Логотип exploitDog
source:"github"
Консоль
Логотип exploitDog

exploitDog

source:"github"

Количество 314 458

Количество 314 458

github логотип

GHSA-3x34-6x7v-gx9x

больше 1 года назад

The SendPulse Free Web Push plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 1.3.6 due to incorrect use of the wp_kses_allowed_html function. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

CVSS3: 7.2
EPSS: Низкий
github логотип

GHSA-3x33-rgq6-x937

больше 3 лет назад

IBM i2 Analyst's Notebook Premium 9.2.0, 9.2.1, and 9.2.2 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 202681.

EPSS: Низкий
github логотип

GHSA-3x33-4vmh-52pp

больше 3 лет назад

Huawei USG5500 with software V300R001C00 and V300R001C00 allows attackers to bypass the anti-DDoS module of the USGs to cause a denial of service condition on the backend server.

CVSS3: 7.5
EPSS: Низкий
github логотип

GHSA-3x2x-rqjh-c8vg

9 месяцев назад

A vulnerability, which was classified as critical, was found in PHPGurukul Boat Booking System 1.0. This affects an unknown part of the file /admin/edit-boat.php. The manipulation of the argument bid leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.

CVSS3: 6.3
EPSS: Низкий
github логотип

GHSA-3x2x-m8qg-cg22

почти 4 года назад

Multiple cross-site scripting (XSS) vulnerabilities in QuiXplorer before 2.5.5 allow remote attackers to inject arbitrary web script or HTML via the (1) dir, (2) item, (3) order, (4) searchitem, (5) selitems[], or (6) srt parameter to index.php or (7) the QUERY_STRING to index.php.

EPSS: Низкий
github логотип

GHSA-3x2w-wmw4-58gp

около 1 года назад

Code-Projects Online Car Rental System 1.0 is vulnerable to Cross Site Scripting (XSS) via the vehicalorcview parameter in /admin/edit-vehicle.php.

CVSS3: 6.5
EPSS: Низкий
github логотип

GHSA-3x2w-qx4w-qjhr

больше 3 лет назад

An issue was discovered on LG mobile devices with Android OS 9.0 software. The HAL service has a buffer overflow that leads to arbitrary code execution. The LG ID is LVE-SMP-190013 (September 2019).

EPSS: Низкий
github логотип

GHSA-3x2r-qgjm-w8gr

почти 4 года назад

Buffer overflow in Linux autofs module through long directory names allows local users to perform a denial of service.

EPSS: Низкий
github логотип

GHSA-3x2r-3xr4-4cc3

больше 3 лет назад

Unspecified vulnerability on the HP Integrated Lights-Out 3 (aka iLO3) with firmware before 1.50 and Integrated Lights-Out 4 (aka iLO4) with firmware before 1.13 allows remote attackers to obtain sensitive information via unknown vectors.

EPSS: Низкий
github логотип

GHSA-3x2q-7fcg-xmg5

6 месяцев назад

An improper neutralization of special elements used in an OS Command ("OS Command Injection") vulnerability [CWE-78] in Fortinet FortiADC version 7.2.0 and before 7.1.1 allows a remote and authenticated attacker with low privilege to execute unauthorized code via specifically crafted HTTP parameters.

CVSS3: 7.2
EPSS: Низкий
github логотип

GHSA-3x2j-v2vh-g7rm

больше 3 лет назад

mediaserver in Android 4.4 and 5.1 before 5.1.1 LMY48X allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 14388161, a different vulnerability than CVE-2015-6608 and CVE-2015-8072.

EPSS: Низкий
github логотип

GHSA-3x2j-h977-v75r

больше 3 лет назад

cJSON before 1.7.11 allows out-of-bounds access, related to multiline comments.

CVSS3: 9.8
EPSS: Низкий
github логотип

GHSA-3x2j-526p-4qw3

больше 3 лет назад

Out of bounds write in the Intel(R) Graphics Driver before version 15.33.53.5161, 15.36.40.5162, 15.40.47.5166, 15.45.33.5164 and 27.20.100.8336 may allow an authenticated user to potentially enable an escalation of privilege via local access.

EPSS: Низкий
github логотип

GHSA-3x2h-xf26-7556

3 месяца назад

NVIDIA DGX Spark GB10 contains a vulnerability in SROOT, where an attacker could use privileged access to gain access to SoC protected areas. A successful exploit of this vulnerability might lead to code execution, information disclosure, data tampering, denial of service, or escalation of privileges.

