Количество 314 212
Количество 314 212
GHSA-xwxm-298x-phpj
The wpForo Forum plugin for WordPress is vulnerable to error‐based or time-based SQL Injection via the get_members() function in all versions up to, and including, 2.4.8 due to missing integer validation on the 'offset' and 'row_count' parameters. The function blindly interpolates 'row_count' into a 'LIMIT offset,row_count' clause using esc_sql() rather than enforcing numeric values. MySQL 5.x’s grammar allows a 'PROCEDURE ANALYSE' clause immediately after a LIMIT clause. Unauthenticated attackers controlling 'row_count' can append a stored‐procedure call, enabling error‐based or time‐based blind SQL injection that can be used to extract sensitive information from the database.
GHSA-xwxj-5cm4-pc27
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Filtr8 Easy Magazine allows DOM-Based XSS. This issue affects Easy Magazine: from n/a through 2.1.13.
GHSA-xwxh-r5pc-7pp9
Heap-based buffer overflow in Google Chrome before 17.0.963.56 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted Matroska video (aka MKV) file.
GHSA-xwxg-r73m-j39w
The easy-pdf-restaurant-menu-upload plugin before 1.1.2 for WordPress has XSS.
GHSA-xwxf-pqj7-vq4g
Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
GHSA-xwxf-3fv9-8q9p
A stack-based buffer overflow vulnerability in the my_cgi.cgi component of certain D-Link devices, including the DSP-W215 version 1.02, can be exploited via a specially crafted HTTP POST request to the /common/info.cgi endpoint. This flaw enables an unauthenticated attacker to achieve remote code execution with system-level privileges.
GHSA-xwxc-wc23-rvj5
Netscape Navigator 7.0.2 and Mozilla allows remote attackers to access cookie information in a different domain via an HTTP request for a domain with an extra . (dot) at the end.
GHSA-xwxc-rh9r-2448
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.01; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service whic...
GHSA-xwxc-j97j-84gf
Race condition in Parc
GHSA-xwxc-4fjj-x6vq
A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1240, CVE-2019-1241, CVE-2019-1242, CVE-2019-1243, CVE-2019-1246, CVE-2019-1248, CVE-2019-1249, CVE-2019-1250.
GHSA-xwx9-xrv6-2fwc
Temi firmware 20190419.165201 does not properly verify that the source of data or communication is valid, aka an Origin Validation Error.
GHSA-xwx9-3j88-2p48
3D Builder Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2023-21780, CVE-2023-21781, CVE-2023-21782, CVE-2023-21783, CVE-2023-21784, CVE-2023-21785, CVE-2023-21786, CVE-2023-21788, CVE-2023-21789, CVE-2023-21790, CVE-2023-21791, CVE-2023-21792, CVE-2023-21793.
GHSA-xwx8-pcpq-9jrq
Buffer overflow in InterVations NaviCOPA HTTP Server 2.01 allows remote attackers to execute arbitrary code via a long (1) /cgi-bin/ or (2) /cgi/ pathname in an HTTP GET request, probably a different issue than CVE-2006-5112.
GHSA-xwx8-cmpp-vxmh
Cross-site scripting (XSS) vulnerability in util.php in Calacode @Mail before 5.2 allows remote attackers to inject arbitrary web script or HTML via the func parameter.
GHSA-xwx7-p63r-2rj8
Navidrome Stores JWT Secret in Plaintext in navidrome.db
GHSA-xwx7-4rrg-r95g
Cross-Site Request Forgery (CSRF) vulnerability in arkapravamajumder Back To Top allows Cross Site Request Forgery. This issue affects Back To Top: from n/a through 2.0.
GHSA-xwx6-vmj4-5rv8
Denial of service via deserialization attack in nifi
GHSA-xwx6-2367-24jg
Cross-site scripting (XSS) vulnerability in Collaboration - File Sharing 01-20 up to 01-20-/B and 01-30 up to 01-30-/B in Hitachi Groupmax Collaboration Portal up to 07-30-/D, Groupmax Collaboration Web Client - Forum/File Sharing up to 07-30-/C, uCosminexus Collaboration Portal up to 06-30-/D, and uCosminexus Collaboration Portal - Forum/File Sharing up to 06-30-/C on Windows allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
GHSA-xwx5-j58j-66qm
OX App Suite through 7.10.5 allows XSS via an unknown system message in Chat.
GHSA-xwx5-5c9g-x68x
Ill-formed headers may lead to unexpected behavior in Istio
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
| GHSA-xwxm-298x-phpj The wpForo Forum plugin for WordPress is vulnerable to error‐based or time-based SQL Injection via the get_members() function in all versions up to, and including, 2.4.8 due to missing integer validation on the 'offset' and 'row_count' parameters. The function blindly interpolates 'row_count' into a 'LIMIT offset,row_count' clause using esc_sql() rather than enforcing numeric values. MySQL 5.x’s grammar allows a 'PROCEDURE ANALYSE' clause immediately after a LIMIT clause. Unauthenticated attackers controlling 'row_count' can append a stored‐procedure call, enabling error‐based or time‐based blind SQL injection that can be used to extract sensitive information from the database. | CVSS3: 7.5 | 0% Низкий | 3 месяца назад |
| GHSA-xwxj-5cm4-pc27 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Filtr8 Easy Magazine allows DOM-Based XSS. This issue affects Easy Magazine: from n/a through 2.1.13. | CVSS3: 6.5 | 0% Низкий | 10 месяцев назад |
| GHSA-xwxh-r5pc-7pp9 Heap-based buffer overflow in Google Chrome before 17.0.963.56 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted Matroska video (aka MKV) file. | 1% Низкий | больше 3 лет назад | |
| GHSA-xwxg-r73m-j39w The easy-pdf-restaurant-menu-upload plugin before 1.1.2 for WordPress has XSS. | CVSS3: 6.1 | 0% Низкий | больше 3 лет назад |
| GHSA-xwxf-pqj7-vq4g Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. | 7 месяцев назад | ||
| GHSA-xwxf-3fv9-8q9p A stack-based buffer overflow vulnerability in the my_cgi.cgi component of certain D-Link devices, including the DSP-W215 version 1.02, can be exploited via a specially crafted HTTP POST request to the /common/info.cgi endpoint. This flaw enables an unauthenticated attacker to achieve remote code execution with system-level privileges. | CVSS3: 9.8 | 48% Средний | 7 месяцев назад |
| GHSA-xwxc-wc23-rvj5 Netscape Navigator 7.0.2 and Mozilla allows remote attackers to access cookie information in a different domain via an HTTP request for a domain with an extra . (dot) at the end. | 0% Низкий | почти 4 года назад | |
| GHSA-xwxc-rh9r-2448 Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.01; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service whic... | CVSS3: 5.3 | 0% Низкий | почти 4 года назад |
| GHSA-xwxc-j97j-84gf Race condition in Parc | CVSS3: 8.1 | больше 4 лет назад | |
| GHSA-xwxc-4fjj-x6vq A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1240, CVE-2019-1241, CVE-2019-1242, CVE-2019-1243, CVE-2019-1246, CVE-2019-1248, CVE-2019-1249, CVE-2019-1250. | 35% Средний | больше 3 лет назад | |
| GHSA-xwx9-xrv6-2fwc Temi firmware 20190419.165201 does not properly verify that the source of data or communication is valid, aka an Origin Validation Error. | CVSS3: 6.5 | 0% Низкий | больше 3 лет назад |
| GHSA-xwx9-3j88-2p48 3D Builder Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2023-21780, CVE-2023-21781, CVE-2023-21782, CVE-2023-21783, CVE-2023-21784, CVE-2023-21785, CVE-2023-21786, CVE-2023-21788, CVE-2023-21789, CVE-2023-21790, CVE-2023-21791, CVE-2023-21792, CVE-2023-21793. | CVSS3: 7.8 | 2% Низкий | около 3 лет назад |
| GHSA-xwx8-pcpq-9jrq Buffer overflow in InterVations NaviCOPA HTTP Server 2.01 allows remote attackers to execute arbitrary code via a long (1) /cgi-bin/ or (2) /cgi/ pathname in an HTTP GET request, probably a different issue than CVE-2006-5112. | 31% Средний | почти 4 года назад | |
| GHSA-xwx8-cmpp-vxmh Cross-site scripting (XSS) vulnerability in util.php in Calacode @Mail before 5.2 allows remote attackers to inject arbitrary web script or HTML via the func parameter. | 0% Низкий | почти 4 года назад | |
| GHSA-xwx7-p63r-2rj8 Navidrome Stores JWT Secret in Plaintext in navidrome.db | CVSS3: 7.1 | 0% Низкий | около 1 года назад |
| GHSA-xwx7-4rrg-r95g Cross-Site Request Forgery (CSRF) vulnerability in arkapravamajumder Back To Top allows Cross Site Request Forgery. This issue affects Back To Top: from n/a through 2.0. | CVSS3: 4.3 | 0% Низкий | 11 месяцев назад |
| GHSA-xwx6-vmj4-5rv8 Denial of service via deserialization attack in nifi | CVSS3: 5 | 0% Низкий | больше 6 лет назад |
| GHSA-xwx6-2367-24jg Cross-site scripting (XSS) vulnerability in Collaboration - File Sharing 01-20 up to 01-20-/B and 01-30 up to 01-30-/B in Hitachi Groupmax Collaboration Portal up to 07-30-/D, Groupmax Collaboration Web Client - Forum/File Sharing up to 07-30-/C, uCosminexus Collaboration Portal up to 06-30-/D, and uCosminexus Collaboration Portal - Forum/File Sharing up to 06-30-/C on Windows allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 1% Низкий | почти 4 года назад | |
| GHSA-xwx5-j58j-66qm OX App Suite through 7.10.5 allows XSS via an unknown system message in Chat. | CVSS3: 6.1 | 0% Низкий | почти 4 года назад |
| GHSA-xwx5-5c9g-x68x Ill-formed headers may lead to unexpected behavior in Istio | CVSS3: 5.9 | 0% Низкий | больше 3 лет назад |
Уязвимостей на страницу