Lucene search
+L

207 matches found

NVD
NVD
added 2024/10/02 5:15 p.m.50 views

CVE-2024-20432

A vulnerability in the REST API and web UI of Cisco Nexus Dashboard Fabric Controller NDFC could allow an authenticated, low-privileged, remote attacker to perform a command injection attack against an affected device. This vulnerability is due to improper user authorization and insufficient...

9.9CVSS0.01142EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/10/02 4:53 p.m.25 views

CVE-2024-20432 Cisco Nexus Dashboard Fabric Controller Web UI Command Injection Vulnerability

A vulnerability in the REST API and web UI of Cisco Nexus Dashboard Fabric Controller NDFC could allow an authenticated, low-privileged, remote attacker to perform a command injection attack against an affected device. This vulnerability is due to improper user authorization and insufficient...

9.9CVSS8.2AI score0.01142EPSS
Exploits0References1
CVE
CVE
added 2024/10/02 4:53 p.m.124 views

CVE-2024-20432

Cisco Nexus Dashboard Fabric Controller (NDFC) is affected by CVE-2024-20432 via a REST API and web UI command-injection flaw caused by improper user authorization and insufficient validation of command arguments. A low-privilege, authenticated attacker could submit crafted commands to affected R...

9.9CVSS9.8AI score0.01142EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2024/10/02 12:0 a.m.5 views

PT-2024-6593 · Cisco · Cisco Nexus Dashboard Fabric Controller

Name of the Vulnerable Software and Affected Versions: Cisco Nexus Dashboard Fabric Controller versions 11.5 and earlier Description: A vulnerability in the REST API and web UI of Cisco Nexus Dashboard Fabric Controller could allow an authenticated, low-privileged, remote attacker to perform a...

9.9CVSS8.5AI score0.01142EPSS
Exploits0References43
CNNVD
CNNVD
added 2024/09/19 12:0 a.m.6 views

ZITADEL 安全漏洞

ZITADEL is a modern open source alternative to Auth0, Firebase Auth, AWS Cognito, and Keycloak built for the age of containers and serverless, open sourced by ZITADEL in Switzerland. ZITADEL suffers from a security vulnerability that stems from the user authorization deactivation mechanism not...

7.3CVSS6.4AI score0.00332EPSS
Exploits0References3
CVE
CVE
added 2024/06/10 8:56 p.m.71 views

CVE-2024-23282

CVE-2024-23282 is an Apple iOS/macOS/iPadOS FaceTime-related vulnerability: a maliciously crafted email may initiate FaceTime calls without user authorization. Connected sources confirm remediation: Apple patches in macOS Sonoma 14.5, watchOS 10.5, iOS 17.5 and iPadOS 17.5, and older iOS/iPadOS v...

5.5CVSS7.1AI score0.00239EPSS
Exploits0References12Affected Software4
OSV
OSV
added 2024/05/15 5:32 a.m.9 views

MGASA-2024-0176 Updated sssd packages fix security vulnerability

A race condition flaw was found in sssd where the GPO policy is not consistently applied for authenticated users. This may lead to improper authorization issues, granting or denying access to resources inappropriately. CVE-2023-3758...

7.1CVSS6.5AI score0.01033EPSS
Exploits1References4
CVE
CVE
added 2024/05/02 4:52 p.m.77 views

CVE-2024-1797

CVE-2024-1797 concerns the WP ULike plugin for WordPress. The initial description states a SQL Injection via the status and id attributes of the wp_ulike_counter and wp_ulike shortcodes, affecting all versions up to 4.6.9, with authenticated attackers (contributor+ level) able to inject extra SQL...

8.8CVSS7.1AI score0.0056EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2024/04/26 4:6 p.m.35 views

CVE-2024-32730

CVE-2024-32730 concerns SAP Enable Now Manager, where an authenticated user can bypass authorization checks and escalate privileges. The root cause is a failure to enforce access controls, enabling an attacker with the role Learner to access other users’ data within the manager, with high impact ...

