Lucene search
K

1747 matches found

Vulnrichment
Vulnrichment
added 2025/03/16 11:31 p.m.7 views

CVE-2025-2353 VAM Virtual Airlines Manager HTTP GET Parameter index.php sql injection

A vulnerability, which was classified as critical, was found in VAM Virtual Airlines Manager up to 2.6.2. Affected is an unknown function of the file /vam/index.php of the component HTTP GET Parameter Handler. The manipulation of the argument ID/registryid/planeicao leads to sql injection. It is...

7.5CVSS7.5AI score0.0035EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/03/15 6:20 a.m.7 views

CVE-2023-48790

A cross site request forgery vulnerability CWE-352 in Fortinet FortiNDR version 7.4.0, 7.2.0 through 7.2.1 and 7.1.0 through 7.1.1 and before 7.0.5 may allow a remote unauthenticated attacker to execute unauthorized actions via crafted HTTP GET requests...

7.5CVSS7AI score0.00222EPSS
Exploits0References3
CVE
CVE
added 2025/03/11 2:54 p.m.52 views

CVE-2023-48790

Fortinet FortiNDR is affected by a cross-site request forgery (CSRF, CWE-352) vulnerability that allows a remote unauthenticated attacker to perform unauthorized actions via crafted HTTP GET requests. Affected versions include 7.4.0, 7.2.0–7.2.1, 7.1.0–7.1.1, and all versions prior to 7.0.5. The ...

8.8CVSS7.7AI score0.00222EPSS
Exploits0References1Affected Software1
BDU FSTEC
BDU FSTEC
added 2025/03/11 12:0 a.m.5 views

The vulnerability of the httpGetEnv() function in the microprogramming software of TP-Link’s wireless signal booster device TL-WA850RE allows a hacker to induce a service failure.

The vulnerability of the httpGetEnv function in the microprogramming software of TP-Link’s wireless signal booster device TL-WA850RE is related to the operation that goes beyond the buffer in memory when processing the end-point data/syslog.filter.json file with the type parameter. Exploiting thi...

6.8CVSS6.8AI score0.15807EPSS
Exploits1References4Affected Software1
RedhatCVE
RedhatCVE
added 2025/03/06 2:36 a.m.9 views

CVE-2024-50707

Unauthenticated remote code execution vulnerability in Uniguest Tripleplay before 24.2.1 allows remote attackers to execute arbitrary code via the X-Forwarded-For header in an HTTP GET request...

10CVSS8.8AI score0.00788EPSS
Exploits0References1
NVD
NVD
added 2025/03/04 4:15 p.m.6 views

CVE-2024-50707

Unauthenticated remote code execution vulnerability in Uniguest Tripleplay before 24.2.1 allows remote attackers to execute arbitrary code via the X-Forwarded-For header in an HTTP GET request...

10CVSS0.00788EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/03/04 12:0 a.m.6 views

CVE-2024-50707

Unauthenticated remote code execution vulnerability in Uniguest Tripleplay before 24.2.1 allows remote attackers to execute arbitrary code via the X-Forwarded-For header in an HTTP GET request...

8.2AI score0.00788EPSS
Exploits0References2
CVE
CVE
added 2025/03/04 12:0 a.m.64 views

CVE-2024-50707

CVE-2024-50707 is an unauthenticated remote code‑execution in Uniguest Tripleplay prior to version 24.2.1. The issue can be triggered by sending a crafted HTTP GET containing an X-Forwarded-For header, allowing an attacker to execute arbitrary code on affected systems. The CVSS v3.1 base score is...

10CVSS8.2AI score0.00788EPSS
Exploits0References2Affected Software1
BDU FSTEC
BDU FSTEC
added 2025/02/18 12:0 a.m.4 views

The vulnerability of the httpGetEnv() function (userRpm/WanDynamicIpV6CfgRpm.htm) in TP-Link TL-WR841ND router software allows a attacker to cause a service failure.

The vulnerability of the httpGetEnv function userRpm/WanDynamicIpV6CfgRpm.htm in the TP-Link TL-WR841ND router software is related to buffer overflows caused by improper cleaning or resource release when processing the gw parameter. Exploiting this vulnerability allows a remote attacker to cause...

