Lucene search
K

109 matches found

Prion
Prion
added 2023/05/30 11:15 p.m.18 views

Design/Logic Flaw

There is an unauthorized access vulnerability in some ZTE mobile phones. If a malicious application is installed on the phone, it could start a non-public interface of an application without user permission...

1.9CVSS4.1AI score0.00286EPSS
Exploits0References1Affected Software17
Cvelist
Cvelist
added 2023/05/30 12:0 a.m.28 views

CVE-2022-39074

There is an unauthorized access vulnerability in some ZTE mobile phones. If a malicious application is installed on the phone, it could start a non-public interface of an application without user permission...

4.3AI score0.00286EPSS
Exploits0References1
CNNVD
CNNVD
added 2023/05/30 12:0 a.m.4 views

ZTE 手机 安全漏洞

The ZTE cell phone is a network device from China's ZTE Corporation ZTE. ZTE's cellular device. The ZTE phone suffers from a security vulnerability that stems from the fact that if a malicious application is installed on the phone, it may launch the application's non-public interface without the...

3.3CVSS4.9AI score0.00286EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2023/05/30 12:0 a.m.13 views

PT-2023-13685 · Zte · Zte Mobile Phones

Name of the Vulnerable Software and Affected Versions: ZTE mobile phones affected versions not specified Description: The issue allows for unauthorized access. A malicious application installed on the phone could start a non-public interface of an application without user permission...

3.3CVSS6.8AI score0.00286EPSS
Exploits0References2
CNNVD
CNNVD
added 2023/05/30 12:0 a.m.7 views

Parse Server 代码问题漏洞

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. A security vulnerability exists in Parse Server versions prior to 5.4.4 and 6.0.0 through 6.1.1, which stems from a malicious user being able to upload HTML files to Parse Server via its public...

6.5CVSS6.4AI score0.00639EPSS
Exploits0References4
CNNVD
CNNVD
added 2023/05/08 12:0 a.m.7 views

Ghost 信息泄露漏洞

Ghost CMS is an open source headless content management system CMS written in JavaScript from the Ghost Foundation in Singapore. An information disclosure vulnerability exists in Ghost versions prior to 5.46.1 that stems from a lack of validation when filtering on public API endpoints , which can...

7.5CVSS7.2AI score0.45713EPSS
Exploits0References4
OSV
OSV
added 2023/04/11 3:15 a.m.9 views

CVE-2023-28761

In SAP NetWeaver Enterprise Portal - version 7.50, an unauthenticated attacker can attach to an open interface and make use of an open API to access a service which will enable them to access or modify server settings and data, leading to limited impact on confidentiality and integrity...

6.5CVSS6.3AI score0.00379EPSS
Exploits0References2
OSV
OSV
added 2022/12/06 3:15 p.m.4 views

CVE-2022-46383

RackN Digital Rebar through 4.6.14, 4.7 through 4.7.22, 4.8 through 4.8.5, 4.9 through 4.9.12, and 4.10 through 4.10.8 has exposed a privileged token via a public API endpoint Incorrect Access Control. The token can be used to escalate privileges within the Digital Rebar system and grant full...

9.8CVSS5.8AI score0.00692EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2022/03/11 12:0 a.m.6 views

PT-2022-16235 · Lg · Webos

Name of the Vulnerable Software and Affected Versions: No specific software or versions mentioned. Description: The issue allows an attacker to bypass API access control due to a public API error. Recommendations: At the moment, there is no information about a newer version that contains a fix fo...

9.8CVSS9.3AI score0.01008EPSS
Exploits0References2
CNNVD
CNNVD
added 2022/03/11 12:0 a.m.5 views

public API安全漏洞

The public API is a list of free API collections for software and web development. A security vulnerability exists in the public API that could allow an attacker to bypass API access controls...

9.8CVSS8.3AI score0.01008EPSS
Exploits0References2
OSV
OSV
added 2022/02/09 4:15 p.m.5 views

CVE-2021-40360

A vulnerability has been identified in SIMATIC PCS 7 V8.2 All versions, SIMATIC PCS 7 V9.0 All versions, SIMATIC PCS 7 V9.1 All versions V9.1 SP1, SIMATIC WinCC V15 and earlier All versions V15 SP1 Update 7, SIMATIC WinCC V16 All versions V16 Update 5, SIMATIC WinCC V17 All versions V17 Update 2,...

8.8CVSS5.7AI score0.00682EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2022/02/09 4:15 p.m.3 views

CVE-2021-40360

A vulnerability has been identified in SIMATIC PCS 7 V8.2 All versions, SIMATIC PCS 7 V9.0 All versions, SIMATIC PCS 7 V9.1 All versions V9.1 SP1, SIMATIC WinCC V15 and earlier All versions V15 SP1 Update 7, SIMATIC WinCC V16 All versions V16 Update 5, SIMATIC WinCC V17 All versions V17 Update 2,...

8.8CVSS5.8AI score0.00682EPSS
Exploits0References2
CNNVD
CNNVD
added 2021/04/14 12:0 a.m.5 views

Zulip 安全漏洞

Zulip server is an open source team chat application from the American company Zulip. A security vulnerability exists in Zulip Server versions prior to 3.4 that stems from a public API that causes guest users to be able to receive message traffic from a public stream that should only be accessibl...

5.3CVSS5.5AI score0.00862EPSS
Exploits0References3
OSV
OSV
added 2021/02/03 4:15 p.m.4 views

CVE-2021-25760

In JetBrains Hub before 2020.1.12669, information disclosure via the public API was possible...

5.3CVSS5.8AI score0.0086EPSS
Exploits0References2
CNVD
CNVD
added 2020/12/29 12:0 a.m.4 views

HCL Domino Denial of Service Vulnerability (CNVD-2020-75064)

HCL Domino is a server for collaborative client-server software platforms. A denial of service vulnerability exists in HCL Domino 10 and 11. The vulnerability stems from insufficient input validation to the public API. An attacker could exploit the vulnerability to cause the Domino server to cras...

7.5CVSS6.7AI score0.01206EPSS
Exploits1References1
CNVD
CNVD
added 2020/10/30 12:0 a.m.3 views

SQL Injection Vulnerability in Shield Spirit Voting Sucker System (CNVD-2020-62840)

Shield Spirit Voting Powder Sucking System can be applied to the public number, through the WeChat public number of the message interface to collect the user to send the vote number of the data to reach the vote, with anti-brush voting voting function, but also efficiently suck the live powder...

7.8AI score
Exploits0
CNVD
CNVD
added 2020/10/30 12:0 a.m.1 views

SQL Injection Vulnerability in Shield Spirit Voting Sucker System (CNVD-2020-62832)

Shield Spirit Voting Powder Sucking System can be applied to the public number, through the WeChat public number of the message interface to collect the user to send the vote number of the data to reach the vote, with anti-brush voting voting function, but also efficiently suck the live powder...

7.6AI score
Exploits0
Virtuozzo
Virtuozzo
added 2020/02/28 12:0 a.m.79 views

Product release: Virtuozzo Infrastructure Platform 3.5 Update 1 (3.5.1-43)

This update provides a new feature as well as fixes and improvements. Vulnerability id: VSTOR-30003 Unable to release node from cluster: 'Unable to send message to any node in ABGW cluster'. Vulnerability id: VSTOR-30135 No read/write data on dashboards if multipath is configured. Vulnerability i...

0.5AI score
Exploits0
Positive Technologies
Positive Technologies
added 2019/05/29 12:0 a.m.4 views

PT-2019-12799 · Containous +1 · Traefik +1

Name of the Vulnerable Software and Affected Versions: Containous Traefik versions 1.7.x through 1.7.11 Description: The issue allows remote authenticated users to discover password hashes by reading the Basic HTTP Authentication or Digest HTTP Authentication section, or discover a key by reading...

7.8CVSS7.9AI score0.83433EPSS
Exploits2References19
CNVD
CNVD
added 2019/02/19 12:0 a.m.3 views

idreamsoft iCMS Cross-Site Request Forgery Vulnerability (CNVD-2019-12121)

iCMS is an efficient and simple content management system built with PHP and MySQL. A cross-site request forgery vulnerability exists in idreamsoft iCMS 7.0.14 and earlier versions, which can be exploited by an attacker to delete a user's posts via public/api.php?app=user URI...

5.7CVSS6.9AI score0.00381EPSS
Exploits1References1
Rows per page
Query Builder