Lucene search

K

CAGE Web Design | Rolf Van Gelder Security Vulnerabilities

cve
cve

CVE-2023-7116

A vulnerability, which was classified as critical, has been found in WeiYe-Jing datax-web 2.1.2. Affected by this issue is some unknown functionality of the file /api/log/killJob of the component HTTP POST Request Handler. The manipulation of the argument processId leads to os command injection....

9.8CVSS

9.8AI Score

0.003EPSS

2023-12-27 04:15 PM
18
cve
cve

CVE-2007-10001

A vulnerability classified as problematic has been found in web-cyradm. This affects an unknown part of the file search.php. The manipulation of the argument searchstring leads to sql injection. It is recommended to apply a patch to fix this issue. The identifier VDB-217449 was assigned to this...

7.5CVSS

7.9AI Score

0.001EPSS

2023-01-05 12:15 PM
30
ibm
ibm

Security Bulletin: IBM Sterling Connect:Direct Web Services is vulnerable to a denial of service due to Eclipse Jetty (CVE-2024-22201)

Summary IBM Sterling Connect:Direct Web Services uses Eclipse Jetty. This bulletin identifies the steps to take to address the vulnerability. Vulnerability Details ** CVEID: CVE-2024-22201 DESCRIPTION: **Eclipse Jetty is vulnerable to a denial of service, caused by a flaw when an HTTP/2...

7.5CVSS

7.1AI Score

0.0004EPSS

2024-04-24 04:48 AM
9
cve
cve

CVE-2023-0287

A vulnerability was found in ityouknow favorites-web. It has been rated as problematic. Affected by this issue is some unknown functionality of the component Comment Handler. The manipulation leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the.....

5.4CVSS

5.2AI Score

0.001EPSS

2023-01-13 01:15 PM
20
github
github

Coaster CMS Stored Cross-site Scripting vulnerability

A Stored Cross-site Scripting vulnerability has been discovered in the v5.5.0 version of the Coaster CMS...

6.1CVSS

6.3AI Score

0.001EPSS

2022-05-14 01:58 AM
3
atlassian
atlassian

SSRF (Server-Side Request Forgery) org.springframework:spring-web Dependency in Bitbucket Data Center and Server

This High severity org.springframework:spring-web Dependency vulnerability was introduced in versions 8.0.0, 8.1.0, 8.2.0, 8.3.0, 8.4.0, 8.5.0, 8.6.0, 8.7.0, 8.8.0, 8.9.0, 8.10.0, 8.11.0, 8.12.0, 8.13.0, 8.14.0-eap01, 8.15.0, 8.16.0, 8.17.0, 8.18.0, and 8.19.0 of Bitbucket Data Center and Server......

8.1CVSS

7.8AI Score

0.0004EPSS

2024-05-10 10:10 AM
12
ibm
ibm

Security Bulletin: IBM Sterling Connect:Direct Web Service is vulnerable to sensitive information exposure due to PostgreSQL (CVE-2023-5868)

Summary IBM Connect:Direct Web Services uses PostgreSQL. This bulletin identifies the steps to take to address the vulnerability. Vulnerability Details ** CVEID: CVE-2023-5868 DESCRIPTION: **PostgreSQL could allow a remote authenticated attacker to obtain sensitive information, caused by a flaw...

4.3CVSS

6.2AI Score

0.002EPSS

2024-04-24 04:46 AM
9
cve
cve

CVE-2022-4960

A vulnerability, which was classified as problematic, has been found in cloudfavorites favorites-web 1.3.0. Affected by this issue is some unknown functionality of the component Nickname Handler. The manipulation leads to cross site scripting. The attack may be launched remotely. The exploit has...

5.4CVSS

5.2AI Score

0.001EPSS

2024-01-12 03:15 AM
13
cve
cve

CVE-2019-25088

A vulnerability was found in ytti Oxidized Web. It has been classified as problematic. Affected is an unknown function of the file lib/oxidized/web/views/conf_search.haml. The manipulation of the argument to_research leads to cross site scripting. It is possible to launch the attack remotely. The.....

5.4CVSS

5.2AI Score

0.001EPSS

2022-12-27 10:15 AM
40
cve
cve

CVE-2021-45099

The addon.stdin service in addon-ssh (aka Home Assistant Community Add-on: SSH & Web Terminal) before 10.0.0 has an attack surface that requires social engineering. NOTE: the vendor does not agree that this is a vulnerability; however, addon.stdin was removed as a defense-in-depth measure against.....

