Lucene search
K

231 matches found

CNNVD
CNNVD
added 2025/05/14 12:0 a.m.3 views

Netgate pfSense CE 跨站脚本漏洞

Netgate pfSense CE is a FreeBSD-based open source firewall and routing platform from Netgate that supports enterprise-class network security and network management features. A cross-site scripting vulnerability exists in Netgate pfSense CE versions prior to 2.8.0 beta, which stems from a cross-si...

5.4CVSS8.1AI score0.01194EPSS
Exploits1References5
CVE
CVE
added 2025/05/14 12:0 a.m.102 views

CVE-2024-57273

CVE-2024-57273 affects Netgate pfSense CE and Plus builds older than pfSense 2.8.0 beta, with a stored/reflected XSS in the Automatic Configuration Backup (ACB) service. The unsanitized Reason field (and a derivable device key from the public SSH key) enables remote attacker JavaScript execution,...

5.4CVSS6.3AI score0.01194EPSS
Exploits1References3Affected Software2
Positive Technologies
Positive Technologies
added 2025/05/14 12:0 a.m.7 views

PT-2025-21163 · Netgate · Pfsense Ce

Name of the Vulnerable Software and Affected Versions: Netgate pfSense CE versions prior to 2.8.0 beta release Netgate pfSense CE corresponding Plus builds versions prior to 2.8.0 beta release Description: The issue allows remote attackers to execute arbitrary JavaScript, delete backups, or leak...

5.4CVSS8.8AI score0.01194EPSS
Exploits1References12
Cvelist
Cvelist
added 2025/05/14 12:0 a.m.12 views

CVE-2024-57273

Netgate pfSense CE prior to 2.8.0 beta release and corresponding Plus builds is vulnerable to Cross-site scripting XSS in the Automatic Configuration Backup ACB service, allowing remote attackers to execute arbitrary JavaScript, delete backups, or leak sensitive information via an unsanitized...

0.01194EPSS
Exploits1References3
GithubExploit
GithubExploit
added 2025/02/12 12:41 p.m.243 views

Exploit for Relative Path Traversal in Fortinet Fortimanager

Fortimanager insufficient authorization checks CVE-2024-23666...

8.8CVSS9.1AI score0.04184EPSS
Exploits1
RedhatCVE
RedhatCVE
added 2025/02/05 6:49 a.m.8 views

CVE-2024-50358

A CWE-15 "External Control of System or Configuration Setting" was discovered affecting the following devices manufactured by Advantech: EKI-6333AC-2G = 1.6.3, EKI-6333AC-2GD = v1.6.3 and EKI-6333AC-1GPO = v1.2.1. The vulnerability can be exploited by authenticated users by restoring a tampered...

7.2CVSS6.9AI score0.00522EPSS
Exploits0
NVD
NVD
added 2024/12/23 1:15 a.m.9 views

CVE-2024-52321

Multiple SHARP routers contain an improper authentication vulnerability in the configuration backup function. The product's backup files containing sensitive information may be retrieved by a remote unauthenticated attacker...

5.9CVSS0.00501EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2024/12/23 12:18 a.m.7 views

CVE-2024-52321

Multiple SHARP routers contain an improper authentication vulnerability in the configuration backup function. The product's backup files containing sensitive information may be retrieved by a remote unauthenticated attacker...

5.9CVSS5.9AI score0.00501EPSS
Exploits0References2
Cvelist
Cvelist
added 2024/12/23 12:18 a.m.17 views

CVE-2024-52321

Multiple SHARP routers contain an improper authentication vulnerability in the configuration backup function. The product's backup files containing sensitive information may be retrieved by a remote unauthenticated attacker...

5.9CVSS0.00501EPSS
Exploits0References2
CVE
CVE
added 2024/12/23 12:18 a.m.66 views

CVE-2024-52321

CVE-2024-52321 affects SHARP routers via improper authentication in the configuration backup function, allowing a remote unauthenticated attacker to retrieve backup files containing sensitive information. Affected devices include home 5G HR02 (S5.82.00 and earlier), Wi‑Fi STATION SH-52B (S3.87.11...

5.9CVSS7.2AI score0.00501EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2024/12/23 12:0 a.m.5 views

PT-2024-35176 · Sharp · Sharp Routers

Name of the Vulnerable Software and Affected Versions: SHARP routers affected versions not specified Description: The issue is related to an improper authentication vulnerability in the configuration backup function of SHARP routers. This vulnerability allows a remote unauthenticated attacker to...

