Lucene search
K

258 matches found

RedhatCVE
RedhatCVE
added 2025/05/22 7:18 p.m.5 views

CVE-2021-23233

Sensitive endpoints in Fresenius Kabi Agilia Link+ v3.0 and prior can be accessed without any authentication information such as the session cookie. An attacker can send requests to sensitive endpoints as an unauthenticated user to perform critical actions or modify critical configuration...

9.8CVSS6.9AI score0.00945EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 10:21 a.m.6 views

CVE-2019-15803

An issue was discovered on Zyxel GS1900 devices with firmware before 2.50AAHH.0C0. Through an undocumented sequence of keypresses, undocumented functionality is triggered. A diagnostics shell is triggered via CTRL-ALT-t, which prompts for the password returned by fdssyspassDebugPasswdret. The...

9.1CVSS7.5AI score0.01323EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 8:19 a.m.2 views

CVE-2019-19846

In Joomla! before 3.9.14, the lack of validation of configuration parameters used in SQL queries caused various SQL injection vectors...

9.8CVSS7.9AI score0.01686EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 4:26 a.m.9 views

CVE-2019-13205

All configuration parameters of certain Kyocera printers such as the ECOSYS M5526cdw 2R72000.001.701 were accessible by unauthenticated users. This information was only presented in the menus when authenticated, and the pages that loaded this information were also protected. However, all files th...

7.5CVSS6.7AI score0.01114EPSS
Exploits0References1
NVD
NVD
added 2025/05/13 10:15 a.m.12 views

CVE-2025-40582

A vulnerability has been identified in SCALANCE LPE9403 6GK5998-3GS00-2AC2 All versions with SINEMA Remote Connect Edge Client installed. Affected devices do not properly sanitize configuration parameters. This could allow a non-privileged local attacker to execute root commands on the device...

8.5CVSS0.00156EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/05/13 9:39 a.m.12 views

CVE-2025-40582

A vulnerability has been identified in SCALANCE LPE9403 6GK5998-3GS00-2AC2 All versions with SINEMA Remote Connect Edge Client installed. Affected devices do not properly sanitize configuration parameters. This could allow a non-privileged local attacker to execute root commands on the device...

8.5CVSS0.00156EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/05/13 12:0 a.m.2 views

Siemens SCALANCE LPE9403 操作系统命令注入漏洞

Siemens SCALANCE LPE9403 is a local processing engine for industrial field data processing from Siemens. It is used to capture, collect and pre-process industrial field data. The Siemens SCALANCE LPE9403 suffers from an operating system command injection vulnerability that originates from...

8.5CVSS7.7AI score0.00156EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/04/27 12:1 a.m.26 views

CVE-2025-46617

Quantum StorNext Web GUI API before 7.2.4 grants access to internal StorNext configuration and unauthorized modification of some software configuration parameters via undocumented user credentials. This affects StorNext RYO before 7.2.4, StorNext Xcellis Workflow Director before 7.2.4, and...

7.2CVSS6.9AI score0.00251EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2025/03/04 12:0 a.m.6 views

Linux Distros Unpatched Vulnerability : CVE-2016-6796

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A malicious web application running on Apache Tomcat 9.0.0.M1 to 9.0.0.M9, 8.5.0 to 8.5.4, 8.0.0.RC1 to 8.0.36, 7.0.0 to 7.0.70 and 6.0.0 to 6.0.45 was able to...

7.5CVSS6.2AI score0.08321EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/02/05 10:22 p.m.11 views

CVE-2022-33258

Information disclosure due to buffer over-read in modem while reading configuration parameters...

8.2CVSS6.9AI score0.00354EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/02/05 2:11 a.m.22 views

CVE-2024-2746

Incomplete fix for CVE-2024-1929 The problem with CVE-2024-1929 was that the dnf5 D-Bus daemon accepted arbitrary configuration parameters from unprivileged users, which allowed a local root exploit by tricking the daemon into loading a user controlled "plugin". All of this happened before Polkit...

