Lucene search
K

508 matches found

BDU FSTEC
BDU FSTEC
added 2023/03/07 12:0 a.m.5 views

The vulnerability of the application software interface of the microprogramming system for network storage from Western Digital MyCloud PR4100 allows a perpetrator to execute arbitrary code.

The vulnerability of the application software interface for Western Digital MyCloud PR4100 network storage systems is related to the unlimited loading of dangerous files. Exploiting this vulnerability allows a malicious actor to execute arbitrary code remotely...

8CVSS8AI score0.01046EPSS
Exploits1References4Affected Software1
BDU FSTEC
BDU FSTEC
added 2023/03/06 12:0 a.m.4 views

The vulnerability of the application programming interface of the IAM and SSO Casdoor platform allows a perpetrator to gain unauthorized access to protected information.

The vulnerability of the application programming interface of the IAM and SSO Casdoor platform relates to the lack of measures taken to protect the SQL query structure. Exploiting this vulnerability may allow a malicious actor, operating remotely, to gain unauthorized access to protected...

7.8CVSS7.3AI score0.58927EPSS
Exploits9References5Affected Software1
CNNVD
CNNVD
added 2023/03/02 12:0 a.m.4 views

Saleor 安全漏洞

Github saleor is a headless GraphQL commerce platform that delivers a super-fast, dynamic, personalized shopping experience. Beautiful online store, anywhere, on any device. Saleor suffers from a security vulnerability that stems from some internal exceptions that are not handled correctly and ar...

5.3CVSS5.7AI score0.00751EPSS
Exploits0References8
SUSE CVE
SUSE CVE
added 2023/02/15 5:25 a.m.3 views

SUSE CVE-2014-8183

It was found that foreman, versions 1.x.x before 1.15.6, in Satellite 6 did not properly enforce access controls on certain resources. An attacker with access to the API and knowledge of the resource name can access resources in other organizations...

7.4CVSS6.8AI score0.00749EPSS
Exploits0References6
SUSE CVE
SUSE CVE
added 2023/02/15 5:20 a.m.2 views

SUSE CVE-2015-2941

Cross-site scripting XSS vulnerability in MediaWiki before 1.19.24, 1.2x before 1.23.9, and 1.24.x before 1.24.2, when using HHVM, allows remote attackers to inject arbitrary web script or HTML via an invalid parameter in a wddx format request to api.php, which is not properly handled in an error...

4.3CVSS5.7AI score0.02111EPSS
Exploits1References3
SUSE CVE
SUSE CVE
added 2023/02/15 3:39 a.m.8 views

SUSE CVE-2021-36783

A Insufficiently Protected Credentials vulnerability in SUSE Rancher allows authenticated Cluster Owners, Cluster Members, Project Owners and Project Members to read credentials, passwords and API tokens that have been stored in cleartext and exposed via API endpoints. This issue affects: SUSE...

9.9CVSS9AI score0.00647EPSS
Exploits0References4
BDU FSTEC
BDU FSTEC
added 2023/02/09 12:0 a.m.6 views

The vulnerability of the application software interface for microprogrammed control devices in AMI MegaRAC allows a perpetrator to gain unauthorized access to protected information.

The vulnerability of the application software interface for AMI MegaRAC controllers is related to insufficient protection of operational data. Exploiting this vulnerability can allow an attacker, operating remotely, to gain unauthorized access to protected information...

7.8CVSS7.7AI score0.0171EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2023/02/08 8:15 p.m.3 views

CVE-2022-34350

IBM API Connect 10.0.0.0 through 10.0.5.0, 10.0.1.0 through 10.0.1.7, and 2018.4.1.0 through 2018.4.1.20 is vulnerable to External Service Interaction attack, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability to induce the application to...

7.5CVSS5.9AI score0.00645EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2023/02/03 1:15 a.m.3 views

CVE-2022-48023

Insufficient privilege verification in Zammad v5.3.0 allows an authenticated attacker to perform changes on the tags of their customer tickets using the Zammad API. This is now corrected in v5.3.1 so that only agents with write permissions may change ticket tags...

4.3CVSS5.8AI score0.00449EPSS
Exploits0References2
CNNVD
CNNVD
added 2023/01/25 12:0 a.m.4 views

Argo CD 安全漏洞

Argo is an open source container-native workflow engine.ArgoCD is an application. A declarative GitOps continuous delivery tool for Kubernetes. It continuously monitors running applications and compares the current live state with the desired target state e.g., configuration in a Git repository,...

