Lucene search
K

16602 matches found

CISA KEV Catalog
CISA KEV Catalog
added 2024/06/03 12:0 a.m.30 views

Oracle WebLogic Server OS Command Injection Vulnerability

Oracle WebLogic Server, a product within the Fusion Middleware suite, contains an OS command injection vulnerability that allows an attacker to execute arbitrary code via a specially crafted HTTP request that includes a malicious XML document...

7.4CVSS7.6AI score0.96015EPSS
In wildExploits9
Redos
Redos
added 2024/06/03 12:0 a.m.41 views

ROS-20240603-04

Vulnerability of modproxy module of Apache HTTP Server web server is related to failure to take measures to process CRLF sequences in HTTP headers. CRLF sequences in HTTP headers. Exploitation of the vulnerability could allow an attacker, acting remotely to perform HTTP response splitting attacks...

9CVSS6.6AI score0.57941EPSS
Exploits0
OSV
OSV
added 2024/06/02 10:30 p.m.18 views

GHSA-9P73-X86V-JW57 path traversal vulnerability was identified in the parisneo/lollms-webui

A path traversal vulnerability was identified in the parisneo/lollms-webui repository, specifically within version 9.6. The vulnerability arises due to improper handling of user-supplied input in the 'listpersonalities' endpoint. By crafting a malicious HTTP request, an attacker can traverse the...

4CVSS4.2AI score0.00285EPSS
Exploits1References4
Github Security Blog
Github Security Blog
added 2024/06/02 10:30 p.m.25 views

path traversal vulnerability was identified in the parisneo/lollms-webui

A path traversal vulnerability was identified in the parisneo/lollms-webui repository, specifically within version 9.6. The vulnerability arises due to improper handling of user-supplied input in the 'listpersonalities' endpoint. By crafting a malicious HTTP request, an attacker can traverse the...

4CVSS6.5AI score0.00285EPSS
Exploits1References4Affected Software1
Cvelist
Cvelist
added 2024/05/31 7:8 p.m.28 views

CVE-2024-23316 PingAccess HTTP Request Desynchronization Weakness

HTTP request desynchronization in Ping Identity PingAccess, all versions prior to 8.0.1 affected allows an attacker to send specially crafted http header requests to create a request smuggling condition for proxied requests...

8.8CVSS6.4AI score0.00547EPSS
Exploits0References3
GithubExploit
GithubExploit
added 2024/05/31 1:11 p.m.406 views

Exploit for Exposure of Sensitive Information to an Unauthorized Actor in Checkpoint Quantum_Spark_Firmware

Check Point Security Gateway RCE Exploit Tool CVE-2024-249...

8.6CVSS9.3AI score0.99978EPSS
Exploits52
NVD
NVD
added 2024/05/31 10:15 a.m.25 views

CVE-2024-23692

Rejetto HTTP File Server, up to and including version 2.3m, is vulnerable to a template injection vulnerability. This vulnerability allows a remote, unauthenticated attacker to execute arbitrary commands on the affected system by sending a specially crafted HTTP request. As of the CVE assignment...

9.8CVSS10AI score0.99485EPSS
Exploits20References7
CVE
CVE
added 2024/05/31 9:36 a.m.322 views

CVE-2024-23692

CVE-2024-23692 affects Rejetto HTTP File Server (HFS) versions up to 2.3m. The vulnerability is a server‑side template injection in the search parameter that is reflected into HFS templates, allowing an unauthenticated attacker to execute arbitrary commands (remote code execution). Exploitation c...

9.8CVSS9.9AI score0.99485EPSS
In wildExploits20References7Affected Software1
Cvelist
Cvelist
added 2024/05/31 9:36 a.m.46 views

CVE-2024-23692 Rejetto HTTP File Server 2.3m Unauthenticated RCE

Rejetto HTTP File Server, up to and including version 2.3m, is vulnerable to a template injection vulnerability. This vulnerability allows a remote, unauthenticated attacker to execute arbitrary commands on the affected system by sending a specially crafted HTTP request. As of the CVE assignment...

9.8CVSS10AI score0.99485EPSS
Exploits20References3
IBM Security Bulletins
IBM Security Bulletins
added 2024/05/30 6:49 p.m.35 views

Security Bulletin: Multiple vulnerabilities in Node.js affect IBM Rational Developer for i RPG and COBOL + Modernization Tools, Java Edition (CVE-2024-27982, CVE-2024-27983)

Summary Node.js is used as runtime and SDK for Apache Cordova applications within IBM Rational Developer for i RPG and COBOL + Modernization Tools, Java Edition. Information about security vulnerabilities affecting Node.js has been published in a security bulletin. This bulletin identifies the...

