Lucene search
K

508 matches found

OSV
OSV
added 2023/10/13 3:15 p.m.2 views

CVE-2023-33303

A insufficient session expiration in Fortinet FortiEDR version 5.0.0 through 5.0.1 allows attacker to execute unauthorized code or commands via api request...

8.1CVSS5.9AI score
Exploits0References1
CNNVD
CNNVD
added 2023/10/10 12:0 a.m.6 views

Fortinet FortiSIEM Operating System Command Injection Vulnerability

Fortinet FortiSIEM is a suite of security information and event management systems from the American company Fiat Fortinet. The system includes features such as asset discovery, workflow automation, and unified management. Fortinet FortiSIEM is vulnerable to an operating system command injection...

10CVSS7.8AI score0.65509EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2023/10/06 12:0 a.m.5 views

PT-2023-23657 · Neuvector · Neuvector

Name of the Vulnerable Software and Affected Versions: NeuVector versions prior to 5.2.2 Description: A user can reverse engineer the JSON Web Token JWT used in authentication for Manager and API access, forging a valid NeuVector Token to perform malicious activity in NeuVector, potentially leadi...

9.4CVSS6.9AI score0.00461EPSS
Exploits0References20
Positive Technologies
Positive Technologies
added 2023/10/02 12:0 a.m.20 views

PT-2023-32048 · Field Logic · Field Logic Datacube4

Name of the Vulnerable Software and Affected Versions: Field Logic DataCube4 up to 20231001 Description: A problematic issue was found in the Web API component, affecting unknown code of the file /api/. This leads to improper authentication. The exploit has been disclosed to the public and may be...

7.5CVSS5.3AI score0.00768EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2023/09/27 12:0 a.m.2 views

PT-2023-5521 · Cisco · Cisco Dna Center

Name of the Vulnerable Software and Affected Versions: Cisco DNA Center affected versions not specified Description: A vulnerability in Cisco DNA Center could allow an unauthenticated, remote attacker to read and modify data in a repository that belongs to an internal service on an affected devic...

9CVSS8AI score0.00483EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2023/09/26 12:0 a.m.8 views

PT-2023-6822 · Glpi +2 · Glpi +2

Name of the Vulnerable Software and Affected Versions: GLPI versions prior to 10.0.10 Description: The issue is related to information disclosure in the GLPI system. Exploitation of this issue may allow a remote attacker to disclose protected information. An API user can enumerate sensitive field...

10CVSS6.6AI score0.99628EPSS
Exploits27References156
BDU FSTEC
BDU FSTEC
added 2023/09/16 12:0 a.m.16 views

The vulnerability of the application programming interface for the declarative delivery tool for GitOps for Kubernetes Argo CD lies in authentication errors, which allow a perpetrator to bypass established access controls.

The vulnerability of the application programming interface for the declarative delivery tool of GitOps for Kubernetes Argo CD is related to authentication errors. Exploiting this vulnerability allows a malicious actor to bypass established access controls...

9CVSS7.7AI score0.00879EPSS
Exploits0References4Affected Software2
Microsoft CVE
Microsoft CVE
added 2023/09/14 7:0 a.m.3 views

Undefined Behavior for Input to API in Mutt

...

6.5CVSS5.8AI score0.00719EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2023/09/14 12:0 a.m.7 views

PT-2023-5833 · Unknown · Jumpserver

Name of the Vulnerable Software and Affected Versions: JumpServer versions prior to 2.28.19 JumpServer versions prior to 3.6.5 Description: The issue is related to the exposure of the random number seed to the API, potentially allowing the randomly generated verification codes to be replayed, whi...

8.2CVSS8.1AI score0.05404EPSS
Exploits4References20
BDU FSTEC
BDU FSTEC
added 2023/09/07 12:0 a.m.5 views

The vulnerability of the application software interface of ASUS RT-AX55, RT-AX56U, and RT-AC86U allows a hacker to execute arbitrary code.

The vulnerability of the application software interface of ASUS RT-AX55, RT-AX56UV2, and RT-AC86U lies in the use of uncontrolled format strings. Exploiting this vulnerability allows a remote attacker to execute arbitrary code using specially created data...

