Lucene search
K

601 matches found

OSV
OSV
added 2025/07/23 5:15 a.m.3 views

CVE-2024-53287

Improper neutralization of input during web page generation 'Cross-site Scripting' vulnerability in VPN Setting functionality in Synology Router Manager SRM before 1.3.1-9346-11 allows remote authenticated users with administrator privileges to inject arbitrary web script or HTML via unspecified...

5.9CVSS5.9AI score0.00205EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 2:53 a.m.5 views

CVE-2023-0142

Uncontrolled search path element vulnerability in Backup Management functionality in Synology DiskStation Manager DSM before 6.2.4-25556-8, 7.0.1-42218-7 and 7.1-42661 allows remote authenticated users with administrator privileges to read or write arbitrary files via unspecified vectors...

8.1CVSS6.9AI score0.0097EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 1:7 p.m.11 views

CVE-2018-6313

Cross-site scripting XSS in WBCE CMS 1.3.1 allows remote authenticated administrators to inject arbitrary web script or HTML via the Modify Page screen, a different issue than CVE-2017-2118...

6.1CVSS5.6AI score0.01209EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 11:24 a.m.10 views

CVE-2013-5692

Directory traversal vulnerability in X2Engine X2CRM before 3.5 allows remote authenticated administrators to include and execute arbitrary local files via a .. dot dot in the file parameter to index.php/admin/translationManager...

8.5CVSS6.9AI score0.05791EPSS
Exploits5References1
RedhatCVE
RedhatCVE
added 2025/05/22 9:30 a.m.9 views

CVE-2015-2199

Multiple SQL injection vulnerabilities in the WonderPlugin Audio Player plugin before 2.1 for WordPress allow 1 remote authenticated users to execute arbitrary SQL commands via the itemid parameter in a wonderpluginaudiosaveitem action to wp-admin/admin-ajax.php or remote administrators to execut...

6.5CVSS8.5AI score0.02582EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 9:23 a.m.12 views

CVE-2015-8233

Cross-site scripting XSS vulnerability in the MAYO theme 7.x-1.x before 7.x-1.4 and 7.x-2.x before 7.x-2.6 for Drupal allows remote administrators with the "Administer themes" permission to inject arbitrary web script or HTML via unspecified vectors related to theme settings...

2.6CVSS5.8AI score0.01316EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 1:18 a.m.12 views

CVE-2010-4731

Absolute path traversal vulnerability in cgi-bin/read.cgi in WebSCADA WS100 and WS200, Easy Connect EC150, Modbus RTU - TCP Gateway MB100, and Serial Ethernet Server SS100 on the IntelliCom NetBiter NB100 and NB200 platforms allows remote authenticated administrators to read arbitrary files via a...

10CVSS6.2AI score0.03361EPSS
Exploits2References1
Tenable Nessus
Tenable Nessus
added 2025/03/04 12:0 a.m.9 views

Linux Distros Unpatched Vulnerability : CVE-2016-5629

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Unspecified vulnerability in Oracle MySQL 5.5.51 and earlier, 5.6.32 and earlier, and 5.7.14 and earlier allows remote administrators to affect availability via...

4.9CVSS6.4AI score0.0316EPSS
Exploits0References3
CNNVD
CNNVD
added 2025/02/13 12:0 a.m.6 views

Synology Active Backup for Business 路径遍历漏洞

Synology Active Backup for Business is a backup program from Synology, a Chinese company. A path traversal vulnerability exists in Synology Active Backup for Business, which could allow a remote authenticated user with administrator privileges to delete arbitrary files via unspecified vectors...

4.9CVSS6.7AI score0.00528EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2024/11/22 12:0 a.m.5 views

PT-2024-27261 · Qnap · Quts Hero +1

Name of the Vulnerable Software and Affected Versions: QNAP operating system versions prior to QTS 5.2.1.2930 build 20241025 QNAP operating system versions prior to QuTS hero h5.2.1.2929 build 20241025 Description: A path traversal issue has been reported, potentially allowing remote attackers wi...

