Lucene search
K

160 matches found

Positive Technologies
Positive Technologies
added 2024/09/25 12:0 a.m.8 views

PT-2024-7151 · Juniper Networks · Junos Evolved

Name of the Vulnerable Software and Affected Versions: Juniper Networks Junos OS Evolved versions prior to 21.2R3-S8-EVO Juniper Networks Junos OS Evolved versions from 21.4-EVO prior to 21.4R3-S8-EVO Juniper Networks Junos OS Evolved versions from 22.2-EVO prior to 22.2R3-S4-EVO Juniper Networks...

8.4CVSS7.4AI score0.00208EPSS
Exploits0References6
CNNVD
CNNVD
added 2024/08/18 12:0 a.m.4 views

WordPress plugin Zephyr Project Manager 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

9.8CVSS6.7AI score0.00367EPSS
Exploits0References2
GithubExploit
GithubExploit
added 2024/08/14 2:24 p.m.932 views

Exploit for Use of Password Hash With Insufficient Computational Effort in Redhat Enterprise_Linux

CVE-2024-3183-POC POC for CVE-2024-3183 FreeIPA Rosting Imp...

8.1CVSS8.6AI score0.02053EPSS
Exploits1
Vulnrichment
Vulnrichment
added 2024/08/07 7:17 a.m.23 views

CVE-2024-42062 Apache CloudStack: User Key Exposure to Domain Admins

CloudStack account-users by default use username and password based authentication for API and UI access. Account-users can generate and register randomised API and secret keys and use them for the purpose of API-based automation and integrations. Due to an access permission validation issue that...

7.8AI score0.00946EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2024/07/09 12:0 a.m.7 views

PT-2024-5550 · Fortinet · Fortiportal

Name of the Vulnerable Software and Affected Versions: Fortinet FortiPortal versions 7.0.0 through 7.0.6 Fortinet FortiPortal version 7.2.0 Description: The issue is related to an authorization bypass in the administration interface of Fortinet FortiPortal, which can be exploited by using a...

4.3CVSS7AI score0.00294EPSS
Exploits0References6
CNNVD
CNNVD
added 2024/07/09 12:0 a.m.5 views

Fortinet FortiPorta Security Vulnerability

Fortinet FortiPortal is an advanced, feature-rich hosted security analysis and management support tool for Fortinet's FortiGate, FortiWiFi, and FortiAP product lines, available as a virtual machine for MSPs. A security vulnerability exists in Fortinet FortiPortal that stems from the presence of a...

4.3CVSS6.7AI score0.00294EPSS
Exploits0References2
OSV
OSV
added 2024/06/28 3:28 p.m.28 views

GO-2024-2434 CubeFS leaks users key in logs in github.com/cubefs/cubefs

CubeFS leaks users key in logs in github.com/cubefs/cubefs. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is causing false-positive reports from vulnerability scanners, please suggest an edit t...

6.5CVSS6.3AI score0.00271EPSS
Exploits0References3
BDU FSTEC
BDU FSTEC
added 2024/05/17 12:0 a.m.6 views

The vulnerability of the FortiVoice enterprise telephony software relates to the bypassing of authentication procedures by using a user-controlled key, allowing an intruder to access the configuration SIP files.

The vulnerability of the FortiVoice corporate telephony software relates to bypassing authentication by using a user-controlled key. Exploiting this vulnerability allows an attacker to disclose configuration SIP files by sending specially crafted HTTP or HTTP requests...

7.5CVSS5.5AI score0.00848EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2024/05/16 12:0 a.m.4 views

PT-2024-30162 · WordPress · The Tutor Lms

Name of the Vulnerable Software and Affected Versions: The Tutor LMS – eLearning and online course solution plugin for WordPress versions up to, and including, 2.7.0 Description: The issue allows authenticated attackers with Instructor-level permissions and above to delete any course due to missi...

6.5CVSS6.8AI score0.00418EPSS
Exploits0References7
CNNVD
CNNVD
added 2024/04/14 12:0 a.m.3 views

DirectCyber Evolution Controller 安全漏洞

DirectCyber Evolution Controller is an access control controller software from DirectCyber, Inc. that is used to controller physical access to facilities. A security vulnerability exists in DirectCyber Evolution Controller version 2.04.560.31.03.2024 and prior versions, which stems from an...

7.5CVSS6.6AI score0.00498EPSS
Exploits0References2
CNNVD
CNNVD
added 2024/04/07 12:0 a.m.2 views

WordPress Plugin ProfileGrid 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed using the PHP language, which supports personal blog sites on servers running PHP and MySQL, and the WordPress...

