Lucene search

K

NetApp, Inc. Security Vulnerabilities

osv
osv

CVE-2023-23900

Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in YIKES, Inc. Easy Forms for Mailchimp plugin <= 6.8.8...

6.1CVSS

6.1AI Score

0.0005EPSS

2023-08-10 12:15 PM
9
osv
osv

CVE-2023-4925

The Easy Forms for Mailchimp WordPress plugin through 6.8.10 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is...

4.8CVSS

6AI Score

0.0004EPSS

2024-01-15 04:15 PM
9
osv
osv

CVE-2023-1323

The Easy Forms for Mailchimp WordPress plugin before 6.8.9 does not sanitise and escape some of its from parameters, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite.....

4.8CVSS

5.8AI Score

0.0005EPSS

2023-06-12 06:15 PM
9
osv
osv

CVE-2023-1324

The Easy Forms for Mailchimp WordPress plugin before 6.8.8 does not sanitise and escape some parameters before outputting them back in the response, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as...

6.1CVSS

6.2AI Score

0.001EPSS

2023-04-24 07:15 PM
9
osv
osv

CVE-2023-1325

The Easy Forms for Mailchimp WordPress plugin before 6.8.7 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting...

5.4CVSS

6AI Score

0.001EPSS

2023-04-17 01:15 PM
7
osv
osv

CVE-2021-4244

A vulnerability classified as problematic has been found in yikes-inc-easy-mailchimp-extender Plugin up to 6.8.5. This affects an unknown part of the file admin/partials/ajax/add_field_to_form.php. The manipulation of the argument field_name/merge_tag/field_type/list_id leads to cross site...

6.1CVSS

6AI Score

0.001EPSS

2022-12-12 02:15 PM
6
osv
osv

CVE-2023-2518

The Easy Forms for Mailchimp WordPress plugin before 6.8.9 does not sanitise and escape a parameter before outputting it back in the page when the debug option is enabled, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as...

6.1CVSS

6.2AI Score

0.001EPSS

2023-05-30 08:15 AM
8
githubexploit
githubexploit

Exploit for CVE-2023-38831

CVE-2023-38831 PoC (Proof Of Concept) This is an easy to use...

7.8CVSS

8.3AI Score

0.381EPSS

2023-08-28 04:56 AM
242
cve
cve

CVE-2017-17688

The OpenPGP specification allows a Cipher Feedback Mode (CFB) malleability-gadget attack that can indirectly lead to plaintext exfiltration, aka EFAIL. NOTE: third parties report that this is a problem in applications that mishandle the Modification Detection Code (MDC) feature or accept an...

5.9CVSS

5.7AI Score

0.008EPSS

2018-05-16 07:29 PM
43
openbugbounty
openbugbounty

inc-conso.fr Cross Site Scripting vulnerability OBB-3872425

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

6.2AI Score

2024-03-14 02:53 PM
7
cvelist
cvelist

CVE-2024-0552 Intumit inc. SmartRobot - Remote Code Execution

Intumit inc. SmartRobot's web framwork has a remote code execution vulnerability. An unauthorized remote attacker can exploit this vulnerability to execute arbitrary commands on the remote...

9.8CVSS

10AI Score

0.002EPSS

2024-01-15 04:03 AM
1
osv
osv

CVE-2023-36088

Server Side Request Forgery (SSRF) vulnerability in NebulaGraph Studio version 3.7.0, allows remote attackers to gain sensitive...

7.5CVSS

7.4AI Score

0.001EPSS

2023-09-01 04:15 PM
10
veracode
veracode

Session Fixation

@workos-inc/authkit-nextjs vulnerable to Session Fixation. This vulnerability is due to the improper handling of expired sessions within session.ts. This allowing an attacker to reuse an expired session by controlling the x-workos-session...

4.8CVSS

6.8AI Score

0.0004EPSS

2024-04-01 03:29 AM
15
wpvulndb
wpvulndb

Code Insert Manager (Q2W3 Inc Manager) <= 2.5.3 - Reflected Cross-Site Scripting

Description The Code Insert Manager (Q2W3 Inc Manager) plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in all versions up to, and including, 2.5.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...

5.8CVSS

6.7AI Score

0.0004EPSS

2024-04-25 12:00 AM
7
nuclei
nuclei

DedeCMS 5.7 - Path Disclosure

DedeCMS 5.7 allows remote attackers to discover the full path via a direct request for include/downmix.inc.php or...

