Lucene search
K

5655 matches found

BDU FSTEC
BDU FSTEC
added 2024/09/11 12:0 a.m.5 views

The vulnerability of the software platforms for developing and managing Magento Open Source and Adobe Commerce online stores relates to the possibility of manipulating cross-site requests. This allows attackers to bypass security restrictions and carry out CSRF attacks.

The vulnerability of the Magento Open Source and Adobe Commerce software platforms for developing and managing online stores is related to the manipulation of cross-site requests. Exploiting this vulnerability allows a malicious actor to bypass security restrictions and perform CSRF attacks...

5CVSS5.2AI score0.00449EPSS
Exploits0References2Affected Software2
The Hacker News
The Hacker News
added 2024/09/05 4:40 a.m.37 views

Cisco Fixes Two Critical Flaws in Smart Licensing Utility to Prevent Remote Attacks

Cisco has released security updates for two critical security flaws impacting its Smart Licensing Utility that could allow unauthenticated, remote attackers to elevate their privileges or access sensitive information. A brief description of the two vulnerabilities is below - CVE-2024-20439 CVSS...

9.8CVSS7.9AI score0.9201EPSS
Exploits0
Cvelist
Cvelist
added 2024/09/04 5:32 a.m.25 views

CVE-2024-34659

Exposure of sensitive information in GroupSharing prior to version 13.6.13.3 allows remote attackers can force the victim to join the group...

7.5CVSS0.00463EPSS
Exploits0References1
Redos
Redos
added 2024/09/02 12:0 a.m.25 views

ROS-20240902-11

Vulnerability in Mozilla Firefox, Mozilla Firefox ESR, Mozilla Thunderbird email client is related to too soft memory allocation checks in Angle for GLSL shaders. with too soft memory allocation checks in Angle for GLSL shaders. Exploitation of the vulnerability could Allow an attacker acting...

9.8CVSS7.1AI score0.00977EPSS
Exploits0
Packet Storm
Packet Storm
added 2024/09/01 12:0 a.m.252 views

NTP Mode 7 PEER_LIST Denial Of Service Scanner

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'NTP Mode 7 PEERLIST DoS Scanner', 'Description' = %q This module identifies NTP servers which permit "PEERLIST" queries and return responses that...

5CVSS6.7AI score0.97549EPSS
Exploits23
Positive Technologies
Positive Technologies
added 2024/08/28 12:0 a.m.2 views

PT-2024-5934 · Totolink · Totolink Ac1200 Wireless Router

Name of the Vulnerable Software and Affected Versions: TOTOLINK AC1200 Wireless Router A3002RU version V2.1.1-B20230720.1011 Description: The issue concerns a buffer overflow vulnerability related to the formWlEncrypt CGI handler in the boa program. This handler fails to limit the length of the...

10CVSS7.7AI score0.00662EPSS
Exploits1References10
CVE
CVE
added 2024/08/27 8:31 p.m.60 views

CVE-2024-8217

CVE-2024-8217 affects SourceCodester E-Commerce Website 1.0, specifically the /Admin/registration.php file where manipulating the fname parameter enables SQL injection. The vulnerability is exploitable remotely, with public disclosure of exploits. Multiple sources corroborate the issue and identi...

9.8CVSS7.5AI score0.00739EPSS
Exploits1References5Affected Software1
The Hacker News
The Hacker News
added 2024/08/26 7:45 a.m.41 views

Critical Flaws in Traccar GPS System Expose Users to Remote Attacks

Two security vulnerabilities have been disclosed in the open-source Traccar GPS tracking system that could be potentially exploited by unauthenticated attackers to achieve remote code execution under certain circumstances. Both the vulnerabilities are path traversal flaws and could be weaponized ...

9.8CVSS8.7AI score0.54413EPSS
Exploits12
BDU FSTEC
BDU FSTEC
added 2024/08/26 12:0 a.m.6 views

The vulnerability of microprogrammed software in Vonets Industrial WiFi Bridge Relays and WiFi Bridge Repeaters allows attackers to execute arbitrary commands.

The vulnerability of the Vonets Industrial WiFi Bridge Relays and WiFi Bridge Repeaters lies in the lack of measures taken to neutralize the special elements used in the operating system commands. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands...

9.1CVSS5.9AI score0.01258EPSS
Exploits0References5Affected Software14
NVD
NVD
added 2024/08/25 11:15 p.m.23 views

CVE-2024-8155

A vulnerability classified as critical was found in ContiNew Admin 3.2.0. Affected by this vulnerability is the function top.continew.starter.extension.crud.controller.BaseControllertree of the file /api/system/dept/tree?sort=parentId%2Casc&sort=sort%2Casc. The manipulation of the argument sort...

