Lucene search
K

5655 matches found

Vulnrichment
Vulnrichment
added 2024/11/11 6:51 a.m.16 views

CVE-2024-11016 Grand Vice info Webopac - SQL Injection

Webopac from Grand Vice info has a SQL Injection vulnerability, allowing unauthenticated remote attacks to inject arbitrary SQL commands to read, modify, and delete database contents...

9.8CVSS8.4AI score0.00538EPSS
Exploits0References2
CNVD
CNVD
added 2024/11/11 12:0 a.m.9 views

Cisco Unified Communications Manager Cross-Site Scripting Vulnerability

Cisco Unified Communications Manager is a call processing component of a Unified Communications system. A cross-site scripting vulnerability exists in the Cisco Unified Communications Manager WEB interface, which can be exploited by remote attackers to inject malicious script or HTML code that ca...

6.1CVSS5.8AI score0.00307EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2024/11/01 12:0 a.m.18 views

Amazon Linux 2 : cups-filters (ALAS-2024-2656)

The version of cups-filters installed on the remote host is prior to 1.0.35-26. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2024-2656 advisory. CUPS is a standards-based, open-source printing system, and cups-browsed contains network printing functionality...

7.5CVSS8AI score0.62269EPSS
Exploits14References6
OSV
OSV
added 2024/10/22 6:32 p.m.11 views

GHSA-6C4V-X9V2-RJM8 Liferay Portal and Liferay DXP Vulnerable to Cross-Site Request Forgery (CSRF) via the My Account Widget

Cross-site request forgery CSRF vulnerability in the My Account widget in Liferay Portal 7.4.3.75 through 7.4.3.111, and Liferay DXP 2023.Q4.0 through 2023.Q4.2, 2023.Q3.1 through 2023.Q3.5, 7.4 update 75 through update 92 and 7.3 update 32 through update 36 allows remote attackers to 1 change us...

8.8CVSS7.6AI score0.00342EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2024/10/22 6:32 p.m.7 views

Liferay Portal and Liferay DXP Vulnerable to Cross-Site Request Forgery (CSRF) via the My Account Widget

Cross-site request forgery CSRF vulnerability in the My Account widget in Liferay Portal 7.4.3.75 through 7.4.3.111, and Liferay DXP 2023.Q4.0 through 2023.Q4.2, 2023.Q3.1 through 2023.Q3.5, 7.4 update 75 through update 92 and 7.3 update 32 through update 36 allows remote attackers to 1 change us...

8.8CVSS7.7AI score0.00342EPSS
Exploits0References3Affected Software2
Github Security Blog
Github Security Blog
added 2024/10/22 6:32 p.m.12 views

Liferay Portal and Liferay DXP Vulnerable to Cross-Site Request Forgery (CSRF) via the Content Page Editor

Cross-site request forgery CSRF vulnerability in the content page editor in Liferay Portal 7.3.2 through 7.4.3.107, and Liferay DXP 2023.Q4.0 through 2023.Q4.2, 2023.Q3.1 through 2023.Q3.5, 7.4 GA through update 92 and 7.3 GA through update 35 allows remote attackers to 1 change user passwords, 2...

8.8CVSS7.7AI score0.00342EPSS
Exploits0References3Affected Software2
OpenVAS
OpenVAS
added 2024/10/22 12:0 a.m.15 views

Eclipse Jetty DoS Vulnerability (GHSA-r7m4-f9h5-gr79) - Windows

Eclipse Jetty is prone to a denial of service DoS vulnerability. SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:eclipse:jetty";...

6.5CVSS6.4AI score0.00949EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2024/10/19 12:0 a.m.4 views

Fedora 40 : rust-hyper-rustls / rust-reqwest / rust-rustls-native-certs / etc (2024-bf524bf5c0)

The remote Fedora 40 host has packages installed that are affected by a vulnerability as referenced in the FEDORA-2024-bf524bf5c0 advisory. - Update the hyper-rustls crate to version 0.27.3. - Update the reqwest crate to version 0.12.8. - Update the rustls-native-certs crate to version 0.8.0 and...

5.6AI score
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2024/10/14 12:0 a.m.14 views

Amazon Linux 2023 : cups-filters, cups-filters-devel, cups-filters-libs (ALAS2023-2024-723)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2024-723 advisory. 2024-11-13: CVE-2024-47850 was added to this advisory. CUPS is a standards-based, open-source printing system, and libcupsfilters contains the code of the filters of the former cups-filters...

8.6CVSS8.1AI score0.8344EPSS
Exploits15References8
Zero Science Lab
Zero Science Lab
added 2024/10/11 12:0 a.m.388 views

ABB Cylon Aspect 3.07.02 (user.properties) Default Credentials

Summary ASPECT is an award-winning scalable building energy management and control solution designed to allow users seamless access to their building data through standard building protocols including smart devices. Description The ABB BMS/BAS controller uses a weak set of default administrative...

