Количество 313 854
Количество 313 854
GHSA-25c9-3ffh-rvqx
The Spexo Addons for Elementor – Free Elementor Addons, Widgets and Templates plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the tmpcoder_theme_install_func() function in all versions up to, and including, 1.0.14. This makes it possible for authenticated attackers, with Subscriber-level access and above, to install a theme.
GHSA-25c8-qcqq-xpqw
Auth. WordPress Options Change (siteurl, users_can_register, default_role, admin_email and new_admin_email) vulnerability in Biplob Adhikari's Accordions – Multiple Accordions or FAQs Builder plugin (versions <= 2.0.3 on WordPress.
GHSA-25c8-p9xf-2v4m
An issue in the server_handle_regular function of the test_coap_server.c file within the FreeCoAP project allows remote attackers to cause a Denial of Service through specially crafted packets.
GHSA-25c8-p796-jg6r
Microsoft Security Advisory CVE-2023-33170: .NET Security Feature Bypass Vulnerability
GHSA-25c8-fq6j-8vvf
Memory corruption while processing MFC channel configuration during music playback.
GHSA-25c8-fmh2-q3pg
IBM WebSphere Message Broker 6.1.x before 6.1.0.2 writes a database connection password to the Event Log and System Log during exception handling for a JDBC error, which allows local users to obtain sensitive information by reading these logs.
GHSA-25c7-67gf-gc43
A URL redirection to untrusted site vulnerability in HP ArcSight ESM and HP ArcSight ESM Express, in any 6.x version prior to 6.9.1c Patch 4 or 6.11.0 Patch 1. This vulnerability could be exploited remotely to allow URL redirection to untrusted site.
GHSA-25c7-5442-g7pq
Microsoft .NET Framework 2.0 SP2, 3.5.1, and 4, and Silverlight 4 before 4.1.10111, does not properly restrict access to memory associated with unmanaged objects, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP), (2) a crafted ASP.NET application, (3) a crafted .NET Framework application, or (4) a crafted Silverlight application, aka ".NET Framework Unmanaged Objects Vulnerability."
GHSA-25c7-47pw-x5cf
Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because it is Unused
GHSA-25c5-9pxc-899f
index.php in WebMplayer before 0.6.1-Alpha allows remote attackers to execute arbitrary code via shell metacharacters in an exec function call. NOTE: some sources have referred to this as eval injection in the param parameter, but CVE source inspection suggests that this is erroneous.
GHSA-25c5-5c5w-53xq
Sophos Anti-Virus before 4.02, 4.5.x before 4.5.9, 4.6.x before 4.6.9, and 5.x before 5.1.4 allow remote attackers to hide arbitrary files and data via crafted ARJ archives, which are not properly scanned.
GHSA-25c5-58xw-hw5q
Jenkins allows Remote Users to Build Arbitrary Jobs
GHSA-25c3-h67j-g2qq
Insufficient data validation in Directory in Google Chrome prior to 108.0.5359.71 allowed a remote attacker to bypass file system restrictions via a crafted HTML page. (Chromium security severity: Medium)
GHSA-25c3-7fvj-v45j
phpMyFAQ Stored Cross-site Scripting vulnerability
GHSA-25c3-4v7x-3hrp
A vulnerability, which was classified as critical, was found in openBI up to 6.0.3. Affected is the function addxinzhi of the file application/controllers/User.php of the component Phar Handler. The manipulation of the argument outimgurl leads to deserialization. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-252696.
GHSA-25c3-3rg2-gf39
In SweetScape 010 Editor 9.0.1, improper validation of arguments in the internal implementation of the WSubStr function (provided by the scripting engine) allows an attacker to cause a denial of service by crashing the application.
GHSA-259x-wgj2-g49m
Unspecified vulnerability in Sun Java System Application Server 7 2004Q2 before Update 6, Web Server 6.1 before SP8, and Web Server 7.0 before Update 1 allows remote attackers to obtain source code of JSP files via unknown vectors.
GHSA-259x-v826-2fcj
IBM SPSS Modeler 16.0 before 16.0.0.1 on UNIX does not properly drop group privileges, which allows local users to bypass intended file-access restrictions by leveraging (1) gid 0 or (2) root's group memberships.
GHSA-259w-fqv8-xvgh
Acronis True Image prior to 2021 Update 4 for Windows allowed local privilege escalation due to improper soft link handling (issue 1 of 2).
