Lucene search
+L

419 matches found

Vulnrichment
Vulnrichment
added 2024/04/08 10:0 p.m.16 views

CVE-2024-0082 CVE

NVIDIA ChatRTX for Windows contains a vulnerability in the UI, where an attacker can cause improper privilege management by sending open file requests to the application. A successful exploit of this vulnerability might lead to local escalation of privileges, information disclosure, and data...

8.2CVSS6.8AI score0.00192EPSS
Exploits0References1
CNNVD
CNNVD
added 2024/04/07 12:0 a.m.5 views

Huawei HarmonyOS 安全漏洞

Huawei HarmonyOS is an operating system from Huawei, a Chinese company. It provides a full-scenario distributed operating system based on a microkernel.Huawei EMUI is a user interface developed by Huawei based on the Android operating system. A denial of service vulnerability exists in Huawei...

7.5CVSS6.5AI score0.0035EPSS
Exploits0References3
CVE
CVE
added 2024/04/03 4:27 p.m.68 views

CVE-2024-20347

Cisco Emergency Responder is affected by a cross-site request forgery (CSRF) vulnerability in the web UI that, together with insufficient protections, could allow an unauthenticated or user-privileged actor to perform arbitrary actions on the device when a user visits a crafted link. The root cau...

6.5CVSS7.1AI score0.0023EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2024/04/03 12:0 a.m.6 views

Cisco Emergency Responder 安全漏洞

Cisco Emergency Responder is an emergency response framework from Cisco USA. A security vulnerability exists in Cisco Emergency Responder that stems from inadequate protection of the Web UI on affected systems...

8.8CVSS6.6AI score0.01473EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2024/01/15 3:40 p.m.3 views

CVE-2024-22207 Default swagger-ui configuration exposes all files in the module

fastify-swagger-ui is a Fastify plugin for serving Swagger UI. Prior to 2.1.0, the default configuration of @fastify/swagger-ui without baseDir set will lead to all files in the module's directory being exposed via http routes served by the module. The vulnerability is fixed in v2.1.0. Setting th...

5.3CVSS5AI score0.02001EPSS
Exploits0References3
Prion
Prion
added 2024/01/12 1:15 a.m.21 views

Design/Logic Flaw

An Unsupported Feature in the UI vulnerability in Juniper Networks Junos OS on MX Series and EX9200 Series allows an unauthenticated, network-based attacker to cause partial impact to the integrity of the device. If the "tcp-reset" option is added to the "reject" action in an IPv6 filter which...

5CVSS6.9AI score0.0031EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2024/01/12 12:55 a.m.53 views

CVE-2024-21607

Concrete details available: Juniper Junos OS on MX Series and EX9200 Series is affected by CVE-2024-21607 due to a kernel-filter payload-protocol handling issue in IPv6 firewall filters. The root cause is that the payload-protocol match is not supported in the kernel filter, causing terms to acce...

5.3CVSS5.1AI score0.0031EPSS
Exploits0References2Affected Software1
CNNVD
CNNVD
added 2024/01/05 12:0 a.m.4 views

Huawei HarmonyOS 安全漏洞

Huawei HarmonyOS and EMUI are both operating system products of Huawei China, offering a full-scenario distributed operating system based on a microkernel. A denial of service vulnerability exists in Huawei HarmonyOS and EMUI, which can be exploited by an attacker to cause a denial of service by...

7.5CVSS6.6AI score0.00379EPSS
Exploits0References5
OSV
OSV
added 2023/11/11 4:15 p.m.8 views

CVE-2023-43057

IBM QRadar SIEM 7.5.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 267484...

5.4CVSS5.5AI score0.00415EPSS
Exploits0References2
NVD
NVD
added 2023/11/01 6:15 p.m.25 views

CVE-2023-5850

Incorrect security UI in Downloads in Google Chrome prior to 119.0.6045.105 allowed a remote attacker to perform domain spoofing via a crafted domain name. Chromium security severity: Medium...

