Lucene search
K

16600 matches found

Cvelist
Cvelist
added 2024/09/05 1:0 p.m.30 views

CVE-2024-8462 Windmill HTTP Request users.rs excessive authentication

A vulnerability was found in Windmill 1.380.0. It has been classified as problematic. Affected is an unknown function of the file backend/windmill-api/src/users.rs of the component HTTP Request Handler. The manipulation leads to improper restriction of excessive authentication attempts. It is...

6.3CVSS0.00541EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2024/09/05 1:0 p.m.26 views

CVE-2024-8462 Windmill HTTP Request users.rs excessive authentication

A vulnerability was found in Windmill 1.380.0. It has been classified as problematic. Affected is an unknown function of the file backend/windmill-api/src/users.rs of the component HTTP Request Handler. The manipulation leads to improper restriction of excessive authentication attempts. It is...

6.3CVSS7.2AI score0.00541EPSS
Exploits0References5
CVE
CVE
added 2024/09/05 1:0 p.m.89 views

CVE-2024-8462

Windmill 1.380.0 is affected by CVE-2024-8462 in the HTTP Request Handler (backend/windmill-api/src/users.rs), leading to improper restriction of excessive authentication attempts. The vulnerability is exploitable remotely with high attack complexity and low reported impact; upgrading to version ...

6.3CVSS4.2AI score0.00541EPSS
Exploits0References5
Veracode
Veracode
added 2024/09/05 5:11 a.m.9 views

HTTP Request/Response Smuggling

com.typesafe.akka:akka-http-core is vulnerable to HTTP Request/Response Smuggling. The vulnerability is due to accepting malformed messages and handing them over to the user application, which may proxy them to another server without inspection, allowing unintended HTTP requests to reach downstre...

6.5CVSS6.6AI score0.00705EPSS
Exploits0References7Affected Software4
Tenable Nessus
Tenable Nessus
added 2024/09/05 12:0 a.m.57 views

Rejetto HTTP File Server 2.x <= 2.3m RCE (CVE-2024-23692)

The version of Rejetto HTTP File Server installed on the remote host is 2.x up to 2.3m. It is, therefore, affected by a vulnerability: - Rejetto HTTP File Server, up to and including version 2.3m, is vulnerable to a template injection vulnerability. This vulnerability allows a remote,...

9.8CVSS9AI score0.99485EPSS
Exploits20References2
Positive Technologies
Positive Technologies
added 2024/09/05 12:0 a.m.4 views

PT-2024-39029 · Windmill · Windmill

Name of the Vulnerable Software and Affected Versions: Windmill version 1.380.0 Description: A vulnerability exists in the HTTP Request Handler component, affecting an unknown function of the file backend/windmill-api/src/users.rs. This issue leads to improper restriction of excessive...

6.3CVSS4.8AI score0.00541EPSS
Exploits0References14
OSV
OSV
added 2024/09/04 6:7 p.m.16 views

GHSA-C34R-238X-F7QX Remote Code Execution Vulnerability via SSTI in Fides Webserver Jinja Email Templating Engine

Summary The Email Templating feature uses Jinja2 without proper input sanitization or rendering environment restrictions, allowing for Server-Side Template Injection that grants Remote Code Execution to privileged users. A privileged user refers to an Admin UI user with the default Owner or...

9.1CVSS9.2AI score0.01342EPSS
Exploits1References4
Github Security Blog
Github Security Blog
added 2024/09/04 6:7 p.m.21 views

Remote Code Execution Vulnerability via SSTI in Fides Webserver Jinja Email Templating Engine

Summary The Email Templating feature uses Jinja2 without proper input sanitization or rendering environment restrictions, allowing for Server-Side Template Injection that grants Remote Code Execution to privileged users. A privileged user refers to an Admin UI user with the default Owner or...

9.1CVSS9AI score0.01342EPSS
Exploits1References4Affected Software1
NVD
NVD
added 2024/09/04 5:15 p.m.24 views

CVE-2024-20440

A vulnerability in Cisco Smart Licensing Utility could allow an unauthenticated, remote attacker to access sensitive information. This vulnerability is due to excessive verbosity in a debug log file. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected...

7.5CVSS0.51466EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/09/04 4:28 p.m.30 views

CVE-2024-20440

A vulnerability in Cisco Smart Licensing Utility could allow an unauthenticated, remote attacker to access sensitive information. This vulnerability is due to excessive verbosity in a debug log file. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected...