5.8CVSS0.00439EPSS
Exploits1References4
Cvelist
Cvelist
added 2024/08/23 12:0 a.m.14 views

CVE-2024-42765

A SQL injection vulnerability in "/login.php" of the Kashipara Bus Ticket Reservation System v1.0 allows remote attackers to execute arbitrary SQL commands and bypass Login via the "email" or "password" Login page parameters...

0.00694EPSS
Exploits1References2
CNVD
CNVD
added 2024/08/21 12:0 a.m.7 views

P&L Technology Limited RE365 Buffer Overflow Vulnerability

RE365 is a WiFi range extender from China's TP-LINK. A buffer overflow vulnerability exists in the RE365 V1180213 version of TP-LINK Technologies Ltd. The vulnerability stems from the lack of length validation of the /usr/bin/httpd.USERAGENT field, which can be exploited by an attacker to cause a...

9.8CVSS7.8AI score0.00807EPSS
Exploits1References1
Cvelist
Cvelist
added 2024/08/21 12:0 a.m.12 views

CVE-2024-42781

A SQL injection vulnerability in "/music/ajax.php?action=login" of Kashipara Music Management System v1.0 allows remote attackers to execute arbitrary SQL commands and bypass Login via the email parameter...

0.00666EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2024/08/06 12:0 a.m.8 views

PT-2024-38416 · Datagear · Datagear

Name of the Vulnerable Software and Affected Versions: DataGear versions up to 5.0.0 Description: A critical issue has been found, affecting the evaluateVariableExpression function of the ConversionSqlParamValueMapper.java file in the Data Schema Page component. This issue leads to improper...

8.8CVSS7.4AI score0.0059EPSS
Exploits1References7
Redos
Redos
added 2024/08/02 12:0 a.m.11 views

ROS-20240801-03

A vulnerability in the JSSE component of the Java SE software platform and Oracle GraalVM for JDK virtual machine is related to errors in certificate authentication procedure. Exploitation of the vulnerability could allow a remote attacker to cause a denial of service A vulnerability in the CORBA...

5.3CVSS5.3AI score0.014EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2024/08/01 12:0 a.m.1 views

PT-2024-41121 · Ао 'Экзософт' · Vmmanager 6

Уязвимость средства виртуализации VMmanager 6 связанная с непринятием мер по защите структуры запроса SQL. Эксплуатация уязвимости может позволить нарушителю, действующему удалённо, выполнять произвольные SQL-запросы к базе данных...

9CVSS7.3AI score
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2024/07/26 12:0 a.m.19 views

SUSE SLES12 Security Update : python-dnspython (SUSE-SU-2024:2605-1)

The remote SUSE Linux SLES12 / SLESSAP12 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2024:2605-1 advisory. - CVE-2023-29483: Fixed an issue that allowed remote attackers to interfere with DNS name resolution bsc1222693. Tenable has extracted the...

7CVSS7.1AI score0.01857EPSS
Exploits1References4
NVD
NVD
added 2024/07/25 9:15 p.m.14 views

CVE-2024-7106

A vulnerability classified as problematic was found in Spina CMS 2.18.0. Affected by this vulnerability is an unknown functionality of the file /admin/mediafolders. The manipulation leads to cross-site request forgery. The attack can be launched remotely. The exploit has been disclosed to the...

8.8CVSS0.00407EPSS
Exploits1References4
CNNVD
CNNVD
added 2024/07/24 12:0 a.m.3 views

kirilkirkov Ecommerce-Laravel-Bootstrap 代码问题漏洞

kirilkirkov Ecommerce-Laravel-Bootstrap is a responsive, multi-vendor, multi-language online store platform shopping cart solution kirilkirkov Ecommerce-Laravel-Bootstrap suffers from a code issue vulnerability that stems from the fact that manipulation of the parameter laraCart can lead to...

8.8CVSS6.6AI score0.00768EPSS
Exploits1References8
BDU FSTEC
BDU FSTEC
added 2024/07/24 12:0 a.m.4 views

The vulnerability of the SAML single-input module in the software for managing identity verification and access control in Keycloak allows a attacker to perform XSS attacks.

The vulnerability of the SAML single-sign-on module in the software for managing identity verification and access to Keycloak exists due to the lack of security measures for the web page structure. Exploiting this vulnerability could allow a malicious actor to carry out XSS attacks remotely...

6.8CVSS6.1AI score0.00711EPSS
Exploits0References9Affected Software9
Rows per page
Query Builder