7.1CVSS8.1AI score0.00379EPSS
Exploits0References2
BDU FSTEC
BDU FSTEC
added 2024/03/14 12:0 a.m.6 views

The vulnerability of the SSL-VPN component for FortiOS operating systems and proxy servers, which allows attackers to gain unauthorized access to another user’s web pages.

The vulnerability of the SSL-VPN component for FortiOS operating systems and FortiProxy proxy servers relates to bypassing authentication by using a user-controlled key. Exploiting this vulnerability allows an attacker to gain unauthorized access to another user’s web page by manipulating the URL...

8CVSS7.4AI score0.00663EPSS
Exploits0References3Affected Software2
Positive Technologies
Positive Technologies
added 2024/01/31 12:0 a.m.8 views

PT-2024-19327 · WordPress · Kali Forms

Name of the Vulnerable Software and Affected Versions: Contact Form builder with drag & drop for WordPress – Kali Forms versions 2.3.36 and earlier Description: The issue is related to an Authorization Bypass Through User-Controlled Key vulnerability. This vulnerability affects the Contact Form...

8.1CVSS8.1AI score0.00453EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2024/01/18 12:0 a.m.3 views

PT-2024-15664 · Idmsistemas · Qsige

Name of the Vulnerable Software and Affected Versions: QSige affected versions not specified Description: The issue is related to the omission of user-controlled key authorization in the IDMSistemas platform, affecting the QSige product. This allows an attacker to extract sensitive information fr...

7.5CVSS7.2AI score0.00492EPSS
Exploits0References5
BDU FSTEC
BDU FSTEC
added 2024/01/15 12:0 a.m.9 views

The vulnerability of the intermediate installation process for microprogramming software on the SIMATIC CN 4100 allows a intruder to gain access to the system and obtain full control over the application.

The vulnerability of the intermediate installation process for microprogrammed communication gateway software SIMATIC CN 4100 relates to bypassing authentication by using a user-controlled key. Exploiting this vulnerability allows an attacker to remotely gain access to the system and gain full...

9CVSS7.7AI score0.00528EPSS
Exploits0References3Affected Software1
Positive Technologies
Positive Technologies
added 2024/01/01 12:0 a.m.5 views

PT-2024-5348 · Qualcomm · Qualcomm Microprogram +1

Name of the Vulnerable Software and Affected Versions: Qualcomm embedded platform software affected versions not specified Description: The issue is related to memory corruption that occurs while processing a key blob passed by the user. This can potentially allow an attacker to execute arbitrary...

7.8CVSS8.2AI score0.00103EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2023/12/21 12:0 a.m.6 views

PT-2023-23995 · Unknown · Woocommerce Bookings

Name of the Vulnerable Software and Affected Versions: WooCommerce Bookings versions 1.15.78 and earlier Description: The issue is related to an Authorization Bypass Through User-Controlled Key vulnerability. This allows for potential unauthorized access. Recommendations: For versions 1.15.78 and...

7.5CVSS7.7AI score0.00449EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2023/11/06 12:0 a.m.3 views

PT-2023-9735 · Fortinet · Fortiportal

Name of the Vulnerable Software and Affected Versions: Fortinet FortiPortal versions 7.0.0 through 7.0.3 Description: The issue is related to an authorization bypass through a user-controlled key, allowing an authenticated attacker to interact with resources of other organizations via HTTP or HTT...

8.1CVSS6.7AI score0.00381EPSS
Exploits0References8
NCSC
NCSC
added 2023/07/13 12:0 a.m.16 views

Vulnerabilities fixed in FortiNet FortiOS and FortiProxy

FortiNet has fixed vulnerabilities in FortiOS and FortiProxy. A malicious party could exploit the vulnerabilities to execute arbitrary execute arbitrary code on the vulnerable system, or under specific circumstances to take over a user's session. The vulnerability with attribute CVE-2023-33308...

9.8CVSS7.8AI score0.01873EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2023/06/13 12:0 a.m.5 views

PT-2023-22718

Name of the Vulnerable Software and Affected Versions TMT Lockcell versions prior to 15 Description The issue is related to an Authorization Bypass Through User-Controlled Key vulnerability, which allows for Authentication Abuse and Authentication Bypass. Recommendations For versions prior to 15,...

9.8CVSS7.3AI score0.01295EPSS
Exploits1References8
Rows per page
Query Builder