Количество 312 573
Количество 312 573
GHSA-3wqh-h42r-x8fq
Denial of Service in @hapi/content
GHSA-3wqh-cc4x-r6p5
The PDF Flipbook, 3D Flipbook—DearFlip plugin for WordPress is vulnerable to Stored Cross-Site Scripting via outline settings in all versions up to 2.3.52 due to insufficient input sanitization and output escaping on user-supplied data. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
GHSA-3wqh-9cfw-65c4
Cross-site request forgery attacks can be carried out against the Eyes of Network web application, due to an absence of adequate protections. An attacker can, for instance, delete the admin user by directing an authenticated user to the URL https://<target-address>/module/admin_user/index.php?DataTables_Table_0_length=10&user_selected%5B%5D=1&user_mgt_list=delete_user&action=submit by means of a crafted link.
GHSA-3wqg-6hfx-9w42
Tenda N300 F3 router vulnerability allows users to bypass intended security policy and create weak passwords.
GHSA-3wqf-jxw5-8w54
An issue was discovered in QSC Q-SYS Core Manager 8.2.1. By utilizing the TFTP service running on UDP port 69, a remote attacker can perform a directory traversal and obtain operating system files via a TFTP GET request, as demonstrated by reading /etc/passwd or /proc/version.
GHSA-3wqf-4x89-9g79
Bootstrap vulnerable to Cross-Site Scripting (XSS)
GHSA-3wqf-38hq-5vr8
The FancyTabs plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘title’ parameter in all versions up to, and including, 1.1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
GHSA-3wqc-xr7q-qr6w
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in HK WP Online Users Stats allows Blind SQL Injection. This issue affects WP Online Users Stats: from n/a through 1.0.0.
GHSA-3wqc-mwfx-672p
Traefik affected by Go oauth2/jws Improper Validation of Syntactic Correctness of Input vulnerability
GHSA-3wq9-hv2f-46q4
An exploitable heap based buffer overflow vulnerability exists in the 'read_biff_next_record function' of FreeXL 1.0.3. A specially crafted XLS file can cause a memory corruption resulting in remote code execution. An attacker can send malicious XLS file to trigger this vulnerability.
GHSA-3wq8-wfw2-w4xm
The replace_map_fd_with_map_ptr function in kernel/bpf/verifier.c in the Linux kernel before 4.5.5 does not properly maintain an fd data structure, which allows local users to gain privileges or cause a denial of service (use-after-free) via crafted BPF instructions that reference an incorrect file descriptor.
GHSA-3wq8-22r5-x325
cPanel before 71.9980.37 does not enforce the Mime::list_hotlinks API feature restriction (SEC-432).
GHSA-3wq7-w8r7-pmvh
Clipboard code failed to check the index on an array access. This could have lead to an out-of-bounds read. This vulnerability affects Firefox < 128.
GHSA-3wq7-jqg2-g9mh
Use after free in audio in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
GHSA-3wq7-2q97-v54v
SQL-Ledger 2.8.24 does not set the secure flag for the session cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session.
GHSA-3wq6-8f7g-92vm
HCL Verse v10 and v11 is susceptible to a Stored Cross-Site Scripting (XSS) vulnerability due to improper handling of message content. An unauthenticated remote attacker could exploit this vulnerability using specially-crafted markup to execute script in a victim's web browser within the security context of the hosting Web site and/or steal the victim's cookie-based authentication credentials.
GHSA-3wq5-3f56-v5xc
Mattermost vulnerable to information disclosure
GHSA-3wq5-2gjw-q95m
Authenticated (author or higher user role) Stored Cross-Site Scripting (XSS) vulnerability in PluginlySpeaking Floating Div plugin <= 3.0 at WordPress.
GHSA-3wq4-hqw7-6x4f
An issue in Austrian Academy of Sciences (AW) Austrian Archaeological Institute OpenAtlas v.8.12.0 allows a remote attacker to obtain sensitive information via the login error messages
GHSA-3wq4-8fhv-h6wv
Missing Authorization vulnerability in Drupal Layout Builder Advanced Permissions allows Forceful Browsing.This issue affects Layout Builder Advanced Permissions: from 0.0.0 before 2.2.0.
