Логотип exploitDog
source:"github"
Консоль
Логотип exploitDog

exploitDog

source:"github"

Количество 312 573

Количество 312 573

github логотип

GHSA-2mwc-h2mg-v6p8

около 1 месяца назад

Bagisto has HTML Filter Bypass that Enables Stored XSS

EPSS: Низкий
github логотип

GHSA-2mw9-fq32-5hx4

больше 3 лет назад

In iOS before 11.3, Safari before 11.1, tvOS before 11.3, watchOS before 4.3, iTunes before 12.7.4 for Windows, an array indexing issue existed in the handling of a function in javascript core. This issue was addressed with improved checks.

CVSS3: 8.8
EPSS: Низкий
github логотип

GHSA-2mw9-cpc8-cf9f

больше 3 лет назад

FFmpeg 2.x allows remote attackers to conduct cross-origin attacks and read arbitrary files by using the subfile protocol in an HTTP Live Streaming (HLS) M3U8 file, leading to an external HTTP request in which the URL string contains an arbitrary line of a local file.

CVSS3: 5.5
EPSS: Средний
github логотип

GHSA-2mw9-2w9q-w27m

больше 3 лет назад

Blink, as used in Google Chrome before 51.0.2704.63, allows remote attackers to bypass the Same Origin Policy via unspecified vectors.

CVSS3: 8.8
EPSS: Низкий
github логотип

GHSA-2mw8-v4w5-29m4

10 месяцев назад

Rejected reason: Not used

EPSS: Низкий
github логотип

GHSA-2mw7-wggm-m6w3

около 7 лет назад

Denial of Service in ethereumjs-vm

CVSS3: 7.5
EPSS: Низкий
github логотип

GHSA-2mw7-f37q-33mg

почти 2 года назад

Dell PowerProtect Data Manager, version 19.15 and prior versions, contain a weak password recovery mechanism for forgotten passwords. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to unauthorized access to the application with privileges of the compromised account. The attacker could retrieve the reset password token without authorization and then perform the password change

CVSS3: 8.8
EPSS: Низкий
github логотип

GHSA-2mw7-77qm-cmxc

больше 3 лет назад

Stack-based buffer overflow in MoreAmp allows remote attackers to execute arbitrary code via a long line in a song list (.maf file).

EPSS: Низкий
github логотип

GHSA-2mw5-m74c-gphm

больше 3 лет назад

Unrestricted file upload vulnerability in the profile feature in VidiScript allows registered remote authenticated users to execute arbitrary code by uploading a PHP file as an Avatar, then accessing the avatar via a direct request.

EPSS: Низкий
github логотип

GHSA-2mw5-5xxw-vv7j

больше 1 года назад

cute_png v1.05 was discovered to contain a heap buffer overflow via the cp_load_png_mem() function at cute_png.h.

CVSS3: 7.8
EPSS: Низкий
github логотип

GHSA-2mw4-wj8c-7f93

больше 2 лет назад

Eclipse Glassfish remote code execution issue

CVSS3: 6.8
EPSS: Низкий
github логотип

GHSA-2mw4-5fh2-j3wh

больше 3 лет назад

An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.4. It was possible to exploit a stored cross-site-scripting in merge request via a specifically crafted branch name.

CVSS3: 5.4
EPSS: Низкий
github логотип

GHSA-2mw3-4c3p-vv6p

больше 2 лет назад

Harman Infotainment 20190525031613 allows root access via SSH over a USB-to-Ethernet dongle with a password that is an internal project name.

CVSS3: 6.8
EPSS: Низкий
github логотип

GHSA-2mw2-pgcq-48mv

почти 2 года назад

Tenda FH1205 v2.0.0.7(775) has a stack overflow vulnerability in the list1 parameter from fromDhcpListClient function.

CVSS3: 5.7
EPSS: Низкий
github логотип

GHSA-2mw2-m8pw-m382

больше 3 лет назад

An elevation of privilege vulnerability exists in the way that the Connected Devices Platform Service handles objects in memory, aka 'Connected Devices Platform Service Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0740, CVE-2020-0741, CVE-2020-0742, CVE-2020-0749, CVE-2020-0750.

EPSS: Низкий
github логотип

GHSA-2mw2-gj79-mjf4

3 месяца назад

A use after free issue was addressed with improved memory management. This issue is fixed in macOS Sonoma 14.8.2, macOS Sequoia 15.7.2. An app may be able to cause unexpected system termination.

CVSS3: 5.5
EPSS: Низкий
github логотип

GHSA-2mvx-m58q-vfmv

9 месяцев назад

A vulnerability was found in PCMan FTP Server up to 2.0.7. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the component GLOB Command Handler. The manipulation leads to buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.

CVSS3: 7.3
EPSS: Низкий
github логотип

GHSA-2mvw-xxr6-2f56

8 месяцев назад

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in M A Vinoth Kumar Frontend Dashboard allows Stored XSS. This issue affects Frontend Dashboard: from n/a through 2.2.8.

CVSS3: 6.5
EPSS: Низкий
github логотип

GHSA-2mvw-pgf2-gf3j

больше 3 лет назад

SQL injection vulnerability in the Yet Another Calendar (ke_yac) extension before 1.1.2 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

EPSS: Низкий
github логотип

GHSA-2mvw-cmvf-9wp4

больше 1 года назад

The WP Booking Calendar WordPress plugin before 10.6.3 does not sanitise and escape some of its Widgets settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).

