Lucene search
K

119 matches found

Positive Technologies
Positive Technologies
added 2025/06/09 12:0 a.m.3 views

PT-2025-27696

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: A potential out-of-bounds read/write access issue has been identified in the Linux kernel, specifically in the net/mdiobus component. This issue arises when using tools like mdio-tools...

7.1CVSS6.6AI score0.00161EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/23 2:13 a.m.12 views

CVE-2023-37265

CasaOS is an open-source Personal Cloud system. Due to a lack of IP address verification an unauthenticated attackers can execute arbitrary commands as root on CasaOS instances. The problem was addressed by improving the detection of client IP addresses in 391dd7f. This patch is part of CasaOS...

9.8CVSS7.7AI score0.06363EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 5:11 p.m.8 views

CVE-2020-8086

The modauthldap and modauthldap2 Community Modules through 2020-01-27 for Prosody incompletely verify the XMPP address passed to the isadmin function. This grants remote entities admin-only functionality if their username matches the username of a local admin...

9.8CVSS6.7AI score0.01564EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 5:4 p.m.7 views

CVE-2020-19768

A lack of target address verification in the selfdestructs function of ICOVO 1.0 allows attackers to steal tokens from victim users via a crafted script...

7.5CVSS6.7AI score0.00542EPSS
Exploits1
RedhatCVE
RedhatCVE
added 2025/05/22 3:17 p.m.6 views

CVE-2020-19769

A lack of target address verification in the BurnMe function of Rob The Bank 1.0 allows attackers to steal tokens from victim users via a crafted script...

7.5CVSS6.8AI score0.00542EPSS
Exploits1
RedhatCVE
RedhatCVE
added 2025/05/22 4:55 a.m.7 views

CVE-2019-19806

accountforgotpassword.ajax.php in MFScripts YetiShare 3.5.2 through 4.5.3 displays a message indicating whether an email address is configured for the account name provided. This can be used by an attacker to enumerate accounts by guessing email addresses...

5.3CVSS6.8AI score0.00993EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/05/01 12:0 a.m.6 views

workers-oauth-provider 安全漏洞

workers-oauth-provider is a Cloudflare open source OAuth provider library for Cloudflare Workers. A security vulnerability exists in workers-oauth-provider that stems from not properly verifying that the redirecturi is in the allowed list, which could lead to credential theft...

6.1CVSS6.4AI score0.00268EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2024/11/06 12:0 a.m.7 views

Juniper Junos OS Vulnerability (JSA88105)

The version of Junos OS installed on the remote host is affected by a vulnerability as referenced in the JSA88105 advisory. - An Incorrect Comparison vulnerability in the local address verification API of Juniper Networks Junos OS Evolved allows an unauthenticated network-adjacent attacker to...

5.4CVSS6AI score0.00639EPSS
Exploits0References2
NVD
NVD
added 2024/10/11 4:15 p.m.35 views

CVE-2024-39534

An Incorrect Comparison vulnerability in the local address verification API of Juniper Networks Junos OS Evolved allows an unauthenticated network-adjacent attacker to create sessions or send traffic to the device using the network and broadcast address of the subnet assigned to an interface. Thi...

5.4CVSS0.00639EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2024/10/09 12:0 a.m.8 views

PT-2024-7847 · Juniper Networks · Junos Evolved

Name of the Vulnerable Software and Affected Versions: Junos OS Evolved versions prior to 21.4R3-S8-EVO Junos OS Evolved version 22.2-EVO prior to 22.2R3-S4-EVO Junos OS Evolved version 22.3-EVO prior to 22.3R3-S4-EVO Junos OS Evolved version 22.4-EVO prior to 22.4R3-S3-EVO Junos OS Evolved versi...

5.4CVSS7.3AI score0.00639EPSS
Exploits0References10
Cvelist
Cvelist
added 2023/12/10 12:0 a.m.17 views

CVE-2023-50455

An issue was discovered in Zammad before 6.2.0. Due to lack of rate limiting in the "email address verification" feature, an attacker could send many requests for a known address to cause Denial Of Service generation of many emails, which would also spam the victim...