CVSS3: 9.3
EPSS: Низкий
github логотип

GHSA-3x2h-jpxc-pv8r

5 месяцев назад

In the Linux kernel, the following vulnerability has been resolved: ACPI: processor: perflib: Move problematic pr->performance check Commit d33bd88ac0eb ("ACPI: processor: perflib: Fix initial _PPC limit application") added a pr->performance check that prevents the frequency QoS request from being added when the given processor has no performance object. Unfortunately, this causes a WARN() in freq_qos_remove_request() to trigger on an attempt to take the given CPU offline later because the frequency QoS object has not been added for it due to the missing performance object. Address this by moving the pr->performance check before calling acpi_processor_get_platform_limit() so it only prevents a limit from being set for the CPU if the performance object is not present. This way, the frequency QoS request is added as it was before the above commit and it is present all the time along with the CPU's cpufreq policy regardless of whether or not the CPU is online.

EPSS: Низкий
github логотип

GHSA-3x2g-p2xc-5pg4

больше 3 лет назад

Unspecified vulnerability in FFmpeg before 0.10.3 has unknown impact and attack vectors, a different vulnerability than CVE-2012-2771, CVE-2012-2773, CVE-2012-2778, and CVE-2012-2780.

CVSS3: 9.8
EPSS: Низкий
github логотип

GHSA-3x2g-6wvf-h886

больше 3 лет назад

An issue was discovered in certain Apple products. macOS before 10.12.4 is affected. The issue involves the "iBooks" component. It allows remote attackers to obtain sensitive information from local files via a file: URL in an iBooks file.

CVSS3: 3.3
EPSS: Низкий
github логотип

GHSA-3x2f-6j5v-wxr6

5 месяцев назад

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in VW THEMES Ibtana – Ecommerce Product Addons allows DOM-Based XSS. This issue affects Ibtana – Ecommerce Product Addons: from n/a through 0.4.7.4.

CVSS3: 6.5
EPSS: Низкий
github логотип

GHSA-3x2f-268g-8hg7

почти 4 года назад

The ASN1 library in OpenSSL 0.9.6d and earlier, and 0.9.7-beta2 and earlier, allows remote attackers to cause a denial of service via invalid encodings.

EPSS: Средний
github логотип

GHSA-3x2c-87cq-qx49

около 3 лет назад

Cross-site Scripting (XSS) in wallabag/wallabag

CVSS3: 5.4
EPSS: Низкий

Уязвимостей на страницу

Уязвимость
CVSS
EPSS
Опубликовано
github логотип
GHSA-3x34-6x7v-gx9x

The SendPulse Free Web Push plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 1.3.6 due to incorrect use of the wp_kses_allowed_html function. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

CVSS3: 7.2
3%
Низкий
больше 1 года назад
github логотип
GHSA-3x33-rgq6-x937

IBM i2 Analyst's Notebook Premium 9.2.0, 9.2.1, and 9.2.2 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 202681.

0%
Низкий
больше 3 лет назад
github логотип
GHSA-3x33-4vmh-52pp

Huawei USG5500 with software V300R001C00 and V300R001C00 allows attackers to bypass the anti-DDoS module of the USGs to cause a denial of service condition on the backend server.

CVSS3: 7.5
0%
Низкий
больше 3 лет назад
github логотип
GHSA-3x2x-rqjh-c8vg

A vulnerability, which was classified as critical, was found in PHPGurukul Boat Booking System 1.0. This affects an unknown part of the file /admin/edit-boat.php. The manipulation of the argument bid leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.

CVSS3: 6.3
0%
Низкий
9 месяцев назад
github логотип
GHSA-3x2x-m8qg-cg22

Multiple cross-site scripting (XSS) vulnerabilities in QuiXplorer before 2.5.5 allow remote attackers to inject arbitrary web script or HTML via the (1) dir, (2) item, (3) order, (4) searchitem, (5) selitems[], or (6) srt parameter to index.php or (7) the QUERY_STRING to index.php.

1%
Низкий
почти 4 года назад
github логотип
GHSA-3x2w-wmw4-58gp

Code-Projects Online Car Rental System 1.0 is vulnerable to Cross Site Scripting (XSS) via the vehicalorcview parameter in /admin/edit-vehicle.php.

CVSS3: 6.5
0%
Низкий
около 1 года назад
github логотип
GHSA-3x2w-qx4w-qjhr

An issue was discovered on LG mobile devices with Android OS 9.0 software. The HAL service has a buffer overflow that leads to arbitrary code execution. The LG ID is LVE-SMP-190013 (September 2019).