2.1CVSS7.2AI score0.00676EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2024/11/11 12:0 a.m.5 views

PT-2024-8170 · D Link · D-Link Dsl6740C

Name of the Vulnerable Software and Affected Versions: D-Link DSL6740C affected versions not specified Description: The D-Link DSL6740C modem has an OS Command Injection issue, allowing remote attackers with administrator privileges to inject and execute arbitrary system commands through a specif...

9CVSS8.2AI score0.01325EPSS
Exploits0References18
NVD
NVD
added 2024/11/04 7:15 p.m.32 views

CVE-2024-34885

Insufficiently protected credentials in SMTP server settings in 1C-Bitrix Bitrix24 23.300.100 allows remote administrators to read SMTP accounts passwords via HTTP GET request...

6.8CVSS0.00424EPSS
Exploits1References1
NVD
NVD
added 2024/11/04 7:15 p.m.44 views

CVE-2024-34891

Insufficiently protected credentials in DAV server settings in 1C-Bitrix Bitrix24 23.300.100 allows remote administrators to read Exchange account passwords via HTTP GET request...

6.8CVSS0.0029EPSS
Exploits1References1
OSV
OSV
added 2024/11/04 7:15 p.m.3 views

CVE-2024-34891

Insufficiently protected credentials in DAV server settings in 1C-Bitrix Bitrix24 23.300.100 allows remote administrators to read Exchange account passwords via HTTP GET request...

6.8CVSS5.8AI score0.0029EPSS
Exploits1References2
NVD
NVD
added 2024/11/04 6:15 p.m.28 views

CVE-2024-34882

Insufficiently protected credentials in SMTP server settings in 1C-Bitrix Bitrix24 23.300.100 allows remote administrators to send SMTP account passwords to an arbitrary server via HTTP POST request...

6.8CVSS0.00339EPSS
Exploits0References1
NVD
NVD
added 2024/11/04 6:15 p.m.42 views

CVE-2024-34887

Insufficiently protected credentials in AD/LDAP server settings in 1C-Bitrix Bitrix24 23.300.100 allows remote administrators to send AD/LDAP administrators account passwords to an arbitrary server via HTTP POST request...

6.8CVSS0.00339EPSS
Exploits0References1
CVE
CVE
added 2024/11/04 12:0 a.m.66 views

CVE-2024-34887

CVE-2024-34887 affects 1C-Bitrix Bitrix24 23.300.100. The issue is "insufficiently protected credentials" in AD/LDAP server settings, enabling remote administrators to exfiltrate AD/LDAP administrator passwords to an arbitrary server via HTTP POST. Public sources (Red Hat, CNNVD, CVE listings) de...

6.8CVSS6.8AI score0.00339EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2024/11/04 12:0 a.m.12 views

CVE-2024-34883

Insufficiently protected credentials in DAV server settings in 1C-Bitrix Bitrix24 23.300.100 allow remote administrators to read proxy-server accounts passwords via HTTP GET request...

6.9AI score0.00371EPSS
Exploits0References1
CVE
CVE
added 2024/11/04 12:0 a.m.62 views

CVE-2024-34883

CVE-2024-34883 affects 1C-Bitrix Bitrix24 v23.300.100. The vulnerability arises from insufficient protection of credentials in the DAV server settings, enabling remote administrators to read proxy-server account passwords via an HTTP GET request. Impact is confidentiality: high. Exploitation deta...

6.8CVSS6.6AI score0.00371EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2024/11/04 12:0 a.m.67 views

CVE-2024-34891

CVE-2024-34891 affects 1C-Bitrix Bitrix24 23.300.100. The Red Hat, NVD, CNNVD and CVE lists confirm a vulnerability from insufficiently protected credentials in the DAV server settings, enabling remote administrators to read Exchange account passwords via HTTP GET. The PT-2024-7262 report restate...

6.8CVSS6.6AI score0.0029EPSS
Exploits1References1Affected Software1
Rows per page
Query Builder