3.5CVSS5.8AI score0.00284EPSS
Exploits0References3
NVD
NVD
added 2025/02/16 7:15 p.m.13 views

CVE-2025-1357

A vulnerability classified as problematic has been found in Seventh D-Guard up to 20250206. This affects an unknown part of the component HTTP GET Request Handler. The manipulation leads to path traversal. It is possible to initiate the attack remotely. The exploit has been disclosed to the publi...

5.3CVSS0.00435EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2025/02/16 6:31 p.m.5 views

CVE-2025-1357 Seventh D-Guard HTTP GET Request path traversal

A vulnerability classified as problematic has been found in Seventh D-Guard up to 20250206. This affects an unknown part of the component HTTP GET Request Handler. The manipulation leads to path traversal. It is possible to initiate the attack remotely. The exploit has been disclosed to the publi...

5.3CVSS4.7AI score0.00435EPSS
Exploits0References3
Cvelist
Cvelist
added 2025/02/16 6:31 p.m.12 views

CVE-2025-1357 Seventh D-Guard HTTP GET Request path traversal

A vulnerability classified as problematic has been found in Seventh D-Guard up to 20250206. This affects an unknown part of the component HTTP GET Request Handler. The manipulation leads to path traversal. It is possible to initiate the attack remotely. The exploit has been disclosed to the publi...

5.3CVSS0.00435EPSS
Exploits0References3
CVE
CVE
added 2025/02/16 6:31 p.m.75 views

CVE-2025-1357

CVE-2025-1357 is tied to Seventh D-Guard’s HTTP GET Request Handler path traversal vulnerability affecting versions up to 20250206. The issue allows remote initiation and has public exploit exposure; multiple sources corroborate the path traversal in the HTTP GET Request Handler component. Red Ha...

5.3CVSS4.7AI score0.00435EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/02/13 11:13 p.m.7 views

CVE-2024-35341

Certain Anpviz products allow unauthenticated users to download the running configuration of the device via a HTTP GET request to /ConfigFile.ini or /config.xml URIs. This configuration file contains usernames and encrypted passwords encrypted with a hardcoded key common to all devices. This...

7.5CVSS7.1AI score0.00396EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/02/09 6:22 p.m.18 views

CVE-2025-1105

A vulnerability was found in SiberianCMS 4.20.6. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /app/sae/design/desktop/flat of the component HTTP GET Request Handler. The manipulation leads to cross site scripting. The attack may be launched...

5.3CVSS6AI score0.00363EPSS
Exploits0References1
NVD
NVD
added 2025/02/07 6:15 p.m.36 views

CVE-2025-1105

A vulnerability was found in SiberianCMS 4.20.6. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /app/sae/design/desktop/flat of the component HTTP GET Request Handler. The manipulation leads to cross site scripting. The attack may be launched...

6.1CVSS0.00363EPSS
Exploits0References3
Cvelist
Cvelist
added 2025/02/07 6:0 p.m.30 views

CVE-2025-1105 SiberianCMS HTTP GET Request flat cross site scripting

A vulnerability was found in SiberianCMS 4.20.6. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /app/sae/design/desktop/flat of the component HTTP GET Request Handler. The manipulation leads to cross site scripting. The attack may be launched...

5.3CVSS0.00363EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2025/02/07 6:0 p.m.14 views

CVE-2025-1105 SiberianCMS HTTP GET Request flat cross site scripting

A vulnerability was found in SiberianCMS 4.20.6. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /app/sae/design/desktop/flat of the component HTTP GET Request Handler. The manipulation leads to cross site scripting. The attack may be launched...

5.3CVSS6.1AI score0.00363EPSS
Exploits0References3
CVE
CVE
added 2025/02/07 6:0 p.m.60 views

CVE-2025-1105

SiberianCMS 4.20.6 is affected by CVE-2025-1105 due to an issue in the HTTP GET Request Handler: the file /app/sae/design/desktop/flat can be manipulated to trigger cross-site scripting. The vulnerability arises from an unknown functionality in that handler, with remote exploitation and public di...

6.1CVSS6AI score0.00363EPSS
Exploits0References3Affected Software1
CNNVD
CNNVD
added 2025/02/07 12:0 a.m.4 views

SiberianCMS 代码注入漏洞

SiberianCMS is an open source and free application manufacturing software from SiberianCMS Inc. A code injection vulnerability exists in SiberianCMS version 4.20.6, which originates in the file /app/sae/design/desktop/flat of the component HTTP GET request handler can lead to a cross-site scripti...

6.1CVSS5AI score0.00363EPSS
Exploits0References4
Rows per page
Query Builder