Количество 314 458
Количество 314 458
GHSA-32fj-r8qw-r8w8
MindsDB Cross-site Scripting vulnerability
GHSA-32fh-gwcr-7pmx
A cross-site scripting (XSS) vulnerability exists in color_templates.php in Cacti before 1.2.0 due to lack of escaping of unintended characters in the Name field for a Color.
GHSA-32fg-mvv7-ppfg
Cross-Site Request Forgery (CSRF) vulnerability in BoldGrid Post and Page Builder by BoldGrid – Visual Drag and Drop Editor plugin <= 1.24.1 versions.
GHSA-32fg-cv9g-c28f
I-O DATA DEVICE LAN DISK Connect Ver2.02 and earlier allows an attacker to cause a denial of service in the application via unspecified vectors.
GHSA-32ff-4g79-vgfc
Flask-AppBuilder before v4.1.3 allows inference of sensitive information through query strings
GHSA-32f9-rqvx-v6wh
Ninka before 1.3.2 might allow remote attackers to obtain sensitive information, manipulate license compliance scan results, or cause a denial of service (process hang) via a crafted filename.
GHSA-32f8-hmr3-7vxg
Azure Storage Movement Client Library Denial of Service Vulnerability
GHSA-32f7-x79r-fq9w
The storage maintenance and debugging module has an array out-of-bounds read vulnerability.Successful exploitation of this vulnerability will cause incorrect statistics of this module.
GHSA-32f7-fg59-hr8r
A vulnerability classified as critical was found in PHPGurukul Online Fire Reporting System 1.2. Affected by this vulnerability is an unknown functionality of the file /admin/completed-requests.php. The manipulation of the argument teamid leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
GHSA-32f7-cmr3-vpjv
Moderate severity vulnerability that affects aioxmpp
GHSA-32f6-jrx4-x77h
Nagios XI versions prior to 5.8.7 used a temporary directory for Highcharts exports with overly permissive ownership/permissions under the Apache user. Local or co-hosted processes could read/overwrite export artifacts or manipulate paths, risking disclosure or tampering and potential code execution depending on deployment.
GHSA-32f3-6f6j-9xc3
Directory traversal vulnerability in the Session Server in Attachmate Verastream Host Integrator (VHI) 6.0 through 7.5 SP 1 HF 1 allows remote attackers to upload and execute arbitrary files via a crafted message.
GHSA-32f2-v4v8-76vw
An issue was discovered in TitanHQ WebTitan before 5.18. It exposes a database configuration file under /include/dbconfig.ini in the web administration interface, revealing what database the web application is using.
GHSA-32f2-r7gj-x2hp
Unspecified vulnerability in the Oracle FLEXCUBE Direct Banking component in Oracle Financial Services Software 5.0.2, 5.3.0 through 5.3.4, 6.0.1, and 6.2.0 allows remote authenticated users to affect confidentiality via unknown vectors related to Virtual Banking.
GHSA-32f2-chgf-rf94
Dell EMC Storage Monitoring and Reporting version 4.3.1 contains a Java RMI Deserialization of Untrusted Data vulnerability. A remote unauthenticated attacker may potentially exploit this vulnerability by sending a crafted RMI request to execute arbitrary code on the target host.
GHSA-32cw-wqcr-7m6r
The Advanced AJAX Product Filters plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'nonce' parameter in all versions up to, and including, 1.6.8.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
GHSA-32cw-v82j-575w
Windows Encrypting File System (EFS) Remote Code Execution Vulnerability.
GHSA-32cw-qm55-8qj6
Improper Encoding or Escaping of Output vulnerability in Hallo Welt! GmbH BlueSpice (Extension:AtMentions) allows Cross-Site Scripting (XSS). This issue affects BlueSpice: from 5 through 5.1.1.
GHSA-32cw-gjpg-49hh
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Wpexpertsio WC Shop Sync – Integrate Square and WooCommerce for Seamless Shop Management allows Reflected XSS.This issue affects WC Shop Sync – Integrate Square and WooCommerce for Seamless Shop Management: from n/a through 4.2.9.
GHSA-32cw-4h2j-22vc
Buffer overflow in the SMB capability for Microsoft Windows XP, 2000, and NT allows remote attackers to cause a denial of service and possibly execute arbitrary code via an SMB packet that specifies a smaller buffer length than is required.
