Lucene search

K

Application Security Vulnerabilities

cve
cve

CVE-2024-6007

A vulnerability classified as critical has been found in Netentsec NS-ASG Application Security Gateway 6.3. This affects an unknown part of the file /protocol/iscgwtunnel/deleteiscgwrouteconf.php. The manipulation of the argument messagecontent leads to sql injection. It is possible to initiate...

6.3CVSS

6.8AI Score

0.0004EPSS

2024-06-15 01:15 PM
4
cve
cve

CVE-2024-29169

Dell SCG, versions prior to 5.22.00.00, contain a SQL Injection Vulnerability in the SCG UI for an internal audit REST API. A remote authenticated attacker could potentially exploit this vulnerability, leading to the execution of certain SQL commands on the application's backend database causing...

5.4CVSS

8AI Score

0.0004EPSS

2024-06-13 04:15 PM
17
cve
cve

CVE-2024-28969

Dell SCG, versions prior to 5.24.00.00, contain an Improper Access Control vulnerability in the SCG exposed for an internal update REST API (if enabled by Admin user from UI). A remote low privileged attacker could potentially exploit this vulnerability, leading to the execution of certain APIs...

4.3CVSS

7AI Score

0.0004EPSS

2024-06-13 03:15 PM
14
cve
cve

CVE-2024-29168

Dell SCG, versions prior to 5.22.00.00, contain a SQL Injection Vulnerability in the SCG UI for an internal assets REST API. A remote authenticated attacker could potentially exploit this vulnerability, leading to the execution of certain SQL commands on the application's backend database causing.....

5.4CVSS

8AI Score

0.0004EPSS

2024-06-13 03:15 PM
15
cve
cve

CVE-2024-28965

Dell SCG, versions prior to 5.24.00.00, contain an Improper Access Control vulnerability in the SCG exposed for an internal enable REST API (if enabled by Admin user from UI). A remote low privileged attacker could potentially exploit this vulnerability, leading to the execution of certain...

5.4CVSS

7AI Score

0.0004EPSS

2024-06-13 03:15 PM
15
cve
cve

CVE-2024-28967

Dell SCG, versions prior to 5.24.00.00, contain an Improper Access Control vulnerability in the SCG exposed for an internal maintenance REST API (if enabled by Admin user from UI). A remote low privileged attacker could potentially exploit this vulnerability, leading to the execution of certain...

5.4CVSS

7AI Score

0.0004EPSS

2024-06-13 03:15 PM
14
cve
cve

CVE-2024-28966

Dell SCG, versions prior to 5.24.00.00, contain an Improper Access Control vulnerability in the SCG exposed for an internal update REST API (if enabled by Admin user from UI). A remote low privileged attacker could potentially exploit this vulnerability, leading to the execution of certain APIs...

5.4CVSS

5.6AI Score

0.0004EPSS

2024-06-13 03:15 PM
14
cve
cve

CVE-2024-28968

Dell SCG, versions prior to 5.24.00.00, contain an Improper Access Control vulnerability in the SCG exposed for internal email and collection settings REST APIs (if enabled by Admin user from UI). A remote low privileged attacker could potentially exploit this vulnerability, leading to the...

5.4CVSS

7AI Score

0.0004EPSS

2024-06-13 03:15 PM
13
cve
cve

CVE-2024-22333

IBM Maximo Asset Management 7.6.1.3 and IBM Maximo Application Suite 8.10 and 8.11 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: ...

4CVSS

3.6AI Score

0.0004EPSS

2024-06-13 02:15 PM
17
cve
cve

CVE-2024-2300

HP Advance Mobile Applications for iOS and Android are potentially vulnerable to information disclosure when using an outdated version of the application via mobile...

6AI Score

0.0004EPSS

2024-06-12 03:15 PM
16
cve
cve

CVE-2024-5773

A vulnerability, which was classified as critical, was found in Netentsec NS-ASG Application Security Gateway 6.3. Affected is an unknown function of the file /protocol/firewall/deletemacbind.php. The manipulation of the argument messagecontent leads to sql injection. It is possible to launch the.....

6.3CVSS

6.8AI Score

0.0004EPSS

2024-06-09 03:15 AM
22
cve
cve

CVE-2024-5772

A vulnerability, which was classified as critical, has been found in Netentsec NS-ASG Application Security Gateway 6.3. This issue affects some unknown processing of the file /protocol/iscuser/deleteiscuser.php. The manipulation of the argument messagecontent leads to sql injection. The attack may....

