Lucene search
K

243 matches found

Packet Storm
Packet Storm
added 2026/01/23 12:0 a.m.174 views

📄 ZITADEL 4.7.0 Server-Side Request Forgery

This is a ZITADEL version 4.7.0 server-side request forgery proof of concept exploit written in PHP. ============================================================================================================================================= | Title : ZITADEL 4.7.0 SSRF Exploit - PHP Version | |...

9.3CVSS5.5AI score0.00452EPSS
Exploits2
CNNVD
CNNVD
added 2026/01/14 12:0 a.m.11 views

Bluspark BLUVOYIX 安全漏洞

Bluspark BLUVOYIX is a digital supply chain management platform from US-based Bluspark, Inc. Bluspark BLUVOYIX suffers from a security vulnerability that stems from improper authentication of the management API, which could lead an attacker to create new users with administrator privileges, which...

10CVSS6.8AI score0.00644EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/01/09 10:47 a.m.10 views

CVE-2022-31520

The Luxas98/logstash-management-api repository through 2020-05-04 on GitHub allows absolute path traversal because the Flask sendfile function is used unsafely...

9.3CVSS7AI score0.01118EPSS
Exploits1References1
EUVD
EUVD
added 2025/12/11 12:30 a.m.4 views

EUVD-2023-60183

Screen SFT DAB 1.9.3 contains an authentication bypass vulnerability that allows attackers to exploit weak session management by reusing IP-bound session identifiers. Attackers can issue unauthorized requests to the device management API by leveraging the session binding mechanism to perform...

8.7CVSS6.6AI score0.00445EPSS
Exploits1References7
Veracode
Veracode
added 2025/12/10 9:28 a.m.6 views

Cross-site Request Forgery (CSRF)

Apache Geode is vulnerable to cross-site request forgery CSRF. The vulnerability is due to unsafe acceptance of state-changing GET requests in the Management and Monitoring REST API, allowing attackers who obtain a user’s session credentials to trigger malicious commands on behalf of the...

8.8CVSS6.7AI score0.00325EPSS
Exploits0References5Affected Software1
Positive Technologies
Positive Technologies
added 2025/12/10 12:0 a.m.5 views

PT-2025-50527

Name of the Vulnerable Software and Affected Versions Screen SFT DAB version 1.9.3 Description Screen SFT DAB version 1.9.3 has an authentication issue. An attacker can bypass authentication by reusing IP-bound session identifiers due to weak session management. This allows unauthorized requests ...

8.8CVSS6.6AI score0.00445EPSS
Exploits1References10
EUVD
EUVD
added 2025/12/08 10:44 p.m.5 views

EUVD-2025-201837

Tuleap is a free and open source suite for management of software development and collaboration. Tuleap Community Editon versions prior to 17.0.99.1762456922 and Tuleap Enterprise Edition versions prior to 17.0-2, 16.13-7 and 16.12-10 are vulnerable to CSRF attacks through planning management API...

4.6CVSS6.2AI score0.00118EPSS
Exploits0References4
Cvelist
Cvelist
added 2025/12/08 10:44 p.m.19 views

CVE-2025-64499 Tuleap is missing CSRF protections for its planning management API

Tuleap is a free and open source suite for management of software development and collaboration. Tuleap Community Editon versions prior to 17.0.99.1762456922 and Tuleap Enterprise Edition versions prior to 17.0-2, 16.13-7 and 16.12-10 are vulnerable to CSRF attacks through planning management API...

4.6CVSS0.00118EPSS
Exploits0References4
OSV
OSV
added 2025/12/08 10:44 p.m.4 views

CVE-2025-64499 Tuleap is missing CSRF protections for its planning management API

Tuleap is a free and open source suite for management of software development and collaboration. Tuleap Community Editon versions prior to 17.0.99.1762456922 and Tuleap Enterprise Edition versions prior to 17.0-2, 16.13-7 and 16.12-10 are vulnerable to CSRF attacks through planning management API...

4.6CVSS6.7AI score0.00118EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2025/12/08 12:0 a.m.4 views

PT-2025-49607

Tuleap is a free and open source suite for management of software development and collaboration. Tuleap Community Editon versions prior to 17.0.99.1762456922 and Tuleap Enterprise Edition versions prior to 17.0-2, 16.13-7 and 16.12-10 are vulnerable to CSRF attacks through planning management API...

