Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

1998 matches found

BDU FSTEC
BDU FSTECadded 2023/09/08 12:0 a.m.3 views

The vulnerability in the HTTP request basket service interface allows a attacker to perform an SSRF attack.

The vulnerability of the web service interface for collecting and checking HTTP requests related to Request Baskets is related to insufficient validation of incoming requests when processing the name parameter /api/baskets/name. Exploiting this vulnerability allows a malicious actor to perform an...

8.8CVSS6.5AI score0.07497EPSS
Exploits29References6Affected Software1
Prion
Prionadded 2023/09/04 11:15 a.m.15 views

Design/Logic Flaw

This vulnerability allows remote attackers to disclose sensitive information on affected installations of LG LED Assistant. Authentication is not required to exploit this vulnerability. The specific flaw exists within the /api/download/updateFile endpoint. The issue results from the lack of prope...

5CVSS7.3AI score0.01251EPSS
Exploits0References2Affected Software1
Prion
Prionadded 2023/09/04 11:15 a.m.18 views

Design/Logic Flaw

This vulnerability allows remote attackers to disclose sensitive information on affected installations of LG LED Assistant. Authentication is not required to exploit this vulnerability. The specific flaw exists within the /api/thumbnail endpoint. The issue results from the lack of proper validati...

5CVSS7.3AI score0.01251EPSS
Exploits0References2Affected Software1
NVD
NVDadded 2023/09/04 9:15 a.m.15 views

CVE-2023-4613

This vulnerability allows remote attackers to execute arbitrary code on affected installations of LG LED Assistant. Authentication is not required to exploit this vulnerability. The specific flaw exists within the /api/settings/upload endpoint. The issue results from the lack of proper validation...

9.8CVSS9.7AI score0.02182EPSS
Exploits0References2
Prion
Prionadded 2023/09/04 9:15 a.m.16 views

Design/Logic Flaw

This vulnerability allows remote attackers to execute arbitrary code on affected installations of LG LED Assistant. Authentication is not required to exploit this vulnerability. The specific flaw exists within the /api/settings/upload endpoint. The issue results from the lack of proper validation...

7.5CVSS9.6AI score0.02182EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologiesadded 2023/08/30 12:0 a.m.3 views

PT-2023-27976 · Tenda · Tenda Ac7

Name of the Vulnerable Software and Affected Versions: Tenda AC7 version V15.03.06.44 Description: A stack overflow issue was discovered via the timeZone parameter at the "/goform/SetSysTimeCfg" API endpoint. This issue affects the Tenda AC7 router. Recommendations: For Tenda AC7 version...

9.8CVSS9.3AI score0.00701EPSS
Exploits1References4
Positive Technologies
Positive Technologiesadded 2023/08/30 12:0 a.m.3 views

PT-2023-27974 · Tenda · Tenda Ac7 +2

Name of the Vulnerable Software and Affected Versions: Tenda AC7 version 1.0 V15.03.06.44 Tenda AC9 version 3.0 V15.03.06.42 multi Tenda AC5 version 1.0RTL V15.03.06.28 Description: A stack overflow issue was discovered via the parameter list at the "/goform/SetIpMacBind" API endpoint. This issue...

9.8CVSS9.5AI score0.00906EPSS
Exploits1References3
Veracode
Veracodeadded 2023/08/25 2:53 a.m.29 views

Cross-site Scripting (XSS)

github.com/prometheus/alertmanager is vulnerable to Cross-site Scripting XSS. The vulnerability exists due to the lack of HTML sanitization in the generatorURL field of Alert.elm, which allows an attacker to inject and execute malicious JavaScript by sending a POST request to the /api/v1/alerts...

7.5CVSS6.4AI score0.00568EPSS
Exploits0References5Affected Software3
Veracode
Veracodeadded 2023/08/24 8:49 a.m.27 views

Information Disclosure

Datasette is vulnerable to Information Disclosure. The vulnerability exists because it does not check permissions when viewing the /-/api endpoint, resulting in databases and tables disclosure to unauthenticated users...

5.3CVSS6.8AI score0.00464EPSS
Exploits0References3Affected Software1
Positive Technologies
Positive Technologiesadded 2023/08/24 12:0 a.m.3 views

PT-2023-27694 · Tenda · Tenda Ac8

Name of the Vulnerable Software and Affected Versions: Tenda AC8 version US AC8V4.0si V16.03.34.06 cn Description: A stack overflow issue was discovered via the parameter list at the "/goform/SetNetControlList" API endpoint. This issue affects the Tenda AC8 router. Recommendations: For Tenda AC8...

9.8CVSS9.5AI score0.00776EPSS
Exploits1References4
Positive Technologies
Positive Technologiesadded 2023/08/24 12:0 a.m.2 views

PT-2023-27688 · Tenda · Tenda Ac8

Name of the Vulnerable Software and Affected Versions: Tenda AC8 version US AC8V4.0si V16.03.34.06 cn Description: A stack overflow issue was discovered via the parameter list at the "/goform/SetStaticRouteCfg" API endpoint. This issue affects the Tenda AC8 router. Recommendations: For Tenda AC8...

9.8CVSS9.4AI score0.00701EPSS
Exploits1References4
Positive Technologies
Positive Technologiesadded 2023/08/24 12:0 a.m.3 views

PT-2023-27681 · Dedecms · Dedecms

Name of the Vulnerable Software and Affected Versions: DedeCMS versions up to and including 5.7.110 Description: The issue concerns multiple cross-site scripting XSS vulnerabilities. These vulnerabilities are located at the "/dede/vote add.php" API endpoint via the votename and voteitem1...

5.4CVSS5.5AI score0.00387EPSS
Exploits1References3
Positive Technologies
Positive Technologiesadded 2023/08/24 12:0 a.m.3 views

PT-2023-27690 · Tenda · Tenda Ac8

Name of the Vulnerable Software and Affected Versions: Tenda AC8 version US AC8V4.0si V16.03.34.06 cn Description: A stack overflow issue was discovered via the mac parameter at the "/goform/GetParentControlInfo" API endpoint. This issue affects the Tenda AC8 router. Recommendations: For Tenda AC...

9.8CVSS9.3AI score0.00701EPSS
Exploits1References4
Positive Technologies
Positive Technologiesadded 2023/08/24 12:0 a.m.3 views

PT-2023-27692 · Tenda · Tenda Ac8

Name of the Vulnerable Software and Affected Versions: Tenda AC8 version US AC8V4.0si V16.03.34.06 cn Description: A stack overflow issue was discovered, which can be triggered via the macFilterType and deviceList parameters at the "/goform/setMacFilterCfg" API endpoint. Recommendations: For Tend...

9.8CVSS9.3AI score0.00776EPSS
Exploits1References3
Packet Storm
Packet Stormadded 2023/08/23 12:0 a.m.327 views

CrafterCMS 4.0.2 Cross Site Scripting

--------------------------------------------------------------------------- CrafterCMS = 4.0.2 Multiple Reflected Cross-Site Scripting Vulnerabilities --------------------------------------------------------------------------- - Software Link: https://craftercms.org - Affected Versions: Version...

7.4CVSS7.1AI score0.01304EPSS
Exploits2
Cvelist
Cvelistadded 2023/08/16 9:39 p.m.25 views

CVE-2023-20232

A vulnerability in the Tomcat implementation for Cisco Unified Contact Center Express Unified CCX could allow an unauthenticated, remote attacker to cause a web cache poisoning attack on an affected device. This vulnerability is due to improper input validation of HTTP requests. An attacker could...

5.3CVSS5.6AI score0.00423EPSS
Exploits0References1
Cisco
Ciscoadded 2023/08/16 4:0 p.m.36 views

Cisco Unified Contact Center Express Finesse Portal Web Cache Poisoning Vulnerability

A vulnerability in the Tomcat implementation for Cisco Unified Contact Center Express Unified CCX could allow an unauthenticated, remote attacker to cause a web cache poisoning attack on an affected device. This vulnerability is due to improper input validation of HTTP requests. An attacker could...

5.3CVSS5.3AI score0.00423EPSS
Exploits0References1
Positive Technologies
Positive Technologiesadded 2023/08/08 12:0 a.m.4 views

PT-2023-26597 · Churchcrm · Churchcrm

Name of the Vulnerable Software and Affected Versions: ChurchCRM version 5.0.0 Description: The issue allows a remote attacker to obtain sensitive information via the searchstring and searchwhat parameters within the "/QueryView.php" API endpoint. Recommendations: For ChurchCRM version 5.0.0,...

7.5CVSS7.3AI score0.0071EPSS
Exploits0References9
Positive Technologies
Positive Technologiesadded 2023/08/07 12:0 a.m.4 views

PT-2023-26695 · Tenda · Tenda Fh1202 +3

Name of the Vulnerable Software and Affected Versions: Tenda F1202 version 1.2.0.9 PA202 version 1.1.2.5 PW201A version 1.1.2.5 FH1202 version 1.2.0.9 Description: A stack overflow issue was discovered via the page parameter at the "/L7Im" API endpoint. This issue affects several Tenda devices...

9.8CVSS9.4AI score0.00701EPSS
Exploits1References4
Veracode
Veracodeadded 2023/08/06 7:54 p.m.18 views

Information Disclosure

gitlab is vulnerable to Information Disclosure. The vulnerability exists due to improper view permissions which allows an attacker to see pending invitations of any public group or public project by visiting an API endpoint...

5.3CVSS6.8AI score0.01134EPSS
Exploits0References4Affected Software1
Rows per page
Query Builder