Lucene search
K

128 matches found

BDU FSTEC
BDU FSTEC
added 2025/01/03 12:0 a.m.6 views

The vulnerability of the Collaboration Portal component of the SAP Transportation Management system allows a hacker to execute an SSRF attack.

The vulnerability of the Collaboration Portal component of the SAP Transportation Management system is related to insufficient validation of requests on the server side. Exploiting this vulnerability allows a malicious actor to execute an SSRF attack remotely...

5CVSS5.6AI score0.00353EPSS
Exploits0References3
Snyk
Snyk
added 2024/12/20 6:31 p.m.3 views

User Impersonation

Overview Affected versions of this package are vulnerable to User Impersonation via the entityid parameter in the /api/Setting endpoint, due to insufficient server-side validation of authentication and authorization. Remediation Upgrade Oqtane.Framework to version 6.0.1 or higher. References -...

8.7CVSS7.2AI score0.00447EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2024/11/15 10:53 a.m.15 views

CVE-2022-1884 Remote Command Execution in gogs/gogs

A remote command execution vulnerability exists in gogs/gogs versions =0.12.7 when deployed on a Windows server. The vulnerability arises due to improper validation of the treepath parameter during file uploads. An attacker can set treepath=.git. to upload a file into the .git directory, allowing...

10CVSS7.1AI score0.01774EPSS
Exploits1References1
SUSE CVE
SUSE CVE
added 2024/10/12 2:48 a.m.1 views

SUSE CVE-2024-47872

Gradio is an open-source Python package designed for quick prototyping. This vulnerability involves Cross-Site Scripting XSS on any Gradio server that allows file uploads. Authenticated users can upload files such as HTML, JavaScript, or SVG files containing malicious scripts. When other users...

6.9CVSS6.5AI score0.00252EPSS
Exploits0References3
Hacker One
Hacker One
added 2024/08/22 2:0 p.m.81 views

GitLab: Login email verification bypass via `/oauth/token`.

Vulnerability description not provided...

7.1AI score
Exploits0
Positive Technologies
Positive Technologies
added 2024/03/24 12:0 a.m.5 views

PT-2024-22798

Name of the Vulnerable Software and Affected Versions OneUptime versions prior to 7.0.1815 Description The issue lies in the improper validation of client-side stored data within the web application. Specifically, the is master admin key, stored in the local storage of the browser, can be...

8.3CVSS7.9AI score0.00702EPSS
Exploits1References11
CERT
CERT
added 2024/03/07 12:0 a.m.61 views

Sceiner firmware locks and associated devices are vulnerable to encryption downgrade and arbitrary file upload attacks

Overview Sciener is a company that develops software and hardware for electronic locks that are marketed under many different brands. Their hardware works in tandem with an app, called the TTLock app, which is also produced by Sciener. The TTLock app utilizes Bluetooth connections to connect to...

9.8CVSS7.5AI score0.00503EPSS
Exploits0References2
Veracode
Veracode
added 2023/11/15 9:57 a.m.33 views

Security Bypass

Microsoft.AspNetCore.Components is vulnerable to Security Bypass. The vulnerability arises due to a lack of validation on blazer server. An unauthenticated user is able to bypass validation on blazer server forms...

6.2CVSS7.2AI score0.01085EPSS
Exploits0References2Affected Software5
Prion
Prion
added 2023/10/03 1:15 p.m.18 views

Cross site request forgery (csrf)

Cross-Site Request Forgery CSRF vulnerability in NXLog Manager 5.6.5633 version. This vulnerability allows an attacker to eliminate roles within the platform by sending a specifically crafted query to the server. The vulnerability is based on the absence of proper validation of the origin of...

4.3CVSS6.5AI score0.00232EPSS
Exploits0References1Affected Software1
Prion
Prion
added 2023/09/27 3:19 p.m.10 views

Input validation

The Staff / Employee Business Directory for Active Directory plugin for WordPress is vulnerable to LDAP Passback in versions up to, and including, 1.2.3. This is due to insufficient validation when changing the LDAP server. This makes it possible for authenticated attackers, with administrative...

