Lucene search
K

110 matches found

EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2025-17645

Malicious code in bioql PyPI...

7.1CVSS6.4AI score0.00385EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2021-6912

Malicious code in bioql PyPI...

8.6CVSS7.8AI score0.01656EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/08/08 12:29 a.m.15 views

CVE-2025-46659

An issue was discovered in ExonautWeb in 4C Strategies Exonaut 21.6. Information disclosure can occur via an external HTTPS request...

7.5CVSS6.4AI score0.00344EPSS
Exploits0References1
OSV
OSV
added 2025/08/06 8:15 p.m.3 views

CVE-2025-46659

An issue was discovered in ExonautWeb in 4C Strategies Exonaut 21.6. Information disclosure can occur via an external HTTPS request...

7.5CVSS5.8AI score
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/08/06 12:0 a.m.8 views

PT-2025-32210 · Unknown · Exonautweb

Name of the Vulnerable Software and Affected Versions: ExonautWeb versions 21.6 Description: An information disclosure issue exists in ExonautWeb. The issue occurs via an external HTTPS request. Recommendations: At the moment, there is no information about a newer version that contains a fix for...

7.5CVSS6.1AI score0.00344EPSS
Exploits0References5
CVE
CVE
added 2025/08/06 12:0 a.m.26 views

CVE-2025-46659

ExonautWeb (4C Strategies Exonaut 21.6) is affected by CVE-2025-46659. The issue is an information disclosure vulnerability triggered by an external HTTPS request to ExonautWeb, enabling access to sensitive data. The NVD entry lists it with CVSSv3.1: Network attack, High impact on confidentiality...

7.5CVSS6.5AI score0.00344EPSS
Exploits0References2Affected Software1
RedhatCVE
RedhatCVE
added 2025/06/12 9:19 a.m.4 views

CVE-2025-3116

CWE-20: Improper Input Validation vulnerability exists that could cause Denial of Service when an authenticated malicious user sends special malformed HTTPS request containing improper formatted body data to the controller...

7.1CVSS6.3AI score0.00385EPSS
Exploits0References1
NVD
NVD
added 2025/06/10 9:15 a.m.12 views

CVE-2025-3898

CWE-20: Improper Input Validation vulnerability exists that could cause Denial of Service when an authenticated malicious user sends HTTPS request containing invalid data type to the webserver...

7.1CVSS0.00442EPSS
Exploits0References1
NVD
NVD
added 2025/06/10 9:15 a.m.8 views

CVE-2025-3116

CWE-20: Improper Input Validation vulnerability exists that could cause Denial of Service when an authenticated malicious user sends special malformed HTTPS request containing improper formatted body data to the controller...

7.1CVSS0.00385EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/06/10 8:22 a.m.12 views

CVE-2025-3898

CWE-20: Improper Input Validation vulnerability exists that could cause Denial of Service when an authenticated malicious user sends HTTPS request containing invalid data type to the webserver...

7.1CVSS0.00442EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/06/10 8:22 a.m.4 views

CVE-2025-3898

CWE-20: Improper Input Validation vulnerability exists that could cause Denial of Service when an authenticated malicious user sends HTTPS request containing invalid data type to the webserver...

7.1CVSS6.7AI score0.00442EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/06/10 12:0 a.m.5 views

PT-2025-24627 · Schneider Electric · Modicon Controllers M241/M251 +1

Name of the Vulnerable Software and Affected Versions: The product name cannot be determined. Description: A Denial of Service issue exists due to improper input validation. This occurs when an authenticated malicious user sends a special malformed HTTPS request containing improperly formatted bo...

7.1CVSS5.9AI score0.00385EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2025/05/23 4:46 a.m.12 views

CVE-2023-41337

h2o is an HTTP server with support for HTTP/1.x, HTTP/2 and HTTP/3. In version 2.3.0-beta2 and prior, when h2o is configured to listen to multiple addresses or ports with each of them using different backend servers managed by multiple entities, a malicious backend entity that also has the...

6.7CVSS6.6AI score0.00181EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 11:22 a.m.7 views

CVE-2013-1222

The Tomcat Web Management feature in Cisco Unified Customer Voice Portal CVP Software before 9.0.1 ES 11 does not properly configure Tomcat components, which allows remote attackers to launch arbitrary custom web applications via a crafted 1 HTTP or 2 HTTPS request, aka Bug ID CSCub38379...

7.8CVSS7.1AI score0.0123EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/02/05 1:26 a.m.9 views

CVE-2024-20498

Multiple vulnerabilities in the Cisco AnyConnect VPN server of Cisco Meraki MX and Cisco Meraki Z Series Teleworker Gateway devices could allow an unauthenticated, remote attacker to cause a DoS condition in the AnyConnect service on an affected device. These vulnerabilities are due to insufficie...

8.6CVSS7.2AI score0.00508EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/02/05 1:10 a.m.8 views

CVE-2024-20499

Multiple vulnerabilities in the Cisco AnyConnect VPN server of Cisco Meraki MX and Cisco Meraki Z Series Teleworker Gateway devices could allow an unauthenticated, remote attacker to cause a DoS condition in the AnyConnect service on an affected device. These vulnerabilities are due to insufficie...

8.6CVSS7.2AI score0.00508EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/10/02 6:23 p.m.19 views

CVE-2024-20498

Multiple vulnerabilities in the Cisco AnyConnect VPN server of Cisco Meraki MX and Cisco Meraki Z Series Teleworker Gateway devices could allow an unauthenticated, remote attacker to cause a DoS condition in the AnyConnect service on an affected device. These vulnerabilities are due to insufficie...

8.6CVSS0.00508EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/06/28 6:11 p.m.15 views

CVE-2024-38514 NextChat Server-Side Request Forgery (SSRF)

NextChat is a cross-platform ChatGPT/Gemini UI. There is a Server-Side Request Forgery SSRF vulnerability due to a lack of validation of the endpoint GET parameter on the WebDav API endpoint. This SSRF can be used to perform arbitrary HTTPS request from the vulnerable instance MKCOL, PUT and GET...

7.4CVSS7.7AI score0.02186EPSS
Exploits0References2
Cvelist
Cvelist
added 2023/11/01 4:43 p.m.35 views

CVE-2023-20114

A vulnerability in the file download feature of Cisco Firepower Management Center FMC Software could allow an authenticated, remote attacker to download arbitrary files from an affected system. This vulnerability is due to a lack of input sanitation. An attacker could exploit this vulnerability b...

6.5CVSS6.6AI score0.00505EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2023/09/27 12:0 a.m.69 views

Amazon Linux 2 : squid (ALASSQUID4-2023-002)

The version of squid installed on the remote host is prior to 4.15-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2SQUID4-2023-002 advisory. A flaw was found in squid. A trusted client can directly access the cache manager information, bypassing the manager ACL protecti...

6.5CVSS6.6AI score0.0169EPSS
Exploits0References4
Rows per page
Query Builder