Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

2005 matches found

Positive Technologies
Positive Technologiesadded 2024/02/01 12:0 a.m.4 views

PT-2024-4534 · Unknown · Zenml Server

Name of the Vulnerable Software and Affected Versions: ZenML Server versions prior to 0.46.7 ZenML Server versions 0.44.4, 0.43.1, and 0.42.2 are patched and not vulnerable, so the actual vulnerable range is any version before 0.46.7, excluding the mentioned patched versions. However, since 0.44....

8.8CVSS8.7AI score0.70581EPSS
Exploits1References18
Github Security Blog
Github Security Blogadded 2024/01/24 2:21 p.m.30 views

Cross-site Scripting Vulnerability on Data Import

Introduction This write-up describes a vulnerability found in Label Studio, a popular open source data labeling tool. The vulnerability affects all versions of Label Studio prior to 1.10.1 and was tested on version 1.9.2.post0. Overview Label Studio had a remote import feature allowed users to...

6.1CVSS7.1AI score0.00592EPSS
Exploits0References7Affected Software1
OSV
OSVadded 2024/01/19 8:15 p.m.28 views

PYSEC-2024-15

changedetection.io is an open source tool designed to monitor websites for content changes. In affected versions the API endpoint /api/v1/watch//history can be accessed by any unauthorized user. As a result any unauthorized user can check one's watch history. However, because unauthorized party...

3.7CVSS4.2AI score0.00587EPSS
Exploits1References2
Cvelist
Cvelistadded 2024/01/19 7:49 p.m.30 views

CVE-2024-23329 changedetection.io API endpoint is not secured with API token

changedetection.io is an open source tool designed to monitor websites for content changes. In affected versions the API endpoint /api/v1/watch//history can be accessed by any unauthorized user. As a result any unauthorized user can check one's watch history. However, because unauthorized party...

3.7CVSS4.3AI score0.00587EPSS
Exploits1References2
OSV
OSVadded 2024/01/19 7:49 p.m.19 views

CVE-2024-23329 changedetection.io API endpoint is not secured with API token

changedetection.io is an open source tool designed to monitor websites for content changes. In affected versions the API endpoint /api/v1/watch//history can be accessed by any unauthorized user. As a result any unauthorized user can check one's watch history. However, because unauthorized party...

3.7CVSS4.6AI score0.00587EPSS
Exploits1References4
Positive Technologies
Positive Technologiesadded 2024/01/18 12:0 a.m.2 views

PT-2024-19531 · Flycms · Flycms

Name of the Vulnerable Software and Affected Versions: FlyCms version 1.0 Description: The issue is a Cross-Site Request Forgery CSRF vulnerability. It can be exploited via the "/system/admin/update group save" API endpoint. Recommendations: For FlyCms version 1.0, as a temporary workaround,...

8.8CVSS8.6AI score0.00352EPSS
Exploits1References5
Positive Technologies
Positive Technologiesadded 2024/01/18 12:0 a.m.2 views

PT-2024-19575 · Flycms · Flycms

Name of the Vulnerable Software and Affected Versions: FlyCms version 1.0 Description: The issue is a Cross-Site Request Forgery CSRF vulnerability. It can be exploited via the "/system/email/email conf updagte" API endpoint. This vulnerability allows an attacker to perform unauthorized actions o...

8.8CVSS8.6AI score0.00321EPSS
Exploits1References5
Positive Technologies
Positive Technologiesadded 2024/01/18 12:0 a.m.3 views

PT-2024-19496 · Flycms · Flycms

Name of the Vulnerable Software and Affected Versions: FlyCms version 1.0 Description: The issue is a Cross-Site Request Forgery CSRF vulnerability. It can be exploited via the /system/user/group save API endpoint. Recommendations: For FlyCms version 1.0, as a temporary workaround, consider...

8.8CVSS8.7AI score0.00317EPSS
Exploits1References4
Positive Technologies
Positive Technologiesadded 2024/01/18 12:0 a.m.4 views

PT-2024-19576 · Flycms · Flycms

Name of the Vulnerable Software and Affected Versions: FlyCms version 1.0 Description: The issue is a Cross-Site Request Forgery CSRF vulnerability. It occurs via the "/system/site/filterKeyword save" API endpoint. This allows for potential unauthorized actions on the system. Recommendations: For...

8.8CVSS8.5AI score0.00321EPSS
Exploits1References5
Tenable Nessus
Tenable Nessusadded 2024/01/03 12:0 a.m.20 views

GitLab 13.10 < 14.1.7 / 14.2 < 14.2.5 / 14.3 < 14.3.1 (CVE-2021-39888)

The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - In all versions of GitLab EE starting from 13.10 before 14.1.7, all versions starting from 14.2 before 14.2.5, and all versions starting from 14.3 before 14.3.1 a specific API endpoint may reveal...

