Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

2005 matches found

Positive Technologies
Positive Technologiesadded 2022/11/01 12:0 a.m.3 views

PT-2022-26854 · Unknown · Canteen Management System

Name of the Vulnerable Software and Affected Versions: Canteen Management System version 1.0 Description: The issue is related to a SQL injection vulnerability. This vulnerability can be exploited via the id parameter at the "/php action/printOrder.php" API endpoint. Recommendations: For Canteen...

7.2CVSS7.1AI score0.00582EPSS
Exploits0References3
Positive Technologies
Positive Technologiesadded 2022/10/28 12:0 a.m.3 views

PT-2022-23912 · Unknown · Seccome Ehoney

Name of the Vulnerable Software and Affected Versions: seccome Ehoney affected versions not specified Description: A critical issue was found in seccome Ehoney. It affects an unknown function of the /api/v1/attack/falco API endpoint. The manipulation of the Payload argument leads to SQL injection...

9.8CVSS9.7AI score0.00439EPSS
Exploits0References2
Positive Technologies
Positive Technologiesadded 2022/10/28 12:0 a.m.6 views

PT-2022-23794 · WordPress · Web Stories

Name of the Vulnerable Software and Affected Versions: Web Stories plugin for WordPress versions up to, and including 1.24.0 Description: The issue arises from insufficient validation of URLs supplied via the url parameter in the "/v1/hotlink/proxy" REST API Endpoint. This allows authenticated...

9.6CVSS8.1AI score0.00694EPSS
Exploits0References10
Positive Technologies
Positive Technologiesadded 2022/10/27 12:0 a.m.4 views

PT-2022-25641 · Unknown · Diaenergie

Name of the Vulnerable Software and Affected Versions: DIAEnergie versions prior to v1.9.01.002 Description: The issue concerns a stored cross-site scripting vulnerability. This vulnerability can be exploited through the "PostEnergyType API" endpoint. Recommendations: For versions prior to...

8.7CVSS5.2AI score0.11111EPSS
Exploits0References3
Tenable Nessus
Tenable Nessusadded 2022/10/27 12:0 a.m.34 views

SUSE SLED15 / SLES15 Security Update : grafana (SUSE-SU-2022:3765-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:3765-1 advisory. - Grafana is an open-source platform for monitoring and observability. In affected versions an attacker could...

8.8CVSS6.7AI score0.68603EPSS
Exploits1References16
Prion
Prionadded 2022/10/26 6:15 p.m.24 views

Server side request forgery (ssrf)

The url parameter of the /api/geojson endpoint in Metabase versions 44.5 can be used to perform Server Side Request Forgery attacks. Previously implemented blacklists could be circumvented by leveraging 301 and 302 redirects...

4CVSS6.4AI score0.00656EPSS
Exploits1References1Affected Software1
Positive Technologies
Positive Technologiesadded 2022/10/26 12:0 a.m.4 views

PT-2022-5272 · D Link · D-Link Dir-816 A2

Name of the Vulnerable Software and Affected Versions: D-Link DIR-816 A2 version 1.10 B05 Description: The issue is related to a stack overflow in the D-Link DIR-816 A2 router's firmware, which can be triggered via the srcip parameter at the "/goform/form2IPQoSTcAdd" API endpoint. This can...

10CVSS9.5AI score0.01191EPSS
Exploits1References4
Positive Technologies
Positive Technologiesadded 2022/10/25 12:0 a.m.3 views

PT-2022-19642 · Abode Systems · Iota All-In-One Security Kit

Name of the Vulnerable Software and Affected Versions: Abode Systems, Inc. iota All-In-One Security Kit versions 6.9X and 6.9Z Description: An authentication bypass issue exists in the web interface, specifically in the /action/factory functionality. This can be triggered by a specially-crafted...

9.8CVSS8.5AI score0.01218EPSS
Exploits1References2
UbuntuCve
UbuntuCveadded 2022/10/17 4:15 p.m.64 views

CVE-2022-2884

A vulnerability in GitLab CE/EE affecting all versions from 11.3.4 prior to 15.1.5, 15.2 to 15.2.3, 15.3 to 15.3 to 15.3.1 allows an an authenticated user to achieve remote code execution via the Import from GitHub API endpoint...

9.9CVSS7.9AI score0.75718EPSS
Exploits4References2
Prion
Prionadded 2022/10/17 4:15 p.m.25 views

Remote code execution

A vulnerability in GitLab CE/EE affecting all versions from 11.10 prior to 15.1.6, 15.2 to 15.2.4, 15.3 to 15.3.2 allows an authenticated user to achieve remote code execution via the Import from GitHub API endpoint...

6.5CVSS9.4AI score0.86194EPSS
Exploits5References4Affected Software1
CVE
CVEadded 2022/10/17 12:0 a.m.2136 views

CVE-2022-2992

CVE-2022-2992 is a GitLab GitHub Import API deserialization flaw that enables authenticated users to trigger remote code execution. Affected products are GitLab CE/EE with versions 11.10–11.10.x? (per the wording) and all releases prior to 15.1.6, 15.2 up to 15.2.4, and 15.3 up to 15.3.2. The roo...

