Lucene search
K

56 matches found

RedHat Linux
RedHat Linux
added 2025/03/11 12:12 a.m.12 views

openjdk: Enhance array handling (Oracle CPU 2025-01)

Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to Oracle Java SE accessible. This vulnerability can be...

4.8CVSS7.4AI score0.00971EPSS
Exploits0References5
Packet Storm News
Packet Storm News
added 2025/03/10 12:0 a.m.7 views

How to Create a Scan to Identify Remote Command Execution

This whitepaper covers how to create a scan in Perl to identify remote command execution in web applications. Depending on the context of the environment and architecture, the content of the paper can be applied to APIs in addition to presenting how to correct or avoid RCE problems at the code...

7.5AI score
Exploits0
RedHat Linux
RedHat Linux
added 2025/01/22 8:44 p.m.6 views

openjdk: Enhance array handling (Oracle CPU 2025-01)

Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to Oracle Java SE accessible. This vulnerability can be...

4.8CVSS7.4AI score0.00971EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2024/11/01 4:49 a.m.4 views

REST-APIs unintentionally enabled in Century Systems FutureNet NXR series routers

Overview FutureNet NXR series routers provided by Century Systems Co., Ltd. have REST-APIs, which are configured as disabled in the initial factory default configuration. But, REST-APIs are unexpectedly enabled when the affected product is powered up, provided either http-server GUI or Web...

9.8CVSS7AI score0.00556EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2024/10/16 3:12 p.m.11 views

JDK: Integer conversion error leads to incorrect range check (8332644)

Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Hotspot. Supported versions that are affected are Oracle Java SE: 8u421, 8u421-perf, 11.0.24, 17.0.12, 21.0.4, 23; Oracle GraalVM for JDK: 17.0.12, 21.0.4, 23; Oracl...

4.8CVSS7.4AI score0.0095EPSS
Exploits0References4
CNNVD
CNNVD
added 2024/08/29 12:0 a.m.4 views

libvirt 代码问题漏洞

libvirt is a libvirt open source Linux API for implementing Linux virtualization features. it supports a variety of Hypervisors, including Xen and KVM, as well as QEMU and a number of virtualization products used for other operating systems. A code issue vulnerability exists in libvirt that stems...

6.2CVSS6.2AI score0.00242EPSS
Exploits0References6
BDU FSTEC
BDU FSTEC
added 2024/06/28 12:0 a.m.10 views

The vulnerability of the application software interfaces of Session Smart Router and WAN Assurance, Session Smart Conductor, relates to bypassing the authentication process by using an alternative path or channel. This allows a perpetrator to gain full control over the device.

The vulnerability of the Application Programming Interface of routers like Session Smart Router and WAN Assurance, Session Smart Conductor, lies in the ability to bypass authentication procedures by using an alternative path or channel. Exploiting this vulnerability allows a malicious actor,...

10CVSS5.8AI score0.01088EPSS
Exploits0References3Affected Software3
CNNVD
CNNVD
added 2024/04/09 12:0 a.m.6 views

WordPress Plugin s2Member 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...

5.3CVSS8.1AI score0.0056EPSS
Exploits0References3
CNNVD
CNNVD
added 2024/04/03 12:0 a.m.7 views

Cisco Nexus Dashboard 安全漏洞

Cisco Nexus Dashboard is a single console from Cisco, Inc. It can simplify the operation and management of data center networks. A security vulnerability exists in Cisco Nexus Dashboard that stems from improper access control to specific API endpoints...

4.3CVSS6.5AI score0.00407EPSS
Exploits0References2
BDU FSTEC
BDU FSTEC
added 2024/02/20 12:0 a.m.14 views

The vulnerability of the agent for Windows software used in automated programming and documentation creation for Unicam FX assembly, which allows a perpetrator to increase their privileges.

The vulnerability of the Windows software agent for automated programming and documentation generation for Unicam FX assembly is related to the improper use of privileged APIs. Exploiting this vulnerability can allow an attacker to increase their privileges...

7.8CVSS7.2AI score0.00148EPSS
Exploits0References3
BDU FSTEC
BDU FSTEC
added 2024/01/19 12:0 a.m.6 views

The vulnerability of the App Check software for detecting vulnerabilities in web applications, related to inadequate access control, allows a hacker to execute arbitrary code.

The vulnerability of the App Check tool, which verifies the implementation of application software interfaces, is related to deficiencies in access control. Exploiting this vulnerability could allow a perpetrator to execute arbitrary code...

7.5CVSS5.8AI score
Exploits0References2
RedHat Linux
RedHat Linux
added 2024/01/17 4:56 p.m.3 views

OpenJDK: JVM class file verifier flaw allows unverified bytecode execution (8314295)

Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized creation, deletion or...

5.9CVSS7.2AI score0.00792EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2024/01/17 4:6 p.m.8 views

OpenJDK: JVM class file verifier flaw allows unverified bytecode execution (8314295)

Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized creation, deletion or...

5.9CVSS7.2AI score0.00792EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2024/01/17 2:6 p.m.4 views

OpenJDK: JVM class file verifier flaw allows unverified bytecode execution (8314295)

Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized creation, deletion or...

5.9CVSS7.2AI score0.00792EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2024/01/17 1:54 p.m.2 views

OpenJDK: range check loop optimization issue (8314307)

Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized access to critical data or...

5.9CVSS7.2AI score0.00857EPSS
Exploits0References5
OSV
OSV
added 2023/12/06 9:15 a.m.2 views

CVE-2023-44113

Vulnerability of missing permission verification for APIs in the Designed for Reliability DFR module. Successful exploitation of this vulnerability may affect service confidentiality...

7.5CVSS5.8AI score
Exploits0References2
Positive Technologies
Positive Technologies
added 2023/12/06 12:0 a.m.15 views

PT-2023-29108 · Unknown · Designed For Reliability (Dfr) Module

Name of the Vulnerable Software and Affected Versions: Designed for Reliability DFR module affected versions not specified Description: The issue concerns a missing permission verification for APIs in the Designed for Reliability DFR module. Successful exploitation of this issue may affect servic...

7.5CVSS6.9AI score0.0042EPSS
Exploits0References4
OSV
OSV
added 2023/08/13 1:15 p.m.4 views

CVE-2023-39390

Vulnerability of input parameter verification in certain APIs in the window management module. Successful exploitation of this vulnerability may cause the device to restart...

7.5CVSS5.8AI score0.00379EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2023/06/19 5:15 p.m.8 views

CVE-2023-34166

Vulnerability of system restart triggered by abnormal callbacks passed to APIs.Successful exploitation of this vulnerability may cause the system to restart...

7.5CVSS7.1AI score0.00434EPSS
Exploits0References2Affected Software2
ATTACKERKB
ATTACKERKB
added 2023/05/29 10:29 a.m.2 views

CVE-2022-36249

Shop Beat Solutions Pty LTD Shop Beat Media Player 2.5.95 up to 3.2.57 is vulnerable to Bypass 2FA via APIs. For Controlpanel Lite. "After login we are directly able to use the bearer token or jsession ID to access the apis instead of entering the 2FA code. Thus, leading to bypass of 2FA on API...

5.4CVSS6AI score0.00353EPSS
Exploits0References2
Rows per page
Query Builder