Lucene search

K

ALL NIPPON AIRWAYS CO., LTD Security Vulnerabilities

githubexploit

9.8CVSS

10AI Score

0.975EPSS

2022-07-05 04:30 AM
394
osv
osv

CVE-2021-20751

Cross-site scripting vulnerability in EC-CUBE EC-CUBE 4.0.0 to 4.0.5-p1 (EC-CUBE 4 series) allows a remote attacker to inject an arbitrary script by leading an administrator or a user to a specially crafted page and to perform a specific...

6.1CVSS

6.6AI Score

0.001EPSS

2021-06-28 01:15 AM
8
osv
osv

CVE-2021-20717

Cross-site scripting vulnerability in EC-CUBE 4.0.0 to 4.0.5 allows a remote attacker to inject a specially crafted script in the specific input field of the EC web site which is created using EC-CUBE. As a result, it may lead to an arbitrary script execution on the administrator's web...

6.1CVSS

6.6AI Score

0.005EPSS

2021-05-10 10:15 AM
10
cve
cve

CVE-2024-23910

Cross-site request forgery (CSRF) vulnerability in ELECOM wireless LAN routers and wireless LAN repeater allows a remote unauthenticated attacker to hijack the authentication of administrators and to perform unintended operations to the affected product. Note that WMC-X1800GST-B and WSC-X1800GS-B.....

7.1AI Score

0.0004EPSS

2024-02-28 11:15 PM
2002
cve
cve

CVE-2024-26258

OS command injection vulnerability in WRC-X3200GST3-B v1.25 and earlier, and WRC-G01-W v1.24 and earlier allows a network-adjacent attacker with credentials to execute arbitrary OS commands by sending a specially crafted request to the...

8.1AI Score

0.0004EPSS

2024-04-04 12:15 AM
6
cve
cve

CVE-2024-25579

OS command injection vulnerability in ELECOM wireless LAN routers allows a network-adjacent attacker with an administrative privilege to execute arbitrary OS commands by sending a specially crafted request to the product. Note that WMC-X1800GST-B is also included in e-Mesh Starter Kit...

7.8AI Score

0.0004EPSS

2024-02-28 11:15 PM
2027
cve
cve

CVE-2024-21798

ELECOM wireless LAN routers contain a cross-site scripting vulnerability. Assume that a malicious administrative user configures the affected product with specially crafted content. When another administrative user logs in and operates the product, an arbitrary script may be executed on the web...

6.1AI Score

0.0004EPSS

2024-02-28 11:15 PM
2020
nvd
nvd

CVE-2024-34947

Quanxun Huiju Network Technology (Beijing) Co.,Ltd IK-Q3000 3.7.10 x64 Build202401261655 was discovered to be vulnerable to an ICMP redirect...

6.8AI Score

EPSS

2024-05-20 05:15 PM
4
cve
cve

CVE-2024-34947

Quanxun Huiju Network Technology (Beijing) Co.,Ltd IK-Q3000 3.7.10 x64 Build202401261655 was discovered to be vulnerable to an ICMP redirect...

7.5AI Score

EPSS

2024-05-20 05:15 PM
31
nvd
nvd

CVE-2023-6099

A vulnerability classified as critical has been found in Shenzhen Youkate Industrial Facial Love Cloud Payment System up to 1.0.55.0.0.1. This affects an unknown part of the file /SystemMng.ashx of the component Account Handler. The manipulation of the argument operatorRole with the input 00 leads....

9.8CVSS

0.001EPSS

2023-11-13 04:15 PM
2
cve
cve

CVE-2024-25568

OS command injection vulnerability in ELECOM wireless LAN routers allows a network-adjacent unauthenticated attacker to execute arbitrary OS commands by sending a specially crafted request to the product. Affected products and versions are as follows: WRC-X3200GST3-B v1.25 and earlier, WRC-G01-W...

8AI Score

0.0004EPSS

2024-04-04 12:15 AM
11
cve
cve

CVE-2024-36103

OS command injection vulnerability in WRC-X5400GS-B v1.0.10 and earlier, and WRC-X5400GSA-B v1.0.10 and earlier allows a network-adjacent attacker with an administrative privilege to execute arbitrary OS commands by sending a specially crafted request to the...

