Lucene search
K

150 matches found

Cvelist
Cvelist
added 2024/01/03 4:51 p.m.69 views

CVE-2024-21622 Craft CMS Privilege Escalation

Craft is a content management system. This is a potential moderate impact, low complexity privilege escalation vulnerability in Craft starting in 3.x prior to 3.9.6 and 4.x prior to 4.4.16 with certain user permissions setups. This has been fixed in Craft 4.4.16 and Craft 3.9.6. Users should ensu...

5.4CVSS9AI score0.00588EPSS
Exploits0References7
OSV
OSV
added 2024/01/03 4:51 p.m.37 views

CVE-2024-21622 Craft CMS Privilege Escalation

Craft is a content management system. This is a potential moderate impact, low complexity privilege escalation vulnerability in Craft starting in 3.x prior to 3.9.6 and 4.x prior to 4.4.16 with certain user permissions setups. This has been fixed in Craft 4.4.16 and Craft 3.9.6. Users should ensu...

5.4CVSS8.4AI score0.00588EPSS
Exploits0References9
NVD
NVD
added 2023/09/13 8:15 p.m.33 views

CVE-2023-41892

Craft CMS is a platform for creating digital experiences. This is a high-impact, low-complexity attack vector. Users running Craft installations before 4.4.15 are encouraged to update to at least that version to mitigate the issue. This issue has been fixed in Craft CMS 4.4.15...

10CVSS9.4AI score0.92918EPSS
Exploits10References7
OSV
OSV
added 2023/09/13 7:45 p.m.33 views

CVE-2023-41892 Craft CMS Remote Code Execution vulnerability

Craft CMS is a platform for creating digital experiences. This is a high-impact, low-complexity attack vector. Users running Craft installations before 4.4.15 are encouraged to update to at least that version to mitigate the issue. This issue has been fixed in Craft CMS 4.4.15...

10CVSS9.1AI score0.92918EPSS
Exploits10References9
OSV
OSV
added 2023/09/13 3:44 p.m.70 views

GHSA-4W8R-3XRW-V25G Craft CMS Remote Code Execution vulnerability

Impact This is a high-impact, low-complexity attack vector. Users running Craft installations before 4.4.15 are encouraged to update to at least that version to mitigate the issue. Mitigations This has been fixed in Craft 4.4.15. You should ensure you’re running at least that version. Refresh you...

10CVSS9.4AI score0.92918EPSS
Exploits10References9
Positive Technologies
Positive Technologies
added 2023/09/12 12:0 a.m.6 views

PT-2023-5067 · Microsoft · Azure Kubernetes Service

Name of the Vulnerable Software and Affected Versions: Microsoft Azure Kubernetes Service affected versions not specified Description: The issue is related to insufficient access controls in the Microsoft Azure Kubernetes Service, which can be exploited by a remote attacker to elevate their...

9.8CVSS9.5AI score0.02831EPSS
Exploits0References8
Talos Blog
Talos Blog
added 2023/03/15 11:46 p.m.92 views

Threat Advisory: Microsoft Outlook privilege escalation vulnerability being exploited in the wild

Update March 21, 2023: To aid defenders trying to detect and mitigate this vulnerability, we are providing a couple of additional resources. First, we are providing a ClamAV signature that detects this threat -- the rule can be found on our GitHub here and can be leveraged anywhere ClamAV...

9.8AI score0.97408EPSS
Exploits18
ICS
ICS
added 2022/12/13 12:0 a.m.50 views

Siemens APOGEE and TALON

1. EXECUTIVE SUMMARY CVSS v3 8.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: APOGEE and TALON Vulnerability: Improper Access Control 2. RISK EVALUATION Successful exploitation of this vulnerability could allow a low privilege authenticated attacker to gain...

8.8CVSS7.6AI score0.01555EPSS
Exploits0References12
ICS
ICS
added 2022/06/14 12:0 a.m.78 views

Siemens SCALANCE LPE 4903 and SINUMERIK Edge

1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Low attack complexity Vendor: Siemens Equipment: SCALANCE LPE 4903 and SINUMERIK Edge Vulnerability: Out-of-bounds Write 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an unprivileged local user to escalate privileges and...

7.8CVSS8.9AI score0.94921EPSS
Exploits152References11
ICS
ICS
added 2022/04/21 12:0 a.m.65 views

Delta Electronics ASDA-Soft

1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Low attack complexity Vendor: Delta Electronics Equipment: ASDA-Soft Vulnerabilities: Out-of-bounds Write, Out-of-bounds Read 2. RISK EVALUATION Successful exploitation of these vulnerabilities may allow arbitrary code execution. 3. TECHNICAL DETAILS...