7.5CVSS

7.5AI Score

0.024EPSS

2021-03-15 06:54 AM
10
osv
osv

CVE-2023-4220

Unrestricted file upload in big file upload functionality in /main/inc/lib/javascript/bigupload/inc/bigUpload.php in Chamilo LMS &lt;= v1.11.24 allows unauthenticated attackers to perform stored cross-site scripting attacks and obtain remote code execution via uploading of web...

8.1CVSS

7.3AI Score

0.002EPSS

2023-11-28 08:15 AM
7
oraclelinux
oraclelinux

perl:5.32 security update

perl-Algorithm-Diff perl-Archive-Tar perl-Archive-Zip perl-autodie perl-bignum perl-Carp perl-Compress-Bzip2 perl-Compress-Raw-Bzip2 perl-Compress-Raw-Lzma perl-Compress-Raw-Zlib [2.096-2] - Fix test broken by update in zlib on s390x - Related: RHEL-16371 perl-Config-Perl-V perl-constant...

7.8CVSS

6.8AI Score

0.0004EPSS

2024-05-24 12:00 AM
18
githubexploit
githubexploit

Exploit for CVE-2024-5522

CVE-2024-5522-Poc CVE-2024-5522 HTML5 Video Player &lt;=...

8.2AI Score

EPSS

2024-05-31 04:41 AM
192
debiancve
debiancve

CVE-2021-47249

In the Linux kernel, the following vulnerability has been resolved: net: rds: fix memory leak in rds_recvmsg Syzbot reported memory leak in rds. The problem was in unputted refcount in case of error. int rds_recvmsg(struct socket sock, struct msghdr msg, size_t size, int msg_flags) {...

6.9AI Score

0.0004EPSS

2024-05-21 03:15 PM
9
nuclei
nuclei

NodeBB XML-RPC Request xmlrpc.php - XML Injection

A remote code execution (RCE) vulnerability in the xmlrpc.php endpoint of NodeBB Inc NodeBB forum software prior to v1.18.6 allows attackers to execute arbitrary code via crafted XML-RPC...

9.8CVSS

9.9AI Score

0.287EPSS

2024-03-06 06:03 PM
23
osv
osv

CVE-2023-5706

The VK Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'vk-blocks/ancestor-page-list' block in all versions up to, and including, 1.63.0.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

6.4CVSS

5.7AI Score

0.001EPSS

2023-11-22 04:15 PM
6
githubexploit
githubexploit

Exploit for CVE-2024-27956

CVE-2024-27956 Note Build wordpress: docker-compose -f...

9.9CVSS

7.2AI Score

0.001EPSS

2024-04-27 11:03 AM
374
nuclei
nuclei

WordPress Sell Media 2.4.1 - Cross-Site Scripting

WordPress Plugin Sell Media v2.4.1 contains a cross-site scripting vulnerability in /inc/class-search.php that allows remote attackers to inject arbitrary web script or HTML via the keyword parameter (aka $search_term or the Search...

6.1CVSS

5.9AI Score

0.001EPSS

2020-08-16 03:22 PM
3
ubuntucve
ubuntucve

CVE-2021-47249

In the Linux kernel, the following vulnerability has been resolved: net: rds: fix memory leak in rds_recvmsg Syzbot reported memory leak in rds. The problem was in unputted refcount in case of error. int rds_recvmsg(struct socket sock, struct msghdr msg, size_t size, int msg_flags) { ... if...

6.5AI Score

0.0004EPSS

2024-05-21 12:00 AM
4
nuclei
nuclei

School Dormitory Management System 1.0 - Authenticated Cross-Site Scripting

School Dormitory Management System 1.0 contains an authenticated cross-site scripting vulnerability in admin/inc/navigation.php:126. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based....

6.1CVSS

6.1AI Score

0.001EPSS

2022-10-05 08:01 PM
4
githubexploit
githubexploit

Exploit for CVE-2023-38831

VolleyballSquid-----CVE-2023-38831-and-Bypass-UAC This is my...

