Lucene search
K

167 matches found

OSV
OSV
added 2024/08/21 12:30 a.m.10 views

GHSA-6247-7862-Q2PQ Apache Helix Front (UI) component contained a hard-coded secret

The Apache Helix Front UI component contained a hard-coded secret, allowing an attacker to spoof sessions by generating their own fake cookies. This issue affects Apache Helix Front UI: all versions. As this project is retired, we do not plan to release a version that fixes this issue. Users are...

8.7CVSS7.4AI score0.00726EPSS
Exploits0References4
CVE
CVE
added 2024/08/08 3:1 p.m.87 views

CVE-2024-7490

The CVE-2024-7490 issue is a stack-based overflow in Microchip Advanced Software Framework’s tinydhcpserver implementation (lwip_dhcp_find_option) caused by improper input validation. Affects ASF through version 3.52.0.2574; no fixes in the ASF stack are provided, and Microchip states the framewo...

9.8CVSS7.6AI score0.01377EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2024/08/01 12:0 a.m.3 views

PT-2024-38288 · D Link · D-Link Dir-600

Name of the Vulnerable Software and Affected Versions: D-Link DIR-600 versions up to 2.18 Description: A critical issue affects the function soapcgi main of the file /soap.cgi. The manipulation of the argument service leads to os command injection. The attack may be initiated remotely. This issue...

9.8CVSS6.8AI score0.0574EPSS
Exploits1References9
Tenable Nessus
Tenable Nessus
added 2024/07/03 12:0 a.m.6 views

SUSE Enterprise Linux SEoL (11.3.x)

According to its version, SUSE Enterprise Linux is 11.3.x. It is, therefore, no longer maintained by its vendor or provider. Lack of support implies that no new security patches for the product will be released by the vendor. As a result, it may contain security vulnerabilities. %NASLMINLEVEL 809...

5.5AI score
Exploits0References1
Github Security Blog
Github Security Blog
added 2024/06/12 3:31 p.m.28 views

Apache Submarine Server Core has a SQL Injection Vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Apache Submarine Server Core. This issue affects Apache Submarine Server Core: all versions. As this project is retired, we do not plan to release a version that fixes this issue. Users are...

8.1CVSS8.3AI score0.00963EPSS
Exploits1References6Affected Software1
OSV
OSV
added 2024/06/12 3:15 p.m.7 views

PYSEC-2024-98

UNSUPPORTED WHEN ASSIGNED Incorrect Authorization vulnerability in Apache Submarine Server Core. This issue affects Apache Submarine Server Core: from 0.8.0. As this project is retired, we do not plan to release a version that fixes this issue. Users are recommended to find an alternative or...

9.8CVSS9.4AI score0.00733EPSS
Exploits0References4
OSV
OSV
added 2024/06/12 2:15 p.m.7 views

PYSEC-2024-97

UNSUPPORTED WHEN ASSIGNED Improper Authentication vulnerability in Apache Submarine Commons Utils. This issue affects Apache Submarine Commons Utils: from 0.8.0. As this project is retired, we do not plan to release a version that fixes this issue. Users are recommended to find an alternative or...

9.8CVSS9.4AI score0.01008EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2024/06/12 12:0 a.m.6 views

PT-2024-26939 · Apache · Apache Submarine Server Core

Name of the Vulnerable Software and Affected Versions: Apache Submarine Server Core affected versions not specified Description: The issue is related to an SQL Injection vulnerability due to improper neutralization of special elements used in an SQL command. This affects products that are no long...

8.1CVSS8.2AI score0.00963EPSS
Exploits1References12
Vulnrichment
Vulnrichment
added 2024/06/10 11:19 a.m.13 views

CVE-2024-3700 Hardcoded password in Estomed Sp. z o.o. Simple Care software

Use of hard-coded password to the patients' database allows an attacker to retrieve sensitive data stored in the database. The password is the same among all Simple Care software installations. This issue affects Estomed Sp. z o.o. Simple Care software in all versions. The software is no longer...

9.3CVSS7AI score0.00356EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2024/05/09 12:0 a.m.6 views

PT-2024-25823 · Apache · Apache Karaf Cave

Name of the Vulnerable Software and Affected Versions: Apache Karaf Cave versions all Description: The issue is related to an Improper Input Validation vulnerability. This vulnerability only affects products that are no longer supported by the maintainer. Users are recommended to find an...

