Lucene search
K

406 matches found

Positive Technologies
Positive Technologies
added 2024/12/02 12:0 a.m.7 views

PT-2024-35839 · Unknown · April'S Call Posts

Name of the Vulnerable Software and Affected Versions: April's Call Posts versions n/a through 2.1.1 Description: The issue is related to a Cross-Site Request Forgery CSRF problem that allows Stored XSS. This means an attacker can trick a user into performing unintended actions on a web...

7.1CVSS9.3AI score0.00152EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2024/12/02 12:0 a.m.5 views

PT-2024-9306 · Sap · Sap Netweaver Administrator

Name of the Vulnerable Software and Affected Versions: SAP NetWeaver Administrator affected versions not specified Description: The issue allows an authenticated attacker to enumerate accessible HTTP endpoints in the internal network by specially crafting HTTP requests, potentially resulting in...

7.2CVSS6.8AI score0.00278EPSS
Exploits0References12
Veracode
Veracode
added 2024/11/28 10:19 a.m.10 views

Cross-site Request Forgery (CSRF)

wallabag is vulnerable to Cross-Site Request Forgery CSRF. The vulnerability is due to insufficient request validation, allowing attackers to arbitrarily delete user accounts via the /account/delete endpoint...

6.5CVSS7AI score0.00304EPSS
Exploits1References3Affected Software1
NVD
NVD
added 2024/11/12 11:15 p.m.27 views

CVE-2021-27701

SOCIFI Socifi Guest wifi as SAAS is affected by Cross Site Request Forgery CSRF via the Socifi wifi portal. The application does not contain a CSRF token and request validation. An attacker can Add/Modify any random user data by sending a crafted CSRF request...

4.7CVSS0.00166EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/11/12 12:0 a.m.9 views

CVE-2021-27701

SOCIFI Socifi Guest wifi as SAAS is affected by Cross Site Request Forgery CSRF via the Socifi wifi portal. The application does not contain a CSRF token and request validation. An attacker can Add/Modify any random user data by sending a crafted CSRF request...

7.3AI score0.00166EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2024/10/20 12:0 a.m.5 views

PT-2024-33413 · Infomaniak · Vod Infomaniak

Name of the Vulnerable Software and Affected Versions: VOD Infomaniak versions 1.5.7 and earlier Description: The issue is a Cross-Site Request Forgery CSRF vulnerability, which allows an attacker to perform unauthorized actions on the affected system. This problem affects VOD Infomaniak, allowin...

8.8CVSS7.2AI score0.00186EPSS
Exploits0References6
BDU FSTEC
BDU FSTEC
added 2024/10/16 12:0 a.m.5 views

The vulnerability of the validateAMCWSConnection method in the Ivanti Avalanche mobile device management system allows a hacker to disclose protected information.

The vulnerability of the validateAMCWSConnection method in the Ivanti Avalanche mobile device management system is related to insufficient validation of incoming requests. Exploiting this vulnerability can allow a malicious actor to disclose protected information...

7.8CVSS7.1AI score0.46591EPSS
Exploits0References4Affected Software1
Positive Technologies
Positive Technologies
added 2024/09/25 12:0 a.m.3 views

PT-2024-6800 · Passwork · Passwork

Name of the Vulnerable Software and Affected Versions: Passwork affected versions not specified Description: The issue is related to insufficient validation of incoming requests in the password manager. This can be exploited by a remote attacker to perform a Server-Side Request Forgery SSRF attac...

8.5CVSS7.2AI score
Exploits0References2
BDU FSTEC
BDU FSTEC
added 2024/09/11 12:0 a.m.6 views

The vulnerability of the Apache OFBiz resource planning software lies in the insufficient validation of incoming requests, allowing a hacker to execute an SSRF attack.

The vulnerability of Apache OFBiz’s resource planning software lies in the insufficient verification of incoming requests. Exploiting this vulnerability allows a malicious actor to execute an SSRF attack remotely...

10CVSS5.9AI score0.93243EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2024/08/30 5:18 p.m.29 views

GO-2024-3099 Hyperledger Fabric does not verify request has a timestamp within the expected time window in github.com/hyperledger/fabric

Hyperledger Fabric does not verify request has a timestamp within the expected time window in github.com/hyperledger/fabric...

5.3CVSS5AI score0.00589EPSS
Exploits0References3
BDU FSTEC
BDU FSTEC
added 2024/08/23 12:0 a.m.7 views

The vulnerability of the graphical tool for creating and supporting artificial intelligence – Microsoft Copilot Studio – arises from insufficiently checking incoming requests, allowing a hacker to execute an SSRF attack.

The vulnerability of the graphical tool for creating and supporting artificial intelligence, Microsoft Copilot Studio, is related to insufficient validation of incoming requests. Exploiting this vulnerability could allow a malicious actor to perform an SSRF attack remotely...

