Lucene search
+L

276 matches found

CNVD
CNVD
added 2025/02/06 12:0 a.m.5 views

coolLabs Coolify Information Disclosure Vulnerability (CNVD-2025-19124)

Coolify is an open source and self-hosted alternative to Heroku/Netlify/Vercel. coolLabs Coolify suffers from an information disclosure vulnerability that stems from the fact that any authenticated user only needs to know the UUID of the model, which can be exploited by an attacker to obtain the...

5.7CVSS6.2AI score0.00162EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/02/05 1:23 a.m.13 views

CVE-2024-20458

A vulnerability in the web-based management interface of Cisco ATA 190 Series Analog Telephone Adapter firmware could allow an unauthenticated, remote attacker to view or delete the configuration or change the firmware on an affected device. This vulnerability is due to a lack of authentication o...

8.2CVSS7.3AI score0.00713EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/01/14 2:9 p.m.24 views

CVE-2024-35277

A missing authentication for critical function in Fortinet FortiPortal version 6.0.0 through 6.0.15, FortiManager version 7.4.0 through 7.4.2, 7.2.0 through 7.2.5, 7.0.0 through 7.0.12, 6.4.0 through 6.4.14 allows attacker to access to the configuration of the managed devices by sending...

8.6CVSS0.00685EPSS
Exploits0References1
OSV
OSV
added 2024/12/27 2:15 p.m.5 views

UBUNTU-CVE-2024-53214

In the Linux kernel, the following vulnerability has been resolved: vfio/pci: Properly hide first-in-list PCIe extended capability There are cases where a PCIe extended capability should be hidden from the user. For example, an unknown capability i.e., capability with ID greater than PCIEXTCAPIDM...

7.8CVSS6.2AI score0.0025EPSS
Exploits0References46
Positive Technologies
Positive Technologies
added 2024/10/01 12:0 a.m.7 views

PT-2024-21074 · Infinera · Infinera Tnms Server

Name of the Vulnerable Software and Affected Versions: Infinera TNMS Server version 19.10.3 Description: The issue allows attackers with access to the database or exported configuration files to obtain SNMP users' usernames and passwords in cleartext. This occurs due to the cleartext storage of...

6.5CVSS6.8AI score0.00185EPSS
Exploits0References6
OSV
OSV
added 2024/09/30 8:15 a.m.5 views

CVE-2024-8456

Certain switch models from PLANET Technology lack proper access control in firmware upload and download functionality, allowing unauthenticated remote attackers to download and upload firmware and system configurations, ultimately gaining full control of the devices...

9.8CVSS5.8AI score0.00575EPSS
Exploits0References2
OSV
OSV
added 2024/09/19 6:15 p.m.4 views

CVE-2024-47160

In JetBrains YouTrack before 2024.3.44799 access to global app config data without appropriate permissions was possible...

5.3CVSS5.8AI score0.00371EPSS
Exploits0References1
CNVD
CNVD
added 2024/09/12 12:0 a.m.9 views

Siemens SIMATIC RFID Readers Hidden Function Vulnerability (CNVD-2024-38007)

SIMATIC RF600 Readers are used for contactless identification of a variety of objects such as shipping containers, pallets, production goods, or often for recording bulk goods.SIMATIC RF1100 is an RFID-based solution for simple and versatile electronic authorization management.SIMATIC RF360R read...

7.1CVSS6.9AI score0.00302EPSS
Exploits0References1
Packet Storm
Packet Storm
added 2024/09/01 12:0 a.m.157 views

HP SiteScope SOAP Call GetSiteScopeConfiguration Configuration Access

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'HP SiteScope SOAP Call getSiteScopeConfiguration Configuration Access', 'Description' = %q This module exploits an authentication bypass...

7.4AI score
Exploits0
CNNVD
CNNVD
added 2024/08/08 12:0 a.m.7 views

Asterisk 安全漏洞

Asterisk is an Asterisk open source software for PBX systems that runs on Linux and supports IP calls using SIP, IAX, and H323 protocols. Asterisk has a security vulnerability that stems from the fact that an AMI user with write=originate can change all configuration files in the /etc/asterisk/...