9CVSS8.1AI score0.00879EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2022/12/05 12:0 a.m.5 views

PT-2022-6244 · Ami · Ami Megarac

Name of the Vulnerable Software and Affected Versions: AMI MegaRAC affected versions not specified Description: The issue is related to insufficient protection of service data in the implementation of the application programming interface of the AMI MegaRAC firmware controllers for remote...

7.8CVSS7.9AI score0.0171EPSS
Exploits0References6
CNNVD
CNNVD
added 2022/11/15 12:0 a.m.6 views

Simmeth System Supplier Manager 路径遍历漏洞

Simmeth System Supplier Manager is a supply chain software from Simmeth System, a German company, and an arbitrary file download vulnerability exists in versions prior to Simmeth System Supplier Manager 5.6, which can be exploited by attackers to download arbitrary files from a web server by...

7.5CVSS6.8AI score0.00879EPSS
Exploits3References4
BDU FSTEC
BDU FSTEC
added 2022/11/15 12:0 a.m.5 views

The vulnerability of the API interface of the Cisco Meeting Server platform allows a hacker to trigger a service failure.

The vulnerability of the Cisco Meeting Server’s API interface relates to insufficient validation of input data during request processing. Exploiting this vulnerability allows a malicious actor to cause service failures by sending specially crafted requests...

4.3CVSS6.8AI score0.01101EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2022/11/03 7:6 p.m.2 views

CVE-2022-41607

All versions of ETIC Telecom Remote Access Server RAS 4.5.0 and prior’s application programmable interface API is vulnerable to directory traversal through several different methods. This could allow an attacker to read sensitive files from the server, including SSH private keys, passwords,...

7.5CVSS5.8AI score0.00952EPSS
Exploits0References2
CNNVD
CNNVD
added 2022/10/26 12:0 a.m.4 views

Delta Electronics DIAEnergie 跨站脚本漏洞

Delta Electronics DIAEnergie is an industrial energy management system for monitoring and analyzing energy consumption in real time, calculating energy consumption and load characteristics, optimizing equipment performance, improving production processes and maximizing energy efficiency. A securi...

8.7CVSS5.4AI score0.11111EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2022/10/19 12:0 a.m.6 views

PT-2022-26708 · Tenda · Tenda Tx3

Name of the Vulnerable Software and Affected Versions: Tenda TX3 version US TX3V1.0br V16.03.13.11 multi TDE01 Description: A stack overflow issue was discovered via the list parameter at the "/goform/SetVirtualServerCfg" API endpoint. Recommendations: For Tenda TX3 version US TX3V1.0br...

9.8CVSS9.4AI score0.00755EPSS
Exploits0References3
CNNVD
CNNVD
added 2022/10/13 12:0 a.m.5 views

Octopus Server 安全漏洞

Octopus Server is an automated deployment platform. Octopus Server suffers from a security vulnerability that stems from its insecure direct object references IDORs that may leak team information through the API...

6.5CVSS6.5AI score0.00528EPSS
Exploits0References2
CNNVD
CNNVD
added 2022/09/29 12:0 a.m.6 views

Zyxel CloudCNM SecuManager 安全漏洞

Zyxel CloudCNM SecuManager is a set of network management software from Taiwan, China-based Zyxel. The software supports centralized control, device management and intelligent monitoring. A security vulnerability exists in Zyxel CloudCNM SecuManager version 3.1.0 and 3.1.1, which stems from an...

5.3CVSS5.7AI score0.00568EPSS
Exploits1References3
OSV
OSV
added 2022/09/28 2:15 p.m.6 views

CVE-2022-22526

In Carlo Gavazzi UWP3.0 in multiple versions and CPY Car Park Server in Version 2.8.3 a missing authentication allows for full access via API...

9.8CVSS5.8AI score0.007EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2022/09/09 12:0 a.m.58 views

Cisco Webex Meetings App Character Interface Manipulation (cisco-sa-webex-app-qrtO6YC2)

A vulnerability in the messaging interface of Cisco Webex App, formerly Webex Teams, could allow an unauthenticated, remote attacker to manipulate links or other content within the messaging interface. This vulnerability exists because the affected software does not properly handle character...

5.3CVSS6.1AI score0.00767EPSS
Exploits0References2
Rows per page
Query Builder