4.3CVSS5.3AI score0.0093EPSS
Exploits0References9
OSV
OSV
added 2023/10/25 6:17 p.m.3 views

CVE-2023-20273

A vulnerability in the web UI feature of Cisco IOS XE Software could allow an authenticated, remote attacker to inject commands with the privileges of root. This vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending crafted input to the web...

7.2CVSS5.8AI score0.89634EPSS
Exploits11References2
Positive Technologies
Positive Technologies
added 2023/10/23 12:0 a.m.5 views

PT-2023-26576 · Ibm · Ibm Sterling Partner Engagement Manager

Name of the Vulnerable Software and Affected Versions: IBM Sterling Partner Engagement Manager versions 6.1.2, 6.2.0, and 6.2.2 Description: The issue allows users to embed arbitrary JavaScript code in the Web UI, altering the intended functionality and potentially leading to credentials disclosu...

6.4CVSS5.6AI score0.00321EPSS
Exploits0References7
Prion
Prion
added 2023/10/18 5:15 p.m.19 views

Input validation

A vulnerability in the web UI of Cisco Catalyst SD-WAN Manager could allow an authenticated, remote attacker to retrieve arbitrary files from an affected system. This vulnerability is due to improper validation of parameters that are sent to the web UI. An attacker could exploit this vulnerabilit...

4CVSS6.4AI score0.00529EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2023/10/18 4:27 p.m.1 views

CVE-2023-20261

A vulnerability in the web UI of Cisco Catalyst SD-WAN Manager could allow an authenticated, remote attacker to retrieve arbitrary files from an affected system. This vulnerability is due to improper validation of parameters that are sent to the web UI. An attacker could exploit this vulnerabilit...

6.5CVSS7.1AI score0.00529EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2023/10/16 12:0 a.m.6 views

PT-2023-6317

Name of the Vulnerable Software and Affected Versions Cisco IOS XE Software affected versions not specified Description A flaw exists in the web UI feature of Cisco IOS XE Software that could allow an authenticated, remote attacker to inject commands with root privileges. This is due to...

8.3CVSS7.3AI score0.89634EPSS
Exploits11References157
CNNVD
CNNVD
added 2023/09/18 12:0 a.m.7 views

x-ui Trust Management Issue Vulnerability

x-ui is a multi-protocol, multi-user xray panel from the individual developers at vaxilu. A security vulnerability exists in x-ui v1.8.3, which stems from a vulnerability that allows an attacker to obtain sensitive information via a default password...

7.5CVSS6.4AI score0.00456EPSS
Exploits0References5
CNNVD
CNNVD
added 2023/07/27 12:0 a.m.5 views

HCL Technologies BigFix Mobile 命令注入漏洞

HCL Technologies BigFix Mobile is a Mobile Device Management MDM solution from HCL Technologies. It is designed to help businesses and organizations effectively manage and secure mobile devices, including smartphones, tablets and other mobile devices. HCL Technologies BigFix Mobile suffers from a...

8.8CVSS7.8AI score0.00771EPSS
Exploits0References2
Prion
Prion
added 2023/07/17 4:15 p.m.18 views

Code injection

Mattermost fails to properly show information in the UI, allowing a system admin to modify a board state allowing any user with a valid sharing link to join the board with editor access, without the UI showing the updated permissions...

3.3CVSS3.8AI score0.00435EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2023/07/07 12:0 a.m.6 views

PT-2023-12345 · Ibm · Ibm Cloud Object System

Name of the Vulnerable Software and Affected Versions: IBM Cloud Object System version 3.15.8.97 Description: The issue allows users to embed arbitrary JavaScript code in the Web UI, potentially altering the intended functionality and leading to credentials disclosure within a trusted session. Th...

6.4CVSS5.4AI score0.00365EPSS
Exploits0References4
CNNVD
CNNVD
added 2023/06/29 12:0 a.m.5 views

Telegram 安全漏洞

Telegram is an instant messaging mobile application. A security vulnerability exists in Telegram version v9.6.3, which stems from a vulnerability that allows an attacker to hide critical information on the User Interface by calling the function SFSafariViewController...

5.3CVSS5.8AI score0.00413EPSS
Exploits0References3
Rows per page
Query Builder