Логотип exploitDog
source:"github"
Консоль
Логотип exploitDog

exploitDog

source:"github"

Количество 314 458

Количество 314 458

github логотип

GHSA-3pr7-m23m-xgmq

больше 3 лет назад

SQL injection vulnerability in inc/lib/Control/Backend/menus.control.php in GeniXCMS through 1.0.2 allows remote authenticated users to execute arbitrary SQL commands via the order parameter.

CVSS3: 8.8
EPSS: Низкий
github логотип

GHSA-3pr6-q8r5-4wq6

больше 3 лет назад

In Rockwell Automation PanelView 5510 (all versions manufactured before March 13, 2019 that have never been updated to v4.003, v5.002, or later), a remote, unauthenticated threat actor with access to an affected PanelView 5510 Graphic Display, upon successful exploit, may boot-up the terminal and gain root-level access to the device?s file system.

EPSS: Низкий
github логотип

GHSA-3pr6-85rx-qpm8

около 2 лет назад

The Meris WordPress theme through 1.1.2 does not sanitise and escape some parameters before outputting them back in the page, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as admin

CVSS3: 6.1
EPSS: Низкий
github логотип

GHSA-3pr6-6r34-c98x

около 2 лет назад

Use after free in Media Stream in Google Chrome prior to 120.0.6099.62 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

CVSS3: 8.8
EPSS: Низкий
github логотип

GHSA-3pr6-628v-q5g4

больше 3 лет назад

Vulnerability in the Oracle Quoting product of Oracle E-Business Suite (component: Courseware). Supported versions that are affected are 12.1.1-12.1.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Quoting. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Quoting, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Quoting accessible data as well as unauthorized update, insert or delete access to some of Oracle Quoting accessible data. CVSS 3.0 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N).

EPSS: Низкий
github логотип

GHSA-3pr6-5rrr-cqpq

6 месяцев назад

Improper handling of symbolic links in Ivanti Connect Secure before version 22.7R2.8 or 22.8R2, Ivanti Policy Secure before 22.7R1.5, Ivanti ZTA Gateway before 22.8R2.3-723 and Ivanti Neurons for Secure Access before 22.8R1.4 (Fix deployed on 02-Aug-2025) allows a local authenticated attacker to read arbitrary files on disk.

CVSS3: 5.5
EPSS: Низкий
github логотип

GHSA-3pr5-7mf5-rc69

больше 1 года назад

The Image Optimizer, Resizer and CDN – Sirv plugin for WordPress is vulnerable to unauthorized plugin settings modification due to missing capability checks on the plugin functions in all versions up to, and including, 7.2.7. This makes it possible for authenticated attackers, with Subscriber-level access and above, to change the connected Sirv account to an attacker-controlled one.

CVSS3: 5.4
EPSS: Низкий
github логотип

GHSA-3pr4-c94w-58x7

больше 3 лет назад

An issue was discovered in certain Apple products. macOS before 10.13 Supplemental Update is affected. The issue involves the "Security" component. It allows attackers to bypass the keychain access prompt, and consequently extract passwords, via a synthetic click.

CVSS3: 5.5
EPSS: Низкий
github логотип

GHSA-3pr4-6x9m-839x

больше 3 лет назад

A vulnerability has been identified in Solid Edge SE2021 (All Versions < SE2021MP7). An XML external entity injection vulnerability in the underlying XML parser could cause the affected application to disclose arbitrary files to remote attackers by loading a specially crafted xml file.

EPSS: Низкий
github логотип

GHSA-3pr4-34cm-c5pq

больше 3 лет назад

Windows Print Spooler Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-1640.

CVSS3: 7.8
EPSS: Низкий
github логотип

GHSA-3pr3-hwr4-69hm

4 месяца назад

The Ninja Forms – The Contact Form Builder That Grows With You plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.12.0. This is due to missing or incorrect nonce validation when exporting CSV files. This makes it possible for unauthenticated attackers to delete those files granted they can trick an administrator into performing an action such as clicking on a link.

CVSS3: 4.3
EPSS: Низкий
github логотип

GHSA-3pqx-jfcp-vffh

почти 4 года назад

Multiple SQL injection vulnerabilities in vscripts (aka Kuba Kunkiewicz) VNews 1.2 allow remote attackers to execute arbitrary SQL commands via the (1) loginvar parameter in (a) admin/admin.php, and the (2) news and (3) nom parameters in (b) news.php.

EPSS: Низкий
github логотип

GHSA-3pqx-5g5h-696j

больше 3 лет назад

An issue was discovered in libezxml.a in ezXML 0.8.6. The function ezxml_parse_str() performs incorrect memory handling while parsing crafted XML files (out-of-bounds read after a certain strcspn failure).