7.6AI score0.00701EPSS
Exploits0References1
CVE
CVE
added 2023/12/10 12:0 a.m.45 views

CVE-2023-50455

Zammad before 6.2.0 is affected by a rate-limiting vulnerability in the email address verification feature. The lack of rate limiting allows an attacker to issue many requests for a known address, leading to Denial of Service via generation of a large number of emails (which could spam the recipi...

7.5CVSS7.3AI score0.00701EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2023/12/10 12:0 a.m.21 views

CVE-2023-50455

An issue was discovered in Zammad before 6.2.0. Due to lack of rate limiting in the "email address verification" feature, an attacker could send many requests for a known address to cause Denial Of Service generation of many emails, which would also spam the victim...

7.5CVSS6.8AI score0.00701EPSS
Exploits0References3
CNNVD
CNNVD
added 2023/12/01 12:0 a.m.4 views

PostHog Code Issues Vulnerabilities

PostHog is an all-in-one open source platform from PostHog Open Source. A code issue vulnerability exists in PostHog that stems from not verifying that a URL is local when enabling Webhook, allowing authenticated users to spoof POST requests...

4.8CVSS6.6AI score0.00381EPSS
Exploits0References2
BDU FSTEC
BDU FSTEC
added 2023/08/21 12:0 a.m.7 views

The vulnerability of the Zabbix universal monitoring system, related to incorrect authorization, allows a intruder to access confidential data, compromise its integrity, and cause service failures.

The vulnerability of the Zabbix universal monitoring system is related to the improper implementation of IP address checking. Exploiting this vulnerability can allow a malicious actor to gain access to confidential data, compromise its integrity, and even cause service failures...

10CVSS6.6AI score0.01207EPSS
Exploits1References11Affected Software4
Citrix
Citrix
added 2023/08/17 12:0 a.m.7 views

Workspace Error: "Your account cannot be added using this server address"

When adding account with NetScaler Gateway FQDN in Workspace, you may have below error prompt: "Your account cannot be added using this server address. Make sure you entered it correctly. You may need to enter your email address instead."...

7AI score
Exploits0
Veracode
Veracode
added 2023/07/19 2:28 a.m.18 views

Lack Of IP Address Verification

github.com/IceWhaleTech/CasaOS-Gateway is vulnerable to Lack Of IP Address Verification. The vulnerability exists because the gatewayroute.go incorrectly checks the source of an IP, which allows an attacker to inject and execute malicious commands as root on a CasaOS instance...

9.8CVSS7.2AI score0.06363EPSS
Exploits1References4Affected Software1
NVD
NVD
added 2023/07/17 9:15 p.m.26 views

CVE-2023-37265

CasaOS is an open-source Personal Cloud system. Due to a lack of IP address verification an unauthenticated attackers can execute arbitrary commands as root on CasaOS instances. The problem was addressed by improving the detection of client IP addresses in 391dd7f. This patch is part of CasaOS...

9.8CVSS0.06363EPSS
Exploits1References3
Prion
Prion
added 2023/07/17 9:15 p.m.24 views

Design/Logic Flaw

CasaOS is an open-source Personal Cloud system. Due to a lack of IP address verification an unauthenticated attackers can execute arbitrary commands as root on CasaOS instances. The problem was addressed by improving the detection of client IP addresses in 391dd7f. This patch is part of CasaOS...

7.5CVSS9.7AI score0.06363EPSS
Exploits1References2Affected Software2
Vulnrichment
Vulnrichment
added 2023/07/17 8:59 p.m.13 views

CVE-2023-37265 Incorrect identification of source IP addresses in CasaOS

CasaOS is an open-source Personal Cloud system. Due to a lack of IP address verification an unauthenticated attackers can execute arbitrary commands as root on CasaOS instances. The problem was addressed by improving the detection of client IP addresses in 391dd7f. This patch is part of CasaOS...

9.8CVSS9.8AI score0.06363EPSS
Exploits1References3
Rows per page
Query Builder