Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

1998 matches found

Positive Technologies
Positive Technologiesadded 2022/10/25 12:0 a.m.2 views

PT-2022-19642 · Abode Systems · Iota All-In-One Security Kit

Name of the Vulnerable Software and Affected Versions: Abode Systems, Inc. iota All-In-One Security Kit versions 6.9X and 6.9Z Description: An authentication bypass issue exists in the web interface, specifically in the /action/factory functionality. This can be triggered by a specially-crafted...

9.8CVSS8.5AI score0.01218EPSS
Exploits1References2
UbuntuCve
UbuntuCveadded 2022/10/17 4:15 p.m.63 views

CVE-2022-2884

A vulnerability in GitLab CE/EE affecting all versions from 11.3.4 prior to 15.1.5, 15.2 to 15.2.3, 15.3 to 15.3 to 15.3.1 allows an an authenticated user to achieve remote code execution via the Import from GitHub API endpoint...

9.9CVSS7.9AI score0.75718EPSS
Exploits4References2
Prion
Prionadded 2022/10/17 4:15 p.m.24 views

Remote code execution

A vulnerability in GitLab CE/EE affecting all versions from 11.10 prior to 15.1.6, 15.2 to 15.2.4, 15.3 to 15.3.2 allows an authenticated user to achieve remote code execution via the Import from GitHub API endpoint...

6.5CVSS9.4AI score0.86194EPSS
Exploits5References4Affected Software1
Positive Technologies
Positive Technologiesadded 2022/10/17 12:0 a.m.4 views

PT-2022-26291 · Tenda · Tenda Ac10

Name of the Vulnerable Software and Affected Versions: Tenda AC10 version 15.03.06.23 Description: The issue is related to a stack overflow vulnerability. This vulnerability can be exploited via the "/goform/formSetDeviceName" API endpoint. Recommendations: For Tenda AC10 version 15.03.06.23, as ...

9.8CVSS9.4AI score0.00928EPSS
Exploits1References4
Positive Technologies
Positive Technologiesadded 2022/10/17 12:0 a.m.3 views

PT-2022-25879 · 74Cmsse · 74Cmsse

Name of the Vulnerable Software and Affected Versions: 74cmsSE version 3.12.0 Description: The issue allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Title field. This is achieved through the /api/admin/notice/add API endpoint. Recommendations: For...

5.4CVSS5.6AI score0.00384EPSS
Exploits1References4
Positive Technologies
Positive Technologiesadded 2022/10/17 12:0 a.m.3 views

PT-2022-26294 · Tenda · Tenda Ac10

Name of the Vulnerable Software and Affected Versions: Tenda AC10 version 15.03.06.23 Description: The issue is related to a stack overflow vulnerability. This vulnerability can be exploited via the API endpoint "/goform/fromSetIpMacBind". Recommendations: For Tenda AC10 version 15.03.06.23, as a...

9.8CVSS9.3AI score0.00928EPSS
Exploits1References3
Positive Technologies
Positive Technologiesadded 2022/10/17 12:0 a.m.3 views

PT-2022-26297 · Tenda · Tenda Ac10

Name of the Vulnerable Software and Affected Versions: Tenda AC10 version 15.03.06.23 Description: The issue is related to a stack overflow vulnerability. This vulnerability can be exploited via the API endpoint "/goform/formWifiWpsStart". Recommendations: For Tenda AC10 version 15.03.06.23, as a...

9.8CVSS9.3AI score0.00928EPSS
Exploits1References3
Positive Technologies
Positive Technologiesadded 2022/10/17 12:0 a.m.3 views

PT-2022-26289 · Tenda · Tenda Ac10

Name of the Vulnerable Software and Affected Versions: Tenda AC10 version 15.03.06.23 Description: The issue is related to a stack overflow that can be triggered via the "/goform/fromNatStaticSetting" API endpoint. Recommendations: For Tenda AC10 version 15.03.06.23, consider restricting access t...

9.8CVSS9.4AI score0.00928EPSS
Exploits1References3
Positive Technologies
Positive Technologiesadded 2022/10/17 12:0 a.m.3 views

PT-2022-25865 · Xzs · Xzs

Name of the Vulnerable Software and Affected Versions: xzs version 3.8.0 Description: The issue allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Title text field in the /admin/question/edit API endpoint. This enables the execution of malicious code...

5.4CVSS6AI score0.00628EPSS
Exploits1References7
Positive Technologies
Positive Technologiesadded 2022/10/17 12:0 a.m.4 views

PT-2022-26298 · Tenda · Tenda Ac10

Name of the Vulnerable Software and Affected Versions: Tenda AC10 version 15.03.06.23 Description: The issue is related to a stack overflow vulnerability. This vulnerability can be exploited via the "/goform/saveParentControlInfo" API endpoint. Recommendations: For Tenda AC10 version 15.03.06.23,...