7.9AI Score

0.0004EPSS

2024-06-12 01:15 AM
5
cvelist
cvelist

CVE-2024-34947

Quanxun Huiju Network Technology (Beijing) Co.,Ltd IK-Q3000 3.7.10 x64 Build202401261655 was discovered to be vulnerable to an ICMP redirect...

6.8AI Score

EPSS

1976-01-01 12:00 AM
2
rocky
rocky

pcp security update

An update is available for pcp. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Performance Co-Pilot (PCP) is a suite of tools, services, and libraries for...

8.8CVSS

7.2AI Score

0.0004EPSS

2024-06-14 01:59 PM
4
cve
cve

CVE-2023-6099

A vulnerability classified as critical has been found in Shenzhen Youkate Industrial Facial Love Cloud Payment System up to 1.0.55.0.0.1. This affects an unknown part of the file /SystemMng.ashx of the component Account Handler. The manipulation of the argument operatorRole with the input 00 leads....

9.8CVSS

9.5AI Score

0.001EPSS

2023-11-13 04:15 PM
32
nvd
nvd

CVE-2024-34948

An issue in Quanxun Huiju Network Technology(Beijing) Co.,Ltd IK-Q3000 3.7.10 x64 Build202401261655 allows attackers to cause a Denial of Service (DoS) when attempting to make TCP...

6.5AI Score

EPSS

2024-05-20 05:15 PM
2
cve
cve

CVE-2024-34948

An issue in Quanxun Huiju Network Technology(Beijing) Co.,Ltd IK-Q3000 3.7.10 x64 Build202401261655 allows attackers to cause a Denial of Service (DoS) when attempting to make TCP...

7AI Score

EPSS

2024-05-20 05:15 PM
32
cvelist
cvelist

CVE-2024-34948

An issue in Quanxun Huiju Network Technology(Beijing) Co.,Ltd IK-Q3000 3.7.10 x64 Build202401261655 allows attackers to cause a Denial of Service (DoS) when attempting to make TCP...

6.5AI Score

EPSS

1976-01-01 12:00 AM
2
cve
cve

CVE-2024-23911

Out-of-bounds read vulnerability caused by improper checking of the option length values in IPv6 NDP packets exists in Cente middleware TCP/IP Network Series, which may allow an unauthenticated attacker to stop the device operations by sending a specially crafted...

6.7AI Score

0.0004EPSS

2024-04-15 11:15 AM
38
cvelist
cvelist

CVE-2024-29758 WordPress Co-marquage service-public.fr plugin <= 0.5.72 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Kienso Co-marquage service-public.Fr allows Reflected XSS.This issue affects Co-marquage service-public.Fr: from n/a through...

7.1CVSS

7.1AI Score

0.0004EPSS

2024-03-27 01:19 PM
2
githubexploit
githubexploit

Exploit for Use After Free in Qemu

CVE-2021-3929-3947 VM escape PoC for...

8.2CVSS

8AI Score

0.001EPSS

2022-05-13 05:33 AM
401
osv
osv

Important: pcp security update

Performance Co-Pilot (PCP) is a suite of tools, services, and libraries for acquisition, archiving, and analysis of system-level performance measurements. Its light-weight distributed architecture makes it particularly well-suited to centralized analysis of complex systems. Security Fix(es): pcp:.....

8.8CVSS

6.7AI Score

0.0004EPSS

2024-05-22 12:00 AM
6
cvelist
cvelist

CVE-2023-34286 Ashlar-Vellum Cobalt CO File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability

Ashlar-Vellum Cobalt CO File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Cobalt. User interaction is required to exploit this vulnerability in that the target must...

7.8CVSS

8.2AI Score

0.001EPSS

2024-05-03 01:57 AM
1
packetstorm

6.8CVSS

7.1AI Score

0.0004EPSS

2024-06-24 12:00 AM
43
cvelist
cvelist

CVE-2023-34299 Ashlar-Vellum Cobalt CO File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability

Ashlar-Vellum Cobalt CO File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Cobalt. User interaction is required to exploit this vulnerability in that the target....

7.8CVSS

8.3AI Score

0.001EPSS

2024-05-03 01:57 AM
2
cvelist
cvelist

CVE-2023-34302 Ashlar-Vellum Cobalt CO File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability

Ashlar-Vellum Cobalt CO File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Cobalt. User interaction is required to exploit this vulnerability in that the...

