Lucene search
K

172 matches found

CVE
CVE
added 2024/08/15 3:10 a.m.76 views

CVE-2024-6534

CVE-2024-6534 affects Directus v10.13.0. An authenticated external attacker can modify presets created by the same user to assign them to another user due to insufficient validation of the user parameter in PATCH /presets (only POST /presets is validated). This vulnerability, when chained with CV...

4.3CVSS4.2AI score0.00326EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2024/08/15 3:4 a.m.67 views

CVE-2024-6533

Directus 10.13.0 is affected by a DOM-based XSS flaw where an authenticated attacker can inject and store an attacker-controlled value that is rendered into an unsanitized DOM element on the client. The issue stems from how a parameter is stored on the server and later used by the client, enablin...

5.4CVSS4.8AI score0.00358EPSS
Exploits1References2Affected Software1
RedHat Linux
RedHat Linux
added 2024/05/06 2:10 p.m.1 views

jackson-databind: denial of service via cylic dependencies

jackson-databind through 2.15.2 allows attackers to cause a denial of service or other unspecified impact via a crafted object that uses cyclic dependencies. NOTE: the vendor's perspective is that this is not a valid vulnerability report, because the steps of constructing a cyclic data structure...

4.7CVSS6.8AI score0.00352EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2024/02/12 10:27 a.m.5 views

jackson-databind: denial of service via cylic dependencies

jackson-databind through 2.15.2 allows attackers to cause a denial of service or other unspecified impact via a crafted object that uses cyclic dependencies. NOTE: the vendor's perspective is that this is not a valid vulnerability report, because the steps of constructing a cyclic data structure...

4.7CVSS6.8AI score0.00352EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2023/12/07 11:16 p.m.12 views

CVE-2023-5008 Student Information System v1.0 - Unauthenticated SQL Injection

Student Information System v1.0 is vulnerable to an unauthenticated SQL Injection vulnerability on the 'regno' parameter of index.php page, allowing an external attacker to dump all the contents of the database contents and bypass the login control...

9.8CVSS8.2AI score0.00883EPSS
Exploits1References2
CNNVD
CNNVD
added 2023/10/04 12:0 a.m.8 views

Atlassian Confluence Server Security Vulnerability

Atlassian Confluence Server is the server version of Atlassian Australia's suite of collaboration software with enterprise knowledge management capabilities and support for building enterprise WiKi. A security vulnerability exists in Atlassian Confluence Server that stems from an unknown...

10CVSS6.6AI score0.99156EPSS
Exploits39References11
RedHat Linux
RedHat Linux
added 2023/09/28 11:55 a.m.3 views

jackson-databind: denial of service via cylic dependencies

jackson-databind through 2.15.2 allows attackers to cause a denial of service or other unspecified impact via a crafted object that uses cyclic dependencies. NOTE: the vendor's perspective is that this is not a valid vulnerability report, because the steps of constructing a cyclic data structure...

4.7CVSS6.8AI score0.00352EPSS
Exploits0References4
Packet Storm
Packet Storm
added 2023/07/11 12:0 a.m.237 views

Ateme TITAN File 3.9 Job Callbacks Server-Side Request Forgery

Ateme TITAN File 3.9 Job Callbacks SSRF File Enumeration Vendor: Ateme Product web page: https://www.ateme.com Affected version: 3.9.12.4 3.9.11.0 3.9.9.2 3.9.8.0 Summary: TITAN File is a multi-codec/format video transcoding software, for mezzanine, STB and ABR VOD, PostProduction, Playout and...

7.1AI score
Exploits0
Zero Science Lab
Zero Science Lab
added 2023/07/07 12:0 a.m.378 views

Ateme TITAN File 3.9 Job Callbacks SSRF File Enumeration

Summary TITAN File is a multi-codec/format video transcoding software, for mezzanine, STB and ABR VOD, PostProduction, Playout and Archive applications. TITAN File is based on ATEME 5th Generation STREAM compression engine and delivers the highest video quality at minimum bitrates with accelerate...

5.9AI score
Exploits0
Github Security Blog
Github Security Blog
added 2023/07/06 8:51 p.m.26 views

Graylog vulnerable to insecure source port usage for DNS queries

Summary Graylog utilises only one single source port for DNS queries. Details Graylog seems to bind a single socket for outgoing DNS queries. That socket is bound to a random port number which is not changed again. This goes against recommended practice since 2008, when Dan Kaminsky discovered ho...

