Lucene search
K

84 matches found

RedhatCVE
RedhatCVE
added 2025/08/16 12:16 a.m.14 views

CVE-2024-53946

The KuWFi 4G LTE AC900 router 1.0.13 is vulnerable to Cross-Site Request Forgery CSRF on its web management interface. This vulnerability allows an attacker to trick an authenticated admin user into performing unauthorized actions, such as exploiting a command injection vulnerability in...

8.8CVSS7.6AI score0.00586EPSS
Exploits0References1
CVE
CVE
added 2025/08/14 12:0 a.m.27 views

CVE-2024-53946

CVE-2024-53946 concerns the KuWFi 4G LTE AC900 router (version 1.0.13). The core issue is Cross-Site Request Forgery (CSRF) on the router’s web management interface, which can coerce an authenticated admin into performing unintended actions. Documents also reference exploitation of a command inje...

8.8CVSS7.5AI score0.00586EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2025/08/09 12:0 a.m.4 views

Linux Distros Unpatched Vulnerability : CVE-2021-23985

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - If an attacker is able to alter specific about:config values for example malware running on the user's computer, the Devtools remote debugging feature could hav...

6.5CVSS7.5AI score0.01397EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/05/22 6:20 a.m.6 views

CVE-2017-7622

dde-daemon, the daemon process of DDE Deepin Desktop Environment 15.0 through 15.3, runs with root privileges and hardly does anything to identify the user who calls the function through D-Bus. Anybody can change the grub config, even to append some arguments to make a backdoor or privilege...

9CVSS7.1AI score0.01268EPSS
Exploits1References1
OSV
OSV
added 2025/03/11 6:15 p.m.2 views

CVE-2025-27167

Illustrator versions 29.2.1, 28.7.4 and earlier are affected by an Untrusted Search Path vulnerability that might allow attackers to execute their own programs, access unauthorized data files, or modify configuration in unexpected ways. If the application uses a search path to locate critical...

7.8CVSS5.9AI score0.00219EPSS
Exploits0References1
BDU FSTEC
BDU FSTEC
added 2024/05/06 12:0 a.m.7 views

The vulnerability of the microprogramming software of Mitel series 6800, 6900, 6900w, and 6970 lies in the fact that it allows for the insertion or modification of arguments, enabling an intruder to gain unauthorized access to protected information, alter the phone’s configuration, or execute arbitrary commands.

The vulnerability of the microprogramming software of Mitel series 6800, 6900, 6900w, and 6970 is related to the implementation or modification of arguments. Exploiting this vulnerability can allow an intruder to gain unauthorized access to protected information, modify the phone’s configuration,...

7.2CVSS5.8AI score0.00441EPSS
Exploits0References4Affected Software1
Positive Technologies
Positive Technologies
added 2023/11/29 12:0 a.m.5 views

PT-2023-32496 · Esm · Esm

Name of the Vulnerable Software and Affected Versions: ESM versions prior to 11.6.8 Description: A server-side request forgery issue allows a low-privileged authenticated user to upload arbitrary content, potentially altering configuration. This is possible through the certificate validation...

4.3CVSS4.7AI score0.00243EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2023/10/11 12:0 a.m.6 views

PT-2023-6146 · Juniper Networks · Junos Evolved +1

Name of the Vulnerable Software and Affected Versions: Juniper Networks Junos OS versions prior to 20.4R3-S4 Juniper Networks Junos OS versions 21.1 prior to 21.1R3-S4 Juniper Networks Junos OS versions 21.2 prior to 21.2R3-S2 Juniper Networks Junos OS versions 21.3 prior to 21.3R2-S2, 21.3R3-S1...

5.5CVSS5.5AI score0.00145EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2023/09/27 12:0 a.m.3 views

PT-2023-5579 · Cisco · Cisco Catalyst Sd-Wan Manager

Name of the Vulnerable Software and Affected Versions: Cisco Catalyst SD-WAN Manager affected versions not specified Description: The issue is related to insufficient user session management within the Cisco Catalyst SD-WAN Manager system, specifically in the multi-tenant feature. This could allo...

9CVSS8.3AI score0.0061EPSS
Exploits0References10
ATTACKERKB
ATTACKERKB
added 2023/09/14 7:16 p.m.6 views

CVE-2023-39285

A vulnerability in the Edge Gateway component of Mitel MiVoice Connect through 19.3 SP3 22.24.5800.0 could allow an unauthenticated attacker to perform a Cross Site Request Forgery CSRF attack due to insufficient request validation. A successful exploit could allow an attacker to provide a modifi...