7.8CVSS

8.3AI Score

0.001EPSS

2024-05-03 01:57 AM
3
vulnrichment
vulnrichment

CVE-2023-34286 Ashlar-Vellum Cobalt CO File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability

Ashlar-Vellum Cobalt CO File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Cobalt. User interaction is required to exploit this vulnerability in that the target must...

7.8CVSS

7.5AI Score

0.001EPSS

2024-05-03 01:57 AM
2
almalinux
almalinux

Important: pcp security update

Performance Co-Pilot (PCP) is a suite of tools, services, and libraries for acquisition, archiving, and analysis of system-level performance measurements. Its light-weight distributed architecture makes it particularly well-suited to centralized analysis of complex systems. Security Fix(es): pcp:.....

8.8CVSS

7.2AI Score

0.0004EPSS

2024-05-22 12:00 AM
2
vulnrichment
vulnrichment

CVE-2023-34287 Ashlar-Vellum Cobalt CO File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability

Ashlar-Vellum Cobalt CO File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Cobalt. User interaction is required to exploit this vulnerability in that the...

7.8CVSS

7.5AI Score

0.001EPSS

2024-05-03 01:57 AM
3
cvelist
cvelist

CVE-2023-34287 Ashlar-Vellum Cobalt CO File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability

Ashlar-Vellum Cobalt CO File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Cobalt. User interaction is required to exploit this vulnerability in that the...

7.8CVSS

8.3AI Score

0.001EPSS

2024-05-03 01:57 AM
2
vulnrichment
vulnrichment

CVE-2023-34299 Ashlar-Vellum Cobalt CO File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability

Ashlar-Vellum Cobalt CO File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Cobalt. User interaction is required to exploit this vulnerability in that the target....

7.8CVSS

7.5AI Score

0.001EPSS

2024-05-03 01:57 AM
2
vulnrichment
vulnrichment

CVE-2023-34302 Ashlar-Vellum Cobalt CO File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability

Ashlar-Vellum Cobalt CO File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Cobalt. User interaction is required to exploit this vulnerability in that the...

7.8CVSS

7.5AI Score

0.001EPSS

2024-05-03 01:57 AM
4
redhat
redhat

(RHSA-2024:3392) Important: pcp security update

Performance Co-Pilot (PCP) is a suite of tools, services, and libraries for acquisition, archiving, and analysis of system-level performance measurements. Its light-weight distributed architecture makes it particularly well-suited to centralized analysis of complex systems. Security Fix(es): pcp:.....

7.2AI Score

0.0004EPSS

2024-05-28 12:27 PM
6
cve
cve

CVE-2023-5038

badmonkey, a Security Researcher has found a flaw that allows for a unauthenticated DoS attack on the camera. An attacker runs a crafted URL, nobody can access the web management page of the camera. and must manually restart the device or re-power it. The manufacturer has released patch firmware...

6.9AI Score

0.0004EPSS

2024-06-25 03:15 AM
3
cve
cve

CVE-2024-29225

WRC-X3200GST3-B v1.25 and earlier, and WRC-G01-W v1.24 and earlier allow a network-adjacent unauthenticated attacker to obtain the configuration file containing sensitive information by sending a specially crafted...

6.4AI Score

0.0004EPSS

2024-04-04 12:15 AM
13
cve
cve

CVE-2023-5037

badmonkey, a Security Researcher has found a flaw that allows for a authenticated command injection on the camera. An attacker could inject malicious into request packets to execute command. The manufacturer has released patch firmware for the flaw, please refer to the manufacturer's report for...

7.2AI Score

0.0004EPSS

2023-11-13 08:15 AM
12
openbugbounty
openbugbounty

nippon-fine.co.jp Improper Access Control vulnerability OBB-3843788

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

7AI Score

2024-01-26 08:34 PM
5
openbugbounty
openbugbounty

wap-co-nop-sitiowebsc.azurewebsites.net Cross Site Scripting vulnerability OBB-3852309

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

6.2AI Score

2024-02-13 03:28 PM
11
redhat
redhat

(RHSA-2024:3323) Important: pcp security update

Performance Co-Pilot (PCP) is a suite of tools, services, and libraries for acquisition, archiving, and analysis of system-level performance measurements. Its light-weight distributed architecture makes it particularly well-suited to centralized analysis of complex systems. Security Fix(es): pcp:.....

7.2AI Score

0.0004EPSS

2024-05-23 08:52 AM
9
cve
cve

CVE-2024-29758

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Kienso Co-marquage service-public.Fr allows Reflected XSS.This issue affects Co-marquage service-public.Fr: from n/a through...

