Lucene search

K

EC-CUBE CO.,LTD. Security Vulnerabilities

openbugbounty
openbugbounty

co-free.julius-kuehn.de Cross Site Scripting vulnerability OBB-3870099

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

6.2AI Score

2024-03-12 08:19 PM
5
openbugbounty
openbugbounty

co-vier.nl Improper Access Control vulnerability OBB-3863290

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

7AI Score

2024-03-01 10:51 PM
3
openbugbounty
openbugbounty

co-matic.com Cross Site Scripting vulnerability OBB-3858335

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

6.2AI Score

2024-02-25 09:46 AM
4
cvelist
cvelist

CVE-2024-25972

Initialization of a resource with an insecure default vulnerability in OET-213H-BTS1 sold in Japan by Atsumi Electric Co., Ltd. allows a network-adjacent unauthenticated attacker to configure and control the affected...

6.8AI Score

0.0004EPSS

2024-03-01 09:31 AM
1
cve
cve

CVE-2024-25972

Initialization of a resource with an insecure default vulnerability in OET-213H-BTS1 sold in Japan by Atsumi Electric Co., Ltd. allows a network-adjacent unauthenticated attacker to configure and control the affected...

6.8AI Score

0.0004EPSS

2024-03-01 10:15 AM
45
zdt

7.5CVSS

6.7AI Score

0.013EPSS

2024-06-02 12:00 AM
12
nvd
nvd

CVE-2023-6099

A vulnerability classified as critical has been found in Shenzhen Youkate Industrial Facial Love Cloud Payment System up to 1.0.55.0.0.1. This affects an unknown part of the file /SystemMng.ashx of the component Account Handler. The manipulation of the argument operatorRole with the input 00 leads....

9.8CVSS

0.001EPSS

2023-11-13 04:15 PM
2
osv
osv

CVE-2023-51767

OpenSSH through 9.6, when common types of DRAM are used, might allow row hammer attacks (for authentication bypass) because the integer value of authenticated in mm_answer_authpassword does not resist flips of a single bit. NOTE: this is applicable to a certain threat model of attacker-victim...

7CVSS

6.8AI Score

0.001EPSS

2023-12-24 07:15 AM
14
exploitdb

7.5CVSS

7.1AI Score

EPSS

2024-06-01 12:00 AM
77
nvd
nvd

CVE-2024-34947

Quanxun Huiju Network Technology (Beijing) Co.,Ltd IK-Q3000 3.7.10 x64 Build202401261655 was discovered to be vulnerable to an ICMP redirect...

6.8AI Score

EPSS

2024-05-20 05:15 PM
3
cve
cve

CVE-2024-34947

Quanxun Huiju Network Technology (Beijing) Co.,Ltd IK-Q3000 3.7.10 x64 Build202401261655 was discovered to be vulnerable to an ICMP redirect...

7.5AI Score

EPSS

2024-05-20 05:15 PM
31
cve
cve

CVE-2023-6099

A vulnerability classified as critical has been found in Shenzhen Youkate Industrial Facial Love Cloud Payment System up to 1.0.55.0.0.1. This affects an unknown part of the file /SystemMng.ashx of the component Account Handler. The manipulation of the argument operatorRole with the input 00 leads....

9.8CVSS

9.5AI Score

0.001EPSS

2023-11-13 04:15 PM
31
cvelist
cvelist

CVE-2024-34947

Quanxun Huiju Network Technology (Beijing) Co.,Ltd IK-Q3000 3.7.10 x64 Build202401261655 was discovered to be vulnerable to an ICMP redirect...

6.8AI Score

EPSS

1976-01-01 12:00 AM
1
cve
cve

CVE-2024-34948

An issue in Quanxun Huiju Network Technology(Beijing) Co.,Ltd IK-Q3000 3.7.10 x64 Build202401261655 allows attackers to cause a Denial of Service (DoS) when attempting to make TCP...

7AI Score

EPSS

2024-05-20 05:15 PM
31
githubexploit

9.8CVSS

10AI Score

0.975EPSS

2022-07-05 04:30 AM
391
cvelist
cvelist

CVE-2024-34948

An issue in Quanxun Huiju Network Technology(Beijing) Co.,Ltd IK-Q3000 3.7.10 x64 Build202401261655 allows attackers to cause a Denial of Service (DoS) when attempting to make TCP...

