Логотип exploitDog
source:"github"
Консоль
Логотип exploitDog

exploitDog

source:"github"

Количество 312 573

Количество 312 573

github логотип

GHSA-2qqg-m8pw-2q2v

больше 2 лет назад

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Gopi Ramasamy Tiny Carousel Horizontal Slider plugin <= 8.1 versions.

CVSS3: 5.9
EPSS: Низкий
github логотип

GHSA-2qqg-5pcx-4jv3

почти 2 года назад

Airflow-Diagrams v2.1.0 was discovered to contain an arbitrary file upload vulnerability in the unsafe_load function at cli.py. This vulnerability allows attackers to execute arbitrary code via uploading a crafted YML file.

CVSS3: 9.8
EPSS: Низкий
github логотип

GHSA-2qqc-4hrp-xvcg

больше 3 лет назад

IBM SPSS Modeler 14.0, 14.1, 14.2 through FP3, and 15.0 before FP2 allows remote attackers to read arbitrary files, and possibly send HTTP requests to intranet servers or cause a denial of service (CPU and memory consumption), via an XML external entity declaration in conjunction with an entity reference.

EPSS: Низкий
github логотип

GHSA-2qq8-vcw7-37m7

8 месяцев назад

The Newsletters plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 4.9.9.9 via the 'file' parameter. This makes it possible for authenticated attackers, with Administrator-level access and above, to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be uploaded and included.

CVSS3: 7.2
EPSS: Низкий
github логотип

GHSA-2qq8-8fw2-5hhq

больше 1 года назад

OvalEdge 5.2.8.0 and earlier is affected by a Sensitive Data Exposure vulnerability via a GET request to /user/getUserList. Authentication is required. The information disclosed is associated with the all registered users, including user ID, status, email address, role(s), user type, license type, and personal details such as first name, last name, gender, and user preferences.

CVSS3: 5.4
EPSS: Низкий
github логотип

GHSA-2qq7-fch2-phqf

больше 1 года назад

Maven Archetype Plugin: Maven Archetype integration-test may package local settings into the published artifact, possibly containing credentials

CVSS3: 3.1
EPSS: Низкий
github логотип

GHSA-2qq7-6jm7-rjcv

около 1 года назад

A vulnerability, which was classified as problematic, has been found in Mindskip xzs-mysql 学之思开源考试系统 3.9.0. Affected by this issue is some unknown functionality. The manipulation leads to cross-site request forgery. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. Multiple endpoints are affected. The vendor was contacted early about this disclosure but did not respond in any way.

CVSS3: 4.3
EPSS: Низкий
github логотип

GHSA-2qq6-9r78-ffh4

около 1 месяца назад

Rejected reason: This CVE ID was rejected because it was reserved but not used for a vulnerability disclosure.

EPSS: Низкий
github логотип

GHSA-2qq5-6wqq-cgr8

больше 3 лет назад

Adobe Connect before 9.5.2 allows remote attackers to have an unspecified impact via a crafted parameter in a URL.

CVSS3: 9.8
EPSS: Низкий
github логотип

GHSA-2qq5-4hp7-fpfq

больше 3 лет назад

NULL pointer dereferences vulnerability in TCP/IP function included in the firmware of MELSEC iQ-R series (RJ71EIP91 EtherNet/IP Network Interface Module First 2 digits of serial number are '02' or before, RJ71PN92 PROFINET IO Controller Module First 2 digits of serial number are '01' or before, RD81DL96 High Speed Data Logger Module First 2 digits of serial number are '08' or before, RD81MES96N MES Interface Module First 2 digits of serial number are '04' or before, and RD81OPC96 OPC UA Server Module First 2 digits of serial number are '04' or before) allows a remote unauthenticated attacker to stop the network functions of the products via a specially crafted packet.

EPSS: Низкий
github логотип

GHSA-2qq2-3mq9-pfmj

больше 3 лет назад

The dbclient in Dropbear SSH before 2016.74 allows remote attackers to execute arbitrary code via a crafted (1) -m or (2) -c argument.

CVSS3: 8.8
EPSS: Низкий
github логотип

GHSA-2qpx-8vpw-42x9

больше 3 лет назад

An issue was discovered in Advantech SUISAccess Server Version 3.0 and prior. An attacker could traverse the file system and extract files that can result in information disclosure.