7.1CVSS

9.3AI Score

0.0004EPSS

2024-03-27 02:15 PM
26
redhat
redhat

(RHSA-2024:3324) Important: pcp security, bug fix, and enhancement update

Performance Co-Pilot (PCP) is a suite of tools, services, and libraries for acquisition, archiving, and analysis of system-level performance measurements. Its light-weight distributed architecture makes it particularly well-suited to centralized analysis of complex systems. Security Fix(es): pcp:.....

7.2AI Score

0.0004EPSS

2024-05-23 09:04 AM
4
redhat
redhat

(RHSA-2024:3325) Important: pcp security update

Performance Co-Pilot (PCP) is a suite of tools, services, and libraries for acquisition, archiving, and analysis of system-level performance measurements. Its light-weight distributed architecture makes it particularly well-suited to centralized analysis of complex systems. Security Fix(es): pcp:.....

7.2AI Score

0.0004EPSS

2024-05-23 09:04 AM
6
redhat
redhat

(RHSA-2024:3322) Important: pcp security update

Performance Co-Pilot (PCP) is a suite of tools, services, and libraries for acquisition, archiving, and analysis of system-level performance measurements. Its light-weight distributed architecture makes it particularly well-suited to centralized analysis of complex systems. Security Fix(es): pcp:.....

7.2AI Score

0.0004EPSS

2024-05-23 08:52 AM
6
redhat
redhat

(RHSA-2024:3321) Important: pcp security update

Performance Co-Pilot (PCP) is a suite of tools, services, and libraries for acquisition, archiving, and analysis of system-level performance measurements. Its light-weight distributed architecture makes it particularly well-suited to centralized analysis of complex systems. Security Fix(es): pcp:.....

7.2AI Score

0.0004EPSS

2024-05-23 08:52 AM
7
redhat
redhat

(RHSA-2024:3264) Important: pcp security update

Performance Co-Pilot (PCP) is a suite of tools, services, and libraries for acquisition, archiving, and analysis of system-level performance measurements. Its light-weight distributed architecture makes it particularly well-suited to centralized analysis of complex systems. Security Fix(es): pcp:.....

7.6AI Score

0.0004EPSS

2024-05-22 10:41 AM
5
cve
cve

CVE-2024-24964

Improper access control vulnerability exists in the resident process of SKYSEA Client View versions from Ver.11.220 prior to Ver.19.2. If this vulnerability is exploited, an arbitrary process may be executed with SYSTEM privilege by a user who can log in to the PC where the product's Windows...

6.8AI Score

0.0004EPSS

2024-03-12 08:15 AM
32
debiancve
debiancve

CVE-2024-28285

A Fault Injection vulnerability in the SymmetricDecrypt function in cryptopp/elgamal.h of Cryptopp Crypto++ 8.9, allows an attacker to co-reside in the same system with a victim process to disclose information and escalate...

7.4AI Score

EPSS

2024-05-14 03:14 PM
4
ubuntucve
ubuntucve

CVE-2024-28285

A Fault Injection vulnerability in the SymmetricDecrypt function in cryptopp/elgamal.h of Cryptopp Crypto++ 8.9, allows an attacker to co-reside in the same system with a victim process to disclose information and escalate...

7.6AI Score

EPSS

2024-05-14 12:00 AM
4
cvelist
cvelist

CVE-2024-4610 Mali GPU Kernel Driver allows improper GPU memory processing operations

Use After Free vulnerability in Arm Ltd Bifrost GPU Kernel Driver, Arm Ltd Valhall GPU Kernel Driver allows a local non-privileged user to make improper GPU memory processing operations to gain access to already freed memory.This issue affects Bifrost GPU Kernel Driver: from r34p0 through r40p0;...

0.213EPSS

2024-06-07 11:25 AM
38
cve
cve

CVE-2024-4610

Use After Free vulnerability in Arm Ltd Bifrost GPU Kernel Driver, Arm Ltd Valhall GPU Kernel Driver allows a local non-privileged user to make improper GPU memory processing operations to gain access to already freed memory.This issue affects Bifrost GPU Kernel Driver: from r34p0 through r40p0;...

5.5CVSS

6.6AI Score

0.213EPSS

2024-06-07 12:15 PM
33
In Wild
Total number of security vulnerabilities15484