6.5AI Score

EPSS

1976-01-01 12:00 AM
1
nvd
nvd

CVE-2024-34948

An issue in Quanxun Huiju Network Technology(Beijing) Co.,Ltd IK-Q3000 3.7.10 x64 Build202401261655 allows attackers to cause a Denial of Service (DoS) when attempting to make TCP...

6.5AI Score

EPSS

2024-05-20 05:15 PM
1
osv
osv

Important: pcp security update

Performance Co-Pilot (PCP) is a suite of tools, services, and libraries for acquisition, archiving, and analysis of system-level performance measurements. Its light-weight distributed architecture makes it particularly well-suited to centralized analysis of complex systems. Security Fix(es): pcp:.....

8.8CVSS

7.1AI Score

0.0004EPSS

2024-06-14 01:59 PM
cve
cve

CVE-2024-21798

ELECOM wireless LAN routers contain a cross-site scripting vulnerability. Assume that a malicious administrative user configures the affected product with specially crafted content. When another administrative user logs in and operates the product, an arbitrary script may be executed on the web...

6.1AI Score

0.0004EPSS

2024-02-28 11:15 PM
1810
cve
cve

CVE-2024-36103

OS command injection vulnerability in WRC-X5400GS-B v1.0.10 and earlier, and WRC-X5400GSA-B v1.0.10 and earlier allows a network-adjacent attacker with an administrative privilege to execute arbitrary OS commands by sending a specially crafted request to the...

7.9AI Score

0.0004EPSS

2024-06-12 01:15 AM
3
cve
cve

CVE-2024-23910

Cross-site request forgery (CSRF) vulnerability in ELECOM wireless LAN routers and wireless LAN repeater allows a remote unauthenticated attacker to hijack the authentication of administrators and to perform unintended operations to the affected product. Note that WMC-X1800GST-B and WSC-X1800GS-B.....

7.1AI Score

0.0004EPSS

2024-02-28 11:15 PM
1792
cve
cve

CVE-2024-25579

OS command injection vulnerability in ELECOM wireless LAN routers allows a network-adjacent attacker with an administrative privilege to execute arbitrary OS commands by sending a specially crafted request to the product. Note that WMC-X1800GST-B is also included in e-Mesh Starter Kit...

7.8AI Score

0.0004EPSS

2024-02-28 11:15 PM
1817
osv
osv

Important: pcp security update

Performance Co-Pilot (PCP) is a suite of tools, services, and libraries for acquisition, archiving, and analysis of system-level performance measurements. Its light-weight distributed architecture makes it particularly well-suited to centralized analysis of complex systems. Security Fix(es): pcp:.....

8.8CVSS

6.7AI Score

0.0004EPSS

2024-05-22 12:00 AM
5
almalinux
almalinux

Important: pcp security update

Performance Co-Pilot (PCP) is a suite of tools, services, and libraries for acquisition, archiving, and analysis of system-level performance measurements. Its light-weight distributed architecture makes it particularly well-suited to centralized analysis of complex systems. Security Fix(es): pcp:.....

8.8CVSS

7.2AI Score

0.0004EPSS

2024-05-22 12:00 AM
1
rocky
rocky

pcp security update

An update is available for pcp. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Performance Co-Pilot (PCP) is a suite of tools, services, and libraries for...

8.8CVSS

7.2AI Score

0.0004EPSS

2024-06-14 01:59 PM
1
redhat
redhat

(RHSA-2024:3392) Important: pcp security update

Performance Co-Pilot (PCP) is a suite of tools, services, and libraries for acquisition, archiving, and analysis of system-level performance measurements. Its light-weight distributed architecture makes it particularly well-suited to centralized analysis of complex systems. Security Fix(es): pcp:.....

7.2AI Score

0.0004EPSS

2024-05-28 12:27 PM
4
cve
cve

CVE-2024-25568

OS command injection vulnerability in ELECOM wireless LAN routers allows a network-adjacent unauthenticated attacker to execute arbitrary OS commands by sending a specially crafted request to the product. Affected products and versions are as follows: WRC-X3200GST3-B v1.25 and earlier, WRC-G01-W...

