Lucene search
K

256 matches found

OSV
OSV
added 2023/12/15 10:15 a.m.23 views

CVE-2023-6838

Reflected XSS vulnerability can be exploited by tampering a request parameter in Authentication Endpoint. This can be performed in both authenticated and unauthenticated requests...

6.1CVSS6AI score
Exploits0References1
Cvelist
Cvelist
added 2023/12/15 9:50 a.m.28 views

CVE-2023-6838

Reflected XSS vulnerability can be exploited by tampering a request parameter in Authentication Endpoint. This can be performed in both authenticated and unauthenticated requests...

6.1CVSS6.2AI score0.00433EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2023/12/11 12:0 a.m.13 views

PT-2023-9020 · Tp Link · Eap115 +1

Name of the Vulnerable Software and Affected Versions: Tp-Link AC1350 Wireless MU-MIMO Gigabit Access Point EAP225 V3 version 5.1.0 Build 20220926 Tp-Link EAP115 version 5.0.4 Build 20220216 Description: A stack-based buffer overflow vulnerability exists in the web interface Radio Scheduling...

9CVSS8.1AI score0.01822EPSS
Exploits1References9
Positive Technologies
Positive Technologies
added 2023/12/11 12:0 a.m.7 views

PT-2023-9011 · Tp Link · Tp-Link Ac1350 Wireless Mu-Mimo Gigabit Access Point +1

Name of the Vulnerable Software and Affected Versions: Tp-Link AC1350 Wireless MU-MIMO Gigabit Access Point EAP225 V3 version 5.1.0 Build 20220926 Description: A stack-based buffer overflow vulnerability exists in the web interface Radio Scheduling functionality. This issue can be triggered by a...

9CVSS7.7AI score0.01822EPSS
Exploits1References10
Positive Technologies
Positive Technologies
added 2023/12/11 12:0 a.m.4 views

PT-2023-9019 · Tp Link · Eap225 V3 +1

Name of the Vulnerable Software and Affected Versions: Tp-Link AC1350 Wireless MU-MIMO Gigabit Access Point EAP225 V3 version 5.1.0 Build 20220926 Tp-Link EAP115 version 5.0.4 Build 20220216 Description: A stack-based buffer overflow vulnerability exists in the web interface Radio Scheduling...

9CVSS7.6AI score0.01919EPSS
Exploits1References9
PyPA
PyPA
added 2023/12/04 9:15 p.m.9 views

PYSEC-2023-272

The Jupyter Server provides the backend i.e. the core services, APIs, and REST endpoints for Jupyter web applications like Jupyter notebook, JupyterLab, and Voila. Unhandled errors in API requests coming from an authenticated user include traceback information, which can include path information...

4.3CVSS6.8AI score0.00841EPSS
Exploits0References4Affected Software1
Positive Technologies
Positive Technologies
added 2023/11/01 12:0 a.m.3 views

PT-2023-9037

Name of the Vulnerable Software and Affected Versions webOS versions 5 and 6 webOS versions 5.5.0 - 04.50.51 webOS version 6.3.3-442 Description A command injection vulnerability exists in the "com.webos.service.connectionmanager/tv/setVlanStaticAddress" endpoint. This vulnerability can be...

9.1CVSS7.3AI score0.04667EPSS
Exploits2References18
Positive Technologies
Positive Technologies
added 2023/11/01 12:0 a.m.4 views

PT-2023-9036

Name of the Vulnerable Software and Affected Versions webOS versions 4 through 7 Description A command injection vulnerability exists in the getAudioMetadata method from the com.webos.service.attachedstoragemanager service. This vulnerability can be triggered by a series of specially crafted...

9.1CVSS6AI score0.06437EPSS
Exploits3References22
Positive Technologies
Positive Technologies
added 2023/11/01 12:0 a.m.4 views

PT-2023-9035

Name of the Vulnerable Software and Affected Versions webOS versions 5 through 7 webOS version 5.5.0 - 04.50.51 webOS version 6.3.3-442 webOS version 7.3.1-43 Description A command injection vulnerability exists in the processAnalyticsReport method from the com.webos.service.cloudupload service...

9.1CVSS6AI score0.04667EPSS
Exploits1References26
Positive Technologies
Positive Technologies
added 2023/10/23 12:0 a.m.5 views

PT-2023-9141 · Owlet · Owlet Cam

Name of the Vulnerable Software and Affected Versions: Owlet Cam versions v1 and v2 Description: A command injection vulnerability exists in the IOCTL that manages OTA updates, allowing a specially crafted command to lead to command execution as the root user. An attacker can make authenticated...