7.8CVSS8.1AI score0.00801EPSS
Exploits0References5
ICS
ICS
added 2022/03/08 12:0 a.m.168 views

Siemens RUGGEDCOM ROS

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please seeSiemens' ProductCERT Security Advisories CERT Services | Services |...

6.8AI score
Exploits0References10
ICS
ICS
added 2021/12/14 12:0 a.m.34 views

Siemens Simcenter STAR-CCM+ Viewer

1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Low attack complexity Vendor: Siemens Equipment: Simcenter STAR-CCM+ Viewer Vulnerability: Out-of-bounds Write 2. RISK EVALUATION Successful exploitation of this vulnerability could lead to a crash, arbitrary code execution, or data extraction. 3...

7.8CVSS7.9AI score0.00814EPSS
Exploits0References11
GithubExploit
GithubExploit
added 2021/10/29 4:15 a.m.367 views

Exploit for Code Injection in Gitlab

This is a PoC exploit for CVE-2021-22205, a Gitlab CE/EE RCE Re...

10CVSS9.4AI score0.99731EPSS
Exploits30
GithubExploit
GithubExploit
added 2021/09/27 5:56 a.m.311 views

Exploit for Use After Free in Microsoft

PoC exploit for CVE-2021-31166, a Windows HTTP protocol stack re...

9.8CVSS9.1AI score0.99657EPSS
Exploits24
CNVD
CNVD
added 2020/07/03 12:0 a.m.8 views

OpenClinic GA Authorization Issue Vulnerability (CNVD-2021-17443)

OpenClinic GA is an open source hospital information management system. The system supports financial management, clinical management and laboratory management and other functions. An authorization issue vulnerability exists in OpenClinic GA versions 5.09.02 and 5.89.05b, which stems from the...

9.8CVSS6.6AI score0.01307EPSS
Exploits0References1
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/15 7:5 a.m.29 views

Security Bulletin: A vulnerability in IBM Java SDK affects IBM OS Images for Red Hat Linux Systems, AIX, and Windows. (CVE-2015-4872)

Summary There is a vulnerability in IBM® SDK Java™ Technology Edition, Version 6 and 7, that is used by IBM OS Images for Red Hat Linux Systems, AIX, and Windows. The issue was disclosed as part of the IBM Java SDK updates in October 2015. Vulnerability Details CVEID: CVE-2015-4872 DESCRIPTION: A...

5CVSS0.5AI score0.03703EPSS
Exploits0Affected Software1
seebug.org
seebug.org
added 2017/11/23 12:0 a.m.748 views

JBOSSAS 4.x 反序列化命令执行漏洞(CVE-2017-7504)

The MITRE CVE dictionary describes this issue as: HTTPServerILServlet.java in JMS over HTTP Invocation Layer of the JbossMQ implementation, which is enabled by default in Red Hat Jboss Application Server = Jboss 4.X does not restrict the classes for which it performs deserialization, which allows...

7.5CVSS9.6AI score0.29323EPSS
Exploits5
Hacker One
Hacker One
added 2017/05/09 9:29 p.m.49 views

Internet Bug Bounty: CVE-2017-8798 - miniupnp getHTTPResponse chunked encoding integer signedness error

Integer signedness error in miniupnpc 1 allows remote attackers to cause a denial of service condition access violation and heap corruption via specially crafted HTTP response An integer signedness error was found in miniupnp's miniwget allowing an unauthenticated remote entity typically located ...

7.5CVSS9.3AI score0.24027EPSS
Exploits6
Packet Storm
Packet Storm
added 2016/03/30 12:0 a.m.19 views

Easy Hosting Control Panel 0.37.9 Bypass / File Upload / Disclosure

EHCP Easy Hosting Control Panel Multiple Vulnerabilities - Clear Text MySQL Root Password Insufficiently Protected Sensitive Data Authentication Bypass Unauthenticated Arbitrary File Upload Software Links: https://launchpad.net/ehcp http://www.ehcp.net https://sourceforge.net/p/ehcp/wiki/...

7.4AI score
Exploits0
erpscan
erpscan
added 2015/05/05 12:0 a.m.47 views

SAP xMII - Reflected XSS vulnerability

Application: SAP NetWeaver AS JAV Versions Affected: SAP NetWeaver AS JAVA 7.4 Vendor URL: SAP Bugs: XSS Reported: 05.05.2015 Vendor response: 06.05.2015 Date of Public Advisory: 12.04.2016 Reference: SAP Security Note 2201295 Author: Nursultan Abubakirov , Vahagn Vardanyan ERPScan VULNERABILITY...

4.3CVSS6.3AI score0.01452EPSS
Exploits2
Rows per page
Query Builder