CVSS3: 7.5
EPSS: Средний
github логотип

GHSA-2qpw-jpx2-w9hr

около 3 лет назад

The Find and Replace All WordPress plugin before 1.3 does not have CSRF check when replacing string, which could allow attackers to make a logged admin replace arbitrary string in database tables via a CSRF attack

CVSS3: 4.3
EPSS: Низкий
github логотип

GHSA-2qpw-f425-8j85

больше 3 лет назад

Multiple SQL injection vulnerabilities in eTicket 1.5.7 allow remote attackers to execute arbitrary SQL commands via the pri parameter to (1) index.php, (2) open.php, (3) open_raw.php, and (4) newticket.php.

EPSS: Низкий
github логотип

GHSA-2qpw-94pp-r3cv

больше 2 лет назад

Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Vathemes Business Pro theme <= 1.10.4 versions.

CVSS3: 7.1
EPSS: Низкий
github логотип

GHSA-2qpv-6w5r-q697

почти 4 года назад

Multiple cross-site scripting (XSS) vulnerabilities in the image map feature in JFreeChart 1.0.8 allow remote attackers to inject arbitrary web script or HTML via the (1) chart name or (2) chart tool tip text; or the (3) href, (4) shape, or (5) coords attribute of a chart area.

EPSS: Низкий
github логотип

GHSA-2qpr-jh9p-xf8p

8 месяцев назад

Out-of-bounds read in Windows Storage Management Provider allows an authorized attacker to disclose information locally.

CVSS3: 5.5
EPSS: Низкий
github логотип

GHSA-2qpq-x4m7-gjf3

10 месяцев назад

Weak encoding for password vulnerability exists in HMI ViewJet C-more series. If this vulnerability is exploited, authentication information may be obtained by a local authenticated attacker.

CVSS3: 6.5
EPSS: Низкий
github логотип

GHSA-2qpq-rm7r-m2pp

больше 3 лет назад

In LibSass 3.4.5, there is a heap-based buffer over-read in the function json_mkstream() in sass_context.cpp. A crafted input will lead to a remote denial of service attack.

CVSS3: 7.5
EPSS: Низкий
github логотип

GHSA-2qpq-mrrj-2hc9

почти 4 года назад

The Connectables feature in Adobe PhotoDeluxe 3.1 prepends the Adobe directory to the CLASSPATH environment variable, which allows applets to run with higher privileges and remote attackers to gain privileges via an HTML e-mail message or a web page.

EPSS: Низкий

Уязвимостей на страницу

Уязвимость
CVSS
EPSS
Опубликовано
github логотип
GHSA-2qqg-m8pw-2q2v

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Gopi Ramasamy Tiny Carousel Horizontal Slider plugin <= 8.1 versions.

CVSS3: 5.9
0%
Низкий
больше 2 лет назад
github логотип
GHSA-2qqg-5pcx-4jv3

Airflow-Diagrams v2.1.0 was discovered to contain an arbitrary file upload vulnerability in the unsafe_load function at cli.py. This vulnerability allows attackers to execute arbitrary code via uploading a crafted YML file.

CVSS3: 9.8
0%
Низкий
почти 2 года назад
github логотип
GHSA-2qqc-4hrp-xvcg

IBM SPSS Modeler 14.0, 14.1, 14.2 through FP3, and 15.0 before FP2 allows remote attackers to read arbitrary files, and possibly send HTTP requests to intranet servers or cause a denial of service (CPU and memory consumption), via an XML external entity declaration in conjunction with an entity reference.

1%
Низкий
больше 3 лет назад
github логотип
GHSA-2qq8-vcw7-37m7

The Newsletters plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 4.9.9.9 via the 'file' parameter. This makes it possible for authenticated attackers, with Administrator-level access and above, to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be uploaded and included.

CVSS3: 7.2
0%
Низкий
8 месяцев назад
github логотип
GHSA-2qq8-8fw2-5hhq

OvalEdge 5.2.8.0 and earlier is affected by a Sensitive Data Exposure vulnerability via a GET request to /user/getUserList. Authentication is required. The information disclosed is associated with the all registered users, including user ID, status, email address, role(s), user type, license type, and personal details such as first name, last name, gender, and user preferences.

CVSS3: 5.4
0%
Низкий
больше 1 года назад
github логотип
GHSA-2qq7-fch2-phqf

Maven Archetype Plugin: Maven Archetype integration-test may package local settings into the published artifact, possibly containing credentials

CVSS3: 3.1
0%
Низкий
больше 1 года назад
github логотип
GHSA-2qq7-6jm7-rjcv

A vulnerability, which was classified as problematic, has been found in Mindskip xzs-mysql 学之思开源考试系统 3.9.0. Affected by this issue is some unknown functionality. The manipulation leads to cross-site request forgery. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. Multiple endpoints are affected. The vendor was contacted early about this disclosure but did not respond in any way.

