Lucene search
+L

593 matches found

vulnrichment
vulnrichment
added 2023/02/13 12:0 a.m.8 views

CVE-2022-45724

Incorrect Access Control in Comfast router CF-WR6110N V2.3.1 allows a remote attacker on the same network to perform any HTTP request to an unauthenticated page to force the server to generate a SESSIONID, and using this SESSIONID an attacker can then perform authenticated requests...

7.2AI score0.00504EPSS
Exploits1References1
ptsecurity
ptsecurity
added 2023/02/07 12:0 a.m.9 views

PT-2023-16484 · WordPress · Wicked Folders

Name of the Vulnerable Software and Affected Versions: Wicked Folders plugin for WordPress versions up to, and including, 2.18.16 Description: The issue is due to missing or incorrect nonce validation on the ajax save folder order function, making it possible for unauthenticated attackers to invo...

5.4CVSS5.4AI score0.00322EPSS
Exploits0References7
cnnvd
cnnvd
added 2023/01/23 12:0 a.m.7 views

WordPress plugin CBX Petition SQL注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A SQL injection vulnerability exists in the...

9.8CVSS8.6AI score0.01037EPSS
Exploits2References2
cnnvd
cnnvd
added 2023/01/13 12:0 a.m.6 views

WordPress plugin Media Library Folders 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A cross-site request forgery...

8.8CVSS5AI score0.00369EPSS
Exploits0References3
osv
osv
added 2022/12/27 6:15 p.m.6 views

CVE-2022-45423

Some Dahua software products have a vulnerability of unauthenticated request of MQTT credentials. An attacker can obtain encrypted MQTT credentials by sending a specific crafted packet to the vulnerable interface the credentials cannot be directly exploited...

7.5CVSS5.8AI score0.00572EPSS
Exploits0References1
cnnvd
cnnvd
added 2022/10/13 12:0 a.m.5 views

Boodskap IoT Platform 访问控制错误漏洞

Boodskap IoT Platform is an IoT platform from Boodskap. A security vulnerability exists in Boodskap IoT Platform version v4.4.9-02, which can be exploited by an attacker to issue unauthenticated API requests...

6.5CVSS7AI score0.00542EPSS
Exploits2References2
cvelist
cvelist
added 2022/10/13 12:0 a.m.27 views

CVE-2022-35136

Boodskap IoT Platform v4.4.9-02 allows attackers to make unauthenticated API requests...

6.7AI score0.00778EPSS
Exploits2References1
cnnvd
cnnvd
added 2022/09/26 12:0 a.m.7 views

WordPress plugin Post SMTP Mailer/Email Log 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A server request forgery...

7.2CVSS6.8AI score0.01039EPSS
Exploits2References2
prion
prion
added 2022/08/08 3:15 p.m.33 views

Command injection

In Airspan AirSpot 5410 version 0.3.4.1-4 and under there exists a Unauthenticated remote command injection vulnerability. The ping functionality can be called without user authentication when crafting a malicious http request by injecting code in one of the parameters allowing for remote code...

7.5CVSS10AI score0.53752EPSS
Exploits5References3Affected Software1
cnnvd
cnnvd
added 2022/07/21 12:0 a.m.6 views

Cisco Small Business 操作系统命令注入漏洞

Cisco Small Business is a switch from Cisco USA. An operating system command injection vulnerability exists in the Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers, which stems from insufficient authentication of the user field in incoming HTTP packets. An attacker could exploit thi...

7.2CVSS7.5AI score0.01081EPSS
Exploits0References3
osv
osv
added 2022/07/12 9:15 p.m.7 views

CVE-2022-28771

Due to missing authentication check, SAP Business one License service API - version 10.0 allows an unauthenticated attacker to send malicious http requests over the network. On successful exploitation, an attacker can break the whole application making it inaccessible...

7.5CVSS5.8AI score0.00942EPSS
Exploits0References2
cnnvd
cnnvd
added 2022/06/02 12:0 a.m.9 views

Carrier LenelS2 HID Mercury access panels 安全漏洞

Carrier LenelS2 HID Mercury access panels is a controller panel from Carrier, Inc. A buffer overflow vulnerability exists in Carrier LenelS2 HID Mercury access panels, which could be exploited by an attacker to send a specially crafted, unauthenticated HTTP request to the device, which can overfl...

7.8CVSS6AI score0.00972EPSS
Exploits0References4
github
github
added 2022/05/24 5:23 p.m.27 views

Silverstripe has Incorrect Default Permissions

SilverStripe 4.5.0 allows attackers to read certain records that should not have been placed into a result set. This affects silverstripe/recipe-cms. The automatic permission-checking mechanism in the silverstripe/graphql module does not provide complete protection against lists that are limited...

5.3CVSS5.6AI score0.01066EPSS
Exploits0References6Affected Software2
osv
osv
added 2022/05/24 5:23 p.m.12 views

GHSA-589Q-75R3-MFQ4 Silverstripe has Incorrect Default Permissions

SilverStripe 4.5.0 allows attackers to read certain records that should not have been placed into a result set. This affects silverstripe/recipe-cms. The automatic permission-checking mechanism in the silverstripe/graphql module does not provide complete protection against lists that are limited...

5.3CVSS5.1AI score0.01066EPSS
Exploits0References5
cnnvd
cnnvd
added 2022/05/16 12:0 a.m.27 views

WordPress plugin Fusion Builder 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin. WordPress Fusion Builders plugin versions prior to 3.6.2 contain an access control error vulnerability that...

9.8CVSS8.4AI score0.71722EPSS
Exploits6References4
veracode
veracode
added 2022/05/10 10:32 a.m.25 views

XML Entity Expansion

WSO2 API Manager and API Microgateway are vulnerable to XML Entity Expansion attacks. The vulnerability exists due to XML Entity Expansion attacks and a lack of sanitization allowing an attacker to crash the system via an unauthenticated requests with a maliciously crafted XML file...

9.1CVSS4.3AI score0.0126EPSS
Exploits0References7Affected Software2
attackerkb
attackerkb
added 2022/03/21 7:15 p.m.4 views

CVE-2022-0591

The FormCraft WordPress plugin before 3.8.28 does not validate the URL parameter in the formcraft3get AJAX action, leading to SSRF issues exploitable by unauthenticated users...

9.1CVSS7.7AI score0.20249EPSS
Exploits2References3
cnnvd
cnnvd
added 2022/02/07 12:0 a.m.7 views

Wordpress Plugin SupportCandy 跨站请求伪造漏洞

WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language . The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an open source application plugin for WordPress. A cross-site request forgery vulnerability...

6.5CVSS6.5AI score0.00531EPSS
Exploits2References2
zdt
zdt
added 2022/02/05 12:0 a.m.387 views

Servisnet Tessa - Add sysAdmin User (Unauthenticated) Exploit

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Servisnet Tessa - Add sysAdmin User Unauthenticated Metasploit', 'Description' = %q This module exploits an authentication bypass in Servisnet...

9.8CVSS0.4AI score0.11441EPSS
Exploits4
vulncheck_kev
vulncheck_kev
added 2022/01/18 12:0 a.m.3 views

VulnCheck KEV: CVE-2020-13927

The previous default setting for Airflow's Experimental API was to allow all API requests without authentication...

9.8CVSS7.3AI score0.9967EPSS
Exploits8References1
Rows per page
Query Builder