Lucene search
K

400 matches found

SUSE CVE
SUSE CVE
added 2025/01/10 12:23 a.m.5 views

SUSE CVE-2024-55196

Insufficiently Protected Credentials in the Mail Server Configuration in GoPhish v0.12.1 allows an attacker to access cleartext passwords for the configured IMAP and SMTP servers...

7.5CVSS7AI score0.00358EPSS
Exploits0References4
Veracode
Veracode
added 2024/12/10 8:22 a.m.6 views

Insecure Configuration Injection

flowise is vulnerable to insecure configuration injection. The vulnerability is due to insufficient protection and lack of secure default settings for the overrideConfig option, which allows developers to inject configuration into the Chainflow during execution...

7.5AI score
Exploits0
Veracode
Veracode
added 2024/11/28 9:29 a.m.10 views

Sensitive Information Exposure

filament/actions is vulnerable to Sensitive Information Exposure. The vulnerability is due to insecure default configuration, specifically setting the public disk as the default storage disk, which allows sensitive files, such as exports, to be stored in a location that is publicly accessible,...

2.3CVSS6.3AI score0.00537EPSS
Exploits0References5Affected Software1
CVE
CVE
added 2024/11/21 5:18 p.m.77 views

CVE-2024-52289

This CVE concerns authentik, an open-source identity provider. In the OAuth2 provider, Redirect URIs are validated by a RegEx comparison. If no Redirect URIs are configured for a provider, authentik can automatically treat the first received redirect_uri as allowed, without escaping RegEx-special...

9.8CVSS6.5AI score0.0106EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2024/11/21 5:18 p.m.21 views

CVE-2024-52289 authentik has an insecure default configuration for OAuth2 Redirect URIs

authentik is an open-source identity provider. Redirect URIs in the OAuth2 provider in authentik are checked by RegEx comparison. When no Redirect URIs are configured in a provider, authentik will automatically use the first redirecturi value received as an allowed redirect URI, without escaping...

7.9CVSS0.0106EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2024/11/21 5:18 p.m.13 views

CVE-2024-52289 authentik has an insecure default configuration for OAuth2 Redirect URIs

authentik is an open-source identity provider. Redirect URIs in the OAuth2 provider in authentik are checked by RegEx comparison. When no Redirect URIs are configured in a provider, authentik will automatically use the first redirecturi value received as an allowed redirect URI, without escaping...

7.9CVSS6.4AI score0.0106EPSS
Exploits0References2
NVD
NVD
added 2024/11/11 8:15 p.m.19 views

CVE-2024-10315

In Gliffy Online an insecure configuration was discovered in versions before 4.14.0-6. Reported by Alpha Inferno PVT LTD...

6.9CVSS0.00323EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/11/11 7:12 p.m.9 views

CVE-2024-10315 Insecure Configuration in Gliffy Online

In Gliffy Online an insecure configuration was discovered in versions before 4.14.0-6. Reported by Alpha Inferno PVT LTD...

6.9CVSS6.6AI score0.00323EPSS
Exploits0References1
CVE
CVE
added 2024/11/11 7:12 p.m.44 views

CVE-2024-10315

CVE-2024-10315 concerns an insecure configuration in Gliffy Online. Multiple sources in the connected set confirm affected software as Gliffy Online with versions prior to 4.14.0-6. The root cause identified is an insecure configuration in these versions, as reported by Alpha Inferno PVT LTD. Acr...

6.9CVSS6.6AI score0.00323EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/11/11 7:12 p.m.19 views

CVE-2024-10315 Insecure Configuration in Gliffy Online

In Gliffy Online an insecure configuration was discovered in versions before 4.14.0-6. Reported by Alpha Inferno PVT LTD...

6.9CVSS0.00323EPSS
Exploits0References1
CNNVD
CNNVD
added 2024/11/11 12:0 a.m.4 views

Perforce Gliffy 安全漏洞

Perforce Gliffy is a Perforce software for charting via HTML5 cloud-based applications. A security vulnerability exists in Perforce Gliffy versions prior to 4.14.0-6 that stems from an insecure configuration...

