Lucene search
K

16598 matches found

Cvelist
Cvelist
added 2024/10/04 12:0 a.m.23 views

CVE-2024-47854

An XSS vulnerability was discovered in Veritas Data Insight before 7.1. It allows a remote attacker to inject an arbitrary web script into an HTTP request that could reflect back to an authenticated user without sanitization if executed by that user...

6.1CVSS0.00657EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2024/10/04 12:0 a.m.18 views

CVE-2024-47854

An XSS vulnerability was discovered in Veritas Data Insight before 7.1. It allows a remote attacker to inject an arbitrary web script into an HTTP request that could reflect back to an authenticated user without sanitization if executed by that user...

6.1CVSS5.9AI score0.00657EPSS
Exploits1References2
CVE
CVE
added 2024/10/04 12:0 a.m.55 views

CVE-2024-47854

CVE-2024-47854 describes a reflected XSS vulnerability in Veritas Data Insight before 7.1. The issue allows a remote attacker to inject arbitrary web script into an HTTP request, which could be reflected to an authenticated user if executed, due to insufficient sanitization. Affected software: Ve...

6.1CVSS5.9AI score0.00657EPSS
Exploits1References2Affected Software1
BDU FSTEC
BDU FSTEC
added 2024/10/04 12:0 a.m.4 views

The vulnerability of HTTP servers for Ruby/Rack applications developed with Puma allows attackers to execute arbitrary code.

The vulnerability of HTTP servers for Ruby/Rack applications developed with Puma is related to improper handling of HTTP requests. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...

5.4CVSS6.7AI score0.00646EPSS
Exploits0References9Affected Software5
NVD
NVD
added 2024/10/03 4:15 p.m.18 views

CVE-2024-41922

A directory traversal vulnerability exists in the log files download functionality of Veertu Anka Build 1.42.0. A specially crafted HTTP request can lead to a disclosure of sensitive information. An attacker can make an unauthenticated HTTP request to trigger this vulnerability...

7.5CVSS0.07963EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2024/10/03 3:16 p.m.17 views

CVE-2024-41163

A directory traversal vulnerability exists in the archive functionality of Veertu Anka Build 1.42.0. A specially crafted HTTP request can lead to a disclosure of sensitive information. An attacker can make an unauthenticated HTTP request to trigger this vulnerability...

7.5CVSS7.6AI score0.47107EPSS
Exploits1References1
Cvelist
Cvelist
added 2024/10/03 3:16 p.m.28 views

CVE-2024-41163

A directory traversal vulnerability exists in the archive functionality of Veertu Anka Build 1.42.0. A specially crafted HTTP request can lead to a disclosure of sensitive information. An attacker can make an unauthenticated HTTP request to trigger this vulnerability...

7.5CVSS0.47107EPSS
Exploits1References1
CVE
CVE
added 2024/10/03 3:16 p.m.46 views

CVE-2024-41163

CVE-2024-41163 affects Veertu Anka Build 1.42.0. A directory traversal flaw resides in the archive functionality, exploitable via unauthenticated HTTP requests to the registry endpoints (for example, /api/v1/registry/log/archive or /log/archive), allowing disclosure of sensitive files. CVSSv3.1 b...

7.5CVSS7.6AI score0.47107EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2024/10/03 3:16 p.m.26 views

CVE-2024-41922

A directory traversal vulnerability exists in the log files download functionality of Veertu Anka Build 1.42.0. A specially crafted HTTP request can lead to a disclosure of sensitive information. An attacker can make an unauthenticated HTTP request to trigger this vulnerability...

7.5CVSS0.07963EPSS
Exploits1References1
EUVD
EUVD
added 2024/10/03 3:16 p.m.4 views

EUVD-2024-39275

A directory traversal vulnerability exists in the log files download functionality of Veertu Anka Build 1.42.0. A specially crafted HTTP request can lead to a disclosure of sensitive information. An attacker can make an unauthenticated HTTP request to trigger this vulnerability...

7.5CVSS6.2AI score0.07963EPSS
Exploits1References1
CVE
CVE
added 2024/10/03 3:16 p.m.58 views

CVE-2024-41922

Veertu Anka Build 1.42.0 contains a directory traversal vulnerability in the log files download functionality. Talos TALOS-2024-2061 reports that the registry log server builds log file paths by concatenating the service parameter without validating directory traversal sequences (e.g., ../), then...