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
GHSA-3wqh-h42r-x8fq Denial of Service in @hapi/content | больше 5 лет назад | |||
GHSA-3wqh-cc4x-r6p5 The PDF Flipbook, 3D Flipbook—DearFlip plugin for WordPress is vulnerable to Stored Cross-Site Scripting via outline settings in all versions up to 2.3.52 due to insufficient input sanitization and output escaping on user-supplied data. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | CVSS3: 6.4 | 0% Низкий | около 1 года назад | |
GHSA-3wqh-9cfw-65c4 Cross-site request forgery attacks can be carried out against the Eyes of Network web application, due to an absence of adequate protections. An attacker can, for instance, delete the admin user by directing an authenticated user to the URL https://<target-address>/module/admin_user/index.php?DataTables_Table_0_length=10&user_selected%5B%5D=1&user_mgt_list=delete_user&action=submit by means of a crafted link. | CVSS3: 8.8 | 0% Низкий | больше 3 лет назад | |
GHSA-3wqg-6hfx-9w42 Tenda N300 F3 router vulnerability allows users to bypass intended security policy and create weak passwords. | CVSS3: 9.1 | 0% Низкий | почти 2 года назад | |
GHSA-3wqf-jxw5-8w54 An issue was discovered in QSC Q-SYS Core Manager 8.2.1. By utilizing the TFTP service running on UDP port 69, a remote attacker can perform a directory traversal and obtain operating system files via a TFTP GET request, as demonstrated by reading /etc/passwd or /proc/version. | 3% Низкий | больше 3 лет назад | ||
GHSA-3wqf-4x89-9g79 Bootstrap vulnerable to Cross-Site Scripting (XSS) | CVSS3: 6.1 | 2% Низкий | больше 3 лет назад | |
GHSA-3wqf-38hq-5vr8 The FancyTabs plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘title’ parameter in all versions up to, and including, 1.1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | CVSS3: 6.4 | 0% Низкий | 4 месяца назад | |
GHSA-3wqc-xr7q-qr6w Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in HK WP Online Users Stats allows Blind SQL Injection. This issue affects WP Online Users Stats: from n/a through 1.0.0. | CVSS3: 9.3 | 0% Низкий | 10 месяцев назад | |
GHSA-3wqc-mwfx-672p Traefik affected by Go oauth2/jws Improper Validation of Syntactic Correctness of Input vulnerability | CVSS3: 7.5 | 10 месяцев назад | ||
GHSA-3wq9-hv2f-46q4 An exploitable heap based buffer overflow vulnerability exists in the 'read_biff_next_record function' of FreeXL 1.0.3. A specially crafted XLS file can cause a memory corruption resulting in remote code execution. An attacker can send malicious XLS file to trigger this vulnerability. | CVSS3: 8.8 | 2% Низкий | больше 3 лет назад | |
GHSA-3wq8-wfw2-w4xm The replace_map_fd_with_map_ptr function in kernel/bpf/verifier.c in the Linux kernel before 4.5.5 does not properly maintain an fd data structure, which allows local users to gain privileges or cause a denial of service (use-after-free) via crafted BPF instructions that reference an incorrect file descriptor. | CVSS3: 7.8 | 19% Средний | больше 3 лет назад | |
GHSA-3wq8-22r5-x325 cPanel before 71.9980.37 does not enforce the Mime::list_hotlinks API feature restriction (SEC-432). | 0% Низкий | больше 3 лет назад | ||
GHSA-3wq7-w8r7-pmvh Clipboard code failed to check the index on an array access. This could have lead to an out-of-bounds read. This vulnerability affects Firefox < 128. | CVSS3: 9.8 | 0% Низкий | больше 1 года назад | |
GHSA-3wq7-jqg2-g9mh Use after free in audio in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | CVSS3: 8.8 | 3% Низкий | больше 3 лет назад | |
GHSA-3wq7-2q97-v54v SQL-Ledger 2.8.24 does not set the secure flag for the session cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session. | 0% Низкий | почти 4 года назад | ||
GHSA-3wq6-8f7g-92vm HCL Verse v10 and v11 is susceptible to a Stored Cross-Site Scripting (XSS) vulnerability due to improper handling of message content. An unauthenticated remote attacker could exploit this vulnerability using specially-crafted markup to execute script in a victim's web browser within the security context of the hosting Web site and/or steal the victim's cookie-based authentication credentials. | 1% Низкий | больше 3 лет назад | ||
GHSA-3wq5-3f56-v5xc Mattermost vulnerable to information disclosure | CVSS3: 5.3 | 0% Низкий | почти 3 года назад | |
GHSA-3wq5-2gjw-q95m Authenticated (author or higher user role) Stored Cross-Site Scripting (XSS) vulnerability in PluginlySpeaking Floating Div plugin <= 3.0 at WordPress. | CVSS3: 4.8 | 0% Низкий | больше 3 лет назад | |
GHSA-3wq4-hqw7-6x4f An issue in Austrian Academy of Sciences (AW) Austrian Archaeological Institute OpenAtlas v.8.12.0 allows a remote attacker to obtain sensitive information via the login error messages | CVSS3: 5.3 | 0% Низкий | 3 месяца назад | |
GHSA-3wq4-8fhv-h6wv Missing Authorization vulnerability in Drupal Layout Builder Advanced Permissions allows Forceful Browsing.This issue affects Layout Builder Advanced Permissions: from 0.0.0 before 2.2.0. | CVSS3: 4.3 | 0% Низкий | 6 месяцев назад |
Уязвимостей на страницу