6.3CVSS

6.8AI Score

0.0004EPSS

2024-06-09 03:15 AM
3
cve
cve

CVE-2024-1662

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in PORTY Smart Tech Technology Joint Stock Company PowerBank Application allows Retrieve Embedded Sensitive Data.This issue affects PowerBank Application: before...

7.5CVSS

6.8AI Score

0.001EPSS

2024-06-05 12:15 PM
27
cve
cve

CVE-2024-5590

A vulnerability was found in Netentsec NS-ASG Application Security Gateway 6.3. It has been declared as critical. This vulnerability affects unknown code of the file /protocol/iscuser/uploadiscuser.php of the component JSON Content Handler. The manipulation of the argument messagecontent leads to.....

6.3CVSS

7.7AI Score

0.0004EPSS

2024-06-03 01:15 AM
14
cve
cve

CVE-2024-5589

A vulnerability was found in Netentsec NS-ASG Application Security Gateway 6.3. It has been classified as critical. This affects an unknown part of the file /admin/config_MT.php?action=delete. The manipulation of the argument Mid leads to sql injection. It is possible to initiate the attack...

6.3CVSS

7.5AI Score

0.0004EPSS

2024-06-03 01:15 AM
3
cve
cve

CVE-2024-2036

The ApplyOnline – Application Form Builder and Manager plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the aol_modal_box AJAX action in all versions up to, and including, 2.6. This makes it possible for authenticated attackers, with subscriber....

4.3CVSS

6.3AI Score

0.0004EPSS

2024-05-22 09:15 AM
26
cve
cve

CVE-2022-45368

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Lenderd 1003 Mortgage Application allows Relative Path Traversal.This issue affects 1003 Mortgage Application: from n/a through...

7.7CVSS

6.7AI Score

0.0004EPSS

2024-05-17 07:15 AM
26
cve
cve

CVE-2024-30059

Microsoft Intune for Android Mobile Application Management Tampering...

6.1CVSS

6.8AI Score

0.0004EPSS

2024-05-14 05:17 PM
51
cve
cve

CVE-2024-34687

SAP NetWeaver Application Server for ABAP and ABAP Platform do not sufficiently encode user controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. An attacker can control code that is executed within a user’s browser, which could result in modification, deletion of data,...

6.5CVSS

6.3AI Score

0.0004EPSS

2024-05-14 04:17 PM
24
cve
cve

CVE-2024-33006

An unauthenticated attacker can upload a malicious file to the server which when accessed by a victim can allow an attacker to completely compromise...

9.6CVSS

6.9AI Score

0.0004EPSS

2024-05-14 04:17 PM
27
cve
cve

CVE-2024-32733

Due to missing input validation and output encoding of untrusted data, SAP NetWeaver Application Server ABAP and ABAP Platform allows an unauthenticated attacker to inject malicious JavaScript code into the dynamically crafted web page. On successful exploitation the attacker can access or modify.....

6.1CVSS

6.7AI Score

0.0004EPSS

2024-05-14 04:17 PM
26
cve
cve

CVE-2024-29207

An Improper Certificate Validation could allow a malicious actor with access to an adjacent network to take control of the system. Affected Products: UniFi Connect Application (Version 3.7.9 and earlier) UniFi Connect EV Station (Version 1.1.18 and earlier) UniFi Connect EV Station Pro (Version...

7.5CVSS

6.9AI Score

0.0004EPSS

2024-05-07 05:15 PM
29
cve
cve

CVE-2024-1695

A potential security vulnerability has been identified in the HP Application Enabling Software Driver for certain HP PC products, which might allow escalation of privilege. HP is releasing software updates to mitigate this potential...

7.1AI Score

0.0004EPSS

2024-05-06 09:15 PM
38
cve
cve

CVE-2024-4029

A vulnerability was found in Wildfly’s management interface. Due to the lack of limitation of sockets for the management interface, it may be possible to cause a denial of service hitting the nofile limit as there is no possibility to configure or set a maximum number of...

4.1CVSS

4.5AI Score

0.0004EPSS

2024-05-02 03:15 PM
60
cve
cve

CVE-2024-1102

A vulnerability was found in jberet-core logging. An exception in 'dbProperties' might display user credentials such as the username and password for the...

6.5CVSS

6.7AI Score

0.0004EPSS

2024-04-25 05:15 PM
61
cve
cve

CVE-2023-6717

A flaw was found in the SAML client registration in Keycloak that could allow an administrator to register malicious JavaScript URIs as Assertion Consumer Service POST Binding URLs (ACS), posing a Cross-Site Scripting (XSS) risk. This issue may allow a malicious admin in one realm or a client with....

