CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Zero Day Initiative•added 2024/12/02 12:0 a.m.•9 views

Hewlett Packard Enterprise Insight Remote Support validateAgainstXSD XML External Entity Processing Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Hewlett Packard Enterprise Insight Remote Support. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of the validateAgainstXSD...

7.3CVSS6.2AI score0.8394EPSS

Exploits1References1

Positive Technologies•added 2024/12/02 12:0 a.m.•4 views

PT-2024-35778 · Freepbx · Freepbx

Name of the Vulnerable Software and Affected Versions: FreePBX version 17.0.19.17 Description: A vulnerability was discovered in FreePBX, allowing high-privilege administrators to insert unwanted files due to a lack of verification of the type of uploaded files. This issue can be exploited for...

2.2CVSS8AI score0.00336EPSS

Exploits0References11

AstraLinux•added 2024/11/23 3:4 a.m.•7 views

Astra Linux – Vulnerability in freeipa

There is a cross-site request forgery vulnerability in ipa/session/loginpassword in all supported versions of IPA. This flaw allows an attacker to trick the user into submitting a request that could perform actions on behalf of the user, resulting in a loss of confidentiality and system integrity...

6.5CVSS6.5AI score0.0057EPSS

OSV•added 2024/11/22 9:15 p.m.•5 views

CVE-2024-9710

PostHog databaseschema Server-Side Request Forgery Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of PostHog. Authentication is required to exploit this vulnerability. The specific flaw exists within the...

8.3CVSS7.1AI score0.00662EPSS

NVD•added 2024/11/22 9:15 p.m.•16 views

CVE-2024-8809

Cohesive Networks VNS3 Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Cohesive Networks VNS3. Authentication is required to exploit this vulnerability. The specific flaw exists within the web...

8.8CVSS0.01582EPSS

OSV•added 2024/11/22 9:15 p.m.•3 views

CVE-2024-8808

8.8CVSS6.3AI score0.01582EPSS

NVD•added 2024/11/22 9:15 p.m.•13 views

CVE-2024-8808

8.8CVSS0.01582EPSS

Cvelist•added 2024/11/22 9:3 p.m.•28 views

CVE-2024-8808 Cohesive Networks VNS3 Command Injection Remote Code Execution Vulnerability

8.8CVSS0.01582EPSS

7.2CVSS6.3AI score0.0151EPSS

CVE-2024-5580

Allegra loadFieldMatch Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Allegra. Authentication is required to exploit this vulnerability. The specific flaw exists within the...

OSV•added 2024/11/22 8:15 p.m.•5 views

CVE-2024-5579

Allegra renderFieldMatch Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Allegra. Authentication is required to exploit this vulnerability. The specific flaw exists within the...

7.2CVSS7.5AI score0.01508EPSS

OSV•added 2024/11/22 8:15 p.m.•5 views

CVE-2024-30372

Allegra getLinkText Server-Side Template Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Allegra. Authentication is required to exploit this vulnerability. The specific flaw exists within the...

6.3CVSS6.3AI score

NVD•added 2024/11/22 8:15 p.m.•13 views

CVE-2024-30372

8.8CVSS0.01129EPSS

ATTACKERKB•added 2024/11/22 8:15 p.m.•1 views

CVE-2023-52333

Allegra saveFile Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Allegra. Although authentication is required to exploit this vulnerability, product implements a registration mechanism that...

9.8CVSS6.3AI score0.01854EPSS

ATTACKERKB•added 2024/11/22 8:15 p.m.•5 views

CVE-2023-51648

Allegra getFileContentAsString Directory Traversal Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Allegra. Although authentication is required to exploit this vulnerability, the product implements a...

7.5CVSS5.7AI score0.01904EPSS

6.5CVSS5.7AI score0.01904EPSS

CVE-2023-51648

6.5CVSS5.7AI score0.01904EPSS

CVE-2023-52334

Allegra downloadAttachmentGlobal Directory Traversal Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Allegra. Although authentication is required to exploit this vulnerability, product implements a...

6.3CVSS6.2AI score0.01259EPSS

CVE-2023-51642

Allegra loadFieldMatch Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Allegra. Although authentication is required to exploit this vulnerability, product implements a...

ATTACKERKB•added 2024/11/22 8:15 p.m.•2 views

CVE-2023-51642

Allegra loadFieldMatch Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Allegra. Although authentication is required to exploit this vulnerability, product implements a...

9.8CVSS6.3AI score0.01259EPSS