5.3CVSS6.7AI score0.00295EPSS
Exploits1References5Affected Software1
SUSE CVE
SUSE CVE
added 2023/06/16 1:16 a.m.4 views

SUSE CVE-2023-35116

jackson-databind through 2.15.2 allows attackers to cause a denial of service or other unspecified impact via a crafted object that uses cyclic dependencies. NOTE: the vendor's perspective is that this is not a valid vulnerability report, because the steps of constructing a cyclic data structure...

4.7CVSS6.8AI score0.00352EPSS
Exploits0References3
OSV
OSV
added 2023/06/14 2:15 p.m.4 views

UBUNTU-CVE-2023-35116

DISPUTED jackson-databind through 2.15.2 allows attackers to cause a denial of service or other unspecified impact via a crafted object that uses cyclic dependencies. NOTE: the vendor's perspective is that this is not a valid vulnerability report, because the steps of constructing a cyclic data...

4.7CVSS6.7AI score0.00352EPSS
Exploits0References3
CNNVD
CNNVD
added 2023/05/11 12:0 a.m.30 views

File Tracker Manager System SQL注入漏洞

File Tracker Manager System is a file tracker manager system. File Tracker Manager System v1.0 suffers from a SQL injection vulnerability, which originates from the lack of validation of the parameter newpassword in the file register/updatepassword.php against externally entered SQL statements. A...

9.8CVSS8.1AI score0.00726EPSS
Exploits1References4
NVD
NVD
added 2023/04/25 1:15 p.m.33 views

CVE-2023-26057

An XXE issue was discovered in Nokia NetAct before 22 FP2211 via an XML document to the Configuration Dashboard page. Input validation and a proper XML parser configuration are missing. For an external attacker, it is very difficult to exploit this, because a few dynamically created parameters su...

6.5CVSS6.4AI score0.00486EPSS
Exploits0References2
Prion
Prion
added 2023/04/25 1:15 p.m.21 views

Input validation

An XXE issue was discovered in Nokia NetAct before 22 FP2211 via an XML document to the Configuration Dashboard page. Input validation and a proper XML parser configuration are missing. For an external attacker, it is very difficult to exploit this, because a few dynamically created parameters su...

4CVSS6.4AI score0.00486EPSS
Exploits0References2Affected Software1
Prion
Prion
added 2023/04/25 1:15 p.m.17 views

Input validation

An XXE issue was discovered in Nokia NetAct before 22 FP2211 via an XML document to a Performance Manager page. Input validation and a proper XML parser configuration are missing. For an external attacker, it is very difficult to exploit this, because a few dynamically created parameters such as...

4CVSS6.4AI score0.00486EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2023/04/25 12:0 a.m.31 views

CVE-2023-26057

An XXE issue was discovered in Nokia NetAct before 22 FP2211 via an XML document to the Configuration Dashboard page. Input validation and a proper XML parser configuration are missing. For an external attacker, it is very difficult to exploit this, because a few dynamically created parameters su...

6.5CVSS6.6AI score0.00486EPSS
Exploits0References2
Cvelist
Cvelist
added 2023/04/25 12:0 a.m.30 views

CVE-2023-26058

An XXE issue was discovered in Nokia NetAct before 22 FP2211 via an XML document to a Performance Manager page. Input validation and a proper XML parser configuration are missing. For an external attacker, it is very difficult to exploit this, because a few dynamically created parameters such as...

6.5CVSS6.6AI score0.00486EPSS
Exploits0References2
NVD
NVD
added 2023/04/24 5:15 p.m.35 views

CVE-2023-26060

An issue was discovered in Nokia NetAct before 22 FP2211. On the Working Set Manager page, users can create a Working Set with a name that has a client-side template injection payload. Input validation is missing during creation of the working set. For an external attacker, it is very difficult t...

8.8CVSS7.3AI score0.0059EPSS
Exploits0References2
NVD
NVD
added 2023/04/24 5:15 p.m.28 views

CVE-2023-26061

An issue was discovered in Nokia NetAct before 22 FP2211. On the Scheduled Search tab under the Alarm Reports Dashboard page, users can create a script to inject XSS. Input validation was missing during creation of a scheduled task. For an external attacker, it is very difficult to exploit this,...

6.8CVSS6.6AI score0.00371EPSS
Exploits0References2
Rows per page
Query Builder