10CVSS8.2AI score0.01158EPSS
Exploits0References8Affected Software3
BDU FSTEC
BDU FSTEC
added 2023/09/04 12:0 a.m.5 views

Vulnerability of the software interface of the XWiki platform for creating collaborative web applications. The XWiki platform allows a perpetrator to execute arbitrary code.

The vulnerability of the software interface of the XWiki Platform for creating collaborative web applications is related to insufficient verification of the authenticity of executed requests. Exploiting this vulnerability may allow a malicious actor, operating remotely, to execute arbitrary code...

10CVSS8.1AI score0.00622EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2023/08/08 1:15 a.m.3 views

CVE-2023-37486

Under certain conditions SAP Commerce OCC API - versions HYCOM 2105, HYCOM 2205, COMCLOUD 2211, endpoints allow an attacker to access information which would otherwise be restricted. On successful exploitation there could be a high impact on confidentiality with no impact on integrity and...

7.5CVSS5.8AI score0.00435EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2023/08/02 12:0 a.m.6 views

PT-2023-20641 · Ox Chat · Ox Chat

Name of the Vulnerable Software and Affected Versions: OX Chat affected versions not specified Description: The issue arises from the "OX Chat" web service not specifying a media-type when processing responses from external resources, allowing malicious script code to be executed within the...

5.4CVSS5.6AI score0.00665EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2023/07/10 12:0 a.m.7 views

PT-2023-12396 · Osnexus · Quantastor

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned. Description: The issue allows an authenticated administrator to remotely execute arbitrary shell commands via the API. This could potentially lead to unauthorized access and control of the syste...

9.1CVSS7.7AI score0.00988EPSS
Exploits0References7
OSV
OSV
added 2023/06/29 3:15 p.m.2 views

DEBIAN-CVE-2023-33466

Orthanc before 1.12.0 allows authenticated users with access to the Orthanc API to overwrite arbitrary files on the file system, and in specific deployment scenarios allows the attacker to overwrite the configuration, which can be exploited to trigger Remote Code Execution RCE...

8.8CVSS8.4AI score0.0415EPSS
Exploits0References1
CNNVD
CNNVD
added 2023/06/25 12:0 a.m.4 views

It-novum OpenITCOCKPIT SQL注入漏洞

It-novum OpenITCOCKPIT is an open source system monitoring tool from It-novum, Germany. A security vulnerability exists in it-novum openITCOCKPIT, which originates from an SQL injection via the sort parameter of the API interface...

8.8CVSS8.2AI score0.0071EPSS
Exploits0References3
BDU FSTEC
BDU FSTEC
added 2023/06/07 12:0 a.m.8 views

The vulnerability of the application software interface of D-Link DIR-2150 router software allows a hacker to circumvent existing security restrictions.

The vulnerability of the application software interface for D-Link DIR-2150 routers is related to deficiencies in authentication procedures. Exploiting this vulnerability could allow a malicious actor to circumvent existing security restrictions remotely...

8.8CVSS7.5AI score0.01108EPSS
Exploits0References5Affected Software1
BDU FSTEC
BDU FSTEC
added 2023/06/07 12:0 a.m.6 views

The vulnerability of the application software interface of Rockwell Automation’s ThinManager, related to insufficient encryption strength, allows a perpetrator to compromise the target system.

The vulnerability of the application software interface of Rockwell Automation’s ThinManager platform relates to insufficient encryption strength. Exploiting this vulnerability could allow a malicious actor to compromise the target system remotely...

7.8CVSS7.1AI score0.00666EPSS
Exploits0References5Affected Software1
Positive Technologies
Positive Technologies
added 2023/06/07 12:0 a.m.4 views

PT-2023-22103 · Hid · Hid Safe

Name of the Vulnerable Software and Affected Versions: HID’s SAFE versions 5.8.0 through 5.11.3 Description: The External Visitor Manager portal of HID’s SAFE is vulnerable to manipulation within web fields in the application programmable interface API. An attacker could log in using account...

7.3CVSS7.3AI score0.00556EPSS
Exploits0References5
OSV
OSV
added 2023/05/25 2:15 p.m.7 views

CVE-2023-33355

IceCMS v1.0.0 has Insecure Permissions. There is unauthorized access to the API, resulting in the disclosure of sensitive information...

7.5CVSS5.8AI score0.00606EPSS
Exploits1References1
Rows per page
Query Builder