6.9CVSS6.7AI score0.00323EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2024/11/11 12:0 a.m.5 views

PT-2024-16182 · Unknown · Gliffy Online

Name of the Vulnerable Software and Affected Versions: Gliffy Online versions prior to 4.14.0-6 Description: An insecure configuration was discovered in Gliffy Online. The issue was reported by Alpha Inferno PVT LTD. Recommendations: For versions prior to 4.14.0-6, update to version 4.14.0-6 or...

6.9CVSS7.2AI score0.00323EPSS
Exploits0References6
OSV
OSV
added 2024/10/22 8:10 p.m.3 views

CLSA-2024-1729627812 Fix CVE(s): CVE-2024-8927

SECURITY UPDATE: insecure configuration vulnerability - debian/patches/CVE-2024-8927.patch: fix bypass of cgi.forceredirect configuration - CVE-2024-8927...

7.5CVSS6.7AI score0.01077EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2024/10/16 12:0 a.m.5 views

PT-2024-39895 · WordPress · Userpro

Name of the Vulnerable Software and Affected Versions: UserPro plugin for WordPress versions up to, and including, 3.6.0 Description: The issue is related to privilege escalation due to the insecure 'administrator' default value for the default user role option. This allows unauthenticated...

9.8CVSS7.6AI score0.00581EPSS
Exploits0References10
NVD
NVD
added 2024/10/14 5:15 p.m.22 views

CVE-2024-45735

In Splunk Enterprise versions below 9.2.3 and 9.1.6, and Splunk Secure Gateway versions on Splunk Cloud Platform versions below 3.4.259, 3.6.17, and 3.7.0, a low-privileged user that does not hold the "admin" or "power" Splunk roles can see App Key Value Store KV Store deployment configuration an...

4.3CVSS0.00349EPSS
Exploits0References2
Veracode
Veracode
added 2024/10/04 6:57 a.m.10 views

Cross Site Scripting(XSS)

CKEditor 5 is vulnerable to a Cross-Site Scripting XSS. The vulnerability is due to Insecure Editor Configuration and lack of Input Sanitization in the CKEditor 5 clipboard package, which allows an attacker to insert malicious content into the editor when the General HTML Support or HTML Embed...

6.1CVSS5.9AI score0.00478EPSS
Exploits0References4Affected Software4
CNNVD
CNNVD
added 2024/10/01 12:0 a.m.4 views

Infinera Transcend Network Management System 安全漏洞

Infinera Transcend Network Management System Infinera TNMS is a powerful element, network, and service management system from Infinera USA. A security vulnerability exists in Infinera Transcend Network Management System version 19.10.3, which stems from an insecure default configuration of the...

7.2CVSS6.9AI score0.00707EPSS
Exploits0References2
CVE
CVE
added 2024/10/01 12:0 a.m.52 views

CVE-2024-25659

Infinera TNMS (Transcend Network Management System) version 19.10.3 is affected by an insecure default configuration of the internal SFTP server on Linux, which can allow a remote attacker to access files and directories outside the SFTP user home directory. The CVE-2024-25659 entry notes a netwo...

7.2CVSS7.2AI score0.00707EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2024/09/10 9:15 a.m.6 views

CVE-2024-8258

Improper Control of Generation of Code 'Code Injection' in Electron Fuses in Logitech Options Plus version 1.60.496306 on macOS allows attackers to execute arbitrary code via insecure Electron Fuses configuration...

7.8CVSS6.2AI score0.04333EPSS
Exploits1References4
Vulnrichment
Vulnrichment
added 2024/09/10 8:36 a.m.37 views

CVE-2024-8258 Insecure Electron Fuses in Logitech Options Plus Allowing Arbitrary Code Execution on macOS

Improper Control of Generation of Code 'Code Injection' in Electron Fuses in Logitech Options Plus version 1.60.496306 on macOS allows attackers to execute arbitrary code via insecure Electron Fuses configuration...

2CVSS8.2AI score0.00393EPSS
Exploits1References4
Rows per page
Query Builder