9.1CVSS8.9AI score0.01161EPSS
Exploits0References10
OSV
OSV
added 2024/04/09 12:30 p.m.20 views

GHSA-RR59-H6RH-V84V Apache Zeppelin SAP: connecting to a malicious SAP server allowed it to perform XXE

Improper Input Validation vulnerability in Apache Zeppelin SAP. This issue affects Apache Zeppelin SAP: from 0.8.0 before 0.11.0. As this project is retired, we do not plan to release a version that fixes this issue. Users are recommended to find an alternative or restrict access to the instance ...

5.3CVSS5.2AI score0.01327EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2024/04/09 12:0 a.m.6 views

PT-2024-3589 · Apache · Apache Zeppelin Sap

Name of the Vulnerable Software and Affected Versions: Apache Zeppelin SAP versions 0.8.0 through 0.10.x Description: The issue is related to improper input validation, which can be exploited by a remote attacker to disclose protected information or cause a denial of service using a specially...

6.4CVSS5.2AI score0.01327EPSS
Exploits0References16
Tenable Nessus
Tenable Nessus
added 2024/04/02 12:0 a.m.13 views

Microsoft Windows 10 1809 Home SEoL

Microsoft Windows 10 1809 Home is no longer maintained by its vendor or provider. Lack of support implies that no new security patches for the product will be released by the vendor. As a result, it may contain security vulnerabilities. %NASLMINLEVEL 80900 C Tenable, Inc. include'compat.inc'; if...

5.4AI score
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2024/04/02 12:0 a.m.13 views

Microsoft Windows 10 21H2 Home SEoL

Microsoft Windows 10 21H2 Home is no longer maintained by its vendor or provider. Lack of support implies that no new security patches for the product will be released by the vendor. As a result, it may contain security vulnerabilities. %NASLMINLEVEL 80900 C Tenable, Inc. include'compat.inc'; if...

5.4AI score
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2024/04/02 12:0 a.m.52 views

Microsoft Windows 10 1809 Enterprise LTSC SEoL

Microsoft Windows 10 1809 Enterprise LTSC is no longer maintained by its vendor or provider. Lack of support implies that no new security patches for the product will be released by the vendor. As a result, it may contain security vulnerabilities. %NASLMINLEVEL 80900 C Tenable, Inc...

5.4AI score
Exploits0References1
OSV
OSV
added 2024/03/01 6:30 p.m.11 views

GHSA-H595-VWHC-3XWX Apache Archiva Incorrect Authorization vulnerability

UNSUPPORTED WHEN ASSIGNED Incorrect Authorization vulnerability in Apache Archiva: a vulnerability in Apache Archiva allows an unauthenticated attacker to modify account data, potentially leading to account takeover. This issue affects Apache Archiva: from 2.0.0. As this project is retired, we do...

8.7CVSS7.5AI score0.0133EPSS
Exploits0References4
NVD
NVD
added 2024/01/29 12:15 p.m.27 views

CVE-2023-5378

Improper Input Validation vulnerability in MegaBIP and already unsupported SmodBIP software allows for Stored XSS.This issue affects SmodBIP in all versions and MegaBIP in versions up to 4.36.2. MegaBIP 5.08 was tested and is not vulnerable. A precise range of vulnerable versions remains unknown...

8.8CVSS8.6AI score0.00527EPSS
Exploits0References4
OSV
OSV
added 2023/12/25 2:0 a.m.21 views

CVE-2023-7098 icret EasyImages hide.php path traversal

UNSUPPORTED WHEN ASSIGNED A vulnerability classified as problematic was found in icret EasyImages 2.8.3. This vulnerability affects unknown code of the file app/hide.php. The manipulation of the argument key leads to path traversal: '../filedir'. The attack can be initiated remotely. The complexi...

3.1CVSS4.4AI score0.00656EPSS
Exploits0References5
OSV
OSV
added 2023/12/23 9:30 p.m.12 views

GHSA-JPFP-XQ3P-4H3R Deis Workflow Manager race condition vulnerability

UNSUPPORTED WHEN ASSIGNED A vulnerability was found in Deis Workflow Manager up to 2.3.2. It has been classified as problematic. This affects an unknown part. The manipulation leads to race condition. The complexity of an attack is rather high. The exploitability is told to be difficult. Upgradin...

4.6CVSS7.5AI score0.00396EPSS
Exploits0References6
Github Security Blog
Github Security Blog
added 2023/12/23 9:30 p.m.27 views

Deis Workflow Manager race condition vulnerability

UNSUPPORTED WHEN ASSIGNED A vulnerability was found in Deis Workflow Manager up to 2.3.2. It has been classified as problematic. This affects an unknown part. The manipulation leads to race condition. The complexity of an attack is rather high. The exploitability is told to be difficult. Upgradin...

7.5CVSS6.8AI score0.00396EPSS
Exploits0References7Affected Software1
Rows per page
Query Builder