8AI Score

0.0004EPSS

2024-04-04 12:15 AM
10
openbugbounty
openbugbounty

wap-co-nop-sitiowebsc.azurewebsites.net Cross Site Scripting vulnerability OBB-3852309

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

6.2AI Score

2024-02-13 03:28 PM
11
cvelist
cvelist

CVE-2024-29758 WordPress Co-marquage service-public.fr plugin <= 0.5.72 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Kienso Co-marquage service-public.Fr allows Reflected XSS.This issue affects Co-marquage service-public.Fr: from n/a through...

7.1CVSS

7.1AI Score

0.0004EPSS

2024-03-27 01:19 PM
1
githubexploit
githubexploit

Exploit for Use After Free in Qemu

CVE-2021-3929-3947 VM escape PoC for...

8.2CVSS

8AI Score

0.001EPSS

2022-05-13 05:33 AM
398
vulnrichment
vulnrichment

CVE-2023-34299 Ashlar-Vellum Cobalt CO File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability

Ashlar-Vellum Cobalt CO File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Cobalt. User interaction is required to exploit this vulnerability in that the target....

7.8CVSS

7.5AI Score

0.001EPSS

2024-05-03 01:57 AM
vulnrichment
vulnrichment

CVE-2023-34302 Ashlar-Vellum Cobalt CO File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability

Ashlar-Vellum Cobalt CO File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Cobalt. User interaction is required to exploit this vulnerability in that the...

7.8CVSS

7.5AI Score

0.001EPSS

2024-05-03 01:57 AM
2
debiancve
debiancve

CVE-2024-28285

A Fault Injection vulnerability in the SymmetricDecrypt function in cryptopp/elgamal.h of Cryptopp Crypto++ 8.9, allows an attacker to co-reside in the same system with a victim process to disclose information and escalate...

7.4AI Score

EPSS

2024-05-14 03:14 PM
4
cvelist
cvelist

CVE-2023-34286 Ashlar-Vellum Cobalt CO File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability

Ashlar-Vellum Cobalt CO File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Cobalt. User interaction is required to exploit this vulnerability in that the target must...

7.8CVSS

8.2AI Score

0.001EPSS

2024-05-03 01:57 AM
1
cvelist
cvelist

CVE-2023-34287 Ashlar-Vellum Cobalt CO File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability

Ashlar-Vellum Cobalt CO File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Cobalt. User interaction is required to exploit this vulnerability in that the...

7.8CVSS

8.3AI Score

0.001EPSS

2024-05-03 01:57 AM
1
vulnrichment
vulnrichment

CVE-2023-34287 Ashlar-Vellum Cobalt CO File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability

Ashlar-Vellum Cobalt CO File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Cobalt. User interaction is required to exploit this vulnerability in that the...

7.8CVSS

7.5AI Score

0.001EPSS

2024-05-03 01:57 AM
cvelist
cvelist

CVE-2023-34299 Ashlar-Vellum Cobalt CO File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability

Ashlar-Vellum Cobalt CO File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Cobalt. User interaction is required to exploit this vulnerability in that the target....

7.8CVSS

8.3AI Score

0.001EPSS

2024-05-03 01:57 AM
1
cvelist
cvelist

CVE-2023-34302 Ashlar-Vellum Cobalt CO File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability

Ashlar-Vellum Cobalt CO File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Cobalt. User interaction is required to exploit this vulnerability in that the...

7.8CVSS

8.3AI Score

0.001EPSS

2024-05-03 01:57 AM
1
vulnrichment
vulnrichment

CVE-2023-34286 Ashlar-Vellum Cobalt CO File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability

Ashlar-Vellum Cobalt CO File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Cobalt. User interaction is required to exploit this vulnerability in that the target must...

7.8CVSS

7.5AI Score

0.001EPSS

2024-05-03 01:57 AM
ubuntucve
ubuntucve

CVE-2024-28285

A Fault Injection vulnerability in the SymmetricDecrypt function in cryptopp/elgamal.h of Cryptopp Crypto++ 8.9, allows an attacker to co-reside in the same system with a victim process to disclose information and escalate...