8.8CVSS

8.6AI Score

0.002EPSS

2021-12-16 05:15 AM
29
cve
cve

CVE-2007-10002

A vulnerability, which was classified as critical, has been found in web-cyradm. Affected by this issue is some unknown functionality of the file auth.inc.php. The manipulation of the argument login/login_password/LANG leads to sql injection. The attack may be launched remotely. The name of the...

9.8CVSS

9.7AI Score

0.001EPSS

2023-01-08 10:15 AM
34
cve
cve

CVE-2017-20185

** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in Fuzzy SWMP. It has been rated as problematic. This issue affects some unknown processing of the file swmp.php of the component GET Parameter Handler. The manipulation of the argument theme leads to cross site scripting. The attack may be....

6.1CVSS

6AI Score

0.001EPSS

2023-06-06 02:15 AM
18
osv
osv

Mattermost crashes web clients via a malformed custom status in github.com/mattermost/mattermost-server

Mattermost crashes web clients via a malformed custom status in...

4.3CVSS

4.6AI Score

0.0004EPSS

2024-06-05 03:10 PM
1
cve
cve

CVE-2023-28525

IBM Engineering Requirements Management 9.7.2.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: .....

4.8CVSS

4.8AI Score

0.0004EPSS

2024-03-01 02:15 AM
51
nessus
nessus

MantisBT Web Detection

Mantis Bug Tracker (MantisBT), an open source issue tracker was detected on the remote host. Note: enabling thorough tests improves the likelihood that instances of MantisBT are detected at the cost of increasing the scan's duration and generated network...

7.4AI Score

2024-05-23 12:00 AM
2
cve
cve

CVE-2022-29110

Microsoft Excel Remote Code Execution...

7.8CVSS

8.1AI Score

0.005EPSS

2022-05-10 09:15 PM
194
7
cve
cve

CVE-2023-23396

Microsoft Excel Denial of Service...

6.5CVSS

6.8AI Score

0.001EPSS

2023-03-14 05:15 PM
88
redhat
redhat

(RHSA-2024:3560) Important: Red Hat JBoss Enterprise Application Platform 7.4.17 Security update

Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release of Red Hat JBoss Enterprise Application Platform 7.4.17 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.4.16, and includes bug...

5.9AI Score

0.002EPSS

2024-06-03 04:55 PM
4
redhat
redhat

(RHSA-2024:3559) Important: Red Hat JBoss Enterprise Application Platform 7.4.17 Security update

Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release of Red Hat JBoss Enterprise Application Platform 7.4.17 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.4.16, and includes bug...

5.9AI Score

0.002EPSS

2024-06-03 04:55 PM
6
metasploit
metasploit

Syncovery For Linux Web-GUI Session Token Brute-Forcer

This module attempts to brute-force a valid session token for the Syncovery File Sync & Backup Software Web-GUI by generating all possible tokens, for every second between 'DateTime.now' and the given X day(s). By default today and yesterday (DAYS = 1) will be checked. If a valid session token is.....

7.2AI Score

2022-09-07 11:17 AM
104
osv
osv

CVE-2021-46888

An issue was discovered in hledger before 1.23. A Stored Cross-Site Scripting (XSS) vulnerability exists in toBloodhoundJson that allows an attacker to execute JavaScript by encoding user-controlled values in a payload with base64 and parsing them with the atob...

5.4CVSS

5.7AI Score

0.001EPSS

2023-05-21 08:15 PM
4
github
github

Improper Neutralization of Input During Web Page Generation in Jsoup

Cross-site scripting (XSS) vulnerability in jsoup before...

6.1CVSS

6.1AI Score

0.002EPSS

2022-05-13 01:28 AM
8
openvas
openvas

Citrix Web Interface XSS

The remote server is running a Citrix Web Interface server that is vulnerable to cross site...

6.2AI Score

0.009EPSS

2005-11-03 12:00 AM
10
openvas
openvas

Outlook Web anonymous access

It is possible to browse the information of the OWA server by accessing as an anonymous...

6.2AI Score

0.015EPSS

2005-11-03 12:00 AM
10
veracode
veracode

Information Disclosure

reportico-web/reportico is vulnerable to Information Disclosure. The vulnerability is due to improper handling of user input within the execute_mode parameter of the URL, which allows attackers obtain sensitive...