9CVSS8.1AI score0.02748EPSS
Exploits1References11
OSV
OSV
added 2023/10/11 4:15 p.m.5 views

CVE-2023-34354

A stored cross-site scripting XSS vulnerability exists in the uploadbrand.cgi functionality of peplink Surf SOHO HW1 v6.3.5 in QEMU. A specially crafted HTTP request can lead to execution of arbitrary javascript in another user's browser. An attacker can make an authenticated HTTP request to...

5.4CVSS7.4AI score0.0081EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2023/10/11 12:0 a.m.3 views

PT-2023-21086 · Peplink · Peplink Surf Soho

Name of the Vulnerable Software and Affected Versions: peplink Surf SOHO HW1 version 6.3.5 Description: An OS command injection issue exists in the admin.cgi USSD send functionality. A specially crafted HTTP request can lead to command execution. An attacker can make an authenticated HTTP request...

8.8CVSS8.9AI score0.05749EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2023/10/11 12:0 a.m.6 views

PT-2023-24835 · Peplink · Peplink Surf Soho

Name of the Vulnerable Software and Affected Versions: peplink Surf SOHO HW1 version 6.3.5 Description: A stored cross-site scripting XSS issue exists in the upload brand.cgi functionality. This allows an attacker to execute arbitrary javascript in another user's browser by making a specially...

5.4CVSS6AI score0.0081EPSS
Exploits1References3
OSV
OSV
added 2023/08/03 12:15 p.m.4 views

CVE-2023-37552

In multiple versions of multiple Codesys products, after successful authentication as a user, specific crafted network communication requests with inconsistent content can cause the CmpAppBP component to read internally from an invalid address, potentially leading to a denial-of-service condition...

6.5CVSS5.8AI score0.00519EPSS
Exploits0References1
Veracode
Veracode
added 2023/07/22 5:0 a.m.19 views

Authorization Bypass

gitlab is vulnerable to Authorization Bypasses. A malicious maintainer could exfiltrate a GitHub integration's access token by modifying the integration URL such that authenticated requests are sent to an attacker controlled server...

5.5CVSS6.7AI score0.0067EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2023/03/02 6:29 p.m.31 views

CVE-2023-26051 Saleor is vulnerable to staff-authenticated error message information disclosure vulnerability via Python exceptions

Saleor is a headless, GraphQL commerce platform delivering personalized shopping experiences. Some internal Python exceptions are not handled properly and thus are returned in API as error messages. Some messages might contain sensitive information like user email address in staff-authenticated...

6.5CVSS5AI score0.00817EPSS
Exploits0References10
OSV
OSV
added 2023/03/01 7:15 p.m.2 views

DEBIAN-CVE-2022-3294

Users may have access to secure endpoints in the control plane network. Kubernetes clusters are only affected if an untrusted user can modify Node objects and send proxy requests to them. Kubernetes supports node proxying, which allows clients of kube-apiserver to access endpoints of a Kubelet to...

8.8CVSS7.2AI score0.01618EPSS
Exploits0References1
Prion
Prion
added 2023/03/01 7:15 p.m.16 views

Input validation

Users may have access to secure endpoints in the control plane network. Kubernetes clusters are only affected if an untrusted user can modify Node objects and send proxy requests to them. Kubernetes supports node proxying, which allows clients of kube-apiserver to access endpoints of a Kubelet to...

6.5CVSS8.4AI score0.01618EPSS
Exploits0References3Affected Software1
SUSE CVE
SUSE CVE
added 2023/02/15 3:26 a.m.2 views

SUSE CVE-2022-29238

Jupyter Notebook is a web-based notebook environment for interactive computing. Prior to version 6.4.12, authenticated requests to the notebook server with ContentsManager.allowhidden = False only prevented listing the contents of hidden directories, not accessing individual hidden files or files...

4.3CVSS5.8AI score0.0103EPSS
Exploits0References2
CNNVD
CNNVD
added 2023/02/13 12:0 a.m.8 views

COMFAST CF-WR6110N 授权问题漏洞

COMFAST CF-WR6110N is a wireless router from China Four Seas Zonglian COMFAST. A security vulnerability exists in the COMFAST CF-WR6110N version V2.3.1, which originates from incorrect access control and allows a remote attacker on the same network to perform any HTTP request to an unauthenticate...

5.4CVSS5.9AI score0.00504EPSS
Exploits1References4
Rows per page
Query Builder