Lucene search
K

1620 matches found

CVE
CVE
added 2024/02/09 2:50 p.m.245 views

CVE-2024-24776

Mattermost vulnerability CVE-2024-24776: The API POST /api/v4/channels/stats/member_count fails to enforce required permissions, leaking channel member counts to users without permissions. Documents confirm affected product (Mattermost) and the underlying issue is a permissions check gap in the c...

4.3CVSS4.5AI score0.00314EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2024/02/09 1:15 a.m.5 views

CVE-2024-1353

A vulnerability, which was classified as critical, has been found in PHPEMS up to 1.0. Affected by this issue is the function index of the file app/weixin/controller/index.api.php. The manipulation of the argument picurl leads to deserialization. The exploit has been disclosed to the public and m...

9.8CVSS5.3AI score0.00741EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2024/02/08 11:9 p.m.8 views

CVE-2024-24830 OpenObserve Privilege Escalation Vulnerability in Users API

OpenObserve is a observability platform built specifically for logs, metrics, traces, analytics, designed to work at petabyte scale. A vulnerability has been identified in the "/api/orgid/users" endpoint. This vulnerability allows any authenticated regular user 'member' to add new users with...

9.9CVSS9AI score0.00716EPSS
Exploits1References1
Prion
Prion
added 2024/02/07 5:15 p.m.27 views

Cross site request forgery (csrf)

A vulnerability in the SOAP API of Cisco Expressway Series and Cisco TelePresence Video Communication Server could allow an unauthenticated, remote attacker to conduct a cross-site request forgery CSRF attack on an affected system. This vulnerability is due to insufficient CSRF protections for th...

5.8CVSS7.5AI score0.00603EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2024/02/05 10:53 p.m.16 views

CVE-2024-0964 LFI in Gradio

A local file include could be remotely triggered in Gradio due to a vulnerable user-supplied JSON value in an API request...

7.5CVSS6.5AI score0.00951EPSS
Exploits1References2
OSV
OSV
added 2024/02/05 6:15 a.m.2 views

CVE-2024-20001

In TVAPI, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: DTV03961601; Issue ID: DTV03961601...

6.7CVSS5.9AI score0.00107EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/02/02 2:14 a.m.24 views

CVE-2024-22319 IBM Operational Decision Manager JDNI injection

IBM Operational Decision Manager 8.10.3, 8.10.4, 8.10.5.1, 8.11, 8.11.0.1, 8.11.1 and 8.12.0.1 is susceptible to remote code execution attack via JNDI injection when passing an unchecked argument to a certain API. IBM X-Force ID: 279145...

8.1CVSS7.6AI score0.764EPSS
Exploits0References2
Prion
Prion
added 2024/01/31 10:15 p.m.24 views

Design/Logic Flaw

BuildKit is a toolkit for converting source code to build artifacts in an efficient, expressive and repeatable manner. In addition to running containers as build steps, BuildKit also provides APIs for running interactive containers based on built images. It was possible to use these APIs to ask...

7.5CVSS9.4AI score0.02983EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2024/01/26 8:57 a.m.678 views

CVE-2024-0727

CVE-2024-0727 affects OpenSSL via processing of PKCS12 files from untrusted sources, causing a NULL pointer dereference that can crash the library and trigger DoS. Affected APIs include PKCS12_parse(), PKCS12_unpack_p7data(), PKCS12_unpack_p7encdata(), PKCS12_unpack_authsafes(), and PKCS12_newpas...

5.5CVSS5.8AI score0.03174EPSS
Exploits0References15Affected Software1
CVE
CVE
added 2024/01/25 12:0 a.m.147 views

CVE-2023-52251

Kafka UI (Provectus Kafka‑UI) 0.4.0–0.7.1 is exploitable via the q parameter in /api/clusters/local/topics/{topic}/messages, allowing remote code execution through a Groovy script injection in the filterQueryType path. Impact is high (RCE). Remediation available: upgrade to Kafka UI 0.7.2 or late...

