Lucene search
+L

137 matches found

Positive Technologies
Positive Technologies
added 2023/11/30 12:0 a.m.12 views

PT-2023-9116 · Tenda · Tenda I6

Name of the Vulnerable Software and Affected Versions: Tenda i6 version 1.0.0.83856 Description: The issue is related to a buffer overflow vulnerability in the Wi-Fi router's microprogram, specifically in the /goform/WifiMacFilterSet component. This vulnerability can be exploited by a remote...

7.8CVSS7.6AI score0.0077EPSS
Exploits1References9
Positive Technologies
Positive Technologies
added 2023/11/30 12:0 a.m.6 views

PT-2023-32485 · Unknown · Elijaa/Phpmemcachedadmin

Name of the Vulnerable Software and Affected Versions: elijaa/phpmemcachedadmin version 1.3.0 Description: A critical flaw has been identified, specifically related to a stored XSS vulnerability, allowing malicious actors to insert a carefully crafted JavaScript payload. The issue arises from...

6.1CVSS5.2AI score0.00406EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2023/10/27 12:0 a.m.13 views

PT-2023-30066 · Zioncom (Hong Kong) Technology Limited · A7000R

Name of the Vulnerable Software and Affected Versions: ZIONCOM Hong Kong Technology Limited A7000R version 4.1cu.4154 Description: An issue allows an attacker to execute arbitrary code via the "cig-bin/cstecgi.cgi" endpoint to the setPasswordCfg function. Recommendations: For version 4.1cu.4154,...

9.8CVSS7.6AI score0.00767EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2023/10/21 12:0 a.m.9 views

PT-2023-29814 · Unknown · Thingnario Photon

Name of the Vulnerable Software and Affected Versions: ThingNario Photon version 1.0 Description: An issue in the software allows a remote attacker to execute arbitrary code and escalate privileges via a crafted script to the ping function at the "thingnario Logger Maintenance Webpage" endpoint...

8.8CVSS8.4AI score0.01184EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2023/09/27 12:0 a.m.4 views

PT-2023-29004 · Subrion · Subrion

Name of the Vulnerable Software and Affected Versions: Subrion version 4.2.1 Description: A Cross-site scripting XSS issue exists in the /panel/languages/ endpoint, allowing attackers to execute arbitrary web scripts or HTML by injecting a crafted payload into the Title parameter. This enables...

5.4CVSS5.7AI score0.00495EPSS
Exploits1References7
Positive Technologies
Positive Technologies
added 2023/09/20 12:0 a.m.12 views

PT-2023-26654

Name of the Vulnerable Software and Affected Versions msaad1999's PHP-Login-System version 2.0.1 Description A reflected cross-site scripting XSS issue allows remote attackers to execute arbitrary JavaScript in the web browser of a user. This is achieved by including a malicious payload into the...

6.1CVSS5.6AI score0.00824EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2023/08/29 12:0 a.m.5 views

PT-2023-11510 · Unknown · Earcms Ear App

Name of the Vulnerable Software and Affected Versions: Earcms Ear App version 20181124 Description: An issue in Earcms Ear App allows a remote attacker to execute arbitrary code via the "uload/index-uplog.php" endpoint. This enables the attacker to perform unauthorized actions on the affected...

9.8CVSS9.8AI score0.01236EPSS
Exploits1References6
Positive Technologies
Positive Technologies
added 2023/08/24 12:0 a.m.8 views

PT-2023-4612 · Tenda · Tenda Ac10

Name of the Vulnerable Software and Affected Versions: Tenda AC10 version v4 US AC10V4.0si V16.03.10.13 cn Description: The issue is related to a stack overflow vulnerability via the parameter list and bindnum at the "/goform/SetIpMacBind" API endpoint. This vulnerability may allow a remote...

9.8CVSS9.6AI score0.01002EPSS
Exploits1References6
Positive Technologies
Positive Technologies
added 2023/08/16 12:0 a.m.14 views

PT-2023-27405 · Jenkins · Jenkins Gogs Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Gogs Plugin versions 1.0.15 and earlier Description: The webhook endpoint in Jenkins Gogs Plugin provides unauthenticated attackers with information about the existence of jobs in its output. This endpoint, located at "/gogs-webhook",...

6.5CVSS6.4AI score0.00547EPSS
Exploits0References10
Positive Technologies
Positive Technologies
added 2023/08/01 12:0 a.m.5 views

PT-2023-7485 · Axis · Axis License Plate Verifier

Name of the Vulnerable Software and Affected Versions: AXIS License Plate Verifier affected versions not specified Description: The issue arises from insufficient input validation in the "api.cgi" file of the License Plate Verifier software, allowing for arbitrary code execution. This can be...

