Lucene search
K

442 matches found

RedhatCVE
RedhatCVE
added 2025/05/23 2:55 a.m.6 views

CVE-2023-1997

An OS Command Injection vulnerability exists in SIMULIA 3DOrchestrate from Release 3DEXPERIENCE R2021x through Release 3DEXPERIENCE R2023x. A specially crafted HTTP request can lead to arbitrary command execution...

8.8CVSS7.4AI score0.01724EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 2:29 a.m.6 views

CVE-2023-36554

A improper access control in Fortinet FortiManager version 7.4.0, version 7.2.0 through 7.2.3, version 7.0.0 through 7.0.10, version 6.4.0 through 6.4.13, 6.2 all versions allows attacker to execute unauthorized code or commands via specially crafted HTTP requests...

9.8CVSS7.5AI score0.00765EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 10:10 p.m.18 views

CVE-2022-39946

An access control vulnerability CWE-284 in FortiNAC version 9.4.2 and below, version 9.2.7 and below, 9.1 all versions, 8.8 all versions, 8.7 all versions, 8.6 all versions, 8.5 all versions may allow a remote attacker authenticated on the administrative interface to perform unauthorized jsp call...

7.6CVSS6.8AI score0.00717EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 9:49 p.m.12 views

CVE-2022-27489

A improper neutralization of special elements used in an os command 'os command injection' in Fortinet FortiExtender 7.0.0 through 7.0.3, 5.3.2, 4.2.4 and below allows attacker to execute unauthorized code or commands via crafted HTTP requests...

7.2CVSS7.6AI score0.01474EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 9:17 p.m.8 views

CVE-2021-32590

Multiple improper neutralization of special elements used in an SQL command vulnerabilities in FortiPortal 6.0.0 through 6.0.4, 5.3.0 through 5.3.5, 5.2.0 through 5.2.5, and 4.2.2 and earlier may allow an attacker with regular user's privileges to execute arbitrary commands on the underlying SQL...

9.9CVSS8.4AI score0.01655EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 7:57 p.m.7 views

CVE-2021-36186

A stack-based buffer overflow in Fortinet FortiWeb version 6.4.0, version 6.3.15 and below, 6.2.5 and below allows attacker to execute unauthorized code or commands via crafted HTTP requests...

9.8CVSS7.9AI score0.01561EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 7:12 p.m.9 views

CVE-2021-21920

A specially-crafted HTTP request can lead to SQL injection. An attacker can make authenticated HTTP requests to trigger this vulnerability at ‘surnamefilter’ parameter with the administrative account or through cross-site request forgery...

7.7CVSS7.4AI score0.01134EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 12:58 p.m.8 views

CVE-2018-19204

PRTG Network Monitor before 18.3.44.2054 allows a remote authenticated attacker with read-write privileges to execute arbitrary code and OS commands with system privileges. When creating an HTTP Advanced Sensor, the user's input in the POST parameter 'proxyport' is mishandled. The attacker can...

9CVSS7.7AI score0.0464EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 10:6 a.m.13 views

CVE-2019-13955

Mikrotik RouterOS before 6.44.5 long-term release tree is vulnerable to stack exhaustion. By sending a crafted HTTP request, an authenticated remote attacker can crash the HTTP server via recursive parsing of JSON. Malicious code cannot be injected...

6.5CVSS6.9AI score0.03754EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 1:52 a.m.10 views

CVE-2016-7398

A type confusion vulnerability in the mergeparam function of phphttpparams.c in PHP's pecl-http extension 3.1.0beta2 PHP 7 and earlier as well as 2.6.0beta2 PHP 5 and earlier allows attackers to crash PHP and possibly execute arbitrary code via crafted HTTP requests...

9.8CVSS7.8AI score0.06797EPSS
Exploits1References1
CISA KEV Catalog
CISA KEV Catalog
added 2025/05/14 12:0 a.m.28 views

Fortinet Multiple Products Stack-Based Buffer Overflow Vulnerability

Fortinet FortiFone, FortiVoice, FortiNDR and FortiMail contain a stack-based overflow vulnerability that may allow a remote unauthenticated attacker to execute arbitrary code or commands via crafted HTTP requests...

