Lucene search
K

16600 matches found

CVE
CVE
added 2024/07/26 12:0 a.m.119 views

CVE-2024-41628

This CVE (CVE-2024-41628) affects Severalnines Cluster Control CMON API. The vulnerability is a Directory Traversal that allows an unauthenticated remote attacker to include and display arbitrary server files via HTTP requests to CMON API endpoints. Affected versions are Cluster Control 1.9.8 bef...

7.5CVSS7.1AI score0.06464EPSS
Exploits1References5
Redos
Redos
added 2024/07/26 12:0 a.m.302 views

ROS-20240726-08

Vulnerability in the httpjson component of Elastick Stack Filebeat is due to a bug in the input data of the httpjson, because of which the contents of the Authorization or Proxy-Authorization http-request header may into the debug logs. Exploitation of the vulnerability could allow an attacker...

5.5CVSS6.4AI score0.00182EPSS
Exploits0
Cvelist
Cvelist
added 2024/07/26 12:0 a.m.33 views

CVE-2024-41628

Directory Traversal vulnerability in Severalnines Cluster Control 1.9.8 before 1.9.8-9778, 2.0.0 before 2.0.0-9779, and 2.1.0 before 2.1.0-9780 allows a remote attacker to include and display file content in an HTTP request via the CMON API...

0.06464EPSS
Exploits1References5
VulnCheck KEV
VulnCheck KEV
added 2024/07/25 12:0 a.m.5 views

VulnCheck KEV: CVE-2023-25690

Some modproxy configurations on Apache HTTP Server versions 2.4.0 through 2.4.55 allow a HTTP Request Smuggling attack. Configurations are affected when modproxy is enabled along with some form of RewriteRule or ProxyPassMatch in which a non-specific pattern matches some portion of the...

9.8CVSS6.8AI score0.8377EPSS
Exploits5References1
NVD
NVD
added 2024/07/19 3:15 p.m.12 views

CVE-2024-39962

D-Link DIR-823X AX3000 Dual-Band Gigabit Wireless Router v21D240126 was discovered to contain a remote code execution RCE vulnerability in the ntpzoneval parameter at /goform/setntp. This vulnerability is exploited via a crafted HTTP request...

9.8CVSS0.02057EPSS
Exploits1References1
NVD
NVD
added 2024/07/19 3:15 p.m.10 views

CVE-2024-6908

Improper privilege management in Yugabyte Platform allows authenticated admin users to escalate privileges to SuperAdmin via a crafted PUT HTTP request, potentially leading to unauthorized access to sensitive system functions and data...

6CVSS0.0026EPSS
Exploits0References2
OSV
OSV
added 2024/07/19 3:15 p.m.9 views

CVE-2024-6908

Improper privilege management in Yugabyte Platform allows authenticated admin users to escalate privileges to SuperAdmin via a crafted PUT HTTP request, potentially leading to unauthorized access to sensitive system functions and data...

6CVSS7AI score
Exploits0References2
CVE
CVE
added 2024/07/19 2:57 p.m.44 views

CVE-2024-6908

The CVE-2024-6908 entry concerns Yugabyte Platform, where improper privilege management allows an authenticated admin to escalate to SuperAdmin via a crafted PUT request, potentially granting access to sensitive functions and data. The described impact is unauthorized access to sensitive system c...

6CVSS6.8AI score0.0026EPSS
Exploits0References2
GithubExploit
GithubExploit
added 2024/07/19 3:51 a.m.1697 views

Exploit for Exposure of Resource to Wrong Sphere in Apache Http_Server

🚨Alert🚨Apache Vulnerability 🚨Alert🚨Security Advisory: CVE-2024...

9.1CVSS6.6AI score0.04134EPSS
Exploits5
Cvelist
Cvelist
added 2024/07/19 12:0 a.m.12 views

CVE-2024-39962

D-Link DIR-823X AX3000 Dual-Band Gigabit Wireless Router v21D240126 was discovered to contain a remote code execution RCE vulnerability in the ntpzoneval parameter at /goform/setntp. This vulnerability is exploited via a crafted HTTP request...

0.02057EPSS
Exploits1References1
CVE
CVE
added 2024/07/19 12:0 a.m.59 views

CVE-2024-39962

CVE-2024-39962 affects the D-Link DIR-823X AX3000 Dual-Band Gigabit Wireless Router (v21_D240126). The vulnerability is a remote code execution (RCE) in the ntp_zone_val parameter exposed via the /goform/set_ntp endpoint, exploitable through a crafted HTTP request. Multiple connected sources corr...