6CVSS

5.5AI Score

0.0004EPSS

2024-04-25 04:15 PM
134
cve
cve

CVE-2023-5675

A flaw was found in Quarkus. When a Quarkus RestEasy Classic or Reactive JAX-RS endpoint has its methods declared in the abstract Java class or customized by Quarkus extensions using the annotation processor, the authorization of these methods will not be enforced if it is enabled by either...

6.5CVSS

6.3AI Score

0.0004EPSS

2024-04-25 04:15 PM
82
cve
cve

CVE-2024-25026

IBM WebSphere Application Server 8.5, 9.0 and IBM WebSphere Application Server Liberty 17.0.0.3 through 24.0.0.4 are vulnerable to a denial of service, caused by sending a specially crafted request. A remote attacker could exploit this vulnerability to cause the server to consume memory...

5.9CVSS

6.3AI Score

0.0004EPSS

2024-04-25 01:15 PM
43
cve
cve

CVE-2024-1249

A flaw was found in Keycloak's OIDC component in the "checkLoginIframe," which allows unvalidated cross-origin messages. This flaw allows attackers to coordinate and send millions of requests in seconds using simple code, significantly impacting the application's availability without proper origin....

7.4CVSS

6.1AI Score

0.0004EPSS

2024-04-17 02:15 PM
245
cve
cve

CVE-2024-1132

A flaw was found in Keycloak, where it does not properly validate URLs included in a redirect. This issue could allow an attacker to construct a malicious request to bypass validation and access other URLs and sensitive information within the domain or conduct further attacks. This flaw affects...

8.1CVSS

5.7AI Score

0.0004EPSS

2024-04-17 02:15 PM
141
cve
cve

CVE-2024-22329

IBM WebSphere Application Server 8.5, 9.0 and IBM WebSphere Application Server Liberty 17.0.0.3 through 24.0.0.3 are vulnerable to server-side request forgery (SSRF). By sending a specially crafted request, an attacker could exploit this vulnerability to conduct the SSRF attack. X-Force ID: ...

4.3CVSS

4.4AI Score

0.0004EPSS

2024-04-17 02:15 AM
48
cve
cve

CVE-2024-22354

IBM WebSphere Application Server 8.5, 9.0 and IBM WebSphere Application Server Liberty 17.0.0.3 through 24.0.0.5 are vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information, consume...

7CVSS

6.9AI Score

0.0004EPSS

2024-04-17 01:15 AM
65
cve
cve

CVE-2024-31263

Cross-Site Request Forgery (CSRF) vulnerability in aerin Loan Repayment Calculator and Application Form.This issue affects Loan Repayment Calculator and Application Form: from n/a through...

5.4CVSS

9.2AI Score

0.0004EPSS

2024-04-12 01:15 PM
29
cve
cve

CVE-2023-6236

A flaw was found in JBoss EAP. When an OIDC app that serves multiple tenants attempts to access the second tenant, it should prompt the user to log in again since the second tenant is secured with a different OIDC configuration. The underlying issue is in OidcSessionTokenStore when determining if.....

7.3CVSS

6.2AI Score

0.0004EPSS

2024-04-10 01:15 AM
54
cve
cve

CVE-2024-1812

The Everest Forms plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 2.0.7 via the 'font_url' parameter. This makes it possible for unauthenticated attackers to make web requests to arbitrary locations originating from the web application and...

7.2CVSS

9.1AI Score

0.0004EPSS

2024-04-09 07:15 PM
41
cve
cve

CVE-2024-1233

A flaw was found inJwtValidator.resolvePublicKey in JBoss EAP, where the validator checks jku and sends a HTTP request. During this process, no whitelisting or other filtering behavior is performed on the destination URL address, which may result in a server-side request forgery (SSRF)...

7.3CVSS

6.3AI Score

0.001EPSS

2024-04-09 07:15 AM
94
cve
cve

CVE-2024-3457

A vulnerability classified as critical has been found in Netentsec NS-ASG Application Security Gateway 6.3. This affects an unknown part of the file /admin/config_ISCGroupNoCache.php. The manipulation of the argument GroupId leads to sql injection. It is possible to initiate the attack remotely....

6.3CVSS

7.3AI Score

0.0004EPSS

2024-04-08 06:15 PM
28
cve
cve

CVE-2024-3458

A vulnerability classified as critical was found in Netentsec NS-ASG Application Security Gateway 6.3. This vulnerability affects unknown code of the file /admin/add_ikev2.php. The manipulation of the argument TunnelId leads to sql injection. The attack can be initiated remotely. The exploit has...