CVSS3: 4.8
EPSS: Низкий

Уязвимостей на страницу

Уязвимость
CVSS
EPSS
Опубликовано
github логотип
GHSA-2mwc-h2mg-v6p8

Bagisto has HTML Filter Bypass that Enables Stored XSS

0%
Низкий
около 1 месяца назад
github логотип
GHSA-2mw9-fq32-5hx4

In iOS before 11.3, Safari before 11.1, tvOS before 11.3, watchOS before 4.3, iTunes before 12.7.4 for Windows, an array indexing issue existed in the handling of a function in javascript core. This issue was addressed with improved checks.

CVSS3: 8.8
1%
Низкий
больше 3 лет назад
github логотип
GHSA-2mw9-cpc8-cf9f

FFmpeg 2.x allows remote attackers to conduct cross-origin attacks and read arbitrary files by using the subfile protocol in an HTTP Live Streaming (HLS) M3U8 file, leading to an external HTTP request in which the URL string contains an arbitrary line of a local file.

CVSS3: 5.5
33%
Средний
больше 3 лет назад
github логотип
GHSA-2mw9-2w9q-w27m

Blink, as used in Google Chrome before 51.0.2704.63, allows remote attackers to bypass the Same Origin Policy via unspecified vectors.

CVSS3: 8.8
1%
Низкий
больше 3 лет назад
github логотип
GHSA-2mw8-v4w5-29m4

Rejected reason: Not used

10 месяцев назад
github логотип
GHSA-2mw7-wggm-m6w3

Denial of Service in ethereumjs-vm

CVSS3: 7.5
1%
Низкий
около 7 лет назад
github логотип
GHSA-2mw7-f37q-33mg

Dell PowerProtect Data Manager, version 19.15 and prior versions, contain a weak password recovery mechanism for forgotten passwords. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to unauthorized access to the application with privileges of the compromised account. The attacker could retrieve the reset password token without authorization and then perform the password change

CVSS3: 8.8
1%
Низкий
почти 2 года назад
github логотип
GHSA-2mw7-77qm-cmxc

Stack-based buffer overflow in MoreAmp allows remote attackers to execute arbitrary code via a long line in a song list (.maf file).

9%
Низкий
больше 3 лет назад
github логотип
GHSA-2mw5-m74c-gphm

Unrestricted file upload vulnerability in the profile feature in VidiScript allows registered remote authenticated users to execute arbitrary code by uploading a PHP file as an Avatar, then accessing the avatar via a direct request.

6%
Низкий
больше 3 лет назад
github логотип
GHSA-2mw5-5xxw-vv7j

cute_png v1.05 was discovered to contain a heap buffer overflow via the cp_load_png_mem() function at cute_png.h.

CVSS3: 7.8
0%
Низкий
больше 1 года назад
github логотип
GHSA-2mw4-wj8c-7f93

Eclipse Glassfish remote code execution issue

CVSS3: 6.8
0%
Низкий
больше 2 лет назад
github логотип
GHSA-2mw4-5fh2-j3wh

An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.4. It was possible to exploit a stored cross-site-scripting in merge request via a specifically crafted branch name.

CVSS3: 5.4
0%
Низкий
больше 3 лет назад
github логотип
GHSA-2mw3-4c3p-vv6p

Harman Infotainment 20190525031613 allows root access via SSH over a USB-to-Ethernet dongle with a password that is an internal project name.

CVSS3: 6.8
0%
Низкий
больше 2 лет назад
github логотип
GHSA-2mw2-pgcq-48mv

Tenda FH1205 v2.0.0.7(775) has a stack overflow vulnerability in the list1 parameter from fromDhcpListClient function.

CVSS3: 5.7
0%
Низкий
почти 2 года назад
github логотип
GHSA-2mw2-m8pw-m382

An elevation of privilege vulnerability exists in the way that the Connected Devices Platform Service handles objects in memory, aka 'Connected Devices Platform Service Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0740, CVE-2020-0741, CVE-2020-0742, CVE-2020-0749, CVE-2020-0750.

1%
Низкий
больше 3 лет назад
github логотип
GHSA-2mw2-gj79-mjf4

A use after free issue was addressed with improved memory management. This issue is fixed in macOS Sonoma 14.8.2, macOS Sequoia 15.7.2. An app may be able to cause unexpected system termination.

CVSS3: 5.5
0%
Низкий
3 месяца назад
github логотип
GHSA-2mvx-m58q-vfmv

A vulnerability was found in PCMan FTP Server up to 2.0.7. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the component GLOB Command Handler. The manipulation leads to buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.

CVSS3: 7.3
0%
Низкий
9 месяцев назад
github логотип
GHSA-2mvw-xxr6-2f56

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in M A Vinoth Kumar Frontend Dashboard allows Stored XSS. This issue affects Frontend Dashboard: from n/a through 2.2.8.

CVSS3: 6.5
0%
Низкий
8 месяцев назад
github логотип
GHSA-2mvw-pgf2-gf3j

SQL injection vulnerability in the Yet Another Calendar (ke_yac) extension before 1.1.2 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

0%
Низкий
больше 3 лет назад
github логотип
GHSA-2mvw-cmvf-9wp4

The WP Booking Calendar WordPress plugin before 10.6.3 does not sanitise and escape some of its Widgets settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).

CVSS3: 4.8
0%
Низкий
больше 1 года назад

Уязвимостей на страницу