6.6AI Score

0.0004EPSS

2024-04-15 07:05 AM
8
osv
osv

Malicious code in agencyportal-web (npm)

-= Per source details. Do not edit below this line.=- Source: ghsa-malware (3f01ab5c8d151da175f79cd0379f0f4d714ddceb4075503d821ee2f05515d1cb) Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

7AI Score

2024-05-02 12:49 AM
4
cve
cve

CVE-2018-20436

The "secret chat" feature in Telegram 4.9.1 for Android has a "side channel" in which Telegram servers send GET requests for URLs typed while composing a chat message, before that chat message is sent. There are also GET requests to other URLs on the same web server. This also affects one or more.....

8.1CVSS

7.8AI Score

0.009EPSS

2018-12-24 08:29 PM
81
cve
cve

CVE-2012-2212

McAfee Web Gateway 7.0 allows remote attackers to bypass the access configuration for the CONNECT method by providing an arbitrary allowed hostname in the Host HTTP header. NOTE: this issue might not be reproducible, because the researcher did not provide configuration details for the vulnerable...

7AI Score

0.002EPSS

2022-10-03 04:15 PM
35
osv
osv

Reportico affected by Incorrect Access Control

An issue discovered in Reportico Till 8.1.0 allows attackers to obtain sensitive information via execute_mode parameter of the...

6AI Score

0.0004EPSS

2024-04-12 12:30 AM
6
nessus
nessus

Web Server Directory Enumeration

This plugin attempts to determine the presence of various common directories on the remote web server. By sending a request for a directory, the web server response code indicates if it is a valid directory or...

9.6AI Score

0.002EPSS

2002-06-26 12:00 AM
842
cve
cve

CVE-2023-7215

A vulnerability, which was classified as problematic, has been found in Chanzhaoyu chatgpt-web 2.11.1. This issue affects some unknown processing. The manipulation of the argument Description with the input leads to cross site scripting. The attack may be initiated remotely. The exploit has been...

6.1CVSS

6AI Score

0.001EPSS

2024-01-08 02:15 AM
12
cve
cve

CVE-2021-41554

ARCHIBUS Web Central 21.3.3.815 (a version from 2014) does not properly validate requests for access to data and functionality in these affected endpoints: /archibus/schema/ab-edit-users.axvw, /archibus/schema/ab-data-dictionary-table.axvw, /archibus/schema/ab-schema-add-field.axvw,...

8.8CVSS

8.4AI Score

0.001EPSS

2021-10-05 03:15 PM
25
cve
cve

CVE-2021-41555

In ARCHIBUS Web Central 21.3.3.815 (a version from 2014), XSS occurs in /archibus/dwr/call/plaincall/workflow.runWorkflowRule.dwr because the data received as input from clients is re-included within the HTTP response returned by the application without adequate validation. In this way, if HTML...

6.1CVSS

6AI Score

0.001EPSS

2021-10-05 03:15 PM
22
nessus
nessus

Web mirroring

This plugin makes a mirror of the remote website(s) and extracts the list of CGIs that are used by the remote host. It is suggested that you change the number of pages to mirror in the 'Options' section of the...

0.6AI Score

2001-05-04 12:00 AM
53
cve
cve

CVE-2015-10072

A vulnerability classified as problematic was found in NREL api-umbrella-web 0.7.1. This vulnerability affects unknown code of the component Flash Message Handler. The manipulation leads to cross site scripting. The attack can be initiated remotely. Upgrading to version 0.8.0 is able to address...

6.1CVSS

6.1AI Score

0.001EPSS

2023-02-04 04:15 AM
22
nessus
nessus

Cisco IOS XE Software Web UI Command Injection (cisco-sa-web-cmdinj2-fOnjk2LD)

According to its self-reported version, the IOS XE is affected by command injection vulnerability. A vulnerability in the web UI of Cisco IOS XE Software could allow an authenticated, remote attacker to inject and execute arbitrary commands with administrative privileges on the underlying...

8.8CVSS

9.4AI Score

0.002EPSS

2020-08-05 12:00 AM
30
nessus
nessus

SolarWinds Web Help Desk - Web Detection

The web interface for SolarWinds Web Help Desk was detected on the remote...

0.6AI Score

2022-03-24 12:00 AM
4
cve
cve

CVE-2020-1583

An information disclosure vulnerability exists when Microsoft Word improperly discloses the contents of its memory. An attacker who exploited the vulnerability could use the information to compromise the user’s computer or data. To exploit the vulnerability, an attacker could craft a special...

