Lucene search
+L

555 matches found

Positive Technologies
Positive Technologies
added 2023/09/26 12:0 a.m.4 views

PT-2023-23748 · Apple · Ipados +4

Name of the Vulnerable Software and Affected Versions: Apple tvOS versions prior to 17 Apple iOS versions prior to 17 Apple iPadOS versions prior to 17 Apple watchOS versions prior to 10 Apple macOS versions prior to Sonoma 14 Description: The issue was addressed with improved handling of caches...

5.5CVSS4.5AI score0.00288EPSS
Exploits0References12
CNNVD
CNNVD
added 2023/08/24 12:0 a.m.6 views

CloudExplorer Lite 信息泄露漏洞

CloudExplorer Lite is CloudExplorer's platform that provides out-of-the-box basic functionality for cloud hosting management, cloud billing, operational analytics, and security compliance, as well as powerful extensibility to meet the customization needs of enterprises. An information disclosure...

7.5CVSS5.3AI score0.0063EPSS
Exploits1References3
Github Security Blog
Github Security Blog
added 2023/08/09 9:30 a.m.14 views

Magento Open Source allows Incorrect Authorization

Adobe Commerce versions 2.4.6-p1 and earlier, 2.4.5-p3 and earlier and 2.4.4-p4 and earlier are affected by an Incorrect Authorization vulnerability that could lead to a Security feature bypass. A low-privileged attacker could leverage this vulnerability to access other user's data. Exploitation ...

6.5CVSS6.7AI score0.00747EPSS
Exploits0References3Affected Software2
Prion
Prion
added 2023/08/09 8:15 a.m.23 views

Authorization

Adobe Commerce versions 2.4.6-p1 and earlier, 2.4.5-p3 and earlier and 2.4.4-p4 and earlier are affected by an Incorrect Authorization vulnerability that could lead to a Security feature bypass. A low-privileged attacker could leverage this vulnerability to access other user's data. Exploitation ...

4CVSS6.4AI score0.00747EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2023/08/09 7:41 a.m.33 views

CVE-2023-38209 Adobe Commerce Incorrect Authorization Security feature bypass

Adobe Commerce versions 2.4.6-p1 and earlier, 2.4.5-p3 and earlier and 2.4.4-p4 and earlier are affected by an Incorrect Authorization vulnerability that could lead to a Security feature bypass. A low-privileged attacker could leverage this vulnerability to access other user's data. Exploitation ...

6.5CVSS6.4AI score0.00747EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2023/08/09 7:41 a.m.11 views

CVE-2023-38209 Adobe Commerce Incorrect Authorization Security feature bypass

Adobe Commerce versions 2.4.6-p1 and earlier, 2.4.5-p3 and earlier and 2.4.4-p4 and earlier are affected by an Incorrect Authorization vulnerability that could lead to a Security feature bypass. A low-privileged attacker could leverage this vulnerability to access other user's data. Exploitation ...

6.5CVSS6.3AI score0.00747EPSS
Exploits0References1
CVE
CVE
added 2023/08/09 7:41 a.m.84 views

CVE-2023-38209

Adobe Commerce/Open Source Magento versions 2.4.4-p4–2.4.6-p1 (and earlier) are affected by an Incorrect Authorization vulnerability that permits a low-privileged attacker to access other users’ data without user interaction. The issue stems from improper access control and has a high confidentia...

6.5CVSS6.3AI score0.00747EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2023/07/24 12:0 a.m.4 views

PT-2023-4211 · Apple · Apple Macos

Name of the Vulnerable Software and Affected Versions: macOS versions prior to 11.7.9 macOS versions prior to 12.6.8 macOS versions prior to 13.5 Description: A logic issue was addressed with improved restrictions, which may allow an app to access user-sensitive data. The issue is related to the...

5.5CVSS5.6AI score0.0022EPSS
Exploits0References11
ATTACKERKB
ATTACKERKB
added 2023/06/23 6:15 p.m.6 views

CVE-2023-32367

This issue was addressed with improved entitlements. This issue is fixed in iOS 16.5 and iPadOS 16.5, macOS Ventura 13.4. An app may be able to access user-sensitive data...

5.5CVSS5.7AI score0.00238EPSS
Exploits0References3
Prion
Prion
added 2023/06/23 6:15 p.m.17 views

Information disclosure

This issue was addressed by restricting options offered on a locked device. This issue is fixed in watchOS 9.5. An attacker with physical access to a locked Apple Watch may be able to view user photos or contacts via accessibility features...

