Lucene search
K

105081 matches found

BDU FSTEC
BDU FSTEC
added 9 hours ago14 views

The vulnerability of the Directum RX ECM system, related to deficiencies in access control, allows a perpetrator to compromise data integrity.

The vulnerability of the Directum RX ECM system is related to deficiencies in access control. Exploiting this vulnerability could allow a remote attacker to compromise data integrity...

5CVSS5.8AI score
Exploits0Affected Software1
RedHat Linux
RedHat Linux
added 13 hours ago6 views

LibreOffice: LibreOffice: Denial of Service via crafted OOXML documents

A flaw was found in LibreOffice. A remote attacker could exploit this out-of-bounds write vulnerability by tricking a user into opening a specially crafted OOXML Office Open XML document with mismatched encryption salt parameters. This could lead to a denial of service DoS, making the application...

7.8CVSS6.9AI score0.00078EPSS
Exploits0References5
Nuclei
Nuclei
added 14 hours ago51 views

Lawo AG vsm LTC Time Sync (vTimeSync) - Path Traversal

The web server of Lawo AG vsm LTC Time Sync vTimeSync is affected by a "..." triple dot path traversal vulnerability. By sending a specially crafted HTTP request, an unauthenticated remote attacker could download arbitrary files from the operating system. As a limitation, the exploitation is only...

7.5CVSS7.1AI score0.04325EPSS
Exploits1References5
Nuclei
Nuclei
added 14 hours ago42 views

Xsuite <=2.4.4.5 - Open Redirect

Xsuite 2.4.4.5 and prior contains an open redirect vulnerability, which can allow a remote attacker to redirect users to arbitrary web sites and conduct phishing attacks via a malicious URL in the redirurl parameter. id: CVE-2015-4668 info: name: Xsuite =2.4.4.5 - Open Redirect author: 0xAkoko...

6.1CVSS6.8AI score0.06719EPSS
Exploits4References5
Nuclei
Nuclei
added 14 hours ago119 views

Palo Alto Networks PAN-OS Web Interface - Cross Site-Scripting

PAN-OS management web interface is vulnerable to reflected cross-site scripting. A remote attacker able to convince an administrator with an active authenticated session on the firewall management interface to click on a crafted link to that management web interface could potentially execute...

8.8CVSS7AI score0.2389EPSS
Exploits0References5
Nuclei
Nuclei
added 14 hours ago40 views

Cisco RV110W RV130W RV215W Router - Information leakage

A vulnerability in the web-based management interface of Cisco RV110W, RV130W, and RV215W Routers could allow an unauthenticated, remote attacker to access the syslog file on an affected device. The vulnerability is due to improper authorization of an HTTP request. An attacker could exploit this...

5.3CVSS6.2AI score0.40951EPSS
Exploits1References3
Nuclei
Nuclei
added 14 hours ago78 views

CyberPower - SQL Injection

A sql injection vulnerability exists in CyberPower PowerPanel Enterprise prior to v2.8.3. id: CVE-2024-32738 info: name: CyberPower - SQL Injection author: DhiyaneshDk severity: high description: | A sql injection vulnerability exists in CyberPower PowerPanel Enterprise prior to v2.8.3...

7.5CVSS7AI score0.04515EPSS
Exploits0References3
Nuclei
Nuclei
added 14 hours ago26 views

CyberPower - Missing Authentication

An issue regarding missing authentication for certain utilities exists in CyberPower PowerPanel Enterprise prior to v2.8.3. id: CVE-2024-32735 info: name: CyberPower - Missing Authentication author: DhiyaneshDK severity: critical description: | An issue regarding missing authentication for certai...

9.8CVSS7AI score0.06765EPSS
Exploits0References3
Nuclei
Nuclei
added 14 hours ago35 views

F-logic DataCube3 - SQL Injection

SQL injection vulnerability in f-logic datacube3 v.1.0 allows a remote attacker to obtain sensitive information via the reqid parameter. id: CVE-2024-31750 info: name: F-logic DataCube3 - SQL Injection author: DhiyaneshDK severity: high description: | SQL injection vulnerability in f-logic...

9.8CVSS6.1AI score0.1942EPSS
Exploits1References5
Nuclei
Nuclei
added 14 hours ago162 views

CRMEB v.5.2.2 - SQL Injection

SQL Injection vulnerability in CRMEB v.5.2.2 allows a remote attacker to obtain sensitive information via the getProductList function in the ProductController.php file. id: CVE-2024-36837 info: name: CRMEB v.5.2.2 - SQL Injection author: DhiyaneshDk severity: high description: | SQL Injection...

