Lucene search
K

108 matches found

BDU FSTEC
BDU FSTEC
added 2025/02/10 12:0 a.m.6 views

The vulnerability of microprogrammed software for programmable logic controllers ABB FBXi, FBVi, FBTi, and CBXi lies in the lack of origin verification in WebSockets. This allows attackers to circumvent security restrictions and gain unauthorized access to protected information.

The vulnerability of microprogrammed programmable logic controllers ABB FBXi, FBVi, FBTi, and CBXi is related to the lack of origin verification in WebSockets. Exploiting this vulnerability allows a malicious actor to bypass security restrictions and gain unauthorized access to protected...

9.7CVSS7.7AI score0.00888EPSS
Exploits4References3Affected Software11
CNNVD
CNNVD
added 2025/02/05 12:0 a.m.5 views

RFC 6169 安全漏洞

RFC 6169 is a network protocol open-sourced by RFC. A security vulnerability exists in RFC 6169 that stems from not verifying or validating the origin of network packets. An attacker exploiting this vulnerability could spoof traffic and bypass access control...

6.5CVSS5.9AI score0.00845EPSS
Exploits0References2
NVD
NVD
added 2025/01/29 9:15 a.m.13 views

CVE-2024-57965

In axios before 1.7.8, lib/helpers/isURLSameOrigin.js does not use a URL object when determining an origin, and has a potentially unwanted setAttribute'href',href call. NOTE: some parties feel that the code change only addresses a warning message from a SAST tool and does not fix a vulnerability...

9.8CVSS0.00369EPSS
Exploits0References4
Snyk
Snyk
added 2024/10/05 1:41 a.m.3 views

Cross-Site Request Forgery (CSRF)

Overview Affected versions of this package are vulnerable to Cross-Site Request Forgery CSRF via the delete parameter, due to insufficient verification of the origin of HTTP requests. Remediation Upgrade mediawiki/cargo to version 3.7 or higher. References - Gerrit Mediawiki - Wikimedia Phabricat...

8.8CVSS7AI score0.00264EPSS
Exploits1References2
Veracode
Veracode
added 2024/09/25 7:15 a.m.12 views

Authentication Bypass

GateOne is vulnerable to Authentication Bypass. The vulnerability is due to a flaw in the origin verification mechanism, allowing attackers to bypass the origins list check and connect to Gate One instances from unauthorized hosts...

5.3CVSS6.6AI score0.00764EPSS
Exploits1References4Affected Software1
Positive Technologies
Positive Technologies
added 2024/07/02 12:0 a.m.5 views

PT-2024-13012 · Kiloview · P1/P2 +2

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned. Description: A vulnerability exists that allows attackers to download and execute code from a remote location without properly verifying its origin and integrity. This can enable attackers to...

9.8CVSS7.4AI score0.00253EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2024/04/12 12:0 a.m.5 views

PT-2024-22622 · Unknown · Io-1020 Micro Eld

Name of the Vulnerable Software and Affected Versions: IO-1020 Micro ELD affected versions not specified Description: The issue concerns the execution of code without sufficient verification of its origin or integrity. This could potentially lead to the execution of malicious code, posing a...

9.6CVSS7.2AI score0.00274EPSS
Exploits0References2
CNNVD
CNNVD
added 2024/03/22 12:0 a.m.5 views

Tenda AC15 跨站请求伪造漏洞

Tenda AC15 is a dual-band wireless router launched by Shenzhen Jixiang Tenda Technology Co. in October 2015, which supports 802.11ac protocol with a theoretical transmission rate of 1900Mbps 600Mbps in 2.4GHz band and 1300Mbps in 5GHz band. The Tenda AC15 suffers from a cross-site request forgery...

6.5CVSS6.9AI score0.00335EPSS
Exploits1References4
BDU FSTEC
BDU FSTEC
added 2024/03/06 12:0 a.m.5 views

The vulnerability of the automation-eda-controller/ansible-rulebook/ansible-automation-platform-installer package of the Red Hat Ansible Automation Platform allows a perpetrator to gain unauthorized access to protected information.

The vulnerability of the automation-eda-controller/ansible-rulebook/ansible-automation-platform-installer package of the Red Hat Ansible Automation Platform is related to the lack of origin verification in WebSockets, resulting from an incorrect restriction on the communication channel. Exploitin...

