Lucene search
K

19643 matches found

CNNVD
CNNVD
added 2024/07/08 12:0 a.m.3 views

LevelOne WBR-6013 Security Vulnerability

The LevelOne WBR-6013 is a wireless router from LevelOne. A security vulnerability exists in the LevelOne WBR-6013 RER4Av3411b2T2RLEV09170623 version, which stems from the presence of residual debugging code in the boa formSysCmd function, where a specially crafted network request could result in...

7.2CVSS7.3AI score0.01061EPSS
Exploits0References2
BDU FSTEC
BDU FSTEC
added 2024/07/08 12:0 a.m.4 views

The vulnerability in the backend/script code of the proxy manager for NGINX Proxy Manager allows a perpetrator to execute arbitrary commands.

The vulnerability in the backend/script of the NGINX Proxy Manager for hosting management exists because measures to neutralize specific elements used in the operating system commands have not been taken. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands by...

9CVSS6AI score0.00882EPSS
Exploits0References5Affected Software1
NVD
NVD
added 2024/07/05 7:15 p.m.22 views

CVE-2024-34361

Pi-hole is a DNS sinkhole that protects devices from unwanted content without installing any client-side software. A vulnerability in versions prior to 5.18.3 allows an authenticated user to make internal requests to the server via the gravityDownloadBlocklistFromUrl function. Depending on some...

8.8CVSS0.02828EPSS
Exploits4References2
CVE
CVE
added 2024/07/05 6:30 p.m.68 views

CVE-2024-34361

Pi-hole CVE-2024-34361 affects Core versions before 5.18.3. The vulnerability allows an authenticated user to make internal requests via gravity_DownloadBlocklistFromUrl(), potentially leading to remote code execution (RCE). A patch exists in 5.18.3. Public advisories from Red Hat and OSV describ...

8.8CVSS8.5AI score0.02828EPSS
Exploits4References2Affected Software1
GithubExploit
GithubExploit
added 2024/07/05 2:0 p.m.408 views

Exploit for Missing Authentication for Critical Function in Veeam Veeam_Backup_\&_Replication

It is an exploit module/toolkit targeting a web application. The...

7.5CVSS9.8AI score0.7761EPSS
Exploits4
Positive Technologies
Positive Technologies
added 2024/07/05 12:0 a.m.7 views

PT-2024-27742 · 14Finger · 14Finger

Name of the Vulnerable Software and Affected Versions: 14Finger version 1.1 Description: The issue is related to a remote command execution RCE vulnerability in the fingerprint function. This vulnerability allows attackers to execute arbitrary commands via a crafted payload. Recommendations: For...

9.1CVSS8.2AI score0.0157EPSS
Exploits1References8
CNNVD
CNNVD
added 2024/07/04 12:0 a.m.5 views

rejetto HFS Security Vulnerability

rejetto HFS is a web-based file server from the individual developer Massimo Melina in Italy. A security vulnerability exists in rejetto HFS versions prior to 0.52.10, which originates from allowing an authenticated remote user to execute operating system commands...

9.9CVSS6.9AI score0.48477EPSS
Exploits1References4
BDU FSTEC
BDU FSTEC
added 2024/07/04 12:0 a.m.5 views

The vulnerabilities of the Handler for User Photo Delete and Handler for Picture Delete Commands components, as well as the Cloud Service Command Handlers (PushCommandExecute) of the microprogramming software for biometric terminals ZkTeco ProFace X, Smartec ST-FR043, and Smartec ST-FR041ME, allow a intruder to execute arbitrary commands.

The vulnerabilities of the Handler for User Photo Delete and Handler for Picture Delete Commands, as well as the Cloud Service Command Handlers PushCommandExecute in the microprogramming software for biometric terminals ZkTeco ProFace X, Smartec ST-FR043, and Smartec ST-FR041ME, are related to th...

10CVSS6.2AI score0.01324EPSS
Exploits0References6
OSV
OSV
added 2024/07/01 8:42 p.m.4 views

CVE-2024-38366 CoacoaPods trunk RCE in email verification system rfc-822

trunk.cocoapods.org is the authentication server for the CoacoaPods dependency manager. The part of trunk which verifies whether a user has a real email address on signup used a rfc-822 library which executes a shell command to validate the email domain MX records validity. It works via an DNS MX...

10CVSS7.4AI score0.17786EPSS
Exploits1References5
BDU FSTEC
BDU FSTEC
added 2024/07/01 12:0 a.m.4 views

The vulnerability of the web server of the microprogramming software in the industrial cellular LTE modem OnCell G3470A-LTE allows a hacker to execute arbitrary commands.