8.8CVSS9AI score0.00749EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2023/07/28 12:0 a.m.7 views

PT-2023-13037 · Yii2 · Yii2

Name of the Vulnerable Software and Affected Versions: Yii 2 version 2.0.45 Description: A cross-site scripting XSS issue was discovered via the endpoint "/books". This allows for potential malicious script execution. The estimated number of affected devices and real-world incidents are not...

6.1CVSS6.2AI score0.00395EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2023/07/13 12:0 a.m.6 views

PT-2023-25626 · Sourcecodester · Sourcecodester Ac Repair/Services System

Name of the Vulnerable Software and Affected Versions: SourceCodester AC Repair and Services System version 1.0 Description: A vulnerability has been found in the system, classified as problematic. It affects an unknown functionality of the file "admin/?page=user/manage user". The manipulation of...

6.1CVSS4.3AI score0.00388EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2023/06/22 12:0 a.m.3 views

PT-2023-22365 · Wildix · Wildix Wsg24Poe

Name of the Vulnerable Software and Affected Versions: Wildix WSG24POE version 103SP7D190822 Description: An issue was discovered in the "/cgi-bin/login rj.cgi" API endpoint, allowing attackers to bypass authentication. Recommendations: For Wildix WSG24POE version 103SP7D190822, consider disablin...

7.5CVSS6.7AI score0.00749EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2023/05/26 12:0 a.m.7 views

PT-2023-24344 · Unknown · Sourcecodester Faculty Evaluation System

Name of the Vulnerable Software and Affected Versions: Sourcecodester Faculty Evaluation System version 1.0 Description: The issue allows for arbitrary code execution via the "/eval/ajax.php?action=save user" API endpoint. This could potentially lead to unauthorized access and control of the...

7.2CVSS7.5AI score0.14507EPSS
Exploits4References7
Positive Technologies
Positive Technologies
added 2023/05/05 12:0 a.m.6 views

PT-2023-22497 · S Cms · S-Cms

Name of the Vulnerable Software and Affected Versions: S-CMS version 5.0 Description: The issue is related to an authenticated remote code execution RCE vulnerability. It can be exploited via the /admin/ajax.php API endpoint. Recommendations: For S-CMS version 5.0, consider disabling access to th...

7.2CVSS7.2AI score0.01618EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2023/03/31 12:0 a.m.10 views

PT-2023-20982 · Unknown · Openapi Generator

Name of the Vulnerable Software and Affected Versions: openapi-generator versions up to v6.4.0 Description: The issue is related to a Server-Side Request Forgery SSRF in the component "/api/gen/clients/language". This allows attackers to access network resources and sensitive information via a...

9.1CVSS8.8AI score0.00935EPSS
Exploits1References10
Positive Technologies
Positive Technologies
added 2023/03/27 12:0 a.m.3 views

PT-2023-22030 · Cerebrate · Cerebrate

Name of the Vulnerable Software and Affected Versions: Cerebrate version 1.13 Description: A blind SQL injection issue exists in the "searchAll API endpoint". This allows for potential exploitation. Recommendations: For Cerebrate version 1.13, consider disabling access to the "searchAll API...

9.8CVSS8.3AI score0.00701EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2023/02/28 12:0 a.m.6 views

PT-2023-5052 · Red Hat · Keycloak

Name of the Vulnerable Software and Affected Versions: Keycloak affected versions not specified Description: A flaw was found in the "execute-actions-email" endpoint of Keycloak, allowing arbitrary HTML to be injected into emails sent to Keycloak users. This issue can be misused to perform phishi...

5.5CVSS5.6AI score0.00692EPSS
Exploits0References17
Positive Technologies
Positive Technologies
added 2023/02/27 12:0 a.m.10 views

PT-2023-2141 · Totolink · Totolink A7100Ru

Name of the Vulnerable Software and Affected Versions: TOTOlink A7100RU version V7.4cu.2313 B20191024 Description: The issue is related to a command injection vulnerability. This vulnerability can be exploited via the enabled parameter at the "/setting/setWanIeCfg" API endpoint. The vulnerability...

9.8CVSS9.7AI score0.02047EPSS
Exploits1References6
Positive Technologies
Positive Technologies
added 2023/02/24 12:0 a.m.5 views

PT-2023-16677 · Unknown · Sourcecodester Sales Tracker Management System

Name of the Vulnerable Software and Affected Versions: SourceCodester Sales Tracker Management System version 1.0 Description: A vulnerability was found in the SourceCodester Sales Tracker Management System, affecting the file "admin/?page=user/list". This issue leads to cross-site request forger...

8.8CVSS4.9AI score0.00494EPSS
Exploits1References6
Rows per page
Query Builder