CVSS3: 6.5
EPSS: Низкий
github логотип

GHSA-3pqx-4fqf-j49f

почти 5 лет назад

Deserialization of Untrusted Data in PyYAML

CVSS3: 9.8
EPSS: Низкий
github логотип

GHSA-3pqv-6pm3-g46j

больше 3 лет назад

SQL Injection in RosarioSIS

CVSS3: 9.1
EPSS: Низкий
github логотип

GHSA-3pqv-622q-29qq

больше 3 лет назад

Cross-site scripting (XSS) vulnerability in lib/class.tx_jftcaforms_tceFunc.php in the Additional TCA Forms (jftcaforms) extension before 0.2.1 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

EPSS: Низкий
github логотип

GHSA-3pqv-3gf8-jfg6

почти 4 года назад

Yahoo! Messenger 8.1.0.209 and 8.1.0.402 allows remote attackers to cause a denial of service (application crash) via certain file-transfer packets, possibly involving a buffer overflow, as demonstrated by ym8bug.exe. NOTE: this might be related to CVE-2007-4515. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

EPSS: Низкий
github логотип

GHSA-3pqr-r447-f4mh

больше 3 лет назад

Cross-site request forgery (CSRF) vulnerability in Movable Type series (Movable Type 7 r.4606 (7.2.1) and earlier (Movable Type 7), Movable Type Advanced 7 r.4606 (7.2.1) and earlier (Movable Type Advanced 7), Movable Type for AWS 7 r.4606 (7.2.1) and earlier (Movable Type for AWS 7), Movable Type 6.5.3 and earlier (Movable Type 6.5), Movable Type Advanced 6.5.3 and earlier (Movable Type Advanced 6.5), Movable Type 6.3.11 and earlier (Movable Type 6.3), Movable Type Advanced 6.3.11 and earlier (Movable Type 6.3), Movable Type Premium 1.29 and earlier, and Movable Type Premium Advanced 1.29 and earlier) allows remote attackers to hijack the authentication of administrators via unspecified vectors.

EPSS: Низкий
github логотип

GHSA-3pqq-fhm8-qxg5

больше 3 лет назад

Unrestricted Upload of File with Dangerous Type vulnerability in OpenNebula OpenNebula core on Linux allows File Content Injection.

CVSS3: 7.5
EPSS: Низкий
github логотип

GHSA-3pqq-c927-m2hq

больше 1 года назад

Missing Authorization vulnerability in CodePeople Contact Form Email allows Functionality Misuse.This issue affects Contact Form Email: from n/a through 1.3.31.

CVSS3: 4.3
EPSS: Низкий

Уязвимостей на страницу

Уязвимость
CVSS
EPSS
Опубликовано
github логотип
GHSA-3pr7-m23m-xgmq

SQL injection vulnerability in inc/lib/Control/Backend/menus.control.php in GeniXCMS through 1.0.2 allows remote authenticated users to execute arbitrary SQL commands via the order parameter.

CVSS3: 8.8
0%
Низкий
больше 3 лет назад
github логотип
GHSA-3pr6-q8r5-4wq6

In Rockwell Automation PanelView 5510 (all versions manufactured before March 13, 2019 that have never been updated to v4.003, v5.002, or later), a remote, unauthenticated threat actor with access to an affected PanelView 5510 Graphic Display, upon successful exploit, may boot-up the terminal and gain root-level access to the device?s file system.

0%
Низкий
больше 3 лет назад
github логотип
GHSA-3pr6-85rx-qpm8

The Meris WordPress theme through 1.1.2 does not sanitise and escape some parameters before outputting them back in the page, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as admin

CVSS3: 6.1
0%
Низкий
около 2 лет назад
github логотип
GHSA-3pr6-6r34-c98x

Use after free in Media Stream in Google Chrome prior to 120.0.6099.62 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

CVSS3: 8.8
1%
Низкий
около 2 лет назад
github логотип
GHSA-3pr6-628v-q5g4

Vulnerability in the Oracle Quoting product of Oracle E-Business Suite (component: Courseware). Supported versions that are affected are 12.1.1-12.1.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Quoting. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Quoting, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Quoting accessible data as well as unauthorized update, insert or delete access to some of Oracle Quoting accessible data. CVSS 3.0 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N).

1%
Низкий
больше 3 лет назад
github логотип
GHSA-3pr6-5rrr-cqpq

Improper handling of symbolic links in Ivanti Connect Secure before version 22.7R2.8 or 22.8R2, Ivanti Policy Secure before 22.7R1.5, Ivanti ZTA Gateway before 22.8R2.3-723 and Ivanti Neurons for Secure Access before 22.8R1.4 (Fix deployed on 02-Aug-2025) allows a local authenticated attacker to read arbitrary files on disk.