9.4CVSS7.5AI score0.00378EPSS
Exploits0References4Affected Software1
NVD
NVD
added 2024/02/13 2:15 p.m.21 views

CVE-2024-24782

An unauthenticated attacker can send a ping request from one network to another through an error in the origin verification even though the ports are separated by VLAN...

4.3CVSS4.6AI score0.00161EPSS
Exploits0References1
OSV
OSV
added 2024/02/13 2:15 p.m.4 views

CVE-2024-24782

An unauthenticated attacker can send a ping request from one network to another through an error in the origin verification even though the ports are separated by VLAN...

4.3CVSS5.8AI score0.00161EPSS
Exploits0References1
CVE
CVE
added 2024/02/13 1:46 p.m.58 views

CVE-2024-24782

CVE-2024-24782 describes an access control/origin verification error that allows an unauthenticated attacker to send a ping between isolated networks (across VLAN-segregated ports). Affected products in the connected data include HIMA Paul Hildebrandt F Series and X Series, with the underlying is...

4.3CVSS4.7AI score0.00161EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2024/02/13 1:46 p.m.25 views

CVE-2024-24782 HIMA: Origin Validation Error in multiple products

An unauthenticated attacker can send a ping request from one network to another through an error in the origin verification even though the ports are separated by VLAN...

4.3CVSS5AI score0.00161EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2024/02/13 12:0 a.m.9 views

PT-2024-20559 · Hima · F-Com 01 +19

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided descriptions. Description: An unauthenticated attacker can send a ping request from one network to another through an error in the origin verification, even though the ports are...

4.3CVSS7AI score0.00161EPSS
Exploits0References5
CNVD
CNVD
added 2023/12/19 12:0 a.m.4 views

JetBrains TeamCity Cross-Site Request Forgery Vulnerability (CNVD-2025-2049443)

JetBrains TeamCity is a Continuous Integration CI/CD tool developed by JetBrains, Inc. to automate the software build, test and deployment process. JetBrains TeamCity suffers from a cross-site request forgery vulnerability that stems from not adequately verifying that a request is from a trusted...

8.8CVSS6.9AI score0.00319EPSS
Exploits0References1
Prion
Prion
added 2023/11/07 7:15 p.m.20 views

Cross site scripting

Squidex is an open source headless CMS and content management hub. Affected versions are missing origin verification in a postMessage handler which introduces a Cross-Site Scripting XSS vulnerability. The editor-sdk.js file defines three different class-like functions, which employ a global messa...

5.8CVSS6.2AI score0.00473EPSS
Exploits1References1Affected Software1
Tenable Nessus
Tenable Nessus
added 2023/11/07 12:0 a.m.18 views

Apache Traffic Server 8.x < 8.1.3 Improper Authentication

Improper Authentication vulnerability in TLS origin verification of Apache Traffic Server allows for man in the middle attacks. Note that Nessus did not actually test for these issues, but instead has relied on the version found in the server's banner. %NASLMINLEVEL 80900 C Tenable, Inc...

8.1CVSS7.6AI score0.01888EPSS
Exploits0References2
SUSE CVE
SUSE CVE
added 2023/02/15 5:16 a.m.4 views

SUSE CVE-2015-5235

IcedTea-Web before 1.5.3 and 1.6.x before 1.6.1 does not properly determine the origin of unsigned applets, which allows remote attackers to bypass the approval process or trick users into approving applet execution via a crafted web page...

4.3CVSS7.1AI score0.03037EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2022/05/31 12:0 a.m.29 views

Debian DSA-5153-1 : trafficserver - security update

The remote Debian 10 / 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5153 advisory. Several vulnerabilities were discovered in Apache Traffic Server, a reverse and forward proxy server, which could result in HTTP request smuggling or MITM...

8.1CVSS7.5AI score0.02507EPSS
Exploits0References16
Positive Technologies
Positive Technologies
added 2022/03/08 12:0 a.m.6 views

PT-2022-17785 · Mendix · Mendix Applications

Name of the Vulnerable Software and Affected Versions: Mendix Applications versions prior to 7.23.29 Description: A vulnerability has been identified in Mendix Applications. The affected framework does not correctly verify if the request was initially made by the user requesting the result when...

6.5CVSS6.4AI score0.0092EPSS
Exploits0References2
Rows per page
Query Builder