Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline

Platform Security Vulnerabilities

cve
cve

CVE-2020-15263

In platform before version 9.4.4, inline attributes are not properly escaped. If the data that came from users was not escaped, then an XSS vulnerability is possible. The issue was introduced in 9.0.0 and fixed in 9.4.4.

8CVSS

5.9AI Score

0.001EPSS

2020-10-19 09:15 PM
50
cve
cve

CVE-2020-27225

In versions 4.18 and earlier of the Eclipse Platform, the Help Subsystem does not authenticate active help requests to the local help web server, allowing an unauthenticated local attacker to issue active help commands to the associated Eclipse Platform process or Eclipse Rich Client Platform proce...

7.8CVSS

7.5AI Score

0.0004EPSS

2021-03-09 07:15 PM
127
cve
cve

CVE-2023-36825

Orchid is a Laravel package that allows application development of back-office applications, admin/user panels, and dashboards. A vulnerability present starting in version 14.0.0-alpha4 and prior to version 14.5.0 is related to the deserialization of untrusted data from the _state query parameter, ...

9.8CVSS

9.7AI Score

0.003EPSS

2023-07-11 06:15 PM
23
cve
cve

CVE-2023-45161

The 1E-Exchange-URLResponseTime instruction that is part of the Network product pack available on the 1E Exchange does not properly validate the URL parameter, which allows for a specially crafted input to perform arbitrary code execution with SYSTEM permissions. This instruction only runs on Windo...

9.9CVSS

7.4AI Score

0.002EPSS

2023-11-06 01:15 PM
49
cve
cve

CVE-2023-45162

Affected 1E Platform versions have a Blind SQL Injection vulnerability that can lead to arbitrary code execution. Application of the relevant hotfix remediates this issue. for v8.1.2 apply hotfix Q23166for v8.4.1 apply hotfix Q23164for v9.0.1 apply hotfix Q23169 SaaS implementations on v23.7.1 will...

9.9CVSS

9.7AI Score

0.001EPSS

2023-10-13 01:15 PM
39
cve
cve

CVE-2023-45163

The 1E-Exchange-CommandLinePing instruction that is part of the Network product pack available on the 1E Exchange does not properly validate the input parameter, which allows for a specially crafted input to perform arbitrary code execution with SYSTEM permissions. This instruction only runs on Win...

9.9CVSS

7.4AI Score

0.002EPSS

2023-11-06 01:15 PM
52
cve
cve

CVE-2023-5964

The 1E-Exchange-DisplayMessageinstruction that is part of the End-User Interaction product pack available on the 1E Exchange does not properly validate the Caption or Message parameters, which allows for a specially crafted input to perform arbitrary code execution with SYSTEM permissions. This ins...

9.9CVSS

7.3AI Score

0.002EPSS

2023-11-06 01:15 PM
151