:15 a.m.15 views

Code injection

A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sonoma 14.1. An app may gain unauthorized access to Bluetooth...

6.4AI score0.00299EPSS
Exploits0References1
Prion
Prion
added 2024/02/21 7:15 a.m.16 views

Information disclosure

This issue was addressed with improved redaction of sensitive information. This issue is fixed in tvOS 17.1, watchOS 10.1, macOS Sonoma 14.1, iOS 17.1 and iPadOS 17.1. An app may be able to leak sensitive user information...

5.5AI score0.00439EPSS
Exploits0References4
Prion
Prion
added 2024/02/21 7:15 a.m.22 views

Design/Logic Flaw

The issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.1, macOS Monterey 12.7.1, macOS Ventura 13.6.1. An app may be able to modify protected parts of the file system...

5.9AI score0.00197EPSS
Exploits0References3
Total number of security vulnerabilities213680