5.9CVSS7.1AI score0.00501EPSS
Exploits0References7
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2024/12/16 10:54 p.m.4 views

Multiple vulnerabilities in SHARP routers

Overview SHARP routers contain multiple vulnerabilities listed below. OS command injection vulnerability in the HOST name configuration screen CWE-78 - CVE-2024-45721 The hidden debug function is enabled CWE-489 - CVE-2024-46873 Buffer overflow vulnerability in the hidden debug function CWE-120 -...

9.8CVSS8.1AI score0.01187EPSS
Exploits0References15
CVE
CVE
added 2024/11/26 10:51 a.m.44 views

CVE-2024-50358

CVE-2024-50358 affects Advantech EKI-6333AC-2G (<= 1.6.3), EKI-6333AC-2GD (<= v1.6.3), and EKI-6333AC-1GPO ( 1.6.3 and EKI-6333AC-1GPO > 1.2.1. As a temporary measure, restrict access to the configuration backup restoration feature until patches are applied. Public details explicitly des...

7.2CVSS6.9AI score0.00522EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2024/11/26 10:51 a.m.13 views

CVE-2024-50358

A CWE-15 "External Control of System or Configuration Setting" was discovered affecting the following devices manufactured by Advantech: EKI-6333AC-2G = 1.6.3, EKI-6333AC-2GD = v1.6.3 and EKI-6333AC-1GPO = v1.2.1. The vulnerability can be exploited by authenticated users by restoring a tampered...

7.2CVSS0.00522EPSS
Exploits0References1
OSV
OSV
added 2024/10/16 5:15 p.m.4 views

CVE-2024-20280

A vulnerability in the backup feature of Cisco UCS Central Software could allow an attacker with access to a backup file to learn sensitive information that is stored in the full state and configuration backup files. This vulnerability is due to a weakness in the encryption method that is used fo...

6.3CVSS5.8AI score0.00112EPSS
Exploits0References1
CVE
CVE
added 2024/10/16 4:15 p.m.52 views

CVE-2024-20280

CVE-2024-20280 affects Cisco UCS Central Software backup feature. The root cause is a weakness in the encryption method using a static key for backup configuration, allowing an attacker with access to a backup file to learn sensitive information stored in full state and configuration backups. Aff...

6.3CVSS6.2AI score0.00112EPSS
Exploits0References1Affected Software1
Cisco
Cisco
added 2024/10/16 4:0 p.m.13 views

Cisco UCS Central Software Configuration Backup Information Disclosure Vulnerability

A vulnerability in the backup feature of Cisco UCS Central Software could allow an attacker with access to a backup file to learn sensitive information that is stored in the full state and configuration backup files. This vulnerability is due to a weakness in the encryption method that is used fo...

6.3CVSS6.2AI score0.00112EPSS
Exploits0References1
Packet Storm
Packet Storm
added 2024/08/31 12:0 a.m.348 views

Cambium EPMP 1000 SNMP Enumeration

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Cambium ePMP 1000 SNMP Enumeration', 'Description' = % Cambium devices ePMP, PMP, Force, & others can be administered using SNMP. The device...

7.6CVSS7AI score0.09639EPSS
Exploits2
NVD
NVD
added 2024/08/13 4:15 p.m.41 views

CVE-2024-21757

A unverified password change in Fortinet FortiManager versions 7.0.0 through 7.0.10, versions 7.2.0 through 7.2.4, and versions 7.4.0 through 7.4.1, as well as Fortinet FortiAnalyzer versions 7.0.0 through 7.0.10, versions 7.2.0 through 7.2.4, and versions 7.4.0 through 7.4.1, allows an attacker ...

7.8CVSS0.00191EPSS
Exploits0References1
CVE
CVE
added 2024/08/13 3:51 p.m.78 views

CVE-2024-21757

CVE-2024-21757 affects Fortinet FortiManager and FortiAnalyzer. The issue enables an attacker to change admin passwords via a device configuration backup due to an unverified password change. Affected: FortiManager 7.0.0–7.0.10, 7.2.0–7.2.4, 7.4.0–7.4.1; FortiAnalyzer 7.0.0–7.0.10, 7.2.0–7.2.4, 7...

7.8CVSS6.3AI score0.00191EPSS
Exploits0References1Affected Software2
Rows per page
Query Builder