Lucene search
K

18 matches found

OSV
OSV
added 2 days ago2 views

DEBIAN-CVE-2026-13957

Incorrect security UI in Extensions in Google Chrome prior to 150.0.7871.47 allowed an attacker who convinced a user to install a malicious extension to inject arbitrary scripts or HTML UXSS via a crafted HTML page. Chromium security severity: Medium...

4.2CVSS5.9AI score0.00138EPSS
Exploits0References1
Circl
Circl
added 2026/03/10 12:0 a.m.7 views

CVE-2025-13957

creationtimestamp| type| source ---|---|--- 2026-03-10 00:00:00+00:00| seen| https://www.cert.ssi.gouv.fr/avis/CERTFR-2026-AVI-0254/ 2026-03-17 12:00:00+00:00| seen| https://www.cisa.gov/news-events/ics-advisories/icsa-26-076-03...

7.5CVSS5.7AI score0.00679EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/05/24 7:11 p.m.12 views

CVE-2024-13957

SSRF Server Side Request Forgery vulnerabilities exist in ASPECT if administrator credentials become compromisedThis issue affects ASPECT-Enterprise: through 3.; NEXUS Series: through 3.; MATRIX Series: through 3...

7.6CVSS7.2AI score0.00241EPSS
Exploits0References1
NVD
NVD
added 2025/05/22 7:15 p.m.6 views

CVE-2024-13957

SSRF Server Side Request Forgery vulnerabilities exist in ASPECT if administrator credentials become compromisedThis issue affects ASPECT-Enterprise: through 3.; NEXUS Series: through 3.; MATRIX Series: through 3...

7.6CVSS0.00241EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/05/22 6:35 p.m.5 views

CVE-2024-13957 SSRF Server Side Request Forgery

SSRF Server Side Request Forgery vulnerabilities exist in ASPECT if administrator credentials become compromisedThis issue affects ASPECT-Enterprise: through 3.; NEXUS Series: through 3.; MATRIX Series: through 3...

7.6CVSS7.8AI score0.00241EPSS
Exploits0References1
CVE
CVE
added 2025/05/22 6:35 p.m.44 views

CVE-2024-13957

CVE-2024-13957 describes SSRF vulnerabilities in ABB ASPECT, with ASPECT-Enterprise, NEXUS Series, and MATRIX Series affected up to version 3.x. Root cause: server-side requests can be manipulated if administrator credentials are compromised, enabling an attacker to induce outbound requests to in...

7.6CVSS7.8AI score0.00241EPSS
Exploits0References1
IBM Security Bulletins
IBM Security Bulletins
added 2024/09/25 6:58 p.m.27 views

Security Bulletin: Vulnerability in Apache Solr affects IBM watsonx.data

Summary Apache Solr could allow a remote attacker to bypass security restrictions, caused by improper access control by the Configsets API. The checks in place to prevent such features can be circumvented by using a combination of UPLOAD/CREATE actions. This vulnerability can be exploited when...

9.8CVSS6.4AI score0.78874EPSS
Exploits1Affected Software1
Tenable Nessus
Tenable Nessus
added 2023/09/15 12:0 a.m.49 views

Apache Solr 6.6.x < 6.6.7 / 7.x < 7.7.4 / 8.x < 8.6.3 Authentication Bypass (CVE-2020-13957)

The version of Apache Solr running on the remote host is 6.6.x prior to 6.6.7, or 7.x prior to 7.7.4, or 8.x prior to 8.6.3. It is, therefore, affected by an authentication bypass vulnerability. Apache Solr prevents some features considered dangerous which could be used for remote code execution ...

9.8CVSS8.6AI score0.78874EPSS
Exploits1References3
Cvelist
Cvelist
added 2021/11/23 7:59 p.m.8 views

CVE-2018-13957

...

Exploits0
GithubExploit
GithubExploit
added 2021/05/09 6:42 a.m.179 views

Exploit for Incorrect Authorization in Apache Solr

Apache Solr RCE CVE-2020-13957 Docker Demo !docker-demo...

9.8CVSS9.4AI score0.78874EPSS
Exploits1
RedhatCVE
RedhatCVE
added 2020/10/22 1:4 p.m.23 views

CVE-2020-13957

Apache Solr versions 6.6.0 to 6.6.6, 7.0.0 to 7.7.3 and 8.0.0 to 8.6.2 prevents some features considered dangerous which could be used for remote code execution to be configured in a ConfigSet that's uploaded via API without authentication/authorization. The checks in place to prevent such featur...

9.8CVSS4.9AI score0.78874EPSS
Exploits1References3
NVD
NVD
added 2020/10/13 7:15 p.m.18 views

CVE-2020-13957

Apache Solr versions 6.6.0 to 6.6.6, 7.0.0 to 7.7.3 and 8.0.0 to 8.6.2 prevents some features considered dangerous which could be used for remote code execution to be configured in a ConfigSet that's uploaded via API without authentication/authorization. The checks in place to prevent such featur...

9.8CVSS0.78874EPSS
Exploits1References22
UbuntuCve
UbuntuCve
added 2020/10/13 7:15 p.m.19 views

CVE-2020-13957

Apache Solr versions 6.6.0 to 6.6.6, 7.0.0 to 7.7.3 and 8.0.0 to 8.6.2 prevents some features considered dangerous which could be used for remote code execution to be configured in a ConfigSet that's uploaded via API without authentication/authorization. The checks in place to prevent such featur...

9.8CVSS7.2AI score0.78874EPSS
Exploits1References3
CVE
CVE
added 2020/10/13 6:28 p.m.2263 views

CVE-2020-13957

CVE-2020-13957 affects Apache Solr configurations via the ConfigSets API. IBM and OSV/NVD sources confirm that improper access control allows bypassing security checks for dangerous features when uploading/configuring ConfigSets, potentially enabling remote code execution. Affected Solr ranges in...

9.8CVSS9.3AI score0.78874EPSS
Exploits1References22Affected Software1
Debian CVE
Debian CVE
added 2020/10/13 6:28 p.m.21 views

CVE-2020-13957

Apache Solr versions 6.6.0 to 6.6.6, 7.0.0 to 7.7.3 and 8.0.0 to 8.6.2 prevents some features considered dangerous which could be used for remote code execution to be configured in a ConfigSet that's uploaded via API without authentication/authorization. The checks in place to prevent such featur...

9.8CVSS9.6AI score0.78874EPSS
Exploits1
NVD
NVD
added 2019/10/02 7:15 p.m.10 views

CVE-2019-13957

In Umbraco 7.3.8, there is SQL Injection in the backoffice/PageWApprove/PageWApproveApi/GetInpectSearch method via the nodeName parameter...

9.8CVSS9.9AI score0.01361EPSS
Exploits0References2
CVE
CVE
added 2019/10/02 6:46 p.m.63 views

CVE-2019-13957

CVE-2019-13957 affects Umbraco 7.3.8 with a SQL Injection vulnerability in the backoffice /PageWApprove/PageWApproveApi/GetInpectSearch endpoint via the nodeName parameter. The NVD entry lists high/critical impact metrics (CVSS v2 base score 7.5; CVSS v3.1 base score 9.8) indicating network attac...

9.8CVSS9.8AI score0.01361EPSS
Exploits0References2Affected Software1
CVE
CVE
added 1976/01/01 12:0 a.m.15 views

CVE-2017-13957

CVE-2017-13957 entry is rejected/unused by its CNA and does not represent an active vulnerability.

6.8AI score
Exploits0
Rows per page
Query Builder