Логотип exploitDog
source:"github"
Консоль
Логотип exploitDog

exploitDog

source:"github"

Количество 312 573

Количество 312 573

github логотип

GHSA-2pvw-4fwr-jv5w

8 месяцев назад

Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.

CVSS3: 5.4
EPSS: Низкий
github логотип

GHSA-2pvv-x6hx-hgmv

около 1 года назад

Tecnick TCExam – CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

CVSS3: 9.8
EPSS: Низкий
github логотип

GHSA-2pvv-q344-xvjh

больше 1 года назад

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WPDeveloper Essential Addons for Elementor allows Stored XSS.This issue affects Essential Addons for Elementor: from n/a through 5.9.15.

CVSS3: 6.5
EPSS: Низкий
github логотип

GHSA-2pvv-8r4m-4f4m

почти 4 года назад

PHP remote file inclusion vulnerability in forum/forum.php JAF CMS 4.0 RC1 allows remote attackers to execute arbitrary PHP code via a URL in the website parameter.

EPSS: Низкий
github логотип

GHSA-2pvv-7qr9-h5rq

около 2 месяцев назад

This issue was addressed with improved state management. This issue is fixed in macOS Tahoe 26.1. An app may be able to access sensitive user data.

CVSS3: 5.5
EPSS: Низкий
github логотип

GHSA-2pvr-f889-xjvm

почти 4 года назад

Planet Technology Corp FGSW2402RS switch with firmware 1.2 has a default password, which allows attackers with physical access to the device's serial port to gain privileges.

EPSS: Низкий
github логотип

GHSA-2pvr-5mpx-gwv9

больше 1 года назад

The Social Link Pages: link-in-bio landing pages for your social media profiles plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the import_link_pages() function in all versions up to, and including, 1.6.9. This makes it possible for unauthenticated attackers to inject arbitrary pages and malicious web scripts.

CVSS3: 7.2
EPSS: Низкий
github логотип

GHSA-2pvq-xmrh-grxp

больше 3 лет назад

A Local Privilege Escalation Vulnerability in MagniComp's Sysinfo before 10-H64 for Linux and UNIX platforms could allow a local attacker to gain elevated privileges. Parts of SysInfo require setuid-to-root access in order to access restricted system files and make restricted kernel calls. This access could be exploited by a local attacker to gain a root shell prompt using the right combination of environment variables and command line arguments.

CVSS3: 6.7
EPSS: Средний
github логотип

GHSA-2pvq-77pm-76c4

почти 2 года назад

An issue in flusity CMS v2.33 allows a remote attacker to execute arbitrary code via the add_addon.php component.

CVSS3: 9.8
EPSS: Низкий
github логотип

GHSA-2pvp-px52-q92c

больше 3 лет назад

Untrusted search path vulnerability in Foxit Reader before 5.0.2.0718 allows local users to gain privileges via a Trojan horse dwmapi.dll, dwrite.dll, or msdrm.dll in the current working directory.

EPSS: Низкий
github логотип

GHSA-2pvm-v53r-33rw

больше 3 лет назад

Mitigates a potential information leakage issue in ArcSight Logger versions prior to 6.7.

CVSS3: 6.5
EPSS: Низкий
github логотип

GHSA-2pvm-p3x6-gxvp

больше 3 лет назад

An arbitrary code execution vulnerability exists in Micro Focus Application Performance Management, affecting versions 9.40, 9.50 and 9.51. The vulnerability could allow remote attackers to execute arbitrary code on affected installations of APM.

CVSS3: 9.8
EPSS: Низкий
github логотип

GHSA-2pvj-w2cg-rgwq

больше 3 лет назад

STDU Viewer 1.6.375 allows attackers to execute arbitrary code or cause a denial of service via a crafted .xps file, related to a "Read Access Violation on Block Data Move starting at STDUXPSFile!DllUnregisterServer+0x0000000000005af2."