8.8CVSS8.3AI score0.04703EPSS
Exploits4References9
CVE
CVE
added 2024/06/06 6:55 p.m.71 views

CVE-2024-2359

The CVE concerns parisneo/lollms-webui v9.3. An OS command injection stems from improper neutralization, enabling remote code execution. Affected component: the host/config handling in the runtime; attacker-controlled host via the /update_setting endpoint bypasses the intended protection on /exec...

9.8CVSS10AI score0.01219EPSS
Exploits1References1Affected Software1
RedHat Linux
RedHat Linux
added 2024/04/15 1:45 a.m.47 views

Important: Red Hat Security Advisory: unbound security update

An update for unbound is now available for Red Hat Enterprise Linux 8.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...

8CVSS6.9AI score0.99995EPSS
Exploits1References4
OSV
OSV
added 2024/03/18 9:15 p.m.4 views

UBUNTU-CVE-2024-23333

LDAP Account Manager LAM is a webfrontend for managing entries stored in an LDAP directory. LAM's log configuration allows to specify arbitrary paths for log files. Prior to version 8.7, an attacker could exploit this by creating a PHP file and cause LAM to log some PHP code to this file. When th...

7.9CVSS5.8AI score0.17868EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2024/03/18 12:0 a.m.10 views

PT-2024-19815

Name of the Vulnerable Software and Affected Versions LDAP Account Manager LAM versions prior to 8.7 Description LDAP Account Manager LAM is a web frontend for managing entries stored in an LDAP directory. LAM's log configuration allows specifying arbitrary paths for log files. An attacker could...

7.9CVSS7.9AI score0.17868EPSS
Exploits0References18
CNNVD
CNNVD
added 2024/02/16 12:0 a.m.6 views

NetApp StorageGRID Cross-Site Scripting Vulnerability

NetApp StorageGRID is a suite of object storage solutions from Network Appliance NetApp. A security vulnerability exists in NetApp StorageGRID versions prior to 11.8. An attacker could exploit the vulnerability to view or modify configuration settings or add/modify user accounts...

6.9CVSS6.6AI score0.00314EPSS
Exploits0References2
CNNVD
CNNVD
added 2023/12/05 12:0 a.m.18 views

Microsoft Graphics Component Information Disclosure Vulnerability

Microsoft Graphics Component is a graphics driver component from Microsoft Corporation USA. An information disclosure vulnerability exists in Microsoft Graphics Component msgraph-sdk-php that originates from a vulnerability that allows an attacker to craft HTTP requests to be able to access syste...

5.4CVSS4.8AI score0.02203EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2023/11/23 12:0 a.m.6 views

PT-2023-28093 · Unknown · Pandora Fms

Name of the Vulnerable Software and Affected Versions: Pandora FMS versions 700 through 773 Description: The issue is related to an Uncontrolled Search Path Element vulnerability, which allows for Leveraging/Manipulating Configuration File Search Paths. This vulnerability enables access to the...

9.8CVSS9AI score0.00573EPSS
Exploits0References5
CNNVD
CNNVD
added 2023/11/16 12:0 a.m.5 views

C-First DVR Security Breach

C-First DVR is a digital video recorder from C-First. A security vulnerability exists in the C-First DVR that stems from the system's use of hard-coded passwords, which could allow an unauthenticated, remote attacker to rewrite or gain access to the configuration information of the affected...

9.8CVSS6.7AI score0.01091EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2023/11/16 12:0 a.m.4 views

PT-2023-30368 · First · Cfr-4Eab +4

Name of the Vulnerable Software and Affected Versions: First Corporation's DVRs versions of CFR-4EABC, CFR-4EAB, CFR-8EAB, CFR-16EAB, MD-404AB, and MD-808AB affected versions not specified, but updates are provided only for Late models Description: The issue is related to a hard-coded password in...

9.8CVSS7.4AI score0.01091EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2023/10/27 12:0 a.m.4 views

PT-2023-13434 · Lenovo · Lenovo Printers

Name of the Vulnerable Software and Affected Versions: Lenovo Printers affected versions not specified Description: The issue allows standard users to directly operate and set printer configuration information, such as IP, in some Lenovo Printers without having to authenticate with the...

5.4CVSS5.2AI score0.00269EPSS
Exploits0References6
Rows per page
Query Builder