GHSA-259w-8hf6-59c2
OCI image importer memory exhaustion in github.com/containerd/containerd
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
| GHSA-25c9-3ffh-rvqx The Spexo Addons for Elementor – Free Elementor Addons, Widgets and Templates plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the tmpcoder_theme_install_func() function in all versions up to, and including, 1.0.14. This makes it possible for authenticated attackers, with Subscriber-level access and above, to install a theme. | CVSS3: 4.3 | 0% Низкий | около 1 года назад |
| GHSA-25c8-qcqq-xpqw Auth. WordPress Options Change (siteurl, users_can_register, default_role, admin_email and new_admin_email) vulnerability in Biplob Adhikari's Accordions – Multiple Accordions or FAQs Builder plugin (versions <= 2.0.3 on WordPress. | CVSS3: 7.2 | 1% Низкий | больше 2 лет назад |
| GHSA-25c8-p9xf-2v4m An issue in the server_handle_regular function of the test_coap_server.c file within the FreeCoAP project allows remote attackers to cause a Denial of Service through specially crafted packets. | CVSS3: 8.2 | 0% Низкий | больше 1 года назад |
| GHSA-25c8-p796-jg6r Microsoft Security Advisory CVE-2023-33170: .NET Security Feature Bypass Vulnerability | CVSS3: 8.1 | 0% Низкий | больше 2 лет назад |
| GHSA-25c8-fq6j-8vvf Memory corruption while processing MFC channel configuration during music playback. | CVSS3: 7.8 | 0% Низкий | около 2 месяцев назад |
| GHSA-25c8-fmh2-q3pg IBM WebSphere Message Broker 6.1.x before 6.1.0.2 writes a database connection password to the Event Log and System Log during exception handling for a JDBC error, which allows local users to obtain sensitive information by reading these logs. | 0% Низкий | почти 4 года назад | |
| GHSA-25c7-67gf-gc43 A URL redirection to untrusted site vulnerability in HP ArcSight ESM and HP ArcSight ESM Express, in any 6.x version prior to 6.9.1c Patch 4 or 6.11.0 Patch 1. This vulnerability could be exploited remotely to allow URL redirection to untrusted site. | CVSS3: 6.1 | 0% Низкий | больше 3 лет назад |
| GHSA-25c7-5442-g7pq Microsoft .NET Framework 2.0 SP2, 3.5.1, and 4, and Silverlight 4 before 4.1.10111, does not properly restrict access to memory associated with unmanaged objects, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP), (2) a crafted ASP.NET application, (3) a crafted .NET Framework application, or (4) a crafted Silverlight application, aka ".NET Framework Unmanaged Objects Vulnerability." | CVSS3: 7.8 | 52% Средний | почти 4 года назад |
| GHSA-25c7-47pw-x5cf Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because it is Unused | 8 месяцев назад | ||
| GHSA-25c5-9pxc-899f index.php in WebMplayer before 0.6.1-Alpha allows remote attackers to execute arbitrary code via shell metacharacters in an exec function call. NOTE: some sources have referred to this as eval injection in the param parameter, but CVE source inspection suggests that this is erroneous. | 3% Низкий | почти 4 года назад | |
| GHSA-25c5-5c5w-53xq Sophos Anti-Virus before 4.02, 4.5.x before 4.5.9, 4.6.x before 4.6.9, and 5.x before 5.1.4 allow remote attackers to hide arbitrary files and data via crafted ARJ archives, which are not properly scanned. | 3% Низкий | почти 4 года назад | |
| GHSA-25c5-58xw-hw5q Jenkins allows Remote Users to Build Arbitrary Jobs | 0% Низкий | больше 3 лет назад | |
| GHSA-25c3-h67j-g2qq Insufficient data validation in Directory in Google Chrome prior to 108.0.5359.71 allowed a remote attacker to bypass file system restrictions via a crafted HTML page. (Chromium security severity: Medium) | CVSS3: 8.8 | 0% Низкий | около 3 лет назад |
| GHSA-25c3-7fvj-v45j phpMyFAQ Stored Cross-site Scripting vulnerability | CVSS3: 5.4 | 0% Низкий | около 3 лет назад |
| GHSA-25c3-4v7x-3hrp A vulnerability, which was classified as critical, was found in openBI up to 6.0.3. Affected is the function addxinzhi of the file application/controllers/User.php of the component Phar Handler. The manipulation of the argument outimgurl leads to deserialization. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-252696. | CVSS3: 6.3 | 0% Низкий | около 2 лет назад |
| GHSA-25c3-3rg2-gf39 In SweetScape 010 Editor 9.0.1, improper validation of arguments in the internal implementation of the WSubStr function (provided by the scripting engine) allows an attacker to cause a denial of service by crashing the application. | 0% Низкий | больше 3 лет назад | |
| GHSA-259x-wgj2-g49m Unspecified vulnerability in Sun Java System Application Server 7 2004Q2 before Update 6, Web Server 6.1 before SP8, and Web Server 7.0 before Update 1 allows remote attackers to obtain source code of JSP files via unknown vectors. | 1% Низкий | почти 4 года назад | |
| GHSA-259x-v826-2fcj IBM SPSS Modeler 16.0 before 16.0.0.1 on UNIX does not properly drop group privileges, which allows local users to bypass intended file-access restrictions by leveraging (1) gid 0 or (2) root's group memberships. | 0% Низкий | больше 3 лет назад | |
| GHSA-259w-fqv8-xvgh Acronis True Image prior to 2021 Update 4 for Windows allowed local privilege escalation due to improper soft link handling (issue 1 of 2). | 0% Низкий | больше 3 лет назад | |
| GHSA-259w-8hf6-59c2 OCI image importer memory exhaustion in github.com/containerd/containerd | CVSS3: 5.5 | 0% Низкий | почти 3 года назад |
Уязвимостей на страницу