7.8CVSS

8.5AI Score

0.381EPSS

2024-04-01 03:59 PM
86
nuclei
nuclei

NeDi 1.9C - Cross-Site Scripting

NeDi 1.9C is vulnerable to cross-site scripting because of an incorrect implementation of sanitize() in inc/libmisc.php. This function attempts to escape the SCRIPT tag from user-controllable values, but can be easily bypassed, as demonstrated by an onerror attribute of an IMG element as a...

6.1CVSS

6AI Score

0.001EPSS

2021-03-08 05:28 AM
9
nuclei
nuclei

Magento Mass Importer <0.7.24 - Remote Auth Bypass

Magento Mass Importer (aka MAGMI) versions prior to 0.7.24 are vulnerable to a remote authentication bypass due to allowing default credentials in the event there is a database connection...

9.8CVSS

9.5AI Score

0.056EPSS

2020-09-04 01:02 PM
7
cvelist
cvelist

CVE-2024-32547 WordPress Code Insert Manager (Q2W3 Inc Manager) plugin <= 2.5.3 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Max Bond Code Insert Manager (Q2W3 Inc Manager) allows Reflected XSS.This issue affects Code Insert Manager (Q2W3 Inc Manager): from n/a through...

5.8CVSS

6AI Score

0.0004EPSS

2024-04-17 08:12 AM
1
vulnrichment
vulnrichment

CVE-2024-32547 WordPress Code Insert Manager (Q2W3 Inc Manager) plugin <= 2.5.3 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Max Bond Code Insert Manager (Q2W3 Inc Manager) allows Reflected XSS.This issue affects Code Insert Manager (Q2W3 Inc Manager): from n/a through...

5.8CVSS

7.1AI Score

0.0004EPSS

2024-04-17 08:12 AM
nuclei
nuclei

School Dormitory Management System 1.0 - Authenticated Cross-Site Scripting

School Dormitory Management System 1.0 contains an authenticated cross-site scripting vulnerability via admin/inc/navigation.php:125. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal...

6.1CVSS

6.1AI Score

0.001EPSS

2022-10-05 05:01 PM
5
osv
osv

CVE-2023-0575

External Control of Critical State Data, Improper Control of Generation of Code ('Code Injection') vulnerability in YugaByte, Inc. Yugabyte DB on Windows, Linux, MacOS, iOS (DevopsBase.Java:execCommand, TableManager.Java:runCommand modules) allows API Manipulation, Privilege Abuse. This...

9.8CVSS

6.8AI Score

0.001EPSS

2023-02-09 05:15 PM
7
osv
osv

CVE-2023-4223

Unrestricted file upload in /main/inc/ajax/document.ajax.php in Chamilo LMS &lt;= v1.11.24 allows authenticated attackers with learner role to obtain remote code execution via uploading of PHP...

8.8CVSS

9AI Score

0.002EPSS

2023-11-28 08:15 AM
6
nuclei
nuclei

TIBCO JasperReports Library - Directory Traversal

The default server implementation of TIBCO Software Inc.'s TIBCO JasperReports Library, TIBCO JasperReports Library Community Edition, TIBCO JasperReports Library for ActiveMatrix BPM, TIBCO JasperReports Server, TIBCO JasperReports Server Community Edition, TIBCO JasperReports Server for...

6.5CVSS

6.6AI Score

0.503EPSS

2023-08-03 11:24 PM
17
osv
osv

CVE-2023-4226

Unrestricted file upload in /main/inc/ajax/work.ajax.php in Chamilo LMS &lt;= v1.11.24 allows authenticated attackers with learner role to obtain remote code execution via uploading of PHP...

8.8CVSS

9AI Score

0.002EPSS

2023-11-28 08:15 AM
7
osv
osv

CVE-2023-4224

Unrestricted file upload in /main/inc/ajax/dropbox.ajax.php in Chamilo LMS &lt;= v1.11.24 allows authenticated attackers with learner role to obtain remote code execution via uploading of PHP...

8.8CVSS

9AI Score

0.002EPSS

2023-11-28 08:15 AM
4
osv
osv

CVE-2023-4225

Unrestricted file upload in /main/inc/ajax/exercise.ajax.php in Chamilo LMS &lt;= v1.11.24 allows authenticated attackers with learner role to obtain remote code execution via uploading of PHP...

8.8CVSS

9AI Score

0.002EPSS

2023-11-28 08:15 AM
3
osv
osv

@workos-inc/authkit-nextjs session replay vulnerability

Impact A user can reuse an expired session by controlling the x-workos-session header. Patches Patched in...