8.5CVSS5.7AI score0.12341EPSS
Exploits0References2
BDU FSTEC
BDU FSTEC
added 2024/07/23 12:0 a.m.10 views

The vulnerability of the white-list analyzer service in the GravityZone proxy server allows a hacker to perform an SSRF attack.

The vulnerability of the white-list analyzer service in the GravityZone proxy server is related to insufficient validation of incoming requests. Exploiting this vulnerability allows a malicious actor to perform an SSRF attack remotely...

10CVSS5.4AI score0.00431EPSS
Exploits0References4Affected Software1
BDU FSTEC
BDU FSTEC
added 2024/07/23 12:0 a.m.5 views

The vulnerability of the mod_rewrite module in the Apache HTTP Server allows a hacker to perform an SSRF attack.

The vulnerability of the modrewrite module in the Apache HTTP Server is related to insufficient checking of incoming requests. Exploiting this vulnerability allows a malicious actor to perform an SSRF attack remotely...

7.8CVSS6.4AI score0.35447EPSS
Exploits0References17Affected Software10
BDU FSTEC
BDU FSTEC
added 2024/07/22 12:0 a.m.8 views

The vulnerability in the web client of IBM Datacap software for document collection and processing allows a hacker to perform an SSRF attack due to insufficient validation of incoming requests.

The vulnerability in the web-based client of IBM Datacap software for document collection and processing involves insufficient validation of incoming requests. Exploiting this vulnerability could allow a malicious actor to execute an SSRF attack remotely...

5.5CVSS5.5AI score0.00241EPSS
Exploits0References3Affected Software1
BDU FSTEC
BDU FSTEC
added 2024/07/17 12:0 a.m.5 views

The vulnerability of the IBM InfoSphere Information Server software platform, related to insufficient validation of incoming requests, allows a hacker to execute an SSRF attack.

The vulnerability of the IBM InfoSphere Information Server software integration platform is related to insufficient testing of incoming requests. Exploiting this vulnerability could allow a malicious actor to execute an SSRF attack remotely...

5.5CVSS5.5AI score0.00235EPSS
Exploits0References3Affected Software1
BDU FSTEC
BDU FSTEC
added 2024/07/17 12:0 a.m.6 views

The vulnerability of the Apache HTTP Server web server is related to insufficient checking of incoming requests, which allows attackers to perform SSRF attacks.

The vulnerability of the Apache HTTP Server is related to insufficient checking of incoming requests. Exploiting this vulnerability allows a malicious actor to perform an SSRF attack remotely...

9CVSS6.4AI score0.6795EPSS
Exploits1References9Affected Software5
BDU FSTEC
BDU FSTEC
added 2024/07/04 12:0 a.m.7 views

The vulnerability of software platforms for developing and managing online stores such as Magento Open Source, Adobe Commerce, and Adobe Commerce Webhooks lies in insufficient validation of incoming requests. This allows attackers to execute arbitrary code.

The vulnerability of programming platforms for developing and managing online stores such as Magento Open Source, Adobe Commerce, and Adobe Commerce Webhooks is related to insufficient verification of incoming requests. Exploiting this vulnerability allows a malicious actor to execute arbitrary...

8.5CVSS5.8AI score0.01123EPSS
Exploits0References2Affected Software2
BDU FSTEC
BDU FSTEC
added 2024/06/13 12:0 a.m.6 views

The vulnerability in the web interface for controlling the automation software of Cisco Finesse’s operator functions allows a hacker to perform an SSRF attack.

The vulnerability in the web interface for controlling the automation software of Cisco Finesse operators is related to insufficient checking of incoming requests. Exploiting this vulnerability allows a malicious actor to execute an SSRF attack using a specially created HTTP request...

7.2CVSS5.6AI score0.21738EPSS
Exploits1References4
BDU FSTEC
BDU FSTEC
added 2024/06/13 12:0 a.m.8 views

The vulnerability of the webhook component of the Grafana OnCall notification system allows a hacker to perform an SSRF attack.

The vulnerability of the webhook component in the Grafana OnCall notification system is related to insufficient validation of incoming requests. Exploiting this vulnerability could allow a malicious actor to execute an SSRF attack remotely...

9.4CVSS5.5AI score0.00402EPSS
Exploits0References4Affected Software1
Tenable Nessus
Tenable Nessus
added 2024/06/13 12:0 a.m.24 views

FreeBSD : Gitlab -- Vulnerabilities (92cd1c03-2940-11ef-bc02-001b217b3468)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the 92cd1c03-2940-11ef-bc02-001b217b3468 advisory. Gitlab reports: ReDoS in gomod dependency linker ReDoS in CI interpolation fix bypass ReDoS in...

6.5CVSS5.5AI score0.00575EPSS
Exploits0References7
Rows per page
Query Builder