CVSS3: 7.8
EPSS: Низкий
github логотип

GHSA-2pvj-p485-cp3m

больше 3 лет назад

matrix-android-sdk2 vulnerable to impersonation via forwarded Megolm sessions

CVSS3: 7.5
EPSS: Низкий
github логотип

GHSA-2pvj-859q-4v5p

больше 3 лет назад

Buffer overflow in the XDRBuffer::grow function in js/src/vm/Xdr.cpp in Mozilla Firefox before 43.0 might allow remote attackers to cause a denial of service or possibly have unspecified other impact via crafted JavaScript code.

EPSS: Низкий
github логотип

GHSA-2pvj-5j7v-jjxj

больше 3 лет назад

Multiple cross-site scripting (XSS) vulnerabilities in the media manager in Dotclear before 2.10 allow remote attackers to inject arbitrary web script or HTML via the (1) q or (2) link_type parameter to admin/media.php.

CVSS3: 6.1
EPSS: Низкий
github логотип

GHSA-2pvh-xf99-r989

больше 3 лет назад

In Webgalamb through 7.0, log files are exposed to the internet with predictable files/logs/sql_error_log/YYYY-MM-DD-sql_error_log.log filenames. The log file could contain sensitive client data (email addresses) and also facilitates exploitation of SQL injection errors.

CVSS3: 7.5
EPSS: Низкий
github логотип

GHSA-2pvh-rqjq-h9px

больше 1 года назад

naga v0.14.0 was discovered to contain a stack overflow via the component /wgsl/parse/mod.rs.

CVSS3: 9.8
EPSS: Низкий
github логотип

GHSA-2pvg-pmc4-vr2x

больше 1 года назад

Acrobat Mobile Sign Android versions 24.4.2.33155 and earlier are affected by an Incorrect Authorization vulnerability that could result in a Security feature bypass. An attacker could exploit this vulnerability to access confidential information. Exploitation of this issue does not require user interaction.

CVSS3: 5.5
EPSS: Низкий
github логотип

GHSA-2pvg-4x8f-qx36

почти 4 года назад

kdebug daemon (kdebugd) in Digital Unix 4.0F allows remote attackers to read arbitrary files by specifying the full file name in the initialization packet.

EPSS: Низкий

Уязвимостей на страницу

Уязвимость
CVSS
EPSS
Опубликовано
github логотип
GHSA-2pvw-4fwr-jv5w

Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.

CVSS3: 5.4
0%
Низкий
8 месяцев назад
github логотип
GHSA-2pvv-x6hx-hgmv

Tecnick TCExam – CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

CVSS3: 9.8
0%
Низкий
около 1 года назад
github логотип
GHSA-2pvv-q344-xvjh

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WPDeveloper Essential Addons for Elementor allows Stored XSS.This issue affects Essential Addons for Elementor: from n/a through 5.9.15.

CVSS3: 6.5
0%
Низкий
больше 1 года назад
github логотип
GHSA-2pvv-8r4m-4f4m

PHP remote file inclusion vulnerability in forum/forum.php JAF CMS 4.0 RC1 allows remote attackers to execute arbitrary PHP code via a URL in the website parameter.

6%
Низкий
почти 4 года назад
github логотип
GHSA-2pvv-7qr9-h5rq

This issue was addressed with improved state management. This issue is fixed in macOS Tahoe 26.1. An app may be able to access sensitive user data.

CVSS3: 5.5
0%
Низкий
около 2 месяцев назад
github логотип
GHSA-2pvr-f889-xjvm

Planet Technology Corp FGSW2402RS switch with firmware 1.2 has a default password, which allows attackers with physical access to the device's serial port to gain privileges.

0%
Низкий
почти 4 года назад
github логотип
GHSA-2pvr-5mpx-gwv9

The Social Link Pages: link-in-bio landing pages for your social media profiles plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the import_link_pages() function in all versions up to, and including, 1.6.9. This makes it possible for unauthenticated attackers to inject arbitrary pages and malicious web scripts.