9.8CVSS8.2AI score0.02057EPSS
Exploits1References1Affected Software1
Redos
Redos
added 2024/07/19 12:0 a.m.46 views

ROS-20240719-02

Vulnerability in the makeHttpRequest function of the htdocs/js/ajaxfunctions.js file of the web administration tool LDAP phpLDAPAPadmin is related to inconsistent interpretation of HTTP requests. Exploitation of the vulnerability could allow an attacker acting remotely to cause smuggling of http...

6.5CVSS6.8AI score0.00426EPSS
Exploits0
NVD
NVD
added 2024/07/18 11:15 p.m.22 views

CVE-2024-40642

The netty incubator codec.bhttp is a java language binary http parser. In affected versions the BinaryHttpParser class does not properly validate input values thus giving attackers almost complete control over the HTTP requests constructed from the parsed output. Attackers can abuse several issue...

8.1CVSS0.00671EPSS
Exploits1References2
Cvelist
Cvelist
added 2024/07/18 10:21 p.m.21 views

CVE-2024-40642 Absent Input Validation in BinaryHttpParser in the netty incubator codec.bhttp

The netty incubator codec.bhttp is a java language binary http parser. In affected versions the BinaryHttpParser class does not properly validate input values thus giving attackers almost complete control over the HTTP requests constructed from the parsed output. Attackers can abuse several issue...

8.1CVSS0.00671EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2024/07/18 10:21 p.m.23 views

CVE-2024-40642 Absent Input Validation in BinaryHttpParser in the netty incubator codec.bhttp

The netty incubator codec.bhttp is a java language binary http parser. In affected versions the BinaryHttpParser class does not properly validate input values thus giving attackers almost complete control over the HTTP requests constructed from the parsed output. Attackers can abuse several issue...

8.1CVSS7.2AI score0.00671EPSS
Exploits1References2
CVE
CVE
added 2024/07/18 10:21 p.m.50 views

CVE-2024-40642

The CVE-2024-40642 issue affects the Netty incubator codec.bhttp BinaryHttpParser in affected releases, where readRequestHead mis-validates input values. This grants attackers significant control over HTTP requests constructed from parsed output, enabling injection attacks such as HTTP request sm...

8.1CVSS8.3AI score0.00671EPSS
Exploits1References2Affected Software1
OSV
OSV
added 2024/07/18 10:14 p.m.15 views

GHSA-Q8F2-HXQ5-CP4H Absent Input Validation in BinaryHttpParser

Summary BinaryHttpParser does not properly validate input values thus giving attackers almost complete control over the HTTP requests constructed from the parsed output. Attackers can abuse several issues individually to perform various injection attacks including HTTP request smuggling, desync...

8.1CVSS8.2AI score0.00671EPSS
Exploits1References4
Github Security Blog
Github Security Blog
added 2024/07/18 10:14 p.m.20 views

Absent Input Validation in BinaryHttpParser

Summary BinaryHttpParser does not properly validate input values thus giving attackers almost complete control over the HTTP requests constructed from the parsed output. Attackers can abuse several issues individually to perform various injection attacks including HTTP request smuggling, desync...

8.1CVSS7.3AI score0.00671EPSS
Exploits1References4Affected Software1
Github Security Blog
Github Security Blog
added 2024/07/17 7:32 p.m.24 views

projectdiscovery/nuclei allows unsigned code template execution through workflows

Summary Find a way to execute code template without -code option and signature. Details write a code.yaml: yaml id: code info: name: example code template author: ovi3 code: - engine: - sh - bash source: | id http: - raw: - | POST /re HTTP/1.1 Host: Hostname coderesponse workflows: - matchers: -...

7.4CVSS7.7AI score0.00311EPSS
Exploits0References3Affected Software1
Vulnrichment
Vulnrichment
added 2024/07/17 4:29 p.m.9 views

CVE-2024-20400

A vulnerability in the web-based management interface of Cisco Expressway Series could allow an unauthenticated, remote attacker to redirect a user to a malicious web page. This vulnerability is due to improper input validation of HTTP request parameters. An attacker could exploit this...

4.7CVSS4.9AI score0.00378EPSS
Exploits0References1
Rows per page
Query Builder