7.5CVSS7.6AI score0.07963EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2024/10/03 12:0 a.m.19 views

CVE-2024-34535

In Mastodon 4.1.6, API endpoint rate limiting can be bypassed by setting a crafted HTTP request header...

0.00371EPSS
Exploits0References2
Packet Storm
Packet Storm
added 2024/10/03 12:0 a.m.320 views

WordPress Bricks Builder Theme 1.9.6 Code Injection

============================================================================================================================================= | Title : WordPress Bricks Builder Theme 1.9.6 php code injection Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla...

7.4AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2024/10/03 12:0 a.m.9 views

Cisco IOS XE Software Unified Threat Defense Snort Intrusion Prevention System Engine for Security Policy Bypass DoS (cisco-sa-utd-snort3-dos-bypas-b4OUEwxD)

According to its self-reported version, Cisco IOS-XE Software is affected by a vulnerability. - A vulnerability in Cisco Unified Threat Defense UTD Snort Intrusion Prevention System IPS Engine for Cisco IOS XE Software could allow an unauthenticated, remote attacker to bypass configured security...

6.5CVSS5.7AI score0.00426EPSS
Exploits0References3
Talos
Talos
added 2024/10/03 12:0 a.m.18 views

Veertu Anka Build registry log files directory traversal vulnerability

Talos Vulnerability Report TALOS-2024-2061 Veertu Anka Build registry log files directory traversal vulnerability October 3, 2024 CVE Number CVE-2024-41922 SUMMARY A directory traversal vulnerability exists in the log files download functionality of Veertu Anka Build 1.42.0. A specially crafted...

7.5CVSS7.6AI score0.07963EPSS
Exploits1
Talos
Talos
added 2024/10/03 12:0 a.m.25 views

Veertu Anka Build registry archive files directory traversal vulnerability

Talos Vulnerability Report TALOS-2024-2059 Veertu Anka Build registry archive files directory traversal vulnerability October 3, 2024 CVE Number CVE-2024-41163 SUMMARY A directory traversal vulnerability exists in the archive functionality of Veertu Anka Build 1.42.0. A specially crafted HTTP...

7.5CVSS7.6AI score0.47107EPSS
Exploits1
OSV
OSV
added 2024/10/02 7:15 p.m.5 views

CVE-2024-20499

Multiple vulnerabilities in the Cisco AnyConnect VPN server of Cisco Meraki MX and Cisco Meraki Z Series Teleworker Gateway devices could allow an unauthenticated, remote attacker to cause a DoS condition in the AnyConnect service on an affected device. These vulnerabilities are due to insufficie...

7.5CVSS5.8AI score
Exploits0References1
IBM Security Bulletins
IBM Security Bulletins
added 2024/10/02 10:7 a.m.42 views

Security Bulletin: IBM Watson CP4D Data Stores is vulnerable to multiple vulnerabilities

Summary Multiple potential vulnerabilities has been identified that may affect IBM Watson CP4D Data Stores. The vulnerability have been addressed. Refer to details for additional information. Vulnerability Details CVEID:CVE-2022-35255 DESCRIPTION: Node.js could provide weaker than expected...

9.1CVSS9.4AI score0.03906EPSS
Exploits5Affected Software1
Positive Technologies
Positive Technologies
added 2024/10/02 12:0 a.m.4 views

PT-2024-6594 · Draytek · Draytek Vigor 3910

Name of the Vulnerable Software and Affected Versions: DrayTek Vigor3910 devices through 4.3.2.6 Description: The issue is a stack-based overflow when processing query string parameters because GetCGI mishandles extraneous ampersand characters and long key-value pairs. This can be exploited by...

10CVSS8.1AI score0.01407EPSS
Exploits1References40
IBM Security Bulletins
IBM Security Bulletins
added 2024/10/01 7:35 p.m.64 views

Security Bulletin: Cloud Pak System is vulnerable to HTTP request splitting attack.

Summary Cloud Pak System is vulnerable to HTTP request splitting attack CVE-2023-25690. Vulnerability Details CVEID:CVE-2023-25690 DESCRIPTION: Apache HTTP Server is vulnerable to HTTP request splitting attacks, caused by an error when modproxy is enabled along with some form of RewriteRule or...

9.8CVSS9.2AI score0.8377EPSS
Exploits5Affected Software1
Rows per page
Query Builder