2.1CVSS4.7AI score0.00287EPSS
Exploits0References2Affected Software1
Snyk
Snyk
added 2023/06/15 9:30 p.m.1 views

Incorrect Authorization

Overview magento/project-community-edition is an eCommerce Platform for Growth Community Edition Affected versions of this package are vulnerable to Incorrect Authorization due to improper handling of authorization logic. An attacker can bypass security measures and access sensitive user data...

8.7CVSS6.9AI score0.00918EPSS
Exploits0References2
OSV
OSV
added 2023/06/12 6:15 p.m.3 views

CVE-2022-36331

Western Digital My Cloud, My Cloud Home, My Cloud Home Duo, and SanDisk ibi devices were vulnerable to an impersonation attack that could allow an unauthenticated attacker to gain access to user data. This issue affects My Cloud OS 5 devices: before 5.25.132; My Cloud Home and My Cloud Home Duo:...

7.5CVSS5.8AI score0.00591EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2023/05/22 12:0 a.m.3 views

PT-2023-23156 · Apache · Apache Inlong

Name of the Vulnerable Software and Affected Versions: Apache InLong versions 1.5.0 through 1.6.0 Description: This issue allows users registered in InLong who joined later to see deleted users' data. The problem is related to insecure default initialization of resources. Recommendations: For...

6.5CVSS6.2AI score0.0111EPSS
Exploits0References7
NVD
NVD
added 2023/05/11 6:15 p.m.24 views

CVE-2023-29022

A cross site scripting vulnerability was discovered in Rockwell Automation's ArmorStart ST product that could potentially allow a malicious user with admin privileges and network access to view user data and modify the web interface. Additionally, a malicious user could potentially cause...

5.9CVSS5.2AI score0.0062EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2023/05/11 5:51 p.m.7 views

CVE-2023-29022 Rockwell Automation ArmorStart ST Vulnerable to Cross-Site Scripting Attack

A cross site scripting vulnerability was discovered in Rockwell Automation's ArmorStart ST product that could potentially allow a malicious user with admin privileges and network access to view user data and modify the web interface. Additionally, a malicious user could potentially cause...

4.7CVSS6.4AI score0.0062EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2023/05/11 5:50 p.m.7 views

CVE-2023-29028 Rockwell Automation ArmorStart ST Vulnerable to Cross-Site Scripting Attack

A cross site scripting vulnerability was discovered in Rockwell Automation's ArmorStart ST product that could potentially allow a malicious user with admin privileges and network access to view user data and modify the web interface. Additionally, a malicious user could potentially cause...

4.7CVSS6.4AI score0.0062EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2023/05/11 5:47 p.m.9 views

CVE-2023-29027 Rockwell Automation ArmorStart ST Vulnerable to Cross-Site Scripting Attack

A cross site scripting vulnerability was discovered in Rockwell Automation's ArmorStart ST product that could potentially allow a malicious user with admin privileges and network access to view user data and modify the web interface. Additionally, a malicious user could potentially cause...

4.7CVSS5.5AI score0.0062EPSS
Exploits0References1
CVE
CVE
added 2023/05/08 12:0 a.m.97 views

CVE-2023-27931

CVE-2023-27931 affects Apple OS family components where an app may access user-sensitive data. The issue was mitigated by removing the vulnerable code and is fixed in macOS Ventura 13.3, macOS Monterey 12.6.3, macOS Big Sur 11.7.3, iOS 16.4, iPadOS 16.4, tvOS 16.4, and watchOS 9.4. Connected sour...

5.5CVSS4.5AI score0.00238EPSS
Exploits0References6Affected Software5
Positive Technologies
Positive Technologies
added 2023/03/27 12:0 a.m.1 views

PT-2023-19025 · Apple · Macos Ventura +3

Name of the Vulnerable Software and Affected Versions: macOS versions prior to 13.3 macOS Monterey versions prior to 12.6.4 macOS Big Sur versions prior to 11.7.5 Description: A privacy issue was addressed with improved private data redaction for log entries, which may allow an app to access...

5.5CVSS5.6AI score0.00251EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2023/03/05 12:0 a.m.6 views

PT-2023-16804 · Unknown · Icret/Easyimages2.0

Name of the Vulnerable Software and Affected Versions: icret/easyimages2.0 versions prior to 2.6.7 Description: The issue is related to Cross-site Scripting XSS - Stored, which occurs when an application stores user input without proper validation, allowing attackers to inject malicious scripts...

5.4CVSS5AI score0.00429EPSS
Exploits1References6
Rows per page
Query Builder