4.3CVSS5.3AI score0.01007EPSS
Exploits1References4
Positive Technologies
Positive Technologiesadded 2023/12/27 12:0 a.m.7 views

PT-2023-32884 · Weiye Jing · Datax-Web

Name of the Vulnerable Software and Affected Versions: WeiYe-Jing datax-web version 2.1.2 Description: A critical issue has been found in the HTTP POST Request Handler component, specifically affecting some unknown functionality of the file /api/log/killJob. The manipulation of the processId...

9.8CVSS7AI score0.09901EPSS
Exploits1References10
NVD
NVDadded 2023/12/25 8:15 a.m.28 views

CVE-2022-34267

An issue was discovered in RWS WorldServer before 11.7.3. Adding a token parameter with the value of 02 bypasses all authentication requirements. Arbitrary Java code can be uploaded and executed via a .jar archive to the ws-api/v2/customizations/api endpoint...

9.8CVSS0.42162EPSS
Exploits1References2
Prion
Prionadded 2023/12/25 8:15 a.m.20 views

Authentication flaw

An issue was discovered in RWS WorldServer before 11.7.3. Adding a token parameter with the value of 02 bypasses all authentication requirements. Arbitrary Java code can be uploaded and executed via a .jar archive to the ws-api/v2/customizations/api endpoint...

7.5CVSS7.5AI score0.42162EPSS
Exploits1References2Affected Software1
Positive Technologies
Positive Technologiesadded 2023/12/25 12:0 a.m.4 views

PT-2023-30873 · Unknown · Concrete Cms

Name of the Vulnerable Software and Affected Versions: Concrete CMS versions 9.0.0 through 9.2.2 Description: The issue allows an attacker to force an admin user to delete server report logs on a web application to which they are currently authenticated via the API endpoint...

4.3CVSS4.5AI score0.00227EPSS
Exploits0References9
Vulnrichment
Vulnrichmentadded 2023/12/21 8:45 p.m.13 views

CVE-2023-46646

Improper access control in all versions of GitHub Enterprise Server allows unauthorized users to view private repository names via the "Get a check run" API endpoint. This vulnerability did not allow unauthorized access to any repository content besides the name. This vulnerability affected GitHu...

5.3CVSS6.9AI score0.0054EPSS
Exploits0References4
Packet Storm
Packet Stormadded 2023/12/21 12:0 a.m.474 views

Vinchin Backup And Recovery Command Injection

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Vinchin Backup and Recovery Command Injection', 'Description' = %q This module exploits a command injection vulnerability in Vinchin Backup &...

9.8CVSS7.4AI score0.20477EPSS
Exploits4
NVD
NVDadded 2023/12/16 9:15 a.m.20 views

CVE-2023-6850

A vulnerability was found in kalcaddle KodExplorer up to 4.51.03. It has been declared as critical. This vulnerability affects unknown code of the file /index.php?pluginApp/to/yzOffice/getFile of the component API Endpoint Handler. The manipulation of the argument path/file leads to unrestricted...

9.8CVSS0.00841EPSS
Exploits0References5
OSV
OSVadded 2023/12/16 9:15 a.m.17 views

CVE-2023-6850

A vulnerability was found in kalcaddle KodExplorer up to 4.51.03. It has been declared as critical. This vulnerability affects unknown code of the file /index.php?pluginApp/to/yzOffice/getFile of the component API Endpoint Handler. The manipulation of the argument path/file leads to unrestricted...

9.8CVSS7.1AI score
Exploits0References5
Prion
Prionadded 2023/12/16 9:15 a.m.16 views

Design/Logic Flaw

A vulnerability was found in kalcaddle KodExplorer up to 4.51.03. It has been declared as critical. This vulnerability affects unknown code of the file /index.php?pluginApp/to/yzOffice/getFile of the component API Endpoint Handler. The manipulation of the argument path/file leads to unrestricted...

6.5CVSS7.3AI score0.00841EPSS
Exploits0References5Affected Software1
Cvelist
Cvelistadded 2023/12/16 8:31 a.m.26 views

CVE-2023-6850 kalcaddle KodExplorer API Endpoint unrestricted upload

A vulnerability was found in kalcaddle KodExplorer up to 4.51.03. It has been declared as critical. This vulnerability affects unknown code of the file /index.php?pluginApp/to/yzOffice/getFile of the component API Endpoint Handler. The manipulation of the argument path/file leads to unrestricted...

6.5CVSS9.8AI score0.00841EPSS
Exploits0References5
Rows per page
Query Builder