7.5CVSS6.1AI score0.08306EPSS
Exploits2References2
Nuclei
Nuclei
added 14 hours ago118 views

CData API Server < 23.4.8844 - Path Traversal

A path traversal vulnerability exists in the Java version of CData API Server 23.4.8844 when running using the embedded Jetty server, which could allow an unauthenticated remote attacker to gain complete administrative access to the application. id: CVE-2024-31848 info: name: CData API Server...

9.8CVSS7.1AI score0.08151EPSS
Exploits1References5
Nuclei
Nuclei
added 14 hours ago85 views

CData Arc < 23.4.8839 - Path Traversal

A path traversal vulnerability exists in the Java version of CData Arc 23.4.8839 when running using the embedded Jetty server, which could allow an unauthenticated remote attacker to gain access to sensitive information and perform limited actions. id: CVE-2024-31850 info: name: CData Arc 23.4.88...

9.8CVSS7.1AI score0.08151EPSS
Exploits1References3
Nuclei
Nuclei
added 14 hours ago99 views

CData Sync < 23.4.8843 - Path Traversal

A path traversal vulnerability exists in the Java version of CData Sync CData - Sync' - r...

8.6CVSS7AI score0.02885EPSS
Exploits0References2
Nuclei
Nuclei
added 14 hours ago57 views

mooSocial v.3.1.8 - Cross-Site Scripting

A cross-site Scripting XSS vulnerability in mooSocial v.3.1.8 allows a remote attacker to execute arbitrary code by sending a crafted payload to the adminredirecturl parameter of the user login function. id: CVE-2023-44812 info: name: mooSocial v.3.1.8 - Cross-Site Scripting author: ritikchaddha...

6.1CVSS6.6AI score0.01897EPSS
Exploits2References3
Nuclei
Nuclei
added 14 hours ago239 views

Reflected XSS - Telerik Reporting Module

Cross-site scripting vulnerability in Telerik.ReportViewer.WebForms.dll in Telerik Reporting for ASP.NET WebForms Report Viewer control before R1 2017 SP2 11.0.17.406 allows remote attackers to inject arbitrary web script or HTML via the bgColor parameter to Telerik.ReportViewer.axd. id:...

6.1CVSS6.8AI score0.09642EPSS
Exploits0References5
Nuclei
Nuclei
added 14 hours ago73 views

BIBLIOsoft BIBLIOpac 2008 - Cross-Site Scripting

BIBLIOsoft BIBLIOpac 2008 contains a cross-site scripting vulnerability via the db or action parameter to bin/wxis.exe/bibliopac/, which allows a remote attacker to inject arbitrary web script or HTML. id: CVE-2018-16139 info: name: BIBLIOsoft BIBLIOpac 2008 - Cross-Site Scripting author:...

6.1CVSS6.5AI score0.02285EPSS
Exploits1References4
Nuclei
Nuclei
added 14 hours ago20 views

Canon Devices - Authentication Bypass in Catwalk Server

Certain Canon devices manufactured in 2012 through 2020 such as imageRUNNER ADVANCE iR-ADV C5250, when Catwalk Server is enabled for HTTP access, allow remote attackers to modify an e-mail address setting, and thus cause the device to send sensitive information through e-mail to the attacker. For...

7.5CVSS7AI score0.04EPSS
Exploits1References3
Nuclei
Nuclei
added 14 hours ago41 views

Coda v.2024Q1 - Cross-Site Scripting

Cross Site Scripting vulnerability in Unit4 Financials by Coda v.2024Q1 allows a remote attacker to escalate privileges via a crafted script to the cols parameter. id: CVE-2024-28734 info: name: Coda v.2024Q1 - Cross-Site Scripting author: s4e-io severity: medium description: | Cross Site Scripti...

6.1CVSS6.1AI score0.01791EPSS
Exploits1References4
Nuclei
Nuclei
added 14 hours ago78 views

Ametys CMS Information Disclosure

Ametys CMS before 4.5.0 allows a remote unauthenticated attacker to read documents such as plugins/web/service/search/auto-completion/domain/en.xml and similar pathnames for other languages via the auto-completion plugin, which contain all characters typed by all users, including the content of...

5.3CVSS6.2AI score0.13372EPSS
Exploits2References5
Nuclei
Nuclei
added 14 hours ago104 views

IND780 - Local File Inclusion

IND780 Advanced Weighing Terminals Build 8.0.07 March 19, 2018 SS Label 'IND7808.0.07', Version 7.2.10 June 18, 2012 SS Label 'IND7807.2.10' is vulnerable to unauthenticated local file inclusion. It is possible to traverse the folders of the affected host by providing a relative path to the...

7.5CVSS7AI score0.04613EPSS
Exploits1References5
Rows per page
Query Builder