9.9CVSS9.4AI score0.86194EPSS
Exploits5References4Affected Software1
Positive Technologies
Positive Technologiesadded 2022/10/17 12:0 a.m.4 views

PT-2022-25865 · Xzs · Xzs

Name of the Vulnerable Software and Affected Versions: xzs version 3.8.0 Description: The issue allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Title text field in the /admin/question/edit API endpoint. This enables the execution of malicious code...

5.4CVSS6AI score0.00628EPSS
Exploits1References7
Positive Technologies
Positive Technologiesadded 2022/10/17 12:0 a.m.4 views

PT-2022-25879 · 74Cmsse · 74Cmsse

Name of the Vulnerable Software and Affected Versions: 74cmsSE version 3.12.0 Description: The issue allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Title field. This is achieved through the /api/admin/notice/add API endpoint. Recommendations: For...

5.4CVSS5.6AI score0.00384EPSS
Exploits1References4
Positive Technologies
Positive Technologiesadded 2022/10/17 12:0 a.m.3 views

PT-2022-26297 · Tenda · Tenda Ac10

Name of the Vulnerable Software and Affected Versions: Tenda AC10 version 15.03.06.23 Description: The issue is related to a stack overflow vulnerability. This vulnerability can be exploited via the API endpoint "/goform/formWifiWpsStart". Recommendations: For Tenda AC10 version 15.03.06.23, as a...

9.8CVSS9.3AI score0.00928EPSS
Exploits1References3
Positive Technologies
Positive Technologiesadded 2022/10/17 12:0 a.m.3 views

PT-2022-26289 · Tenda · Tenda Ac10

Name of the Vulnerable Software and Affected Versions: Tenda AC10 version 15.03.06.23 Description: The issue is related to a stack overflow that can be triggered via the "/goform/fromNatStaticSetting" API endpoint. Recommendations: For Tenda AC10 version 15.03.06.23, consider restricting access t...

9.8CVSS9.4AI score0.00928EPSS
Exploits1References3
Positive Technologies
Positive Technologiesadded 2022/10/17 12:0 a.m.5 views

PT-2022-26291 · Tenda · Tenda Ac10

Name of the Vulnerable Software and Affected Versions: Tenda AC10 version 15.03.06.23 Description: The issue is related to a stack overflow vulnerability. This vulnerability can be exploited via the "/goform/formSetDeviceName" API endpoint. Recommendations: For Tenda AC10 version 15.03.06.23, as ...

9.8CVSS9.4AI score0.00928EPSS
Exploits1References4
Positive Technologies
Positive Technologiesadded 2022/10/17 12:0 a.m.5 views

PT-2022-26298 · Tenda · Tenda Ac10

Name of the Vulnerable Software and Affected Versions: Tenda AC10 version 15.03.06.23 Description: The issue is related to a stack overflow vulnerability. This vulnerability can be exploited via the "/goform/saveParentControlInfo" API endpoint. Recommendations: For Tenda AC10 version 15.03.06.23,...

9.8CVSS9.3AI score0.00928EPSS
Exploits1References3
Positive Technologies
Positive Technologiesadded 2022/10/17 12:0 a.m.4 views

PT-2022-26294 · Tenda · Tenda Ac10

Name of the Vulnerable Software and Affected Versions: Tenda AC10 version 15.03.06.23 Description: The issue is related to a stack overflow vulnerability. This vulnerability can be exploited via the API endpoint "/goform/fromSetIpMacBind". Recommendations: For Tenda AC10 version 15.03.06.23, as a...

9.8CVSS9.3AI score0.00928EPSS
Exploits1References3
Positive Technologies
Positive Technologiesadded 2022/10/13 12:0 a.m.5 views

PT-2022-21973 · Unknown · Resiot Iot Platform +1

Name of the Vulnerable Software and Affected Versions: ResIOT IOT Platform + LoRaWAN Network Server versions through 4.1.1000114 Description: The issue is related to a SQL injection vulnerability. It can be exploited via a crafted POST request to the "/ResiotQueryDBActive" API endpoint. This allo...

7.2CVSS7.3AI score0.00804EPSS
Exploits1References4
Positive Technologies
Positive Technologiesadded 2022/10/13 12:0 a.m.4 views

PT-2022-25892 · Unknown · Clippercms

Name of the Vulnerable Software and Affected Versions: ClipperCMS version 1.3.3 Description: The issue is related to a Server-Side Request Forgery SSRF that can be exploited via the rss url news parameter at the "/manager/index.php" API endpoint. Recommendations: For ClipperCMS version 1.3.3, avo...

9.8CVSS9.3AI score0.0089EPSS
Exploits1References4
Rows per page
Query Builder