CVSS3: 5.5
0%
Низкий
6 месяцев назад
github логотип
GHSA-3pr5-7mf5-rc69

The Image Optimizer, Resizer and CDN – Sirv plugin for WordPress is vulnerable to unauthorized plugin settings modification due to missing capability checks on the plugin functions in all versions up to, and including, 7.2.7. This makes it possible for authenticated attackers, with Subscriber-level access and above, to change the connected Sirv account to an attacker-controlled one.

CVSS3: 5.4
0%
Низкий
больше 1 года назад
github логотип
GHSA-3pr4-c94w-58x7

An issue was discovered in certain Apple products. macOS before 10.13 Supplemental Update is affected. The issue involves the "Security" component. It allows attackers to bypass the keychain access prompt, and consequently extract passwords, via a synthetic click.

CVSS3: 5.5
0%
Низкий
больше 3 лет назад
github логотип
GHSA-3pr4-6x9m-839x

A vulnerability has been identified in Solid Edge SE2021 (All Versions < SE2021MP7). An XML external entity injection vulnerability in the underlying XML parser could cause the affected application to disclose arbitrary files to remote attackers by loading a specially crafted xml file.

0%
Низкий
больше 3 лет назад
github логотип
GHSA-3pr4-34cm-c5pq

Windows Print Spooler Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-1640.

CVSS3: 7.8
0%
Низкий
больше 3 лет назад
github логотип
GHSA-3pr3-hwr4-69hm

The Ninja Forms – The Contact Form Builder That Grows With You plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.12.0. This is due to missing or incorrect nonce validation when exporting CSV files. This makes it possible for unauthenticated attackers to delete those files granted they can trick an administrator into performing an action such as clicking on a link.

CVSS3: 4.3
0%
Низкий
4 месяца назад
github логотип
GHSA-3pqx-jfcp-vffh

Multiple SQL injection vulnerabilities in vscripts (aka Kuba Kunkiewicz) VNews 1.2 allow remote attackers to execute arbitrary SQL commands via the (1) loginvar parameter in (a) admin/admin.php, and the (2) news and (3) nom parameters in (b) news.php.

2%
Низкий
почти 4 года назад
github логотип
GHSA-3pqx-5g5h-696j

An issue was discovered in libezxml.a in ezXML 0.8.6. The function ezxml_parse_str() performs incorrect memory handling while parsing crafted XML files (out-of-bounds read after a certain strcspn failure).

CVSS3: 6.5
1%
Низкий
больше 3 лет назад
github логотип
GHSA-3pqx-4fqf-j49f

Deserialization of Untrusted Data in PyYAML

CVSS3: 9.8
0%
Низкий
почти 5 лет назад
github логотип
GHSA-3pqv-6pm3-g46j

SQL Injection in RosarioSIS

CVSS3: 9.1
1%
Низкий
больше 3 лет назад
github логотип
GHSA-3pqv-622q-29qq

Cross-site scripting (XSS) vulnerability in lib/class.tx_jftcaforms_tceFunc.php in the Additional TCA Forms (jftcaforms) extension before 0.2.1 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

0%
Низкий
больше 3 лет назад
github логотип
GHSA-3pqv-3gf8-jfg6

Yahoo! Messenger 8.1.0.209 and 8.1.0.402 allows remote attackers to cause a denial of service (application crash) via certain file-transfer packets, possibly involving a buffer overflow, as demonstrated by ym8bug.exe. NOTE: this might be related to CVE-2007-4515. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

3%
Низкий
почти 4 года назад
github логотип
GHSA-3pqr-r447-f4mh

Cross-site request forgery (CSRF) vulnerability in Movable Type series (Movable Type 7 r.4606 (7.2.1) and earlier (Movable Type 7), Movable Type Advanced 7 r.4606 (7.2.1) and earlier (Movable Type Advanced 7), Movable Type for AWS 7 r.4606 (7.2.1) and earlier (Movable Type for AWS 7), Movable Type 6.5.3 and earlier (Movable Type 6.5), Movable Type Advanced 6.5.3 and earlier (Movable Type Advanced 6.5), Movable Type 6.3.11 and earlier (Movable Type 6.3), Movable Type Advanced 6.3.11 and earlier (Movable Type 6.3), Movable Type Premium 1.29 and earlier, and Movable Type Premium Advanced 1.29 and earlier) allows remote attackers to hijack the authentication of administrators via unspecified vectors.

0%
Низкий
больше 3 лет назад
github логотип
GHSA-3pqq-fhm8-qxg5

Unrestricted Upload of File with Dangerous Type vulnerability in OpenNebula OpenNebula core on Linux allows File Content Injection.

CVSS3: 7.5
0%
Низкий
больше 3 лет назад
github логотип
GHSA-3pqq-c927-m2hq

Missing Authorization vulnerability in CodePeople Contact Form Email allows Functionality Misuse.This issue affects Contact Form Email: from n/a through 1.3.31.

CVSS3: 4.3
0%
Низкий
больше 1 года назад

Уязвимостей на страницу