Lucene search

K

JAPAN AIR SELF DEFENSE FORCE, MINISTRY OF DEFENSE Security Vulnerabilities

cve
cve

CVE-2007-1477

Directory traversal vulnerability in index.php in PHP Point Of Sale for osCommerce 1.1 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the cfg_language parameter. NOTE: this issue has been disputed by CVE, since the cfg_language variable is configured...

7.2AI Score

0.008EPSS

2007-03-16 09:19 PM
18
veracode
veracode

Denial Of Service (DoS)

typo3/cms-core is vulnerable to Denial of Service (DoS). The vulnerability is due to improper session validation, which allows attackers to create an arbitrary amount of individual session-data records in the database, which results in Denial of...

7.1AI Score

2024-06-03 10:17 AM
vulnrichment
vulnrichment

CVE-2020-3259 Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software Web Services Information Disclosure Vulnerability

A vulnerability in the web services interface of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to retrieve memory contents on an affected device, which could lead to the disclosure of confidential.....

7.5CVSS

7.1AI Score

0.027EPSS

2020-05-06 12:00 AM
nessus
nessus

Cisco Firepower Threat Defense Software Snort 3 HTTP Intrusion Prevention System Rule Bypass (cisco-sa-snort3-ips-bypass-uE69KBMd)

According to its self-reported version, Cisco Firepower Threat Defense (FTD) Software is affected by a vulnerability. Multiple Cisco products are affected by a vulnerability in the Snort Intrusion Prevention System (IPS) rule engine that could allow an unauthenticated, remote attacker to...

5.8CVSS

5.8AI Score

0.0004EPSS

2024-05-31 12:00 AM
7
cvelist
cvelist

CVE-2020-3259 Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software Web Services Information Disclosure Vulnerability

A vulnerability in the web services interface of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to retrieve memory contents on an affected device, which could lead to the disclosure of confidential.....

7.5CVSS

7.7AI Score

0.027EPSS

2020-05-06 12:00 AM
githubexploit
githubexploit

Exploit for Out-of-bounds Read in Microsoft

Information ============== Windows Kernel Pool (clfs.sys)...

7.8CVSS

6.8AI Score

0.002EPSS

2024-03-21 09:39 PM
51
cve
cve

CVE-2023-1353

A vulnerability, which was classified as problematic, was found in SourceCodester Design and Implementation of Covid-19 Directory on Vaccination System 1.0. Affected is an unknown function of the file verification.php. The manipulation of the argument txtvaccinationID leads to cross site...

6.1CVSS

6AI Score

0.001EPSS

2023-03-11 06:15 PM
63
nessus
nessus

Cisco IOS XE Software Unified Threat Defense Denial of Service Vulnerability

According to its self-reported version, Cisco IOS XE Software is affected by a vulnerability. Please see the included Cisco BIDs and Cisco Security Advisory for more...

7.5CVSS

7.5AI Score

0.002EPSS

2019-10-03 12:00 AM
19
github
github

Out-of-bounds write

A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka 'Chakra Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-1131, CVE-2019-1139, CVE-2019-1140, CVE-2019-1141, CVE-2019-1195,....

8.8CVSS

6AI Score

0.038EPSS

2021-03-29 08:56 PM
29
veracode
veracode

Denial Of Service (DoS)

Symfony is vulnerable to Denial Of Service (DoS). The vulnerability is due to improper hostname validation via a regular expression within Request::getHost(), which results in...

6.5AI Score

EPSS

2024-05-31 07:35 AM
2
osv
osv

Investigate Security Vulnerability of getPhysicalDisplayToken

In sanitize of LayerState.cpp, there is a possible way to take over the screen display and swap the display content due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for...

7.8CVSS

7.3AI Score

0.0004EPSS

2023-04-01 12:00 AM
4
metasploit
metasploit

Amazon Web Services EC2 SSM enumeration

Provided AWS credentials, this module will call the authenticated API of Amazon Web Services to list all SSM-enabled EC2 instances accessible to the account. Once enumerated as SSM-enabled, the instances can be controlled using out-of-band WebSocket sessions provided by the AWS API (nominally,...

7.1AI Score

2023-01-03 10:09 PM
78
osv
osv

EoP in shouldAbortBackgroundActivityStart of ActivityStarter.java

In AlarmManagerActivity of AlarmManagerActivity.java, there is a possible way to bypass background activity launch restrictions via a pendingIntent. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for...