9.8CVSS8.4AI score0.31419EPSS
In wildExploits3
BDU FSTEC
BDU FSTEC
added 2025/05/12 12:0 a.m.7 views

The vulnerability of the Certificates and Keys module of the Device Admin App for the ctrlX OS operating system allows a perpetrator to write arbitrary files.

The vulnerability of the Certificates and Keys module in the Device Admin app of the ctrlX OS operating system is related to an incorrect limitation on the path name to the directory. Exploiting this vulnerability allows a malicious actor to write arbitrary files by sending specially crafted HTTP...

7.5CVSS5.6AI score0.003EPSS
Exploits0References3Affected Software1
RedhatCVE
RedhatCVE
added 2025/05/11 6:18 a.m.10 views

CVE-2025-3463

"This issue is limited to motherboards and does not affect laptops, desktop computers, or other endpoints." An insufficient validation vulnerability in ASUS DriverHub may allow untrusted sources to affect system behavior via crafted HTTP requests. Refer to the 'Security Update for ASUS DriverHub'...

9.4CVSS6.9AI score0.00815EPSS
Exploits0References1
NVD
NVD
added 2025/05/09 6:15 a.m.10 views

CVE-2025-3463

"This issue is limited to motherboards and does not affect laptops, desktop computers, or other endpoints." An insufficient validation vulnerability in ASUS DriverHub may allow untrusted sources to affect system behavior via crafted HTTP requests. Refer to the 'Security Update for ASUS DriverHub'...

9.4CVSS0.00815EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/05/09 5:37 a.m.17 views

CVE-2025-3463

"This issue is limited to motherboards and does not affect laptops, desktop computers, or other endpoints." An insufficient validation vulnerability in ASUS DriverHub may allow untrusted sources to affect system behavior via crafted HTTP requests. Refer to the 'Security Update for ASUS DriverHub'...

9.4CVSS0.00815EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/05/09 5:37 a.m.11 views

CVE-2025-3463

"This issue is limited to motherboards and does not affect laptops, desktop computers, or other endpoints." An insufficient validation vulnerability in ASUS DriverHub may allow untrusted sources to affect system behavior via crafted HTTP requests. Refer to the 'Security Update for ASUS DriverHub'...

9.4CVSS6.9AI score0.00815EPSS
Exploits0References1
CVE
CVE
added 2025/05/09 5:37 a.m.92 views

CVE-2025-3463

CVE-2025-3463 concerns ASUS DriverHub, a driver-management tool. The issue is an insufficient validation in handling HTTP requests (and related certificate handling in some reports) that could allow an untrusted source to influence driver updates or software behavior, potentially enabling remote ...

9.4CVSS6.9AI score0.00815EPSS
Exploits0References2
CVE
CVE
added 2025/05/09 5:36 a.m.82 views

CVE-2025-3462

ASUS DriverHub (pre‑1.0.6.0) contains an insufficient validation/origin-check vulnerability in HTTP handling that can let untrusted sources interact with driver features; some reports describe potential remote code execution via crafted HTTP requests and manipulated AsusSetup.ini during silent in...

8.4CVSS6.6AI score0.00486EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/05/09 5:36 a.m.15 views

CVE-2025-3462

"This issue is limited to motherboards and does not affect laptops, desktop computers, or other endpoints." An insufficient validation in ASUS DriverHub may allow unauthorized sources to interact with the software's features via crafted HTTP requests. Refer to the 'Security Update for ASUS...

8.4CVSS0.00486EPSS
Exploits0References1
OSV
OSV
added 2025/05/08 5:41 a.m.9 views

BIT-KIBANA-2025-25014 Kibana arbitrary code execution via prototype pollution

A Prototype pollution vulnerability in Kibana leads to arbitrary code execution via crafted HTTP requests to machine learning and reporting endpoints...

9.8CVSS9.4AI score0.14795EPSS
Exploits2References2
Rows per page
Query Builder