Page 17 of 42152 results (0.121 seconds)

CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 1

A vulnerability, which was classified as problematic, has been found in ruifang-tech Rebuild 3.8.5. This issue affects some unknown processing of the component Project Task Comment Handler. The manipulation leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. • https://github.com/cydtseng/Vulnerability-Research/blob/main/rebuild/StoredXSS-TaskComments.md https://vuldb.com/?ctiid.288533 https://vuldb.com/?id.288533 https://vuldb.com/?submit.458622 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-94: Improper Control of Generation of Code ('Code Injection') •

CVSS: 9.8EPSS: 0%CPEs: 11EXPL: 0

A vulnerability has been identified in Opcenter Execution Foundation (All versions), Opcenter Intelligence (All versions), Opcenter Quality (All versions), Opcenter RDL (All versions), SIMATIC PCS neo V4.0 (All versions), SIMATIC PCS neo V4.1 (All versions), SIMATIC PCS neo V5.0 (All versions < V5.0 Update 1), SINEC NMS (All versions if operated in conjunction with UMC < V2.15), Totally Integrated Automation Portal (TIA Portal) V16 (All versions), Totally Integrated Automation Portal (TIA Portal) V17 (All versions), Totally Integrated Automation Portal (TIA Portal) V18 (All versions), Totally Integrated Automation Portal (TIA Portal) V19 (All versions). Affected products contain a heap-based buffer overflow vulnerability in the integrated UMC component. This could allow an unauthenticated remote attacker to execute arbitrary code. • https://cert-portal.siemens.com/productcert/html/ssa-928984.html • CWE-122: Heap-based Buffer Overflow •

CVSS: 4.9EPSS: 0%CPEs: 1EXPL: 0

An SQL Injection vulnerability existed in DLP Extension 11.11.1.3. The vulnerability allowed an attacker to perform arbitrary SQL queries potentially leading to command execution. • https://thrive.trellix.com/s/article/000013964 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 9.6EPSS: 0%CPEs: 1EXPL: 0

Due to the lack of CSRF protection for the APIs, unauthenticated remote attackers could use specific APIs through phishing to execute arbitrary JavaScript code in the user’s browser. • https://www.twcert.org.tw/en/cp-139-8299-42168-2.html https://www.twcert.org.tw/tw/cp-132-8292-4fd98-1.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 9.8EPSS: 0%CPEs: -EXPL: 1

Buffer Overflow vulnerability in NEXTU FLATA AX1500 Router v.1.0.2 allows a remote attacker to execute arbitrary code via the POST request handler component. • https://github.com/laskdjlaskdj12/CVE-2024-29671-POC https://ez-net.co.kr/new_2012/customer/download_view.php?cid=&sid=&goods=&cate=&q=Ax1500&seq=228 https://gist.github.com/laskdjlaskdj12/4afc8b5d75640bd28eaf32de3ceda48a • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •