Lucene search
K

21 matches found

OSV
OSV
added 2025/10/30 10:15 p.m.4 views

CVE-2020-36867

Nagios XI versions prior to 5.7.3 contain a command injection vulnerability in the report PDF download/export functionality. User-supplied values used in the PDF generation pipeline or the wrapper that invokes offline/pdf helper utilities were insufficiently validated or improperly escaped,...

8.8CVSS5.8AI score0.02648EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/10/30 9:37 p.m.7 views

CVE-2020-36867 Nagios XI < 5.7.3 Command Injection in Report PDF Download

Nagios XI versions prior to 5.7.3 contain a command injection vulnerability in the report PDF download/export functionality. User-supplied values used in the PDF generation pipeline or the wrapper that invokes offline/pdf helper utilities were insufficiently validated or improperly escaped,...

8.7CVSS0.02648EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.3 views

EUVD-2024-29375

Malicious code in bioql PyPI...

4.3CVSS6.6AI score0.00526EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 8:52 a.m.7 views

CVE-2024-31495

A improper neutralization of special elements used in an sql command 'sql injection' in Fortinet FortiPortal versions 7.0.0 through 7.0.6 and version 7.2.0 allows privileged user to obtain unauthorized information via the report download functionality...

4.3CVSS6.7AI score0.00526EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 10:14 p.m.5 views

CVE-2022-1177

Accounting User Can Download Patient Reports in openemr in GitHub repository openemr/openemr prior to 6.1.0...

6.5CVSS6.8AI score0.00865EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2025/05/22 6:22 p.m.6 views

CVE-2021-23203

Improper access control in reporting engine of Odoo Community 14.0 through 15.0, and Odoo Enterprise 14.0 through 15.0, allows remote attackers to download PDF reports for arbitrary documents, via crafted requests...

7.5CVSS7AI score0.00875EPSS
Exploits0References1
OSV
OSV
added 2024/06/11 3:16 p.m.6 views

CVE-2024-31495

A improper neutralization of special elements used in an sql command 'sql injection' in Fortinet FortiPortal versions 7.0.0 through 7.0.6 and version 7.2.0 allows privileged user to obtain unauthorized information via the report download functionality...

2.7CVSS5.8AI score0.00526EPSS
Exploits0References1
CVE
CVE
added 2024/06/11 2:31 p.m.61 views

CVE-2024-31495

CVE-2024-31495 is a SQL injection due to improper neutralization of a special element in Fortinet FortiPortal. Affected: Fortinet FortiPortal 7.0.0–7.0.6 and 7.2.0. Impact: a privileged user can obtain unauthorized information via the report download functionality. Root cause is the improper hand...

4.3CVSS6.7AI score0.00526EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2024/06/11 12:0 a.m.4 views

Fortinet FortiPortal SQL Injection Vulnerability

Fortinet FortiPortal is an advanced, feature-rich hosted security analysis and management support tool for Fortinet's FortiGate, FortiWiFi, and FortiAP product lines, available as a virtual machine for MSPs. A SQL injection vulnerability exists in Fortinet FortiPortal versions 7.0.0 through 7.0.6...

4.3CVSS7.8AI score0.00526EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2024/06/11 12:0 a.m.6 views

PT-2024-4154 · Fortinet · Fortiportal

Name of the Vulnerable Software and Affected Versions: Fortinet FortiPortal versions 7.0.0 through 7.0.6 Fortinet FortiPortal version 7.2.0 Description: The issue is related to the improper neutralization of special elements used in an SQL command, also known as SQL injection, in Fortinet...

4.3CVSS7.6AI score0.00526EPSS
Exploits0References5
CNNVD
CNNVD
added 2023/04/25 12:0 a.m.7 views

Odoo 安全漏洞

Odoo is a set of enterprise resource planning ERP and customer relationship management CRM system from Odoo Belgium. The system is developed in Python, with PostgreSQL as the database, and includes modules for sales management, inventory management, and financial management. A security...