5.8AI score
Exploits0
Positive Technologies
Positive Technologies
added 2024/10/02 12:0 a.m.3 views

PT-2024-7432 · Draytek · Draytek Vigor310

Name of the Vulnerable Software and Affected Versions: DrayTek Vigor310 devices through 4.3.2.6 Description: The issue is related to shortcomings in the authentication procedure of DrayTek Vigor router software. Exploitation of this issue may allow a remote attacker to impact the confidentiality,...

8.8CVSS6.6AI score0.00322EPSS
Exploits0References14
The Hacker News
The Hacker News
added 2024/09/30 11:55 a.m.47 views

Critical Flaws in Tank Gauge Systems Expose Gas Stations to Remote Attacks

Critical security vulnerabilities have been disclosed in six different Automatic Tank Gauge ATG systems from five manufacturers that could expose them to remote attacks. "These vulnerabilities pose significant real-world risks, as they could be exploited by malicious actors to cause widespread...

10CVSS9.3AI score0.77307EPSS
Exploits3
NVD
NVD
added 2024/09/29 7:15 a.m.16 views

CVE-2024-9324

A vulnerability was found in Intelbras InControl up to 2.21.57. It has been rated as critical. Affected by this issue is some unknown functionality of the file /v1/operador/ of the component Relatório de Operadores Page. The manipulation of the argument fields leads to code injection. The attack...

8.8CVSS0.00594EPSS
Exploits1References6
Positive Technologies
Positive Technologies
added 2024/09/28 12:0 a.m.2 views

PT-2024-39553 · Sourcecodester · Sourcecodester Online Railway Reservation System

Name of the Vulnerable Software and Affected Versions: SourceCodester Online Railway Reservation System version 1.0 Description: A vulnerability was found in the Ticket Handler component, specifically affecting some unknown functionality of the file /?page=tickets. The manipulation of the id...

5.3CVSS7.2AI score0.00478EPSS
Exploits1References9
Malwarebytes
Malwarebytes
added 2024/09/27 3:57 p.m.10 views

Millions of Kia vehicles were vulnerable to remote attacks with just a license plate number

In June of 2024 security researchers uncovered a set of vulnerabilities in the Kia dealer portal that allowed them to remotely take over any Kia vehicle built after 2013—and all they needed was a license plate number. According to the researchers: "These attacks could be executed remotely on any...

7.7AI score
Exploits0
Debian CVE
Debian CVE
added 2024/09/26 9:13 p.m.31 views

CVE-2024-47176

CUPS is a standards-based, open-source printing system, and cups-browsed contains network printing functionality including, but not limited to, auto-discovering print services and shared printers. cups-browsed binds to INADDRANY:631, causing it to trust any packet from any source, and can cause t...

5.3CVSS7.6AI score0.62269EPSS
Exploits14
FreeBSD
FreeBSD
added 2024/09/26 12:0 a.m.29 views

cups-filters -- remote code execution

OpenPrinting reports: Due to the service binding to :631 INADDRANY , multiple bugs in cups-browsed can be exploited in sequence to introduce a malicious printer to the system. This chain of exploits ultimately enables an attacker to execute arbitrary commands remotely on the target machine withou...

8.6CVSS7.8AI score0.8344EPSS
Exploits5References1
IBM Security Bulletins
IBM Security Bulletins
added 2024/09/25 8:37 p.m.13 views

Security Bulletin: IBM Cognos Command Center has addressed vulnerabilites

Summary There are vulnerabilities in IBM® Semeru Java™ Version 11 used by IBM Cognos Command Center. IBM Cognos Command Center 10.2.5 IF3 has addressed the applicable CVEs by upgrading to IBM® Semeru Java™ Version 11.0.24.0. Additionally, IBM Cognos Command Center has addressed a vulnerability th...

7.3CVSS6.7AI score0.01276EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/09/25 7:4 p.m.29 views

Security Bulletin: Vulnerabilities in Logback, Guava and Apache HTTPClient affect IBM watsonx.data

Summary Logback, Guava and Apache HTTPClient have vulnerabilties that can affect watsonx.data. These vulnerabilities include remote attacks to bypass security restrictions and remote authenticated attacker to execute arbitrary code on the system. Vulnerability Details CVEID:CVE-2021-42550...

8.5CVSS8.2AI score0.08665EPSS
Exploits3Affected Software1
CNVD
CNVD
added 2024/09/25 12:0 a.m.6 views

Google Chrome Code Execution Vulnerability (CNVD-2024-39741)

Google Chrome is a web browser from Google, an American company. A code execution vulnerability exists in versions prior to Google Chrome 123.0.6312.58, which can be exploited by remote attackers to execute arbitrary code on a system...

8.8CVSS7.6AI score0.0035EPSS
Exploits1References1
Rows per page
Query Builder