8.2CVSS6.8AI score0.87211EPSS
Exploits1Affected Software1
NVD
NVD
added 2024/05/30 3:15 p.m.12 views

CVE-2024-4330

A path traversal vulnerability was identified in the parisneo/lollms-webui repository, specifically within version 9.6. The vulnerability arises due to improper handling of user-supplied input in the 'listpersonalities' endpoint. By crafting a malicious HTTP request, an attacker can traverse the...

4CVSS4.3AI score0.00285EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2024/05/30 2:43 p.m.13 views

CVE-2024-4330 Path Traversal in parisneo/lollms-webui

A path traversal vulnerability was identified in the parisneo/lollms-webui repository, specifically within version 9.6. The vulnerability arises due to improper handling of user-supplied input in the 'listpersonalities' endpoint. By crafting a malicious HTTP request, an attacker can traverse the...

4CVSS6.9AI score0.00285EPSS
Exploits1References1
Cvelist
Cvelist
added 2024/05/30 2:43 p.m.17 views

CVE-2024-4330 Path Traversal in parisneo/lollms-webui

A path traversal vulnerability was identified in the parisneo/lollms-webui repository, specifically within version 9.6. The vulnerability arises due to improper handling of user-supplied input in the 'listpersonalities' endpoint. By crafting a malicious HTTP request, an attacker can traverse the...

4CVSS4.3AI score0.00285EPSS
Exploits1References1
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2024/05/30 12:0 a.m.14 views

JVN#80506242: awkblog vulnerable to OS command injection

awkblog provided by Keisuke Nakayama contains an OS command injection vulnerability CWE-78. Impact If a remote unauthenticated attacker sends a specially crafted HTTP request, an arbitrary OS command may be executed with the privileges of the affected product on the machine running the product...

9.8CVSS9.7AI score0.01571EPSS
Exploits0
NVD
NVD
added 2024/05/29 4:15 p.m.10 views

CVE-2023-46297

An issue was discovered on Mercusys MW325R EU V3 MW325REUV31.11.0 221019 devices. A WAN attacker can make the admin interface unreachable/invisible via an unauthenticated HTTP request. Verification of the data sent by the user does not occur. The web server does not crash, but the admin interface...

5.1CVSS6.6AI score0.00157EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2024/05/29 3:40 p.m.49 views

Important: Red Hat Security Advisory: OpenShift Container Platform 4.15.15 security update

Red Hat OpenShift Container Platform release 4.15.15 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.15. Red Hat Product Security has rated this update as having a...

7.5CVSS7.1AI score0.91969EPSS
Exploits1References25
Cvelist
Cvelist
added 2024/05/29 3:35 p.m.17 views

CVE-2023-46297

An issue was discovered on Mercusys MW325R EU V3 MW325REUV31.11.0 221019 devices. A WAN attacker can make the admin interface unreachable/invisible via an unauthenticated HTTP request. Verification of the data sent by the user does not occur. The web server does not crash, but the admin interface...

6.6AI score0.00157EPSS
Exploits0References1
CVE
CVE
added 2024/05/29 3:35 p.m.79 views

CVE-2023-46297

CVE-2023-46297 affects Mercusys MW325R EU V3 (firmware 1.11.0 221019). An unauthenticated HTTP request can render the admin interface unreachable/invisible; data verification is not performed, and affected UI files become unavailable. The web server remains up, but the admin UI is hidden, typical...

5.1CVSS6.9AI score0.00157EPSS
Exploits0References1
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2024/05/29 12:0 a.m.32 views

JVN#15637138: EC-Orange vulnerable to authorization bypass

EC-Orange provided by S-cubism Inc. is an e-commerce website building system package based on an open source software EC-CUBE. EC-Orange contains an authorization bypass vulnerability CWE-639. This is the same issue as JVN51770585 EC-CUBE vulnerable to authorization bypass. Impact A user of the...

9.1CVSS9.1AI score0.02245EPSS
Exploits0
NVD
NVD
added 2024/05/28 7:15 p.m.13 views

CVE-2023-43846

Incorrect access control in logs management function of web interface in Aten PE6208 2.3.228 and 2.4.232 allows remote attackers to get the device logs via HTTP GET request. The logs contain such information as user names and IP addresses used in the infrastructure. This information may help the...

5.3CVSS6.4AI score0.00581EPSS
Exploits1References1
Rows per page
Query Builder