4.3CVSS5.8AI score0.00233EPSS
Exploits0References2
BDU FSTEC
BDU FSTEC
added 2023/06/30 12:0 a.m.6 views

The vulnerability of the account_operator.cgi file in the microprogramming software for ZyXEL USG FLEX and VPN devices allows a hacker to alter the device’s configuration data and trigger a service failure.

The vulnerability of the accountoperator.cgi file in the ZyXEL USG FLEX and VPN networking devices relates to the lack of measures taken to neutralize special elements used in the operating system commands. Exploiting this vulnerability can allow a malicious actor to remotely alter the device’s...

10CVSS7.8AI score0.01291EPSS
Exploits0References2Affected Software11
0day.today
0day.today
added 2023/03/20 12:0 a.m.453 views

Open Web Analytics 1.7.3 Remote Code Execution Exploit

Open Web Analytics OWA versions prior to 1.7.4 allow an unauthenticated remote attacker to obtain sensitive user information, which can be used to gain admin privileges by leveraging cache hashes. class MetasploitModule 'Open Web Analytics 1.7.3 - Remote Code Execution RCE', 'Description' = %q Op...

9.8CVSS1AI score0.99134EPSS
Exploits14
Positive Technologies
Positive Technologies
added 2023/03/14 12:0 a.m.3 views

PT-2023-1944 · Adobe · Adobe Creative Cloud Desktop Application

Name of the Vulnerable Software and Affected Versions: Adobe Creative Cloud Desktop Application versions 5.9.1 and earlier Description: The issue is related to an untrusted search path in the application, which could allow an attacker to execute arbitrary code, access unauthorized data files, or...

8.6CVSS8AI score0.00355EPSS
Exploits0References4
OSV
OSV
added 2022/09/08 1:15 p.m.6 views

CVE-2022-20696

A vulnerability in the binding configuration of Cisco SD-WAN vManage Software containers could allow an unauthenticated, adjacent attacker who has access to the VPN0 logical network to also access the messaging service ports on an affected system. This vulnerability exists because the messaging...

8.8CVSS5.8AI score0.00342EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2022/09/07 11:0 p.m.6 views

CVE-2022-20696

A vulnerability in the binding configuration of Cisco SD-WAN vManage Software containers could allow an unauthenticated, adjacent attacker who has access to the VPN0 logical network to also access the messaging service ports on an affected system. This vulnerability exists because the messaging...

8.8CVSS7.4AI score0.00342EPSS
Exploits0References2
CNNVD
CNNVD
added 2022/06/28 12:0 a.m.5 views

Motorola Solutions ACE1000 信任管理问题漏洞

The Motorola Solutions ACE1000 is a Remote Terminal Unit RTU from Motorola Solutions USA. A security vulnerability exists in the Motorola Solutions ACE1000 RTU version that originates from communication with the XRT LAN to the radio gateway via an embedded client, where access credentials to this...

9.8CVSS8.3AI score0.00544EPSS
Exploits0References6
OSV
OSV
added 2022/04/21 7:15 p.m.4 views

CVE-2022-20773

A vulnerability in the key-based SSH authentication mechanism of Cisco Umbrella Virtual Appliance VA could allow an unauthenticated, remote attacker to impersonate a VA. This vulnerability is due to the presence of a static SSH host key. An attacker could exploit this vulnerability by performing ...

8.1CVSS5.8AI score
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2022/04/13 4:0 p.m.8 views

CVE-2022-20735

A vulnerability in the web-based management interface of Cisco SD-WAN vManage Software could allow an unauthenticated, remote attacker to conduct a cross-site request forgery CSRF attack on an affected system. This vulnerability is due to insufficient CSRF protections for the web-based management...

6.5CVSS6.4AI score0.00467EPSS
Exploits0References2
OSV
OSV
added 2021/12/30 10:15 p.m.4 views

CVE-2021-45732

Netgear Nighthawk R6700 version 1.0.4.120 makes use of a hardcoded credential. It does not appear that normal users are intended to be able to manipulate configuration backups due to the fact that they are encrypted/obfuscated. By extracting the configuration using readily available public tools,...

8.8CVSS7.3AI score0.00779EPSS
Exploits0References1
CNNVD
CNNVD
added 2021/12/21 12:0 a.m.4 views

Fresenius Kabi Agilia Connect Infusion System 访问控制错误漏洞

Fresenius Kabi Agilia Connect Infusion System is an infusion system from the German company Fresenius Kabi.An authorization issue vulnerability exists in Fresenius Kabi Agilia Connect Infusion System, which stems from the fact that the program has a default configuration page that can be accessed...

5.3CVSS5.6AI score0.00802EPSS
Exploits0References5
Rows per page
Query Builder