Логотип exploitDog
source:"github"
Консоль
Логотип exploitDog

exploitDog

source:"github"

Количество 312 573

Количество 312 573

github логотип

GHSA-39p2-2c3g-mv2f

больше 3 лет назад

In llcp_dlc_proc_i_pdu of llcp_dlc.cc in Android-7.0, Android-7.1.1, Android-7.1.2, Android-8.0, Android-8.1 and Android-9, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure over NFC with no additional execution privileges needed. User interaction is not needed for exploitation. Android ID: A-116722267.

CVSS3: 6.5
EPSS: Низкий
github логотип

GHSA-39mx-wj78-mm9g

7 месяцев назад

A client-side security misconfiguration vulnerability exists in OpenBlow whistleblowing platform across multiple versions and default deployments, due to the absence of critical HTTP response headers including Content-Security-Policy, Referrer-Policy, Permissions-Policy, Cross-Origin-Embedder-Policy, and Cross-Origin-Resource-Policy. This omission weakens browser-level defenses and exposes users to cross-site scripting (XSS), clickjacking, and referer leakage. Although some instances attempt to enforce CSP via HTML <meta> tags, this method is ineffective, as modern browsers rely on header-based enforcement to reliably block inline scripts and untrusted resources.

EPSS: Низкий
github логотип

GHSA-39mx-m73c-fppf

10 месяцев назад

A vulnerability was found in Yonyou YonBIP MA2.7. It has been declared as problematic. Affected by this vulnerability is the function FileInputStream of the file /mobsm/common/userfile. The manipulation of the argument path leads to path traversal. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

CVSS3: 4.3
EPSS: Низкий
github логотип

GHSA-39mw-228p-wr6v

5 месяцев назад

A flaw was found in libssh's handling of key exchange (KEX) processes when a client repeatedly sends incorrect KEX guesses. The library fails to free memory during these rekey operations, which can gradually exhaust system memory. This issue can lead to crashes on the client side, particularly when using libgcrypt, which impacts application stability and availability.

CVSS3: 3.1
EPSS: Низкий
github логотип

GHSA-39mv-h3p5-v5ch

больше 3 лет назад

Cross-site scripting vulnerability in Exment prior to v3.6.0 allows remote authenticated attackers to inject arbitrary script or HTML via a specially crafted file.

EPSS: Низкий
github логотип

GHSA-39mv-7vmg-f2x8

почти 4 года назад

HP Version Control Repository Manager (VCRM) before 2.1.1.730 does not properly handle the "@" character in a proxy password, which could allow attackers with physical access to obtain portions of the password when it is displayed to the screen.

EPSS: Низкий
github логотип

GHSA-39mq-9cjh-6382

больше 3 лет назад

The tag interface of Delta Electronics DIALink versions 1.2.4.0 and prior is vulnerable to an attacker injecting formulas into the tag data. Those formulas may then be executed when it is opened with a spreadsheet application.

EPSS: Низкий
github логотип

GHSA-39mp-r4x2-rf8p

больше 3 лет назад

The user area for Library System 1.0 is vulnerable to SQL injection where a user can bypass the authentication and login as the admin user.

EPSS: Низкий
github логотип

GHSA-39mm-cqh8-5c5j

3 месяца назад

In JetBrains Hub before 2025.3.104992 a race condition allowed bypass of the user limit via invitations

CVSS3: 2.7
EPSS: Низкий
github логотип

GHSA-39mj-fpg2-3jrg

больше 3 лет назад

StackStorm st2 Infinite Loop Condition

CVSS3: 7.5
EPSS: Низкий
github логотип

GHSA-39mh-g3r6-77v8

4 месяца назад

A flaw has been found in code-projects Online Job Search Engine 1.0. Impacted is an unknown function of the file /postjob.php. Executing manipulation of the argument txtjobID can lead to sql injection. The attack may be launched remotely. The exploit has been published and may be used.

CVSS3: 7.3
EPSS: Низкий
github логотип

GHSA-39mh-9qg5-7gh4

почти 4 года назад

Multiple cross-site scripting (XSS) vulnerabilities in index.php in LinkorCMS 1.2 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the searchstr parameter in a search action; or the (2) nikname, (3) realname, (4) homepage, or (5) city parameter in a registration action.

EPSS: Низкий
github логотип

GHSA-39mf-jwq9-56rx

больше 3 лет назад

The mintToken function of a smart contract implementation for Tube, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.

CVSS3: 7.5
EPSS: Низкий
github логотип

GHSA-39mf-cmv2-55vm

больше 3 лет назад

Opera before 12.10 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a malformed SVG image.

EPSS: Низкий
github логотип

GHSA-39mf-48wx-6xcc

10 месяцев назад

The eHRMS from 104 Corporation has a Reflected Cross-site Scripting vulnerability, allowing unauthenticated remote attackers to execute arbitrary JavaScript codes in user's browser through phishing attacks.

CVSS3: 6.1
EPSS: Низкий
github логотип

GHSA-39mc-7jh6-r894

почти 4 года назад

Unspecified vulnerability in HP-UX B.11.23, when running IPFilter in combination with PHNE_34474, allows remote attackers to cause a denial of service (system crash) via unspecified vectors.

EPSS: Низкий
github логотип

GHSA-39m8-rph8-x6gj

около 3 лет назад

Command Injection vulnerability in Edimax Technology Co., Ltd. Wireless Router N300 Firmware BR428nS v3 allows attacker to execute arbitrary code via the formWlanMP function.

CVSS3: 8.8
EPSS: Низкий
github логотип

GHSA-39m8-jvgf-vcrh

почти 4 года назад

PHP remote file inclusion vulnerability in include/inc_foot.php in SmartSiteCMS 1.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the root parameter.

EPSS: Низкий
github логотип

GHSA-39m7-w2wr-2cpg

почти 4 года назад

Unspecified vulnerability in PeopleSoft Enterprise Portal for Oracle PeopleSoft Enterprise Portal 8.4 Bundle #16, 8.8 Bundle #10, and 8.9 Bundle #3 has unknown impact and attack vectors, aka Oracle Vuln# PSE01.

EPSS: Низкий
github логотип

GHSA-39m7-7p2w-vfpx

почти 4 года назад

Cross-site scripting (XSS) vulnerability in Views 6.x before 6.x-2.6, a module for Drupal, allows remote authenticated users to inject arbitrary web script or HTML via (1) exposed filters in the Views UI administrative interface and in the (2) view name parameter in the define custom views feature. NOTE: vector 2 is only exploitable by users with administer views permissions.

EPSS: Низкий

Уязвимостей на страницу

Уязвимость
CVSS
EPSS
Опубликовано
github логотип
GHSA-39p2-2c3g-mv2f

In llcp_dlc_proc_i_pdu of llcp_dlc.cc in Android-7.0, Android-7.1.1, Android-7.1.2, Android-8.0, Android-8.1 and Android-9, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure over NFC with no additional execution privileges needed. User interaction is not needed for exploitation. Android ID: A-116722267.

CVSS3: 6.5
0%
Низкий
больше 3 лет назад
github логотип
GHSA-39mx-wj78-mm9g

A client-side security misconfiguration vulnerability exists in OpenBlow whistleblowing platform across multiple versions and default deployments, due to the absence of critical HTTP response headers including Content-Security-Policy, Referrer-Policy, Permissions-Policy, Cross-Origin-Embedder-Policy, and Cross-Origin-Resource-Policy. This omission weakens browser-level defenses and exposes users to cross-site scripting (XSS), clickjacking, and referer leakage. Although some instances attempt to enforce CSP via HTML <meta> tags, this method is ineffective, as modern browsers rely on header-based enforcement to reliably block inline scripts and untrusted resources.

0%
Низкий
7 месяцев назад
github логотип
GHSA-39mx-m73c-fppf

A vulnerability was found in Yonyou YonBIP MA2.7. It has been declared as problematic. Affected by this vulnerability is the function FileInputStream of the file /mobsm/common/userfile. The manipulation of the argument path leads to path traversal. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

CVSS3: 4.3
0%
Низкий
10 месяцев назад
github логотип
GHSA-39mw-228p-wr6v

A flaw was found in libssh's handling of key exchange (KEX) processes when a client repeatedly sends incorrect KEX guesses. The library fails to free memory during these rekey operations, which can gradually exhaust system memory. This issue can lead to crashes on the client side, particularly when using libgcrypt, which impacts application stability and availability.

CVSS3: 3.1
0%
Низкий
5 месяцев назад
github логотип
GHSA-39mv-h3p5-v5ch

Cross-site scripting vulnerability in Exment prior to v3.6.0 allows remote authenticated attackers to inject arbitrary script or HTML via a specially crafted file.

