Lucene search
+L

261 matches found

OSV
OSV
added 2024/02/06 5:15 p.m.4 views

CVE-2023-47618

A post authentication command execution vulnerability exists in the web filtering functionality of Tp-Link ER7206 Omada Gigabit VPN Router 1.3.0 build 20230322 Rel.70591. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request t...

7.2CVSS6AI score0.01943EPSS
Exploits1References2
OSV
OSV
added 2024/02/06 5:15 p.m.5 views

CVE-2023-43482

A command execution vulnerability exists in the guest resource functionality of Tp-Link ER7206 Omada Gigabit VPN Router 1.3.0 build 20230322 Rel.70591. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger this...

7.2CVSS6AI score0.03252EPSS
Exploits1References2
CNNVD
CNNVD
added 2024/02/06 12:0 a.m.7 views

TP-LINK ER7206 Operating System Command Injection Vulnerability

The TP-LINK ER7206 is a multifunction Gigabit router from China P&L TP-LINK. An operating system command injection vulnerability exists in the TP-LINK ER7206 version 1.3.0 build 20230322 Rel.70591, which stems from a specially crafted HTTP request that could lead to arbitrary command injection. T...

7.2CVSS7.7AI score0.03442EPSS
Exploits1References2
OSV
OSV
added 2024/01/03 10:56 p.m.25 views

GO-2023-2399 Denial of service via memory exhaustion in github.com/hashicorp/vault

Unauthenticated and authenticated HTTP requests from a client will be attempted to be mapped to memory. Large requests may result in the exhaustion of available memory on the host, which may cause crashes and denial of service...

7.5CVSS7.2AI score0.00792EPSS
Exploits0References3
OSV
OSV
added 2023/12/23 9:15 a.m.7 views

CVE-2023-5961

A Cross-Site Request Forgery CSRF vulnerability has been identified in ioLogik E1200 Series firmware versions v3.3 and prior. An attacker can exploit this vulnerability to trick a client into making an unintentional request to the web server, which will be treated as an authentic request. This...

8.8CVSS5.7AI score0.00373EPSS
Exploits1References1
OSV
OSV
added 2023/12/15 10:15 a.m.23 views

CVE-2023-6838

Reflected XSS vulnerability can be exploited by tampering a request parameter in Authentication Endpoint. This can be performed in both authenticated and unauthenticated requests...

6.1CVSS6AI score
Exploits0References1
Cvelist
Cvelist
added 2023/12/15 9:50 a.m.30 views

CVE-2023-6838

Reflected XSS vulnerability can be exploited by tampering a request parameter in Authentication Endpoint. This can be performed in both authenticated and unauthenticated requests...

6.1CVSS6.2AI score0.00433EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2023/12/11 12:0 a.m.9 views

PT-2023-9011 · Tp Link · Tp-Link Ac1350 Wireless Mu-Mimo Gigabit Access Point +1

Name of the Vulnerable Software and Affected Versions: Tp-Link AC1350 Wireless MU-MIMO Gigabit Access Point EAP225 V3 version 5.1.0 Build 20220926 Description: A stack-based buffer overflow vulnerability exists in the web interface Radio Scheduling functionality. This issue can be triggered by a...

9CVSS7.7AI score0.01822EPSS
Exploits1References10
Positive Technologies
Positive Technologies
added 2023/12/11 12:0 a.m.5 views

PT-2023-9019 · Tp Link · Eap225 V3 +1

Name of the Vulnerable Software and Affected Versions: Tp-Link AC1350 Wireless MU-MIMO Gigabit Access Point EAP225 V3 version 5.1.0 Build 20220926 Tp-Link EAP115 version 5.0.4 Build 20220216 Description: A stack-based buffer overflow vulnerability exists in the web interface Radio Scheduling...

9CVSS7.6AI score0.01919EPSS
Exploits1References9
Positive Technologies
Positive Technologies
added 2023/12/11 12:0 a.m.15 views

PT-2023-9020 · Tp Link · Eap115 +1

Name of the Vulnerable Software and Affected Versions: Tp-Link AC1350 Wireless MU-MIMO Gigabit Access Point EAP225 V3 version 5.1.0 Build 20220926 Tp-Link EAP115 version 5.0.4 Build 20220216 Description: A stack-based buffer overflow vulnerability exists in the web interface Radio Scheduling...