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
GHSA-32fj-r8qw-r8w8 MindsDB Cross-site Scripting vulnerability | CVSS3: 9 | 0% Низкий | больше 1 года назад | |
GHSA-32fh-gwcr-7pmx A cross-site scripting (XSS) vulnerability exists in color_templates.php in Cacti before 1.2.0 due to lack of escaping of unintended characters in the Name field for a Color. | CVSS3: 4.8 | 0% Низкий | больше 3 лет назад | |
GHSA-32fg-mvv7-ppfg Cross-Site Request Forgery (CSRF) vulnerability in BoldGrid Post and Page Builder by BoldGrid – Visual Drag and Drop Editor plugin <= 1.24.1 versions. | CVSS3: 4.3 | 0% Низкий | больше 2 лет назад | |
GHSA-32fg-cv9g-c28f I-O DATA DEVICE LAN DISK Connect Ver2.02 and earlier allows an attacker to cause a denial of service in the application via unspecified vectors. | CVSS3: 7.5 | 0% Низкий | больше 3 лет назад | |
GHSA-32ff-4g79-vgfc Flask-AppBuilder before v4.1.3 allows inference of sensitive information through query strings | CVSS3: 2.7 | 0% Низкий | больше 3 лет назад | |
GHSA-32f9-rqvx-v6wh Ninka before 1.3.2 might allow remote attackers to obtain sensitive information, manipulate license compliance scan results, or cause a denial of service (process hang) via a crafted filename. | CVSS3: 9.8 | 2% Низкий | больше 3 лет назад | |
GHSA-32f8-hmr3-7vxg Azure Storage Movement Client Library Denial of Service Vulnerability | CVSS3: 7.5 | 5% Низкий | больше 1 года назад | |
GHSA-32f7-x79r-fq9w The storage maintenance and debugging module has an array out-of-bounds read vulnerability.Successful exploitation of this vulnerability will cause incorrect statistics of this module. | CVSS3: 7.5 | 0% Низкий | больше 3 лет назад | |
GHSA-32f7-fg59-hr8r A vulnerability classified as critical was found in PHPGurukul Online Fire Reporting System 1.2. Affected by this vulnerability is an unknown functionality of the file /admin/completed-requests.php. The manipulation of the argument teamid leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | CVSS3: 6.3 | 0% Низкий | 7 месяцев назад | |
GHSA-32f7-cmr3-vpjv Moderate severity vulnerability that affects aioxmpp | около 7 лет назад | |||
GHSA-32f6-jrx4-x77h Nagios XI versions prior to 5.8.7 used a temporary directory for Highcharts exports with overly permissive ownership/permissions under the Apache user. Local or co-hosted processes could read/overwrite export artifacts or manipulate paths, risking disclosure or tampering and potential code execution depending on deployment. | CVSS3: 7.8 | 0% Низкий | 3 месяца назад | |
GHSA-32f3-6f6j-9xc3 Directory traversal vulnerability in the Session Server in Attachmate Verastream Host Integrator (VHI) 6.0 through 7.5 SP 1 HF 1 allows remote attackers to upload and execute arbitrary files via a crafted message. | 0% Низкий | больше 3 лет назад | ||
GHSA-32f2-v4v8-76vw An issue was discovered in TitanHQ WebTitan before 5.18. It exposes a database configuration file under /include/dbconfig.ini in the web administration interface, revealing what database the web application is using. | 0% Низкий | больше 3 лет назад | ||
GHSA-32f2-r7gj-x2hp Unspecified vulnerability in the Oracle FLEXCUBE Direct Banking component in Oracle Financial Services Software 5.0.2, 5.3.0 through 5.3.4, 6.0.1, and 6.2.0 allows remote authenticated users to affect confidentiality via unknown vectors related to Virtual Banking. | 0% Низкий | больше 3 лет назад | ||
GHSA-32f2-chgf-rf94 Dell EMC Storage Monitoring and Reporting version 4.3.1 contains a Java RMI Deserialization of Untrusted Data vulnerability. A remote unauthenticated attacker may potentially exploit this vulnerability by sending a crafted RMI request to execute arbitrary code on the target host. | CVSS3: 10 | 12% Средний | больше 3 лет назад | |
GHSA-32cw-wqcr-7m6r The Advanced AJAX Product Filters plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'nonce' parameter in all versions up to, and including, 1.6.8.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | CVSS3: 6.1 | 1% Низкий | 12 месяцев назад | |
GHSA-32cw-v82j-575w Windows Encrypting File System (EFS) Remote Code Execution Vulnerability. | CVSS3: 7.5 | 4% Низкий | больше 3 лет назад | |
GHSA-32cw-qm55-8qj6 Improper Encoding or Escaping of Output vulnerability in Hallo Welt! GmbH BlueSpice (Extension:AtMentions) allows Cross-Site Scripting (XSS). This issue affects BlueSpice: from 5 through 5.1.1. | CVSS3: 6.4 | 0% Низкий | 5 месяцев назад | |
GHSA-32cw-gjpg-49hh Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Wpexpertsio WC Shop Sync – Integrate Square and WooCommerce for Seamless Shop Management allows Reflected XSS.This issue affects WC Shop Sync – Integrate Square and WooCommerce for Seamless Shop Management: from n/a through 4.2.9. | CVSS3: 7.1 | 0% Низкий | почти 2 года назад | |
GHSA-32cw-4h2j-22vc Buffer overflow in the SMB capability for Microsoft Windows XP, 2000, and NT allows remote attackers to cause a denial of service and possibly execute arbitrary code via an SMB packet that specifies a smaller buffer length than is required. | 55% Средний | почти 4 года назад |
Уязвимостей на страницу