6.5CVSS7.1AI score0.00552EPSS
Exploits0References2
OpenVAS
OpenVAS
added 2024/03/08 12:0 a.m.24 views

Fedora: Security Advisory for voms-clients-java (FEDORA-2024-129d8ca6fc)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

8.8CVSS9.2AI score0.02578EPSS
Exploits3References2
OSV
OSV
added 2024/03/06 10:58 a.m.20 views

BIT-GRAFANA-2022-21713 Exposure of Sensitive Information in Grafana

Grafana is an open-source platform for monitoring and observability. Affected versions of Grafana expose multiple API endpoints which do not properly handle user authorization. /teams/:teamId will allow an authenticated attacker to view unintended data by querying for the specific team ID,...

4.3CVSS6.2AI score0.01168EPSS
Exploits0References8
OSV
OSV
added 2024/03/06 10:51 a.m.56 views

BIT-COUCHDB-2023-45725 Apache CouchDB, IBM Cloudant: Privilege Escalation Using _design Documents

Design document functions which receive a user http request object may expose authorization or session cookie headers of the user who accesses the document. These design document functions are: list show rewrite update An attacker can leak the session component using an HTML-like output,...

5.7CVSS5.5AI score0.01232EPSS
Exploits0References3
ICS
ICS
added 2024/01/18 7:0 a.m.61 views

AVEVA PI Server

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION : Exploitable remotely/low attack complexity Vendor : AVEVA Equipment : PI Server Vulnerabilities : Improper Check or Handling of Exceptional Conditions, Missing Release of Resource after Effective Lifetime 2. RISK EVALUATION Successful...

7.5CVSS6.9AI score0.00555EPSS
Exploits0References8
NVD
NVD
added 2024/01/16 11:15 p.m.41 views

CVE-2024-22407

Shopware is an open headless commerce platform. In the Shopware CMS, the state handler for orders fails to sufficiently verify user authorizations for actions that modify the payment, delivery, and/or order status. Due to this inadequate implementation, users lacking 'write' permissions for order...

6.5CVSS5.4AI score0.004EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/01/16 10:29 p.m.13 views

CVE-2024-22407 Broken Access Control order API in Shopware

Shopware is an open headless commerce platform. In the Shopware CMS, the state handler for orders fails to sufficiently verify user authorizations for actions that modify the payment, delivery, and/or order status. Due to this inadequate implementation, users lacking 'write' permissions for order...

4.9CVSS6.8AI score0.004EPSS
Exploits0References1
OSV
OSV
added 2024/01/16 4:15 p.m.6 views

CVE-2023-6741

The WP Customer Area WordPress plugin before 8.2.1 does not properly validate users capabilities in some of its AJAX actions, allowing malicious users to edit other users' account address...

4.3CVSS5.8AI score0.00394EPSS
Exploits1References1
OSV
OSV
added 2024/01/12 3:15 p.m.5 views

CVE-2023-49261

The "tokenKey" value used in user authorization is visible in the HTML source of the login page...

7.5CVSS5.8AI score0.00556EPSS
Exploits0References2
NVD
NVD
added 2024/01/12 3:15 p.m.25 views

CVE-2023-49261

The "tokenKey" value used in user authorization is visible in the HTML source of the login page...

7.5CVSS7.5AI score0.00492EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2024/01/12 2:25 p.m.18 views

CVE-2023-49261 Sensitive authentication-related value accessible publicly

The "tokenKey" value used in user authorization is visible in the HTML source of the login page...

6.8AI score0.00556EPSS
Exploits0References2
CVE
CVE
added 2024/01/12 2:25 p.m.37 views

CVE-2023-49261

CVE-2023-49261: Red Hat entries confirm the issue that the tokenKey used in user authorization is visible in the HTML source of the login page. The Red Hat advisories list this description; the connected documents do not provide affected product/version details, exploit information, or remediatio...

7.5CVSS7.4AI score0.00556EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder