In OpenStack Murano through 16.0.0, when YAQL before 3.0.0 is used, the Murano service's MuranoPL extension to the YAQL language fails to sanitize the supplied environment, leading to potential leakage of sensitive service account information.
Max CVSS
N/A
EPSS Score
0.05%
Published
2024-03-18
Updated
2024-03-18
Rocket.Chat.Audit through 5ad78e8 depends on filecachetools, which does not exist in PyPI.
Max CVSS
N/A
EPSS Score
0.04%
Published
2024-03-18
Updated
2024-03-18
Amazon AWS aws-js-s3-explorer (aka AWS JavaScript S3 Explorer) 1.0.0 allows XSS via a crafted S3 bucket name to index.html.
Max CVSS
N/A
EPSS Score
0.04%
Published
2024-03-11
Updated
2024-03-11
Student Information Chatbot a0196ab allows SQL injection via the username to the login function in index.php.
Max CVSS
N/A
EPSS Score
0.04%
Published
2024-03-11
Updated
2024-03-11
libexpat through 2.6.1 allows an XML Entity Expansion attack when there is isolated use of external parsers (created via XML_ExternalEntityParserCreate).
Max CVSS
N/A
EPSS Score
0.04%
Published
2024-03-10
Updated
2024-03-19
RaspAP (aka raspap-webgui) through 3.0.9 allows remote attackers to cause a persistent denial of service (bricking) via a crafted request.
Max CVSS
N/A
EPSS Score
0.04%
Published
2024-03-09
Updated
2024-03-11
RaspAP (aka raspap-webgui) through 3.0.9 allows remote attackers to read the /etc/passwd file via a crafted request.
Max CVSS
N/A
EPSS Score
0.04%
Published
2024-03-09
Updated
2024-03-11
A SSRF vulnerability using the Aegis DataBinding in versions of Apache CXF before 4.0.4, 3.6.3 and 3.5.8 allows an attacker to perform SSRF style attacks on webservices that take at least one parameter of any type. Users of other data bindings (including the default databinding) are not impacted.
Max CVSS
N/A
EPSS Score
0.04%
Published
2024-03-15
Updated
2024-03-15
Apache Airflow, versions 2.8.0 through 2.8.2, has a vulnerability that allows an authenticated user with limited permissions to access resources such as variables, connections, etc from the UI which they do not have permission to access.  Users of Apache Airflow are recommended to upgrade to version 2.8.3 or newer to mitigate the risk associated with this vulnerability
Max CVSS
N/A
EPSS Score
0.04%
Published
2024-03-14
Updated
2024-03-14
Improper export of Android application components issue exists in 'ABEMA' App for Android prior to 10.65.0 allowing another app installed on the user's device to access an arbitrary URL on 'ABEMA' App for Android via Intent. If this vulnerability is exploited, an arbitrary website may be displayed on the app, and as a result, the user may become a victim of a phishing attack.
Max CVSS
N/A
EPSS Score
0.04%
Published
2024-03-18
Updated
2024-03-18
DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via the component /dede/module_main.php
Max CVSS
N/A
EPSS Score
0.04%
Published
2024-03-13
Updated
2024-03-13
DedeCMS v5.7 was discovered to contain a cross-site scripting (XSS) vulnerability via create file.
Max CVSS
N/A
EPSS Score
0.04%
Published
2024-03-13
Updated
2024-03-13
DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /dede/sys_cache_up.php.
Max CVSS
N/A
EPSS Score
0.04%
Published
2024-03-13
Updated
2024-03-13
DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /dede/plus_edit.php.
Max CVSS
N/A
EPSS Score
0.04%
Published
2024-03-13
Updated
2024-03-13
DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /dede/diy_add.php.
Max CVSS
N/A
EPSS Score
0.04%
Published
2024-03-13
Updated
2024-03-13
DedeCMS v5.7 was discovered to contain a cross-site scripting (XSS) vulnerability via Photo Collection.
Max CVSS
N/A
EPSS Score
0.04%
Published
2024-03-13
Updated
2024-03-13
DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via the component /dede/article_description_main.php
Max CVSS
N/A
EPSS Score
0.04%
Published
2024-03-13
Updated
2024-03-13
DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /dede/article_keywords_main.php.
Max CVSS
N/A
EPSS Score
0.04%
Published
2024-03-13
Updated
2024-03-13
DedeCMS v5.7 was discovered to contain a cross-site scripting (XSS) vulnerability via /dede/article_edit.php.
Max CVSS
N/A
EPSS Score
0.04%
Published
2024-03-13
Updated
2024-03-13
DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /dede/diy_edit.php
Max CVSS
N/A
EPSS Score
0.04%
Published
2024-03-13
Updated
2024-03-13
DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /dede/mychannel_edit.php.
Max CVSS
N/A
EPSS Score
0.04%
Published
2024-03-13
Updated
2024-03-13
DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /dede/media_edit.php.
Max CVSS
N/A
EPSS Score
0.04%
Published
2024-03-13
Updated
2024-03-13
DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /dede/stepselect_main.php.
Max CVSS
N/A
EPSS Score
0.04%
Published
2024-03-13
Updated
2024-03-13
DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /dede/freelist_main.php.
Max CVSS
N/A
EPSS Score
0.04%
Published
2024-03-13
Updated
2024-03-13
DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /dede/freelist_edit.php.
Max CVSS
N/A
EPSS Score
0.04%
Published
2024-03-13
Updated
2024-03-13
1718 vulnerabilities found
1 2 3 4 5 6 ...... 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!