CVSS3: 4.3
0%
Низкий
около 1 года назад
github логотип
GHSA-2qq6-9r78-ffh4

Rejected reason: This CVE ID was rejected because it was reserved but not used for a vulnerability disclosure.

около 1 месяца назад
github логотип
GHSA-2qq5-6wqq-cgr8

Adobe Connect before 9.5.2 allows remote attackers to have an unspecified impact via a crafted parameter in a URL.

CVSS3: 9.8
2%
Низкий
больше 3 лет назад
github логотип
GHSA-2qq5-4hp7-fpfq

NULL pointer dereferences vulnerability in TCP/IP function included in the firmware of MELSEC iQ-R series (RJ71EIP91 EtherNet/IP Network Interface Module First 2 digits of serial number are '02' or before, RJ71PN92 PROFINET IO Controller Module First 2 digits of serial number are '01' or before, RD81DL96 High Speed Data Logger Module First 2 digits of serial number are '08' or before, RD81MES96N MES Interface Module First 2 digits of serial number are '04' or before, and RD81OPC96 OPC UA Server Module First 2 digits of serial number are '04' or before) allows a remote unauthenticated attacker to stop the network functions of the products via a specially crafted packet.

1%
Низкий
больше 3 лет назад
github логотип
GHSA-2qq2-3mq9-pfmj

The dbclient in Dropbear SSH before 2016.74 allows remote attackers to execute arbitrary code via a crafted (1) -m or (2) -c argument.

CVSS3: 8.8
2%
Низкий
больше 3 лет назад
github логотип
GHSA-2qpx-8vpw-42x9

An issue was discovered in Advantech SUISAccess Server Version 3.0 and prior. An attacker could traverse the file system and extract files that can result in information disclosure.

CVSS3: 7.5
24%
Средний
больше 3 лет назад
github логотип
GHSA-2qpw-jpx2-w9hr

The Find and Replace All WordPress plugin before 1.3 does not have CSRF check when replacing string, which could allow attackers to make a logged admin replace arbitrary string in database tables via a CSRF attack

CVSS3: 4.3
0%
Низкий
около 3 лет назад
github логотип
GHSA-2qpw-f425-8j85

Multiple SQL injection vulnerabilities in eTicket 1.5.7 allow remote attackers to execute arbitrary SQL commands via the pri parameter to (1) index.php, (2) open.php, (3) open_raw.php, and (4) newticket.php.

1%
Низкий
больше 3 лет назад
github логотип
GHSA-2qpw-94pp-r3cv

Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Vathemes Business Pro theme <= 1.10.4 versions.

CVSS3: 7.1
0%
Низкий
больше 2 лет назад
github логотип
GHSA-2qpv-6w5r-q697

Multiple cross-site scripting (XSS) vulnerabilities in the image map feature in JFreeChart 1.0.8 allow remote attackers to inject arbitrary web script or HTML via the (1) chart name or (2) chart tool tip text; or the (3) href, (4) shape, or (5) coords attribute of a chart area.

2%
Низкий
почти 4 года назад
github логотип
GHSA-2qpr-jh9p-xf8p

Out-of-bounds read in Windows Storage Management Provider allows an authorized attacker to disclose information locally.

CVSS3: 5.5
0%
Низкий
8 месяцев назад
github логотип
GHSA-2qpq-x4m7-gjf3

Weak encoding for password vulnerability exists in HMI ViewJet C-more series. If this vulnerability is exploited, authentication information may be obtained by a local authenticated attacker.

CVSS3: 6.5
0%
Низкий
10 месяцев назад
github логотип
GHSA-2qpq-rm7r-m2pp

In LibSass 3.4.5, there is a heap-based buffer over-read in the function json_mkstream() in sass_context.cpp. A crafted input will lead to a remote denial of service attack.

CVSS3: 7.5
0%
Низкий
больше 3 лет назад
github логотип
GHSA-2qpq-mrrj-2hc9

The Connectables feature in Adobe PhotoDeluxe 3.1 prepends the Adobe directory to the CLASSPATH environment variable, which allows applets to run with higher privileges and remote attackers to gain privileges via an HTML e-mail message or a web page.

5%
Низкий
почти 4 года назад

Уязвимостей на страницу