7.5CVSS0.51466EPSS
Exploits0References1
CVE
CVE
added 2024/09/04 4:28 p.m.123 views

CVE-2024-20440

CVE-2024-20440 affects Cisco Smart Licensing Utility (CSLU). An unauthenticated, remote attacker can access sensitive information due to excessive verbosity in a debug log file. Exploitation involves sending a crafted HTTP request to an affected device, potentially exposing log files containing c...

7.5CVSS7.5AI score0.51466EPSS
In wildExploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2024/09/04 12:0 a.m.4 views

PT-2024-5914 · Cisco · Cisco Smart License Utility

Name of the Vulnerable Software and Affected Versions: Cisco Smart Licensing Utility affected versions not specified Description: A vulnerability in Cisco Smart Licensing Utility could allow an unauthenticated, remote attacker to access sensitive information. This vulnerability is due to excessiv...

10CVSS9.2AI score0.9201EPSS
Exploits0References86
IBM Security Bulletins
IBM Security Bulletins
added 2024/09/03 8:26 p.m.38 views

Security Bulletin: Vulnerabilities in Golang Go affect watsonx.data

Summary Golang Go has multiple vulnerabilities that include HTTP request smuggling, remote attacks to obtain sensitive information, denial of service, and unspecified errors with return an incorrect results. These can affect watsonx.data. Vulnerability Details CVEID:CVE-2022-1705 DESCRIPTION:...

6.5CVSS7.8AI score0.05623EPSS
Exploits3Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/09/03 8:5 p.m.30 views

Security Bulletin: Vulnerabilities in Netty affect watsonx.data

Summary Netty is vulnerable to HTTP request smuggling, to remote attacks causing weaker than expected security, and to denial of service attacks. These can affect watsonx.data. Vulnerability Details CVEID:CVE-2019-16869 DESCRIPTION: Netty is vulnerable to HTTP request smuggling, caused by a flaw...

9.1CVSS8.5AI score0.13474EPSS
Exploits4Affected Software1
NVD
NVD
added 2024/09/03 11:15 a.m.19 views

CVE-2024-45588

This vulnerability exists in Symphony XTS Web Trading platform version 2.0.0.1P160 due to improper access controls on APIs in the Preference module of the application. An authenticated remote attacker could exploit this vulnerability by manipulating parameters through HTTP request which could lea...

9.1CVSS0.00363EPSS
Exploits0References1
OSV
OSV
added 2024/09/03 10:15 a.m.5 views

CVE-2024-45586

This vulnerability exists due to improper access controls on APIs in the Authentication module of Symphony XTS Web Trading and Mobile Trading platforms version 2.0.0.1P160. An authenticated remote attacker could exploit this vulnerability by manipulating parameters through HTTP request which coul...

8.8CVSS5.8AI score0.00432EPSS
Exploits0References1
NVD
NVD
added 2024/09/03 10:15 a.m.19 views

CVE-2024-45586

This vulnerability exists due to improper access controls on APIs in the Authentication module of Symphony XTS Web Trading and Mobile Trading platforms version 2.0.0.1P160. An authenticated remote attacker could exploit this vulnerability by manipulating parameters through HTTP request which coul...

9.2CVSS0.00432EPSS
Exploits0References1
CVE
CVE
added 2024/09/03 10:13 a.m.71 views

CVE-2024-45588

The CVE-2024-45588 entry describes a vulnerability in Symphony XTS Web Trading platform, version 2.0.0.1_P160, caused by improper access controls in the APIs of the Preference module. An authenticated remote attacker can manipulate HTTP parameters to access and modify sensitive information belong...

9.1CVSS7.8AI score0.00363EPSS
Exploits0References1Affected Software2
Cvelist
Cvelist
added 2024/09/03 10:13 a.m.15 views

CVE-2024-45588 Information Disclosure Vulnerability

This vulnerability exists in Symphony XTS Web Trading platform version 2.0.0.1P160 due to improper access controls on APIs in the Preference module of the application. An authenticated remote attacker could exploit this vulnerability by manipulating parameters through HTTP request which could lea...

9.1CVSS0.00363EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/09/03 10:9 a.m.11 views

CVE-2024-45587 Unauthorized Modification Vulnerability

This vulnerability exists in Symphony XTS Web Trading platform version 2.0.0.1P160 due to improper access controls on APIs in the Transaction module of vulnerable application. An authenticated remote attacker could exploit this vulnerability by manipulating parameters through HTTP request which...

9.1CVSS7AI score0.00417EPSS
Exploits0References1
Rows per page
Query Builder