7.8CVSS

6.3AI Score

0.0004EPSS

2023-04-01 12:00 AM
8
osv
osv

Denial of service of Minder Server from maliciously crafted GitHub attestations

Minder is vulnerable to a denial-of-service (DoS) attack which could allow an attacker to crash the Minder server and deny other users access to it. The root cause of the vulnerability is that Minders sigstore verifier reads an untrusted response entirely into memory without enforcing a limit on...

5.3CVSS

6.4AI Score

0.0004EPSS

2024-05-28 04:55 PM
4
veracode
veracode

Deserialization Of Untrusted Data

symbiote/silverstripe-multivaluefield is vulnerable to Deserialization Of Untrusted Data. The vulnerability is due to inadequate validation of user input, as well as object injection caused by support for handling PHP objects as values, which allows an attacker to inject malicious...

7.4AI Score

2024-05-30 06:03 AM
1
githubexploit
githubexploit

Exploit for Out-of-bounds Write in Openssl

2022 OpenSSL vulnerability -...

7AI Score

2022-10-28 09:51 AM
15
veracode
veracode

Denial Of Service (DoS)

aimeos/aimeos-core is vulnerable to Denial Of Service. The vulnerability is due to a lack of checks performed while saving and retrieving locale...

7AI Score

2024-05-30 07:29 AM
1
veracode
veracode

Deserialization Of Untrusted Data

org.apache.activemq is vulnerable to Deserialization Of Untrusted Data. The vulnerability is due to org.jolokia.http.HttpRequestHandler#handlePostRequest creating a JmxRequest through a JSONObject and calls to org.jolokia.http.HttpRequestHandler#executeRequest. This issue can be exploited by an...

8.8CVSS

7.6AI Score

0.002EPSS

2023-11-29 06:28 AM
12
osv
osv

Denial of service in Kubernetes

The Kubernetes kubelet component in versions 1.1-1.16.12, 1.17.0-1.17.8 and 1.18.0-1.18.5 do not account for disk usage by a pod which writes to its own /etc/hosts file. The /etc/hosts file mounted in a pod by kubelet is not included by the kubelet eviction manager when calculating ephemeral...

5.5CVSS

6.5AI Score

0.0004EPSS

2024-04-24 08:01 PM
2
github
github

Denial of service in Kubernetes

The Kubernetes kubelet component in versions 1.1-1.16.12, 1.17.0-1.17.8 and 1.18.0-1.18.5 do not account for disk usage by a pod which writes to its own /etc/hosts file. The /etc/hosts file mounted in a pod by kubelet is not included by the kubelet eviction manager when calculating ephemeral...

5.5CVSS

7AI Score

0.0004EPSS

2024-04-24 08:01 PM
13
veracode
veracode

Improper Enforcement Of Behavioral Workflow

aimeos/ai-client-html is vulnerable to Improper enforcement of behavioral workflow. The vulnerability is due to an issue where digital downloads sold in online shops can be accessed without valid payment, for instance, if the payment process fails. This could allow attackers to obtain digital...

6.9AI Score

2024-06-10 06:02 AM
2
veracode
veracode

Insufficient Granularity Of Access Control

lunary is vulnerable to an Insufficient Granularity of Access Control vulnerability. The vulnerability is due to improper validation of dataset ownership, allowing users to create, update, get, and delete prompt variations for datasets not owned by their organization, leading to unauthorized...

8.1CVSS

6.8AI Score

0.001EPSS

2024-06-12 06:34 AM
veracode
veracode

Denial Of Service (DoS)

Mattermost is vulnerable to Denial of Service (DoS). The vulnerability is caused due to the lack of validation for custom emoji reactions. This allows an attacker to send a huge amount of non-existent custom emojis in a post to crash the mobile app of a user seeing the...

4.3CVSS

6.7AI Score

0.0005EPSS

2024-02-12 06:42 AM
8
veracode
veracode

Improper Verification Of Cryptographic Signature

gnutls is vulnerable to Improper Verification Of Cryptographic Signature. The vulnerability is due to improper handling of certificate chains with distributed trust, particularly when used with cockpit and validated through cockpit-certificate-ensure. This allows an unauthenticated attacker to...

7.5CVSS

6.7AI Score

0.001EPSS

2024-01-30 05:14 PM
10
veracode
veracode

Denial Of Service (DoS)

github.com/stacklok/minder is vulnerable to a Denial Of Service (DoS). The vulnerability is due to the sigstore verifier reading an untrusted response entirely into memory without enforcing a limit on the response body. The vulnerability allows an attacker to crash the Minder server and deny other....