8.8CVSS8.9AI score0.85025EPSS
In wildExploits5References2Affected Software1
OSV
OSV
added 2024/01/15 10:15 a.m.3 views

CVE-2023-50290

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Solr. The Solr Metrics API publishes all unprotected environment variables available to each Apache Solr instance. Users are able to specify which environment variables to hide, however, the default list is designe...

6.5CVSS6.7AI score0.68665EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2024/01/11 12:0 a.m.4 views

PT-2024-1551 · Vinchin · Vinchin Backup & Recovery

Name of the Vulnerable Software and Affected Versions: Vinchin Backup & Recovery versions 7.2 and earlier Description: The issue is related to the setNetworkCardInfo function in Vinchin Backup & Recovery, which does not properly neutralize special elements used in the operating system command whe...

9CVSS9AI score0.01883EPSS
Exploits3References13
Vulnrichment
Vulnrichment
added 2024/01/08 7:0 p.m.2 views

CVE-2023-6627 WP Go Maps < 9.0.28 - Unauthenticated Stored XSS

The WP Go Maps formerly WP Google Maps WordPress plugin before 9.0.28 does not properly protect most of its REST API routes, which attackers can abuse to store malicious HTML/Javascript on the site...

6.4AI score0.00619EPSS
Exploits2References2
Positive Technologies
Positive Technologies
added 2024/01/08 12:0 a.m.5 views

PT-2024-15030 · WordPress · Wp Go Maps

Name of the Vulnerable Software and Affected Versions: WP Go Maps versions prior to 9.0.28 Description: The issue concerns the WP Go Maps WordPress plugin, where most of its REST API routes are not properly protected. This allows attackers to store malicious HTML/Javascript on the site...

6.1CVSS6.7AI score0.00619EPSS
Exploits2References7
Vulnrichment
Vulnrichment
added 2024/01/02 10:0 p.m.4 views

CVE-2024-0196 Magic-Api code injection

A vulnerability has been found in Magic-Api up to 2.0.1 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /resource/file/api/save?auto=1. The manipulation leads to code injection. The attack can be launched remotely. The exploit has been disclosed ...

6.5CVSS7.9AI score0.00824EPSS
Exploits1References3
SUSE CVE
SUSE CVE
added 2023/12/25 2:11 a.m.3 views

SUSE CVE-2023-49791

Nextcloud Server provides data storage for Nextcloud, an open source cloud platform. In Nextcloud Server prior to versions 26.0.9 and 27.1.4; as well as Nextcloud Enterprise Server prior to versions 23.0.12.13, 24.0.12.9, 25.0.13.4, 26.0.9, and 27.1.4; when an attacker manages to get access to an...

5.4CVSS6.9AI score0.00608EPSS
Exploits0References3
OSV
OSV
added 2023/12/13 10:0 p.m.8 views

CVE-2023-50709 Denial of service attack on the cube-api endpoint

Cube is a semantic layer for building data applications. Prior to version 0.34.34, it is possible to make the entire Cube API unavailable by submitting a specially crafted request to a Cube API endpoint. The issue has been patched in v0.34.34 and it's recommended that all users exposing Cube APIs...

6.5CVSS7.4AI score0.00722EPSS
Exploits0References4
Prion
Prion
added 2023/12/06 9:15 a.m.25 views

Security feature bypass

Vulnerability of missing permission verification for APIs in the Designed for Reliability DFR module. Successful exploitation of this vulnerability may affect service confidentiality...

5CVSS7.1AI score0.0042EPSS
Exploits0References2Affected Software2
Cvelist
Cvelist
added 2023/12/05 12:0 a.m.24 views

CVE-2023-43472

An issue in MLFlow versions 2.8.1 and before allows a remote attacker to obtain sensitive information via a crafted request to REST API...

7.3AI score0.36582EPSS
Exploits1References1
Prion
Prion
added 2023/11/30 5:15 a.m.22 views

Code injection

Insecure Permissions vulnerability in GL.iNet AX1800 version 4.0.0 before 4.5.0 allows a remote attacker to execute arbitrary code via the upload API function...

6.5CVSS8.2AI score0.22593EPSS
Exploits2References1Affected Software1
Rows per page
Query Builder