CVSS3: 7.2
1%
Низкий
больше 1 года назад
github логотип
GHSA-2pvq-xmrh-grxp

A Local Privilege Escalation Vulnerability in MagniComp's Sysinfo before 10-H64 for Linux and UNIX platforms could allow a local attacker to gain elevated privileges. Parts of SysInfo require setuid-to-root access in order to access restricted system files and make restricted kernel calls. This access could be exploited by a local attacker to gain a root shell prompt using the right combination of environment variables and command line arguments.

CVSS3: 6.7
21%
Средний
больше 3 лет назад
github логотип
GHSA-2pvq-77pm-76c4

An issue in flusity CMS v2.33 allows a remote attacker to execute arbitrary code via the add_addon.php component.

CVSS3: 9.8
4%
Низкий
почти 2 года назад
github логотип
GHSA-2pvp-px52-q92c

Untrusted search path vulnerability in Foxit Reader before 5.0.2.0718 allows local users to gain privileges via a Trojan horse dwmapi.dll, dwrite.dll, or msdrm.dll in the current working directory.

8%
Низкий
больше 3 лет назад
github логотип
GHSA-2pvm-v53r-33rw

Mitigates a potential information leakage issue in ArcSight Logger versions prior to 6.7.

CVSS3: 6.5
0%
Низкий
больше 3 лет назад
github логотип
GHSA-2pvm-p3x6-gxvp

An arbitrary code execution vulnerability exists in Micro Focus Application Performance Management, affecting versions 9.40, 9.50 and 9.51. The vulnerability could allow remote attackers to execute arbitrary code on affected installations of APM.

CVSS3: 9.8
2%
Низкий
больше 3 лет назад
github логотип
GHSA-2pvj-w2cg-rgwq

STDU Viewer 1.6.375 allows attackers to execute arbitrary code or cause a denial of service via a crafted .xps file, related to a "Read Access Violation on Block Data Move starting at STDUXPSFile!DllUnregisterServer+0x0000000000005af2."

CVSS3: 7.8
0%
Низкий
больше 3 лет назад
github логотип
GHSA-2pvj-p485-cp3m

matrix-android-sdk2 vulnerable to impersonation via forwarded Megolm sessions

CVSS3: 7.5
0%
Низкий
больше 3 лет назад
github логотип
GHSA-2pvj-859q-4v5p

Buffer overflow in the XDRBuffer::grow function in js/src/vm/Xdr.cpp in Mozilla Firefox before 43.0 might allow remote attackers to cause a denial of service or possibly have unspecified other impact via crafted JavaScript code.

1%
Низкий
больше 3 лет назад
github логотип
GHSA-2pvj-5j7v-jjxj

Multiple cross-site scripting (XSS) vulnerabilities in the media manager in Dotclear before 2.10 allow remote attackers to inject arbitrary web script or HTML via the (1) q or (2) link_type parameter to admin/media.php.

CVSS3: 6.1
1%
Низкий
больше 3 лет назад
github логотип
GHSA-2pvh-xf99-r989

In Webgalamb through 7.0, log files are exposed to the internet with predictable files/logs/sql_error_log/YYYY-MM-DD-sql_error_log.log filenames. The log file could contain sensitive client data (email addresses) and also facilitates exploitation of SQL injection errors.

CVSS3: 7.5
1%
Низкий
больше 3 лет назад
github логотип
GHSA-2pvh-rqjq-h9px

naga v0.14.0 was discovered to contain a stack overflow via the component /wgsl/parse/mod.rs.

CVSS3: 9.8
0%
Низкий
больше 1 года назад
github логотип
GHSA-2pvg-pmc4-vr2x

Acrobat Mobile Sign Android versions 24.4.2.33155 and earlier are affected by an Incorrect Authorization vulnerability that could result in a Security feature bypass. An attacker could exploit this vulnerability to access confidential information. Exploitation of this issue does not require user interaction.

CVSS3: 5.5
0%
Низкий
больше 1 года назад
github логотип
GHSA-2pvg-4x8f-qx36

kdebug daemon (kdebugd) in Digital Unix 4.0F allows remote attackers to read arbitrary files by specifying the full file name in the initialization packet.

0%
Низкий
почти 4 года назад

Уязвимостей на страницу