6.3CVSS

7.5AI Score

0.0004EPSS

2024-04-08 06:15 PM
28
cve
cve

CVE-2024-3456

A vulnerability was found in Netentsec NS-ASG Application Security Gateway 6.3. It has been rated as critical. Affected by this issue is some unknown functionality of the file /admin/config_Anticrack.php. The manipulation of the argument GroupId leads to sql injection. The attack may be launched...

6.3CVSS

7.3AI Score

0.0004EPSS

2024-04-08 05:15 PM
29
cve
cve

CVE-2024-3455

A vulnerability was found in Netentsec NS-ASG Application Security Gateway 6.3. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /admin/add_postlogin.php. The manipulation of the argument SingleLoginId leads to sql injection. The attack can...

6.3CVSS

7.3AI Score

0.0004EPSS

2024-04-08 04:15 PM
28
cve
cve

CVE-2024-22328

IBM Maximo Application Suite 8.10 and 8.11 could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: ...

7.5CVSS

6.5AI Score

0.0004EPSS

2024-04-06 12:15 PM
42
cve
cve

CVE-2024-27981

A Command Injection vulnerability found in a Self-Hosted UniFi Network Servers (Linux) with UniFi Network Application (Version 8.0.28 and earlier) allows a malicious actor with UniFi Network Application Administrator credentials to escalate privileges to root on the host device. Affected Products:....

7.4AI Score

0.0004EPSS

2024-04-04 11:15 PM
26
cve
cve

CVE-2024-28787

IBM Security Verify Access 10.0.0 through 10.0.7 and IBM Application Gateway 20.01 through 24.03 could allow a remote attacker to obtain highly sensitive private information or cause a denial of service using a specially crafted HTTP request. IBM X-Force ID: ...

8.7CVSS

8.1AI Score

0.0004EPSS

2024-04-04 06:15 PM
45
cve
cve

CVE-2024-27268

IBM WebSphere Application Server Liberty 18.0.0.2 through 24.0.0.4 is vulnerable to a denial of service, caused by sending a specially crafted request. A remote attacker could exploit this vulnerability to cause the server to consume memory resources. IBM X-Force ID: ...

5.9CVSS

6.2AI Score

0.0004EPSS

2024-04-04 06:15 PM
61
cve
cve

CVE-2023-50313

IBM WebSphere Application Server 8.5 and 9.0 could provide weaker than expected security for outbound TLS connections caused by a failure to honor user configuration. IBM X-Force ID: ...

6.5CVSS

6AI Score

0.0004EPSS

2024-04-02 01:15 PM
36
cve
cve

CVE-2024-1300

A vulnerability in the Eclipse Vert.x toolkit causes a memory leak in TCP servers configured with TLS and SNI support. When processing an unknown SNI server name assigned the default certificate instead of a mapped certificate, the SSL context is erroneously cached in the server name map, leading.....

5.4CVSS

6.1AI Score

0.0004EPSS

2024-04-02 08:15 AM
145
cve
cve

CVE-2024-22353

IBM WebSphere Application Server Liberty 17.0.0.3 through 24.0.0.4 is vulnerable to a denial of service, caused by sending a specially crafted request. A remote attacker could exploit this vulnerability to cause the server to consume memory resources. IBM X-Force ID: ...

7.5CVSS

7.3AI Score

0.0004EPSS

2024-03-31 12:15 PM
79
cve
cve

CVE-2024-3094

Malicious code was discovered in the upstream tarballs of xz, starting with version 5.6.0. Through a series of complex obfuscations, the liblzma build process extracts a prebuilt object file from a disguised test file existing in the source code, which is then used to modify specific functions in.....

10CVSS

9.3AI Score

0.133EPSS

2024-03-29 05:15 PM
298
In Wild
cve
cve

CVE-2024-3041

A vulnerability has been found in Netentsec NS-ASG Application Security Gateway 6.3 and classified as critical. This vulnerability affects unknown code of the file /protocol/log/listloginfo.php. The manipulation leads to sql injection. The attack can be initiated remotely. The exploit has been...

6.3CVSS

7.3AI Score

0.0004EPSS

2024-03-28 03:15 PM
29
cve
cve

CVE-2024-3040

A vulnerability, which was classified as critical, was found in Netentsec NS-ASG Application Security Gateway 6.3. This affects an unknown part of the file /admin/list_crl_conf. The manipulation of the argument CRLId leads to sql injection. It is possible to initiate the attack remotely. The...

6.3CVSS

7.1AI Score

0.0004EPSS

2024-03-28 03:15 PM
29
Total number of security vulnerabilities2919