7.6AI Score

EPSS

2024-05-14 12:00 AM
4
redhat
redhat

(RHSA-2024:3324) Important: pcp security, bug fix, and enhancement update

Performance Co-Pilot (PCP) is a suite of tools, services, and libraries for acquisition, archiving, and analysis of system-level performance measurements. Its light-weight distributed architecture makes it particularly well-suited to centralized analysis of complex systems. Security Fix(es): pcp:.....

7.2AI Score

0.0004EPSS

2024-05-23 09:04 AM
3
cve
cve

CVE-2024-29225

WRC-X3200GST3-B v1.25 and earlier, and WRC-G01-W v1.24 and earlier allow a network-adjacent unauthenticated attacker to obtain the configuration file containing sensitive information by sending a specially crafted...

6.4AI Score

0.0004EPSS

2024-04-04 12:15 AM
11
redhat
redhat

(RHSA-2024:3323) Important: pcp security update

Performance Co-Pilot (PCP) is a suite of tools, services, and libraries for acquisition, archiving, and analysis of system-level performance measurements. Its light-weight distributed architecture makes it particularly well-suited to centralized analysis of complex systems. Security Fix(es): pcp:.....

7.2AI Score

0.0004EPSS

2024-05-23 08:52 AM
7
redhat
redhat

(RHSA-2024:3325) Important: pcp security update

Performance Co-Pilot (PCP) is a suite of tools, services, and libraries for acquisition, archiving, and analysis of system-level performance measurements. Its light-weight distributed architecture makes it particularly well-suited to centralized analysis of complex systems. Security Fix(es): pcp:.....

7.2AI Score

0.0004EPSS

2024-05-23 09:04 AM
3
redhat
redhat

(RHSA-2024:3322) Important: pcp security update

Performance Co-Pilot (PCP) is a suite of tools, services, and libraries for acquisition, archiving, and analysis of system-level performance measurements. Its light-weight distributed architecture makes it particularly well-suited to centralized analysis of complex systems. Security Fix(es): pcp:.....

7.2AI Score

0.0004EPSS

2024-05-23 08:52 AM
5
redhat
redhat

(RHSA-2024:3321) Important: pcp security update

Performance Co-Pilot (PCP) is a suite of tools, services, and libraries for acquisition, archiving, and analysis of system-level performance measurements. Its light-weight distributed architecture makes it particularly well-suited to centralized analysis of complex systems. Security Fix(es): pcp:.....

7.2AI Score

0.0004EPSS

2024-05-23 08:52 AM
5
redhat
redhat

(RHSA-2024:3264) Important: pcp security update

Performance Co-Pilot (PCP) is a suite of tools, services, and libraries for acquisition, archiving, and analysis of system-level performance measurements. Its light-weight distributed architecture makes it particularly well-suited to centralized analysis of complex systems. Security Fix(es): pcp:.....

7.6AI Score

0.0004EPSS

2024-05-22 10:41 AM
4
wpvulndb
wpvulndb

WP Post Author – Enhance Your Posts with the Author Bio, Co-Authors, Guest Authors, and Post Rating System, including User Registration Form Builder <= 3.6.4 - Missing Authorization

Description The WP Post Author plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and including, 3.6.4. This makes it possible for authenticated attackers, with subscriber-level access and above, to perform an...

6.7AI Score

0.0004EPSS

2024-05-07 12:00 AM
6
cve
cve

CVE-2024-29758

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Kienso Co-marquage service-public.Fr allows Reflected XSS.This issue affects Co-marquage service-public.Fr: from n/a through...

7.1CVSS

9.3AI Score

0.0004EPSS

2024-03-27 02:15 PM
26
osv
osv

CVE-2021-20841

Improper access control in Management screen of EC-CUBE 2 series 2.11.2 to 2.17.1 allows a remote authenticated attacker to bypass access restriction and to alter System settings via unspecified...

6.5CVSS

6.5AI Score

0.001EPSS

2021-11-24 04:15 PM
6
Total number of security vulnerabilities15963