Lucene search
K

52 matches found

Positive Technologies
Positive Technologies
added 2023/10/02 12:0 a.m.20 views

PT-2023-32048 · Field Logic · Field Logic Datacube4

Name of the Vulnerable Software and Affected Versions: Field Logic DataCube4 up to 20231001 Description: A problematic issue was found in the Web API component, affecting unknown code of the file /api/. This leads to improper authentication. The exploit has been disclosed to the public and may be...

7.5CVSS5.3AI score0.00768EPSS
Exploits0References6
CNNVD
CNNVD
added 2023/05/09 12:0 a.m.6 views

GL.iNet devices 安全漏洞

GL.iNet devices are a series of hardware devices from China's Guanglian Zhitong GL.iNet company. A security vulnerability exists in GL.iNet devices prior to version 3.216, which stems from an API endpoint displaying information about the Wi-Fi configuration, including the SSID and key...

7.5CVSS7.8AI score0.29699EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2022/12/23 12:0 a.m.4 views

PT-2022-27882 · Nbnbk · Nbnbk

Name of the Vulnerable Software and Affected Versions: nbnbk affected versions not specified Description: The issue is related to an arbitrary file read vulnerability. This vulnerability is exploited via the /api/Index/getFileBinary API endpoint. Recommendations: At the moment, there is no...

6.5CVSS6.2AI score0.00496EPSS
Exploits1References4
CNNVD
CNNVD
added 2022/11/21 12:0 a.m.2 views

Miele appWash 安全漏洞

Miele appWash is a laundry room digitization app from Miele Germany. Miele appWash suffers from an Access Control Error vulnerability that stems from the use of an API endpoint to bypass authorization checks. An attacker could use this vulnerability to gain read and partial write access to data...

8.1CVSS6.8AI score0.00692EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2022/10/19 12:0 a.m.6 views

PT-2022-26708 · Tenda · Tenda Tx3

Name of the Vulnerable Software and Affected Versions: Tenda TX3 version US TX3V1.0br V16.03.13.11 multi TDE01 Description: A stack overflow issue was discovered via the list parameter at the "/goform/SetVirtualServerCfg" API endpoint. Recommendations: For Tenda TX3 version US TX3V1.0br...

9.8CVSS9.4AI score0.00755EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2022/06/08 12:0 a.m.5 views

PT-2022-20764 · Unknown · Librehealth Ehr Base

Name of the Vulnerable Software and Affected Versions: LibreHealth EHR Base version 2.0.0 Description: The issue allows for incorrect access to the interface/super/manage site files.php. The estimated number of potentially affected devices worldwide is not available. There is no information about...

9CVSS8.5AI score0.01879EPSS
Exploits1References7
CNNVD
CNNVD
added 2022/04/25 12:0 a.m.4 views

TerraMaster TOS 安全漏洞

TerraMaster TOS is a Linux-based operating system dedicated to the TerraMaster Cloud Storage NAS server from China's TerraMaster Corporation. TerraMaster TOS has a security vulnerability that can be exploited by an attacker executing a request to the /module/api.php?mobile/wapNasIPS endpoint to...

7.5CVSS7.4AI score0.02313EPSS
Exploits1References3
OSV
OSV
added 2021/08/25 8:15 p.m.4 views

CVE-2021-1577

A vulnerability in an API endpoint of Cisco Application Policy Infrastructure Controller APIC and Cisco Cloud Application Policy Infrastructure Controller Cloud APIC could allow an unauthenticated, remote attacker to read or write arbitrary files on an affected system. This vulnerability is due t...

9.1CVSS5.9AI score0.01303EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2021/02/24 12:0 a.m.5 views

PT-2021-2193 · Cisco · Cisco Application Policy Infrastructure Controller +1

Name of the Vulnerable Software and Affected Versions: Cisco ACI Multi-Site Orchestrator MSO affected versions not specified Description: A vulnerability in an API endpoint of Cisco ACI Multi-Site Orchestrator MSO could allow an unauthenticated, remote attacker to bypass authentication on an...

10CVSS9.3AI score0.14359EPSS
Exploits0References6
OSV
OSV
added 2019/09/30 1:15 p.m.3 views

CVE-2019-16999

CloudBoot through 2019-03-08 allows SQL Injection via a crafted Status field in JSON data to the api/osinstall/v1/device/getNumByStatus URI...

9.8CVSS7.4AI score0.01482EPSS
Exploits1References1
OSV
OSV
added 2019/05/13 1:29 p.m.2 views

CVE-2018-12296

Insufficient access control in /api/external/7.0/system.System.getinfos in Seagate NAS OS version 4.3.15.1 allows attackers to obtain information about the NAS without authentication via empty POST requests...

7.5CVSS5.8AI score0.09509EPSS
Exploits1References1
OSV
OSV
added 2019/03/28 1:29 a.m.4 views

CVE-2019-1754

A vulnerability in the authorization subsystem of Cisco IOS XE Software could allow an authenticated but unprivileged level 1, remote attacker to run privileged Cisco IOS commands by using the web UI. The vulnerability is due to improper validation of user privileges of web UI users. An attacker...

8.8CVSS6.1AI score0.03469EPSS
Exploits0References2
Rows per page
Query Builder