0%
Низкий
больше 3 лет назад
github логотип
GHSA-3x2r-qgjm-w8gr

Buffer overflow in Linux autofs module through long directory names allows local users to perform a denial of service.

0%
Низкий
почти 4 года назад
github логотип
GHSA-3x2r-3xr4-4cc3

Unspecified vulnerability on the HP Integrated Lights-Out 3 (aka iLO3) with firmware before 1.50 and Integrated Lights-Out 4 (aka iLO4) with firmware before 1.13 allows remote attackers to obtain sensitive information via unknown vectors.

1%
Низкий
больше 3 лет назад
github логотип
GHSA-3x2q-7fcg-xmg5

An improper neutralization of special elements used in an OS Command ("OS Command Injection") vulnerability [CWE-78] in Fortinet FortiADC version 7.2.0 and before 7.1.1 allows a remote and authenticated attacker with low privilege to execute unauthorized code via specifically crafted HTTP parameters.

CVSS3: 7.2
0%
Низкий
6 месяцев назад
github логотип
GHSA-3x2j-v2vh-g7rm

mediaserver in Android 4.4 and 5.1 before 5.1.1 LMY48X allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 14388161, a different vulnerability than CVE-2015-6608 and CVE-2015-8072.

4%
Низкий
больше 3 лет назад
github логотип
GHSA-3x2j-h977-v75r

cJSON before 1.7.11 allows out-of-bounds access, related to multiline comments.

CVSS3: 9.8
1%
Низкий
больше 3 лет назад
github логотип
GHSA-3x2j-526p-4qw3

Out of bounds write in the Intel(R) Graphics Driver before version 15.33.53.5161, 15.36.40.5162, 15.40.47.5166, 15.45.33.5164 and 27.20.100.8336 may allow an authenticated user to potentially enable an escalation of privilege via local access.

0%
Низкий
больше 3 лет назад
github логотип
GHSA-3x2h-xf26-7556

NVIDIA DGX Spark GB10 contains a vulnerability in SROOT, where an attacker could use privileged access to gain access to SoC protected areas. A successful exploit of this vulnerability might lead to code execution, information disclosure, data tampering, denial of service, or escalation of privileges.

CVSS3: 9.3
0%
Низкий
3 месяца назад
github логотип
GHSA-3x2h-jpxc-pv8r

In the Linux kernel, the following vulnerability has been resolved: ACPI: processor: perflib: Move problematic pr->performance check Commit d33bd88ac0eb ("ACPI: processor: perflib: Fix initial _PPC limit application") added a pr->performance check that prevents the frequency QoS request from being added when the given processor has no performance object. Unfortunately, this causes a WARN() in freq_qos_remove_request() to trigger on an attempt to take the given CPU offline later because the frequency QoS object has not been added for it due to the missing performance object. Address this by moving the pr->performance check before calling acpi_processor_get_platform_limit() so it only prevents a limit from being set for the CPU if the performance object is not present. This way, the frequency QoS request is added as it was before the above commit and it is present all the time along with the CPU's cpufreq policy regardless of whether or not the CPU is online.

5 месяцев назад
github логотип
GHSA-3x2g-p2xc-5pg4

Unspecified vulnerability in FFmpeg before 0.10.3 has unknown impact and attack vectors, a different vulnerability than CVE-2012-2771, CVE-2012-2773, CVE-2012-2778, and CVE-2012-2780.

CVSS3: 9.8
0%
Низкий
больше 3 лет назад
github логотип
GHSA-3x2g-6wvf-h886

An issue was discovered in certain Apple products. macOS before 10.12.4 is affected. The issue involves the "iBooks" component. It allows remote attackers to obtain sensitive information from local files via a file: URL in an iBooks file.

CVSS3: 3.3
0%
Низкий
больше 3 лет назад
github логотип
GHSA-3x2f-6j5v-wxr6

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in VW THEMES Ibtana – Ecommerce Product Addons allows DOM-Based XSS. This issue affects Ibtana – Ecommerce Product Addons: from n/a through 0.4.7.4.

CVSS3: 6.5
0%
Низкий
5 месяцев назад
github логотип
GHSA-3x2f-268g-8hg7

The ASN1 library in OpenSSL 0.9.6d and earlier, and 0.9.7-beta2 and earlier, allows remote attackers to cause a denial of service via invalid encodings.

10%
Средний
почти 4 года назад
github логотип
GHSA-3x2c-87cq-qx49

Cross-site Scripting (XSS) in wallabag/wallabag

CVSS3: 5.4
0%
Низкий
около 3 лет назад

Уязвимостей на страницу