3.3CVSS5.2AI score0.00721EPSS
Exploits2References3Affected Software1
OSV
OSV
added 2023/09/07 1:15 p.m.5 views

CVE-2023-3747

Zero Trust Administrators have the ability to disallow end users from disabling WARP on their devices. Override codes can also be created by the Administrators to allow a device to temporarily be disconnected from WARP, however, due to lack of server side validation, an attacker with local access...

5.5CVSS5.8AI score0.00182EPSS
Exploits0References2
NVD
NVD
added 2023/09/07 1:15 p.m.33 views

CVE-2023-3747

Zero Trust Administrators have the ability to disallow end users from disabling WARP on their devices. Override codes can also be created by the Administrators to allow a device to temporarily be disconnected from WARP, however, due to lack of server side validation, an attacker with local access...

5.5CVSS5.4AI score0.00182EPSS
Exploits0References2
Cvelist
Cvelist
added 2023/06/24 1:20 a.m.20 views

CVE-2023-1722 Yoga Class Registration System 1.0 - ATO

Yoga Class Registration System version 1.0 allows an administrator to execute commands on the server. This is possible because the application does not correctly validate the thumbnails of the classes uploaded by the administrators...

9.1CVSS9.6AI score0.00364EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2023/05/22 12:0 a.m.4 views

PT-2023-23524 · Suprema · Suprema Biostar 2

Name of the Vulnerable Software and Affected Versions: Suprema BioStar 2 versions prior to 2.9.1 Description: A vulnerability in the web application of Suprema BioStar 2 allows an authenticated attacker with User Operator privileges to create a highly privileged user account. This issue is caused...

8.8CVSS8.4AI score0.00863EPSS
Exploits1References3
F5 Networks
F5 Networks
added 2023/02/21 6:59 p.m.32 views

K11464209: IP Intelligence Feed List vulnerability CVE-2017-6143

Security Advisory Description X509 certificate verification was not correctly implemented in the IP Intelligence Subscription and IP Intelligence feed-list features, and thus the remote server’s identity is not properly validated in certain versions of BIG-IP. CVE-2017-6143 Impact Affected BIG-IP...

5.8CVSS5.6AI score0.00427EPSS
Exploits0Affected Software2
Hacker One
Hacker One
added 2023/01/28 9:30 p.m.145 views

U.S. Dept Of Defense: [█████] Bug Reports allow for Unrestricted File Upload

Unrestricted file upload was possible through the bug report feature of a web page, allowing an attacker to attach a malicious file to a bug report and execute malware on the support agent's system. The web server did not validate the extension and size of the uploaded file...

7.2AI score
Exploits0
OSV
OSV
added 2022/09/19 2:15 p.m.1 views

CVE-2022-38341

Safe Software FME Server v2021.2.5 and below does not employ server-side validation...

7.1CVSS5.8AI score0.005EPSS
Exploits0References2
UbuntuCve
UbuntuCve
added 2022/08/02 12:0 a.m.49 views

CVE-2022-29154

An issue was discovered in rsync before 3.2.5 that allows malicious remote servers to write arbitrary files inside the directories of connecting peers. The server chooses which files/directories are sent to the client. However, the rsync client performs insufficient validation of file names. A...

7.4CVSS7.2AI score0.0165EPSS
Exploits1References4
CNNVD
CNNVD
added 2022/05/27 12:0 a.m.5 views

Mobaoku-Auction&Flea Market 信任管理问题漏洞

Mobaoku-Auction&Flea Market is a mobile software. Mobaoku-Auction&Flea Market is vulnerable to a trust management issue, which arises from improper server certificate validation. A remote attacker could exploit the vulnerability to eavesdrop on encrypted communications...

4.3CVSS5.2AI score0.00344EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2022/02/24 1:9 p.m.43 views

Missing server signature validation in OctoberCMS

Impact This advisory affects authors of plugins and themes listed on the October CMS marketplace where an end-user will inadvertently expose authors to potential financial loss by entering their private license key into a compromised server. It has been disclosed that a project fork of October CM...

5.3CVSS5.1AI score0.00634EPSS
Exploits0References4Affected Software1
Rows per page
Query Builder