28 matches found
EUVD-2024-36822
Malicious code in bioql PyPI...
CVE-2024-37768
14Finger v1.1 was discovered to contain an arbitrary user deletion vulnerability via the component /api/admin/user?id...
CVE-2024-37767
Insecure permissions in the component /api/admin/user of 14Finger v1.1 allows attackers to access all user information via a crafted GET request...
CVE-2024-37770
14Finger v1.1 was discovered to contain a remote command execution RCE vulnerability in the fingerprint function. This vulnerability allows attackers to execute arbitrary commands via a crafted payload...
CVE-2024-37769
Insecure permissions in 14Finger v1.1 allow attackers to escalate privileges from normal user to Administrator via a crafted POST request...
CVE-2024-37770
14Finger v1.1 was discovered to contain a remote command execution RCE vulnerability in the fingerprint function. This vulnerability allows attackers to execute arbitrary commands via a crafted payload...
CVE-2024-37770
CVE-2024-37770 affects 14Finger v1.1, with a Remote Command Execution (RCE) vulnerability in the fingerprint function that allows an attacker to run arbitrary commands via a crafted payload. The CVSSv3.1 base score is 9.1 (CRITICAL) with network access, low attack complexity, no privileges requir...
CVE-2024-37770
14Finger v1.1 was discovered to contain a remote command execution RCE vulnerability in the fingerprint function. This vulnerability allows attackers to execute arbitrary commands via a crafted payload...
CVE-2024-37770
14Finger v1.1 was discovered to contain a remote command execution RCE vulnerability in the fingerprint function. This vulnerability allows attackers to execute arbitrary commands via a crafted payload...
CVE-2024-37767
Insecure permissions in the component /api/admin/user of 14Finger v1.1 allows attackers to access all user information via a crafted GET request...
CVE-2024-37767
Insecure permissions in the component /api/admin/user of 14Finger v1.1 allows attackers to access all user information via a crafted GET request...
CVE-2024-37768
14Finger v1.1 was discovered to contain an arbitrary user deletion vulnerability via the component /api/admin/user?id...
CVE-2024-37769
Insecure permissions in 14Finger v1.1 allow attackers to escalate privileges from normal user to Administrator via a crafted POST request...
CVE-2024-37769
Insecure permissions in 14Finger v1.1 allow attackers to escalate privileges from normal user to Administrator via a crafted POST request...
CVE-2024-37768
14Finger v1.1 was discovered to contain an arbitrary user deletion vulnerability via the component /api/admin/user?id...
PT-2024-27740 · 14Finger · 14Finger
Name of the Vulnerable Software and Affected Versions: 14Finger version 1.1 Description: Insecure permissions in the software allow attackers to escalate privileges from a normal user to Administrator via a crafted POST request. This issue can be exploited by sending a manipulated POST request to...
14Finger Security Vulnerability
14Finger is a full-featured Web fingerprint recognition and sharing platform by b1ackc4t individual developers. A security vulnerability exists in version 1.1 of 14Finger, which stems from a vulnerability that allows an attacker to elevate privileges from a regular user to an administrator via a...
CVE-2024-37768
14Finger v1.1 was discovered to contain an arbitrary user deletion vulnerability via the component /api/admin/user?id...
CVE-2024-37767
CVE-2024-37767 affects 14Finger v1.1. The issue is insecure permissions in the component "/api/admin/user", enabling an attacker to access all user information via a crafted GET request. Reported across multiple sources (NVD, Red Hat, OSV, CNNVD, CVEs lists). The underlying problem is improper ac...
14Finger Security Vulnerability
14Finger is a full-featured Web fingerprint recognition and sharing platform by b1ackc4t individual developers. A security vulnerability exists in 14Finger version 1.1, which stems from the /api/admin/user component that allows an attacker to access all user information via a crafted GET request...