8.8CVSS6.7AI score0.00289EPSS
Exploits1References1
NVD
NVD
added 2025/01/08 4:15 p.m.17 views

CVE-2024-51737

RediSearch is a Redis module that provides querying, secondary indexing, and full-text search for Redis. An authenticated redis user executing FT.SEARCH or FT.AGGREGATE with a specially crafted LIMIT command argument, or FT.SEARCH with a specially crafted KNN command argument, can trigger an...

7CVSS0.00396EPSS
Exploits1References2
OSV
OSV
added 2025/01/08 4:15 p.m.4 views

UBUNTU-CVE-2024-51737

RediSearch is a Redis module that provides querying, secondary indexing, and full-text search for Redis. An authenticated redis user executing FT.SEARCH or FT.AGGREGATE with a specially crafted LIMIT command argument, or FT.SEARCH with a specially crafted KNN command argument, can trigger an...

7CVSS6.1AI score0.00396EPSS
Exploits1References4
Vulnrichment
Vulnrichment
added 2024/12/17 5:28 p.m.9 views

CVE-2024-42194 HCL BigFix Inventory is affected by an access control vulnerability

An improper handling of insufficient permissions or privileges affects HCL BigFix Inventory. An attacker having access via a read-only account can possibly change certain configuration parameters by crafting a specific REST API call...

3.1CVSS7.2AI score0.00252EPSS
Exploits0References1
CVE
CVE
added 2024/12/17 5:28 p.m.116 views

CVE-2024-42194

CVE-2024-42194 affects HCL BigFix Inventory: an access-control vulnerability arising from improper handling of permissions allows a read-only account to modify certain configuration parameters via a crafted REST API call. The available documents confirm the affected product and the underlying iss...

3.1CVSS4.1AI score0.00252EPSS
Exploits0References1
CNNVD
CNNVD
added 2024/12/17 12:0 a.m.4 views

HCL BigFix Inventory 安全漏洞

HCL BigFix Inventory is a software inventory from HCL USA. Maintaining software audits reduces security risks through software compliance and utilization management. HCL BigFix Inventory has a security vulnerability that stems from insufficient permissions or improper handling of privileges. An...

3.1CVSS6.8AI score0.00252EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/11/15 4:14 p.m.11 views

CVE-2021-34750 Cisco Firepower Management Center Software Configuration Information Disclosure Vulnerability

A vulnerability in the administrative web-based GUI configuration manager of Cisco Firepower Management Center Software could allow an authenticated, remote attacker to access sensitive configuration information. The attacker would require low privilege credentials on an affected device. This...

4.3CVSS6.6AI score0.00271EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2024/11/15 3:54 p.m.24 views

LibreNMS has an Authenticated OS Command Injection

Summary An authenticated attacker can create dangerous directory names on the system and alter sensitive configuration parameters through the web portal. Those two defects combined then allows to inject arbitrary OS commands inside shellexec calls, thus achieving arbitrary code execution. Details...

9.1CVSS7.8AI score0.06933EPSS
Exploits4References4Affected Software1
OSV
OSV
added 2024/11/15 3:54 p.m.10 views

GHSA-X645-6PF9-XWXW LibreNMS has an Authenticated OS Command Injection

Summary An authenticated attacker can create dangerous directory names on the system and alter sensitive configuration parameters through the web portal. Those two defects combined then allows to inject arbitrary OS commands inside shellexec calls, thus achieving arbitrary code execution. Details...

9.1CVSS8.6AI score0.06933EPSS
Exploits4References4
Tenable Nessus
Tenable Nessus
added 2024/11/04 12:0 a.m.14 views

RHEL 5 / 6 : JBoss Enterprise Web Platform 5.2.0 (RHSA-2013:0874)

The remote Redhat Enterprise Linux 5 / 6 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2013:0874 advisory. The Enterprise Web Platform is a slimmed down profile of the JBoss Enterprise Application Platform intended for mid-size workloads with light and...

6.4CVSS6.9AI score0.06322EPSS
Exploits0References6
Rows per page
Query Builder