4.8CVSS

5.2AI Score

0.0004EPSS

2024-03-29 08:16 PM
5
packetstorm

7.4AI Score

0.0004EPSS

2024-04-05 12:00 AM
88
nuclei
nuclei

Weaver E-Office 9.5 - Remote Code Execution

A vulnerability was found in Weaver E-Office 9.5. It has been classified as critical. This affects an unknown part of the file /inc/jquery/uploadify/uploadify.php. The manipulation of the argument Filedata leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit...

9.8CVSS

7.8AI Score

0.106EPSS

2023-09-05 12:32 PM
12
osv
osv

CVE-2024-5851

A vulnerability classified as problematic has been found in playSMS up to 1.4.7. Affected is an unknown function of the file /index.php?app=main&inc=feature_schedule&op=list of the component SMS Schedule Handler. The manipulation of the argument name/message leads to basic cross site scripting. It....

3.5CVSS

6.6AI Score

0.0004EPSS

2024-06-11 06:15 PM
1
github
github

@workos-inc/authkit-nextjs session replay vulnerability

Impact A user can reuse an expired session by controlling the x-workos-session header. Patches Patched in...

4.8CVSS

7.1AI Score

0.0004EPSS

2024-03-29 08:16 PM
8
osv
osv

CVE-2018-25086

A vulnerability was found in sea75300 FanPress CM up to 3.6.3. It has been classified as problematic. This affects the function getArticlesPreview of the file inc/controller/action/system/templatepreview.php of the component Template Preview. The manipulation leads to cross site scripting. It is...

6.1CVSS

6.4AI Score

0.001EPSS

2023-06-01 07:15 AM
8
osv
osv

CVE-2022-30935

An authorization bypass in b2evolution allows remote, unauthenticated attackers to predict password reset tokens for any user through the use of a bad randomness function. This allows the attacker to get valid sessions for arbitrary users, and optionally reset their password. Tested and confirmed.....

9.1CVSS

7.3AI Score

0.002EPSS

2022-09-28 11:15 AM
3
cnvd
cnvd

Code Injection Vulnerability in Citrix NetScaler ADC and NetScaler Gateway

NetScaler ADC is an application delivery controller. NetScaler Gateway is an access gateway with an SSL VPN solution that provides single sign-on and authentication for remote end users of network assets. Both are Citrix products. A code injection vulnerability exists in Citrix NetScaler ADC and...

8.8CVSS

8.2AI Score

0.016EPSS

2024-02-22 12:00 AM
14
osv
osv

CVE-2022-34127

The Managentities plugin before 4.0.2 for GLPI allows reading local files via directory traversal in the inc/cri.class.php file...

7.5CVSS

7.7AI Score

0.021EPSS

2023-04-16 03:15 AM
9
osv
osv

CVE-2022-45962

Open Solutions for Education, Inc openSIS Community Edition v8.0 and earlier is vulnerable to SQL Injection via...

6.5CVSS

7AI Score

0.002EPSS

2023-02-13 09:15 PM
7
osv
osv

CVE-2023-3545

Improper sanitisation in main/inc/lib/fileUpload.lib.php in Chamilo LMS &lt;= v1.11.20 on Windows and Apache installations allows unauthenticated attackers to bypass file upload security protections and obtain remote code execution via uploading of .htaccess file. This vulnerability may be exploite...

9.8CVSS

10AI Score

0.004EPSS

2023-11-28 07:15 AM
5
oraclelinux
oraclelinux

libreoffice security fix update

[1:5.3.6.1-26.0.1] - adjust color palette to match Redwood style. - Replaced RedHat colors with Oracle colors, and the filename redhat.soc with oracle.soc in specfile - Build with --with-vendor='Oracle America, Inc.' [1:5.3.6.1-26] - Fix CVE-2022-38745 Empty entry in Java class path - Fix...

8.8CVSS

7AI Score

0.001EPSS

2024-05-23 12:00 AM
5
osv
osv

CVE-2023-50564

An arbitrary file upload vulnerability in the component /inc/modules_install.php of Pluck-CMS v4.7.18 allows attackers to execute arbitrary code via uploading a crafted ZIP...

8.8CVSS

7.8AI Score

0.001EPSS

2023-12-14 03:15 PM
6
Total number of security vulnerabilities288358