5.3CVSS

6.7AI Score

0.0004EPSS

2024-05-29 05:36 AM
1
hackerone
hackerone

U.S. Dept Of Defense: Reflected XSS via Keycloak on ███ [CVE-2021-20323]

Keycloak 8.0 and prior contains a cross-site scripting vulnerability. An attacker can execute arbitrary script and thus steal cookie-based authentication credentials and launch other attacks. A lack of proper input validation made it possible for an attacker to execute malicious JavaScript code on....

6.1CVSS

6.2AI Score

0.003EPSS

2023-10-22 08:58 PM
9
hackerone
hackerone

U.S. Dept Of Defense: Reflected Cross-site Scripting via search query on ██████

Hi team I found a reflected xss via search query on ████████ that allows an attacker to execute Javascript code into victim's browser. PoC 1- Doing subdomain enumeration of ██████████, i found the following one: ████████ 2- On the search query i saw that is injecting inside an h6 html tag:...

7.4AI Score

2024-03-26 04:32 PM
18
hackerone
hackerone

U.S. Dept Of Defense: Reflected XSS via Moodle on ███ [CVE-2022-35653]

Hi Security Team I found an xss vulnerability on your website [CVE-2022-35653] Refrence : https://vulners.com/nuclei/NUCLEI:CVE-2022-35653 if you wanna test this : ``` id: CVE-2022-35653 info: name: Moodle LTI module Reflected - Cross-Site Scripting author: iamnoooob,pdresearch severity:...

6.1CVSS

6AI Score

0.011EPSS

2024-04-02 12:06 AM
30
veracode
veracode

Denial Of Service (DoS)

.NET and ASP.NET are vulnerable to Denial Of Service (DoS). The vulnerability exists in the Kestrel web server, which allows an attacker to bypass the QUIC stream limit in HTTP/3, resulting in an application...

7.5CVSS

6.8AI Score

0.001EPSS

2023-08-09 11:29 PM
10
githubexploit
githubexploit

Exploit for Out-of-bounds Write in Samba

CVE-2021-44142 Vulnerability Checker A tool to check if a...

8.8CVSS

9AI Score

0.18EPSS

2022-03-29 07:03 PM
661
veracode
veracode

Denial Of Service (DOS)

ASP.NET Core is vulnerable to a Denial of Service (DoS). The vulnerability is due to improper handling of certain SignalR requests which results in the server being overwhelmed unresponsive, resulting in Denial of Service...

7.5CVSS

6.5AI Score

0.001EPSS

2024-02-14 06:52 AM
11
veracode
veracode

Denial Of Service (DoS)

rack-contrib is vulnerable to a Denial Of Service (DoS). The vulnerability is due to the user-controlled profiler_runs parameter not being constrained, which allows an attacker to allocate resources on the server side without limitation, resulting in Denial of...

8.6CVSS

6.7AI Score

0.0004EPSS

2024-05-29 06:21 AM
1
veracode
veracode

Denial Of Service (DoS)

.NET is vulnerable to Denial of Service (DoS) attacks. The vulnerability is due to processing X.509 certificates, which allows a malicious user is to trigger an application crash by passing a crafted...

7.5CVSS

6.7AI Score

0.001EPSS

2023-06-16 07:42 AM
19
veracode
veracode

Denial Of Service (DoS)

Yarp.ReverseProxy is vulnerable to Denial of Service (DoS) attacks. The vulnerability exists due insufficient checks in StreamCopyHttpContent.cs, which allows an attacker to cause denial of service...

7.5CVSS

6.6AI Score

0.001EPSS

2023-06-27 08:26 AM
4
veracode
veracode

Denial Of Service (DoS)

Microsoft QUIC is vulnerable to Denial of Service (DOS). The vulnerability is due to a memory leak in the QuicCryptoTlsReadExtensions function in crypto_tls.c, which results in Denial of Service. An attacker can create multiple instances are present or multiple calls to the decode...

7.5CVSS

6.9AI Score

0.001EPSS

2023-10-16 08:15 AM
3
veracode
veracode

Denial Of Service (DoS)

Microsoft QUIC is vulnerable to Denial Of Service (DoS). The vulnerability is due to the library allowing version negotiation packets for server connections, which enables an attacker to crash the...

7.5CVSS

6.8AI Score

0.002EPSS

2023-10-12 06:20 AM
8
veracode
veracode

Denial Of Service (DoS)

Microsoft.IdentityModel.JsonWebTokens and System.IdentityModel.Tokens.Jwt are vulnerable to Denial Of Service (DoS). The vulnerability is cause by improper JWT compression checks, which results in resource exhaustion due processing of malicious JSON Web Encryption(JWE) token. Successful...