0%
Низкий
больше 3 лет назад
github логотип
GHSA-39mv-7vmg-f2x8

HP Version Control Repository Manager (VCRM) before 2.1.1.730 does not properly handle the "@" character in a proxy password, which could allow attackers with physical access to obtain portions of the password when it is displayed to the screen.

0%
Низкий
почти 4 года назад
github логотип
GHSA-39mq-9cjh-6382

The tag interface of Delta Electronics DIALink versions 1.2.4.0 and prior is vulnerable to an attacker injecting formulas into the tag data. Those formulas may then be executed when it is opened with a spreadsheet application.

0%
Низкий
больше 3 лет назад
github логотип
GHSA-39mp-r4x2-rf8p

The user area for Library System 1.0 is vulnerable to SQL injection where a user can bypass the authentication and login as the admin user.

0%
Низкий
больше 3 лет назад
github логотип
GHSA-39mm-cqh8-5c5j

In JetBrains Hub before 2025.3.104992 a race condition allowed bypass of the user limit via invitations

CVSS3: 2.7
0%
Низкий
3 месяца назад
github логотип
GHSA-39mj-fpg2-3jrg

StackStorm st2 Infinite Loop Condition

CVSS3: 7.5
1%
Низкий
больше 3 лет назад
github логотип
GHSA-39mh-g3r6-77v8

A flaw has been found in code-projects Online Job Search Engine 1.0. Impacted is an unknown function of the file /postjob.php. Executing manipulation of the argument txtjobID can lead to sql injection. The attack may be launched remotely. The exploit has been published and may be used.

CVSS3: 7.3
0%
Низкий
4 месяца назад
github логотип
GHSA-39mh-9qg5-7gh4

Multiple cross-site scripting (XSS) vulnerabilities in index.php in LinkorCMS 1.2 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the searchstr parameter in a search action; or the (2) nikname, (3) realname, (4) homepage, or (5) city parameter in a registration action.

0%
Низкий
почти 4 года назад
github логотип
GHSA-39mf-jwq9-56rx

The mintToken function of a smart contract implementation for Tube, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.

CVSS3: 7.5
0%
Низкий
больше 3 лет назад
github логотип
GHSA-39mf-cmv2-55vm

Opera before 12.10 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a malformed SVG image.

4%
Низкий
больше 3 лет назад
github логотип
GHSA-39mf-48wx-6xcc

The eHRMS from 104 Corporation has a Reflected Cross-site Scripting vulnerability, allowing unauthenticated remote attackers to execute arbitrary JavaScript codes in user's browser through phishing attacks.

CVSS3: 6.1
0%
Низкий
10 месяцев назад
github логотип
GHSA-39mc-7jh6-r894

Unspecified vulnerability in HP-UX B.11.23, when running IPFilter in combination with PHNE_34474, allows remote attackers to cause a denial of service (system crash) via unspecified vectors.

1%
Низкий
почти 4 года назад
github логотип
GHSA-39m8-rph8-x6gj

Command Injection vulnerability in Edimax Technology Co., Ltd. Wireless Router N300 Firmware BR428nS v3 allows attacker to execute arbitrary code via the formWlanMP function.

CVSS3: 8.8
10%
Низкий
около 3 лет назад
github логотип
GHSA-39m8-jvgf-vcrh

PHP remote file inclusion vulnerability in include/inc_foot.php in SmartSiteCMS 1.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the root parameter.

6%
Низкий
почти 4 года назад
github логотип
GHSA-39m7-w2wr-2cpg

Unspecified vulnerability in PeopleSoft Enterprise Portal for Oracle PeopleSoft Enterprise Portal 8.4 Bundle #16, 8.8 Bundle #10, and 8.9 Bundle #3 has unknown impact and attack vectors, aka Oracle Vuln# PSE01.

4%
Низкий
почти 4 года назад
github логотип
GHSA-39m7-7p2w-vfpx

Cross-site scripting (XSS) vulnerability in Views 6.x before 6.x-2.6, a module for Drupal, allows remote authenticated users to inject arbitrary web script or HTML via (1) exposed filters in the Views UI administrative interface and in the (2) view name parameter in the define custom views feature. NOTE: vector 2 is only exploitable by users with administer views permissions.

0%
Низкий
почти 4 года назад

Уязвимостей на страницу