Lucene search
+L

162 matches found

CVE
CVE
added 2023/03/14 9:32 a.m.55 views

CVE-2023-27462

Siemens RUGGEDCOM CROSSBOW (all versions

4.3CVSS3.9AI score0.00524EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2023/02/16 12:0 a.m.6 views

Fortinet FortiPortal 日志信息泄露漏洞

Fortinet FortiPortal is an advanced, feature-rich hosted security analysis and management support tool for Fortinet's FortiGate, FortiWiFi and FortiAP product lines, available as a virtual machine for MSPs. An information disclosure vulnerability exists in Fortinet FortiPortal versions 7.0.0...

6.5CVSS6.2AI score0.00687EPSS
Exploits0References2
CNNVD
CNNVD
added 2023/01/03 12:0 a.m.5 views

Fortinet FortiWeb 注入漏洞

Fortinet FortiWeb is a web application layer firewall from Fortinet that blocks threats such as cross-site scripting, SQL injection, cookie poisoning, schema poisoning, and other attacks to secure web applications and protect sensitive database content. A security vulnerability exists in several...

5.4CVSS6AI score0.00463EPSS
Exploits0References2
Veracode
Veracode
added 2023/01/02 3:15 p.m.15 views

Improper Access Control

github.com/usememos/memos is vulnerable to improper access control. The vulnerability allows authenticated remote attackers to edit and delete all other user shortcuts via the ID parameter...

4.3CVSS5.1AI score0.00571EPSS
Exploits1References4Affected Software1
OSV
OSV
added 2022/12/13 4:15 p.m.7 views

CVE-2022-45936

A vulnerability has been identified in Mendix Email Connector All versions V2.0.0. Affected versions of the module improperly handle access control for some module entities. This could allow authenticated remote attackers to read and manipulate sensitive information...

8.1CVSS5.8AI score0.00705EPSS
Exploits0References1
Prion
Prion
added 2022/12/13 4:15 p.m.19 views

Information disclosure

A vulnerability has been identified in Mendix Email Connector All versions V2.0.0. Affected versions of the module improperly handle access control for some module entities. This could allow authenticated remote attackers to read and manipulate sensitive information...

5.5CVSS7.7AI score0.00705EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2022/12/13 12:0 a.m.5 views

PT-2022-27936 · Mendix · Mendix Workflow Commons

Name of the Vulnerable Software and Affected Versions: Mendix Workflow Commons versions prior to 2.4.0 Mendix Workflow Commons V2.1 versions prior to 2.1.4 Mendix Workflow Commons V2.3 versions prior to 2.3.2 Description: A vulnerability has been identified in the handling of access control for...

8.1CVSS7.8AI score0.00691EPSS
Exploits0References2
CNNVD
CNNVD
added 2022/11/16 12:0 a.m.6 views

Cisco Identity Services Engine 跨站脚本漏洞

Cisco Identity Services Engine ISE is an environment-aware platform ISE Identity Services Engine from Cisco. The platform regulates the network by collecting real-time information from the network, users, and devices to develop and enforce policies. The Cisco Identity Services Engine suffers from...

5.4CVSS5.5AI score0.276EPSS
Exploits0References6
NCSC
NCSC
added 2022/11/09 12:0 a.m.5 views

Vulnerability fixed in IBM Security Access Manager

A vulnerability has been fixed in IBM WebSphere Application Server. The vulnerability allows an authenticated remote malicious party to remote user to perform a Cross-Site Scripting attack on the admin console. IBM has released updates to fix the vulnerabilities. More information can be found on...

5.4CVSS5.8AI score0.00371EPSS
Exploits0
CVE
CVE
added 2022/11/08 12:0 a.m.138 views

CVE-2022-30694

Summary: CVE-2022-30694 is a CSRF vulnerability in the Siemens web server login endpoint "/FormLogin" that can allow an authenticated attacker to track other users’ activities by bypassing origin checks. The issue affects multiple Siemens products including SIMATIC Drive Controllers, SIMATIC ET 2...