6.8CVSS

7AI Score

0.001EPSS

2024-01-10 10:01 AM
23
veracode
veracode

Denial Of Service (DoS)

.NET is vulnerable to Denial Of Service (Dos). The vulnerability is due to improper handling of x509 certificates, which can result in Denial of Service...

7.5CVSS

6.5AI Score

0.003EPSS

2024-02-23 02:00 PM
10
veracode
veracode

Denial Of Service (DoS)

ASP.NET Core is vulnerable to Denial of Service (DoS). The vulnerability occurs when an attacker cancels a HTTP requests made to ASP.NET Core running on an IIS In Process hosting model, which may cause an increase in thread counts, potentially leading to an OutOfMemoryException, which results in...

8.2CVSS

6.9AI Score

0.001EPSS

2023-11-23 08:09 AM
10
veracode
veracode

Denial Of Service (DoS)

.NET is vulnerable to Denial of Service (DoS).The vulnerability is due to resource leaks caused by specially crafted requests, which can result in Denial of Service...

7.5CVSS

7AI Score

0.0005EPSS

2024-03-13 11:21 AM
6
veracode
veracode

Denial Of Service (DoS)

Microsoft QUIC is vulnerable to Denial Of Service (DoS). The vulnerability is caused by holding onto failed connections, leading to continuous memory consumption until exhaustion, resulting in Denial of Service. Note that this vulnerability is not exploitable on .NET-based web servers running on...

7.5CVSS

6.5AI Score

0.0005EPSS

2024-03-14 07:36 AM
10
hackerone
hackerone

U.S. Dept Of Defense: Reflected XSS on error message on Login Page

Greetings! I've found a reflected XSS on a login page on█████ . The vulnerable link is: https://███████/users/login?error=<img src> █████████ Impact An attacker can inject crafted javascript that can steal user cookies, impersionate, steal information, deface...

6AI Score

2024-03-15 07:51 AM
12
veracode
veracode

Denial Of Service (DoS)

silverstripe/framework is vulnerable to Denial Of Service (DoS). The vulnerability is due to missing XML size checks, which allows an attacker to significantly degrade the performance of the site through a Quadratic Blowup...

6.8AI Score

2024-05-28 05:42 AM
2
osv
osv

Grafana Spoofing originalUrl of snapshots

To create a snapshot (and insert an arbitrary URL) the built-in role Viewer is sufficient. When a dashboard is shared as a local snapshot, the following three fields are offered in the web UI for a user to fill out: • Snapshotname • Expire • Timeout(seconds) After the user confirms creation of the....

6.7CVSS

3.9AI Score

0.001EPSS

2024-05-14 10:29 PM
6
githubexploit
githubexploit

Exploit for Out-of-bounds Write in Fortinet Fortios

CVE-2022-42475 Background This is the exploit for the...

9.8CVSS

9.9AI Score

0.321EPSS

2023-06-21 09:22 PM
182
cve
cve

CVE-2023-7075

A vulnerability was found in code-projects Point of Sales and Inventory Management System 1.0 and classified as problematic. Affected by this issue is some unknown functionality of the file /main/checkout.php. The manipulation of the argument pt leads to cross site scripting. The attack may be...

6.1CVSS

6AI Score

0.001EPSS

2023-12-22 12:15 PM
20
veracode
veracode

Denial Of Service

JSON-Java is vulnerable to Denial of Service. The vulnerability is due to chars with value \0 being parsed incorrectly, which can results in an input string of modest size causing indefinite amounts of memory...

7.5CVSS

6.8AI Score

0.0005EPSS

2023-10-13 05:14 AM
10
githubexploit
githubexploit

Exploit for Deserialization of Untrusted Data in Clear Clearml

_____ _ __ __ _ _____ ____ _...

8.8CVSS

9AI Score

0.001EPSS

2024-06-11 10:30 PM
93
githubexploit
githubexploit

Exploit for Deserialization of Untrusted Data in Apache Activemq

ActiveMQ-RCE ActiveMQ RCE (CVE-2023-46604) exploit, written...

9.9AI Score

2023-10-27 05:57 AM
187
githubexploit
githubexploit

Exploit for Deserialization of Untrusted Data in Apache Log4J

本工具仅为企业测试漏洞使用,严禁他人使用本工具攻击 本工具仅为企业测试漏洞使用,严禁他人使用本工具攻击...

9AI Score

2021-12-11 07:19 AM
866
Total number of security vulnerabilities2366080