4.6CVSS6.8AI score0.00118EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2025/11/14 10:51 p.m.2 views

CVE-2023-7328 Screen SFT DAB 600/C <= 1.9.3 Unauthenticated Information Disclosure

Screen SFT DAB 600/C firmware versions up to and including 1.9.3 contain an improper access control on the user management API allows unauthenticated requests to retrieve structured user data, including account names and connection metadata such as client IP and timeout values...

6.9CVSS6.5AI score0.0031EPSS
Exploits2References5
NVD
NVD
added 2025/10/31 12:15 a.m.8 views

CVE-2025-52665

A malicious actor with access to the management network could exploit a misconfiguration in UniFi’s door access application, UniFi Access, that exposed a management API without proper authentication. This vulnerability was introduced in Version 3.3.22 and was fixed in Version 4.0.21 and later. ...

10CVSS0.40972EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/10/31 12:0 a.m.6 views

Ubiquiti UniFi Access Application 安全漏洞

Ubiquiti UniFi Access Application is an access control system from Ubiquiti, Inc. A security vulnerability exists in the Ubiquiti UniFi Access Application versions 3.3.22 through 3.4.31, which stems from an exposed management API and lack of proper authentication, which could lead to unauthorized...

10CVSS9.1AI score0.40972EPSS
Exploits0References2
CVE
CVE
added 2025/10/30 11:30 p.m.73 views

CVE-2025-52665

Summary (CVE-2025-52665): UniFi Access Application versions 3.3.22–3.4.31 expose a misconfigured management API that lacks proper authentication, allowing potential unauthorized access by actors on the management network. The vulnerability was introduced in 3.3.22 and fixed in 4.0.21 and later. R...

10CVSS6.4AI score0.40972EPSS
In wildExploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2025/10/30 11:30 p.m.6 views

CVE-2025-52665

A malicious actor with access to the management network could exploit a misconfiguration in UniFi’s door access application, UniFi Access, that exposed a management API without proper authentication. This vulnerability was introduced in Version 3.3.22 and was fixed in Version 4.0.21 and later. ...

6.4AI score0.40972EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/10/30 11:30 p.m.40 views

CVE-2025-52665

A malicious actor with access to the management network could exploit a misconfiguration in UniFi’s door access application, UniFi Access, that exposed a management API without proper authentication. This vulnerability was introduced in Version 3.3.22 and was fixed in Version 4.0.21 and later. ...

0.40972EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/10/23 12:0 a.m.9 views

PT-2025-43553

Name of the Vulnerable Software and Affected Versions UniFi Access Application versions 3.3.22 through 3.4.31 Description A misconfiguration in the UniFi Access application exposes a management API without proper authentication. An attacker with access to the management network could exploit this...

10CVSS9.3AI score0.40972EPSS
Exploits0References31
RedhatCVE
RedhatCVE
added 2025/10/19 3:30 p.m.11 views

CVE-2025-47410

Apache Geode is vulnerable to CSRF attacks through GET requests to the Management and Monitoring REST API that could allow an attacker who has tricked a user into giving up their Geode session credentials to submit malicious commands on the target system on behalf of the authenticated user. This...

8.8CVSS7AI score0.00325EPSS
Exploits0References1
OSV
OSV
added 2025/10/18 6:30 p.m.2 views

GHSA-GJP8-99FV-CGCW Apache Geode: CSRF attacks through GET requests to the Management and Monitoring REST API that can execute gfsh commands on the target system

Apache Geode is vulnerable to CSRF attacks through GET requests to the Management and Monitoring REST API that could allow an attacker who has tricked a user into giving up their Geode session credentials to submit malicious commands on the target system on behalf of the authenticated user. This...

8.8CVSS7AI score0.00325EPSS
Exploits0References5
EUVD
EUVD
added 2025/10/18 6:30 p.m.5 views

EUVD-2025-34997

Apache Geode is vulnerable to CSRF attacks through GET requests to the Management and Monitoring REST API that could allow an attacker who has tricked a user into giving up their Geode session credentials to submit malicious commands on the target system on behalf of the authenticated user. This...

6.5AI score0.00325EPSS
Exploits0References2
Rows per page
Query Builder