9.8CVSS9.3AI score0.00928EPSS
Exploits1References3
CVE
CVEadded 2022/10/17 12:0 a.m.2132 views

CVE-2022-2992

CVE-2022-2992 is a GitLab GitHub Import API deserialization flaw that enables authenticated users to trigger remote code execution. Affected products are GitLab CE/EE with versions 11.10–11.10.x? (per the wording) and all releases prior to 15.1.6, 15.2 up to 15.2.4, and 15.3 up to 15.3.2. The roo...

9.9CVSS9.4AI score0.86194EPSS
Exploits5References4Affected Software1
Positive Technologies
Positive Technologiesadded 2022/10/13 12:0 a.m.3 views

PT-2022-25892 · Unknown · Clippercms

Name of the Vulnerable Software and Affected Versions: ClipperCMS version 1.3.3 Description: The issue is related to a Server-Side Request Forgery SSRF that can be exploited via the rss url news parameter at the "/manager/index.php" API endpoint. Recommendations: For ClipperCMS version 1.3.3, avo...

9.8CVSS9.3AI score0.0089EPSS
Exploits1References4
Positive Technologies
Positive Technologiesadded 2022/10/13 12:0 a.m.4 views

PT-2022-21973 · Unknown · Resiot Iot Platform +1

Name of the Vulnerable Software and Affected Versions: ResIOT IOT Platform + LoRaWAN Network Server versions through 4.1.1000114 Description: The issue is related to a SQL injection vulnerability. It can be exploited via a crafted POST request to the "/ResiotQueryDBActive" API endpoint. This allo...

7.2CVSS7.3AI score0.00804EPSS
Exploits1References4
Huntr
Huntradded 2022/10/12 7:39 p.m.21 views

Moderators can perform Time based SQL injection attack.

The API endpoint /api/chat/users/setenabled POST is vulnerable to a Time based blind SQL injection attack via body parameter ‘userId’. It allows a Moderator to read, modify or delete the entries in the sqlite database. Moderator can leak the streamkey to access admin dashboard. Proof of concept...

7.5CVSS0.3AI score0.00903EPSS
Exploits0
Positive Technologies
Positive Technologiesadded 2022/10/11 12:0 a.m.2 views

PT-2022-26319 · Unknown · Simple Cold Storage Management System

Name of the Vulnerable Software and Affected Versions: Simple Cold Storage Management System version 1.0 Description: The issue allows for SQL Injection via the "/csms/admin/?page=user/manage user&id=" API endpoint, specifically targeting the id variable. This could potentially lead to unauthoriz...

7.2CVSS7.2AI score0.00617EPSS
Exploits0References3
Positive Technologies
Positive Technologiesadded 2022/10/11 12:0 a.m.4 views

PT-2022-25847 · Unknown · Online Pet Shop We App

Name of the Vulnerable Software and Affected Versions: Online Pet Shop We App version 1.0 Description: The issue is related to a SQL injection vulnerability. This vulnerability can be exploited via the id parameter at the "/admin/?page=orders/view order" API endpoint. Recommendations: For Online...

7.2CVSS7AI score0.00831EPSS
Exploits1References2
Github Security Blog
Github Security Blogadded 2022/09/29 12:0 a.m.24 views

Bytebase allows low-privilege users to view admin projects

Overview The "Bytebase" application does not restrict low privilege user from accessing admin projects Details The "Bytebase" application does not restrict low privilege user from accessing admin projects for which an unauthorized user can view the "projects" created by "Admin". The affected...

4.3CVSS7AI score0.00537EPSS
Exploits1References4Affected Software1
Positive Technologies
Positive Technologiesadded 2022/09/23 12:0 a.m.6 views

PT-2022-25588 · Tenda · Tenda Ac15 +1

Name of the Vulnerable Software and Affected Versions: Tenda AC15 and AC18 router version V15.03.05.19 Description: The issue is related to a stack overflow in the fromNatStaticSetting function when handling requests to the "/goform/NatStaticSetting" API endpoint. Recommendations: For Tenda AC15...

9.8CVSS9.4AI score0.01143EPSS
Exploits1References3
Positive Technologies
Positive Technologiesadded 2022/09/23 12:0 a.m.3 views

PT-2022-25221 · Unknown · Online Banking System

Name of the Vulnerable Software and Affected Versions: Online Banking System version 1.0 Description: The issue is related to a SQL injection vulnerability. This vulnerability can be exploited via the cust id parameter at the "/net-banking/send funds action.php" API endpoint. Recommendations: For...

9.8CVSS9.6AI score0.00796EPSS
Exploits1References4
Positive Technologies
Positive Technologiesadded 2022/09/22 12:0 a.m.4 views

PT-2022-25389 · Zzcms · Zzcms

Name of the Vulnerable Software and Affected Versions: ZZCMS version 2022 Description: A full path disclosure issue was discovered in ZZCMS 2022. This issue can be exploited via the "/admin/index.PHP? server" API endpoint. Recommendations: For ZZCMS version 2022, consider restricting access to th...

5.3CVSS5AI score0.00838EPSS
Exploits1References5
Rows per page
Query Builder