6.5CVSS4.6AI score0.00294EPSS
Exploits0References1Affected Software3
Vulnrichment
Vulnrichment
added 2022/11/08 12:0 a.m.6 views

CVE-2022-30694

The login endpoint /FormLogin in affected web services does not apply proper origin checking. This could allow authenticated remote attackers to track the activities of other users via a login cross-site request forgery attack...

6.5CVSS6.3AI score0.00294EPSS
Exploits0References1
CNNVD
CNNVD
added 2022/11/04 12:0 a.m.4 views

Cisco Identity Services Engine 跨站脚本漏洞

Cisco Identity Services Engine ISE is an environment-aware platform ISE Identity Services Engine from Cisco. The platform collects real-time information from the network, users, and devices, and develops and enforces policies to monitor the network. A cross-site scripting vulnerability exists in...

5.4CVSS6AI score0.00429EPSS
Exploits0References3
Prion
Prion
added 2022/08/10 12:15 p.m.25 views

Cross site scripting

Affected devices do not properly sanitize data introduced by an user when rendering the web interface. This could allow an authenticated remote attacker with administrative privileges to inject code and lead to a DOM-based XSS...

4.3CVSS6AI score0.0081EPSS
Exploits0References1Affected Software6
CNNVD
CNNVD
added 2022/06/15 12:0 a.m.4 views

Cisco Identity Services Engine 安全漏洞

Cisco Identity Services Engine ISE is an environment-aware platform ISE Identity Services Engine from Cisco. The Cisco Identity Services Engine is vulnerable to information disclosure, which stems from a failure to properly enforce administrative privilege levels for sensitive data. An...

6.5CVSS5.7AI score0.00922EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2022/03/16 12:55 a.m.12 views

CVE-2021-43955

The /rest-service-fecru/server-v1 resource in Fisheye and Crucible before version 4.8.9 allowed authenticated remote attackers to obtain information about installation directories via information disclosure vulnerability...

6.3AI score0.00861EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2022/02/15 3:35 a.m.15 views

CVE-2021-43948

Affected versions of Atlassian Jira Service Management Server and Data Center allow authenticated remote attackers to view the names of private objects via an Improper Authorization vulnerability in the "Move objects" feature. The affected versions are before version 4.21.0...

6.7AI score0.00845EPSS
Exploits0References1
NVD
NVD
added 2021/11/08 5:15 a.m.33 views

CVE-2021-42372

A shell command injection in the HW Events SNMP community in XoruX LPAR2RRD and STOR2RRD before 7.30 allows authenticated remote attackers to execute arbitrary shell commands as the user running the service...

9CVSS0.06056EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2021/10/27 12:0 a.m.6 views

PT-2021-4619 · Cisco · Cisco Firepower Management Center

Name of the Vulnerable Software and Affected Versions: Cisco Firepower Management Center FMC Software affected versions not specified Description: A vulnerability in the administrative web-based GUI configuration manager of Cisco Firepower Management Center FMC Software is related to improper...

4.3CVSS6.7AI score0.00271EPSS
Exploits0References9
NVD
NVD
added 2021/09/14 11:15 a.m.21 views

CVE-2021-37173

A vulnerability has been identified in RUGGEDCOM ROX MX5000 All versions V2.14.1, RUGGEDCOM ROX RX1400 All versions V2.14.1, RUGGEDCOM ROX RX1500 All versions V2.14.1, RUGGEDCOM ROX RX1501 All versions V2.14.1, RUGGEDCOM ROX RX1510 All versions V2.14.1, RUGGEDCOM ROX RX1511 All versions V2.14.1,...

9CVSS0.01606EPSS
Exploits0References1
Prion
Prion
added 2021/09/14 11:15 a.m.26 views

Design/Logic Flaw

A vulnerability has been identified in RUGGEDCOM ROX MX5000 All versions V2.14.1, RUGGEDCOM ROX RX1400 All versions V2.14.1, RUGGEDCOM ROX RX1500 All versions V2.14.1, RUGGEDCOM ROX RX1501 All versions V2.14.1, RUGGEDCOM ROX RX1510 All versions V2.14.1, RUGGEDCOM ROX RX1511 All versions V2.14.1,...

9CVSS8.7AI score0.01606EPSS
Exploits0References1Affected Software10
Rows per page
Query Builder