9CVSS8.1AI score0.01822EPSS
Exploits1References9
PyPA
PyPA
added 2023/12/04 9:15 p.m.9 views

PYSEC-2023-272

The Jupyter Server provides the backend i.e. the core services, APIs, and REST endpoints for Jupyter web applications like Jupyter notebook, JupyterLab, and Voila. Unhandled errors in API requests coming from an authenticated user include traceback information, which can include path information...

4.3CVSS6.8AI score0.00841EPSS
Exploits0References4Affected Software1
Positive Technologies
Positive Technologies
added 2023/11/01 12:0 a.m.4 views

PT-2023-9035

Name of the Vulnerable Software and Affected Versions webOS versions 5 through 7 webOS version 5.5.0 - 04.50.51 webOS version 6.3.3-442 webOS version 7.3.1-43 Description A command injection vulnerability exists in the processAnalyticsReport method from the com.webos.service.cloudupload service...

9.1CVSS6AI score0.04667EPSS
Exploits1References26
Positive Technologies
Positive Technologies
added 2023/11/01 12:0 a.m.5 views

PT-2023-9036

Name of the Vulnerable Software and Affected Versions webOS versions 4 through 7 Description A command injection vulnerability exists in the getAudioMetadata method from the com.webos.service.attachedstoragemanager service. This vulnerability can be triggered by a series of specially crafted...

9.1CVSS6AI score0.06437EPSS
Exploits3References22
Positive Technologies
Positive Technologies
added 2023/11/01 12:0 a.m.6 views

PT-2023-9037

Name of the Vulnerable Software and Affected Versions webOS versions 5 and 6 webOS versions 5.5.0 - 04.50.51 webOS version 6.3.3-442 Description A command injection vulnerability exists in the "com.webos.service.connectionmanager/tv/setVlanStaticAddress" endpoint. This vulnerability can be...

9.1CVSS7.3AI score0.04667EPSS
Exploits2References18
Positive Technologies
Positive Technologies
added 2023/10/23 12:0 a.m.6 views

PT-2023-9141 · Owlet · Owlet Cam

Name of the Vulnerable Software and Affected Versions: Owlet Cam versions v1 and v2 Description: A command injection vulnerability exists in the IOCTL that manages OTA updates, allowing a specially crafted command to lead to command execution as the root user. An attacker can make authenticated...

9CVSS8.1AI score0.02748EPSS
Exploits1References11
OSV
OSV
added 2023/10/11 4:15 p.m.6 views

CVE-2023-34354

A stored cross-site scripting XSS vulnerability exists in the uploadbrand.cgi functionality of peplink Surf SOHO HW1 v6.3.5 in QEMU. A specially crafted HTTP request can lead to execution of arbitrary javascript in another user's browser. An attacker can make an authenticated HTTP request to...

5.4CVSS7.4AI score0.0081EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2023/10/11 12:0 a.m.8 views

PT-2023-24835 · Peplink · Peplink Surf Soho

Name of the Vulnerable Software and Affected Versions: peplink Surf SOHO HW1 version 6.3.5 Description: A stored cross-site scripting XSS issue exists in the upload brand.cgi functionality. This allows an attacker to execute arbitrary javascript in another user's browser by making a specially...

5.4CVSS6AI score0.0081EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2023/10/11 12:0 a.m.4 views

PT-2023-21086 · Peplink · Peplink Surf Soho

Name of the Vulnerable Software and Affected Versions: peplink Surf SOHO HW1 version 6.3.5 Description: An OS command injection issue exists in the admin.cgi USSD send functionality. A specially crafted HTTP request can lead to command execution. An attacker can make an authenticated HTTP request...

8.8CVSS8.9AI score0.05749EPSS
Exploits1References3
OSV
OSV
added 2023/08/03 12:15 p.m.5 views

CVE-2023-37552

In multiple versions of multiple Codesys products, after successful authentication as a user, specific crafted network communication requests with inconsistent content can cause the CmpAppBP component to read internally from an invalid address, potentially leading to a denial-of-service condition...

6.5CVSS5.8AI score0.00519EPSS
Exploits0References1
Veracode
Veracode
added 2023/07/22 5:0 a.m.20 views

Authorization Bypass

gitlab is vulnerable to Authorization Bypasses. A malicious maintainer could exfiltrate a GitHub integration's access token by modifying the integration URL such that authenticated requests are sent to an attacker controlled server...

5.5CVSS6.7AI score0.0067EPSS
Exploits0References4Affected Software1
Rows per page
Query Builder