7.5CVSS7.8AI score0.00875EPSS
Exploits0References5
CNNVD
CNNVD
added 2022/08/10 12:0 a.m.2 views

Dell Wyse Management Suite 安全漏洞

Wyse Management Suite is a scalable solution for managing and optimizing Wyse endpoints from Dell, Inc. The product includes centralized Wyse endpoint management, asset tracking, and automated device discovery.Wyse Management Suite 3.6.1 and prior versions contain a security vulnerability that...

6.5CVSS6.5AI score0.00701EPSS
Exploits0References2
Hacker One
Hacker One
added 2022/05/05 11:7 a.m.18 views

TikTok: IDOR in report download functionality on ads.tiktok.com

An IDOR Insecure Direct Object Reference vulnerability was found on a TikTok Ads endpoint within the report download functionality. We thank @fm for reporting this to our team...

1.4AI score
Exploits0
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/16 2:17 p.m.16 views

Security Bulletin: IBM MDM Software report download without authentication affects IBM InfoSphere Master Data Management Collaboration Server

Summary IBM InfoSphere Master Data Management - Collaborative Edition could allow an unauthorized user to download reports without authentication Vulnerability Details CVEID: CVE-2017-1523 DESCRIPTION: IBM InfoSphere Master Data Management - Collaborative Edition could allow an unauthorized user ...

7.5CVSS0.8AI score0.02091EPSS
Exploits0Affected Software1
CNVD
CNVD
added 2017/10/25 12:0 a.m.5 views

IBM InfoSphere Master Data Management Security Bypass Vulnerability (CNVD-2017-35510)

IBM InfoSphere Master Data Management MDM - Collaborative Edition is a suite of collaborative editing solutions for Product Information Management PIM from IBM USA. A security vulnerability exists in IBM InfoSphere MDM - Collaborative Edition. An attacker could exploit the vulnerability to downlo...

7.5CVSS6.7AI score0.02091EPSS
Exploits0References1
OSV
OSV
added 2017/10/24 9:29 p.m.3 views

CVE-2017-1523

IBM InfoSphere Master Data Management - Collaborative Edition 11.5 could allow an unauthorized user to download reports without authentication. IBM X-Force ID: 129892...

7.5CVSS5.8AI score0.02091EPSS
Exploits0References3
NVD
NVD
added 2017/10/24 9:29 p.m.18 views

CVE-2017-1523

IBM InfoSphere Master Data Management - Collaborative Edition 11.5 could allow an unauthorized user to download reports without authentication. IBM X-Force ID: 129892...

7.5CVSS7.2AI score0.02091EPSS
Exploits0References3
CVE
CVE
added 2017/10/24 9:0 p.m.47 views

CVE-2017-1523

IBM InfoSphere Master Data Management – Collaborative Edition 11.5 is affected by CVE-2017-1523, where an unauthenticated user could download reports without valid credentials. The vulnerability affects the Collaboration Server component (11.5) and is documented with a remediation path to apply t...

7.5CVSS7.2AI score0.02091EPSS
Exploits0References3Affected Software1
Cisco
Cisco
added 2017/07/05 4:0 p.m.41 views

Cisco Wide Area Application Services Central Manager Information Disclosure Vulnerability

A vulnerability in the web-based GUI of Cisco Wide Area Application Services WAAS Central Manager could allow an unauthenticated, remote attacker to retrieve completed reports from an affected system. The vulnerability is due to a processing error in how the affected software applies role-based...

5.3CVSS5.3AI score0.01702EPSS
Exploits0References1
Kitploit
Kitploit
added 2014/11/24 11:20 p.m.36 views

Crunch - Password Cracking Wordlist Generator

Crunch is a wordlist generator where you can specify a standard character set or a character set you specify. crunch can generate all possible combinations and permutations. Features crunch generates wordlists in both combination and permutation ways it can breakup output by number of lines or fi...

7.3AI score
Exploits0
Rows per page
Query Builder