The vulnerability of the web server of the microprogramming software in the industrial cellular LTE modem OnCell G3470A-LTE is related to the lack of measures taken to neutralize special elements used in the OS commands. Exploiting this vulnerability allows a remote attacker to execute arbitrary...

7.5CVSS5.9AI score0.00449EPSS
Exploits0References2Affected Software1
BDU FSTEC
BDU FSTEC
added 2024/07/01 12:0 a.m.12 views

The vulnerability of the get_ip.addr_details function in Ruijie RG-UAC router microprogramming software allows a hacker to execute arbitrary commands.

The vulnerability of the getip.addrdetails function /view/vpn/autovpn/sxhvpnlic.php in Ruijie RG-UAC router software exists due to insufficient validation of input data. Exploiting this vulnerability could allow a malicious actor to execute arbitrary commands remotely...

6.5CVSS5.8AI score0.20644EPSS
Exploits1References3Affected Software1
OSSF Malicious Packages
OSSF Malicious Packages
added 2024/06/29 7:55 p.m.3 views

Malicious code in iobeya-time-utils (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 3b5b2fd0fb985e16671bbfe20f9b7b2ef8e7a62cc0050b51cea290d85574f75c Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

7AI score
Exploits0References1
BDU FSTEC
BDU FSTEC
added 2024/06/28 12:0 a.m.4 views

The vulnerability of the composer.phar file of the PHP Composer dependency manager allows a attacker to execute arbitrary commands.

The vulnerability of the composer.phar file of the PHP Composer dependency manager is related to the registerargcargv function in php.ini. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands...

9CVSS7.5AI score0.01378EPSS
Exploits0References10Affected Software4
OSV
OSV
added 2024/06/27 9:52 a.m.4 views

USN-6856-1 fontforge vulnerabilities

It was discovered that FontForge incorrectly handled filenames. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to perform a command injection. CVE-2024-25081 It was discovered that FontForge incorrectly...

6.5CVSS7.3AI score0.0187EPSS
Exploits2References3
OSV
OSV
added 2024/06/25 4:15 a.m.3 views

CVE-2024-4197

An unrestricted file upload vulnerability in Avaya IP Office was discovered that could allow remote command or code execution via the One-X component. Affected versions include all versions prior to 11.1.3.1...

9.8CVSS6.2AI score0.00777EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/06/25 4:0 a.m.79 views

CVE-2024-4196 Avaya IP Office Web Control RCE Vulnerability

An improper input validation vulnerability was discovered in Avaya IP Office that could allow remote command or code execution via a specially crafted web request to the Web Control component. Affected versions include all versions prior to 11.1.3.1...

10CVSS7.5AI score0.00587EPSS
Exploits0References1
CVE
CVE
added 2024/06/25 4:0 a.m.104 views

CVE-2024-4196

CVE-2024-4196 – Avaya IP Office Web Control RPC/RCE issue. The vulnerability stems from improper input validation in the Web Control component of Avaya IP Office, enabling remote code execution via a crafted web request. Affected products: Avaya IP Office (Web Control) prior to version 11.1.3.1. ...

10CVSS9.7AI score0.00587EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2024/06/25 12:0 a.m.3 views

Progress Software WhatsUp Gold Security Vulnerability

Progress Software WhatsUp Gold is a network monitoring software from Progress Software, Inc. It is used to monitor the entire network infrastructure as well as applications, configurations and network traffic. A security vulnerability exists in Progress Software WhatsUp Gold version 2023.1.3 that...

8.8CVSS7.4AI score0.1733EPSS
Exploits0References2
CNNVD
CNNVD
added 2024/06/25 12:0 a.m.4 views

Avaya IP Office Security Breach

Avaya IP Office is a small business phone system from Avaya USA. A security vulnerability exists in Avaya IP Office versions prior to 11.1.3.1 that originates from allowing remote command or code execution via the One-X component...

9.9CVSS7.7AI score0.00777EPSS
Exploits0References1
CNNVD
CNNVD
added 2024/06/25 12:0 a.m.4 views

Progress Software WhatsUp Gold Security Vulnerability

Progress Software WhatsUp Gold is a network monitoring software from Progress Software, Inc. It is used to monitor the entire network infrastructure as well as applications, configurations and network traffic. A security vulnerability exists in Progress Software WhatsUp Gold version 2023.1.3 that...

9.8CVSS7.4AI score0.24306EPSS
Exploits0References2
Rows per page
Query Builder