8.8CVSS

7.8AI Score

0.135EPSS

2020-08-17 07:15 PM
103
cve
cve

CVE-2020-1503

An information disclosure vulnerability exists when Microsoft Word improperly discloses the contents of its memory. An attacker who exploited the vulnerability could use the information to compromise the user’s computer or data. To exploit the vulnerability, an attacker could craft a special...

5.5CVSS

5.5AI Score

0.014EPSS

2020-08-17 07:15 PM
81
cve
cve

CVE-2024-23745

In Notion Web Clipper 1.0.3(7), a .nib file is susceptible to the Dirty NIB attack. NIB files can be manipulated to execute arbitrary commands. Additionally, even if a NIB file is modified within an application, Gatekeeper may still permit the execution of the application, enabling the execution...

9.8CVSS

6.4AI Score

0.001EPSS

2024-01-31 02:15 AM
11
cve
cve

CVE-2021-41553

In ARCHIBUS Web Central 21.3.3.815 (a version from 2014), the Web Application in /archibus/login.axvw assign a session token that could be already in use by another user. It was therefore possible to access the application through a user whose credentials were not known, without any attempt by the....

9.8CVSS

9.3AI Score

0.001EPSS

2021-10-05 04:15 PM
27
osv
osv

Malicious code in brand-adidas-design-tokens (npm)

-= Per source details. Do not edit below this line.=- Source: ghsa-malware (7e16fae72fd3726263d7bfa2f1c164b7d4100f89931856c163e37c534feb1a57) Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

7AI Score

2024-05-19 11:47 PM
5
nessus
nessus

Web Application Firewall Detected

A Web Application Firewall (WAF) has been detected during the scan. A WAF is designed to help protecting web applications by monitoring and filtering HTTP(S) traffic through a set of rules in order to prevent the most common attacks. . The identified WAF may have blocked several requests during...

0.6AI Score

2022-07-18 12:00 AM
11
cve
cve

CVE-2023-3305

A vulnerability was found in C-DATA Web Management System up to 20230607. It has been classified as critical. This affects an unknown part of the file /cgi-bin/jumpto.php?class=user&page=config_save&isphp=1 of the component User Creation Handler. The manipulation of the argument user/newpassword...

7.5CVSS

7.6AI Score

0.001EPSS

2023-06-18 08:15 AM
15
openvas
openvas

Microsoft Exchange Outlook Web App / Outlook Web Access (OWA) Detection (HTTP)

HTTP based detection of the Microsoft Exchange Outlook Web App / Outlook Web Access (OWA) and the Microsoft Exchange Server running this OWA...

7.3AI Score

2014-12-22 12:00 AM
139
redhat
redhat

(RHSA-2024:3561) Important: Red Hat JBoss Enterprise Application Platform 7.4.17 Security update

Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release of Red Hat JBoss Enterprise Application Platform 7.4.17 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.4.16, and includes bug...

5.9AI Score

0.002EPSS

2024-06-03 04:55 PM
3
cve
cve

CVE-2020-11453

Microstrategy Web 10.4 is vulnerable to Server-Side Request Forgery in the Test Web Service functionality exposed through the path /MicroStrategyWS/. The functionality requires no authentication and, while it is not possible to pass parameters in the SSRF request, it is still possible to exploit...

5.3CVSS

5.4AI Score

0.321EPSS

2020-04-02 04:15 PM
25
cve
cve

CVE-2022-4607

A vulnerability was found in 3D City Database OGC Web Feature Service up to 5.2.0. It has been rated as problematic. This issue affects some unknown processing. The manipulation leads to xml external entity reference. Upgrading to version 5.2.1 is able to address this issue. The name of the patch.....

9.8CVSS

9.5AI Score

0.002EPSS

2022-12-18 10:15 PM
34
cve
cve

CVE-2010-5159

Race condition in Dr.Web Security Space Pro 6.0.0.03100 on Windows XP allows local users to bypass kernel-mode hook handlers, and execute dangerous code that would otherwise be blocked by a handler but not blocked by signature-based malware detection, via certain user-space memory changes during...

6.9AI Score

0.0004EPSS

2022-10-03 04:21 PM
20
cve
cve

CVE-2019-1201

A remote code execution vulnerability exists in Microsoft Word software when it fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could use a specially crafted file to perform actions in the security context of the current user. The file could...

7.8CVSS

7.5AI Score

0.014EPSS

2019-08-14 09:15 PM
113
Total number of security vulnerabilities506920