Lucene search
+L

168 matches found

Positive Technologies
Positive Technologies
added 2024/01/31 12:0 a.m.10 views

PT-2024-19327 · WordPress · Kali Forms

Name of the Vulnerable Software and Affected Versions: Contact Form builder with drag & drop for WordPress – Kali Forms versions 2.3.36 and earlier Description: The issue is related to an Authorization Bypass Through User-Controlled Key vulnerability. This vulnerability affects the Contact Form...

8.1CVSS8.1AI score0.00453EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2024/01/18 12:0 a.m.4 views

PT-2024-15664 · Idmsistemas · Qsige

Name of the Vulnerable Software and Affected Versions: QSige affected versions not specified Description: The issue is related to the omission of user-controlled key authorization in the IDMSistemas platform, affecting the QSige product. This allows an attacker to extract sensitive information fr...

7.5CVSS7.2AI score0.00492EPSS
Exploits0References5
BDU FSTEC
BDU FSTEC
added 2024/01/15 12:0 a.m.9 views

The vulnerability of the intermediate installation process for microprogramming software on the SIMATIC CN 4100 allows a intruder to gain access to the system and obtain full control over the application.

The vulnerability of the intermediate installation process for microprogrammed communication gateway software SIMATIC CN 4100 relates to bypassing authentication by using a user-controlled key. Exploiting this vulnerability allows an attacker to remotely gain access to the system and gain full...

9CVSS7.7AI score0.00528EPSS
Exploits0References3Affected Software1
Positive Technologies
Positive Technologies
added 2024/01/01 12:0 a.m.7 views

PT-2024-5348 · Qualcomm · Qualcomm Microprogram +1

Name of the Vulnerable Software and Affected Versions: Qualcomm embedded platform software affected versions not specified Description: The issue is related to memory corruption that occurs while processing a key blob passed by the user. This can potentially allow an attacker to execute arbitrary...

7.8CVSS8.2AI score0.00103EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2023/12/21 12:0 a.m.8 views

PT-2023-23995 · Unknown · Woocommerce Bookings

Name of the Vulnerable Software and Affected Versions: WooCommerce Bookings versions 1.15.78 and earlier Description: The issue is related to an Authorization Bypass Through User-Controlled Key vulnerability. This allows for potential unauthorized access. Recommendations: For versions 1.15.78 and...

7.5CVSS7.7AI score0.00449EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2023/11/06 12:0 a.m.3 views

PT-2023-9735 · Fortinet · Fortiportal

Name of the Vulnerable Software and Affected Versions: Fortinet FortiPortal versions 7.0.0 through 7.0.3 Description: The issue is related to an authorization bypass through a user-controlled key, allowing an authenticated attacker to interact with resources of other organizations via HTTP or HTT...

8.1CVSS6.7AI score0.00381EPSS
Exploits0References8
NCSC
NCSC
added 2023/07/13 12:0 a.m.17 views

Vulnerabilities fixed in FortiNet FortiOS and FortiProxy

FortiNet has fixed vulnerabilities in FortiOS and FortiProxy. A malicious party could exploit the vulnerabilities to execute arbitrary execute arbitrary code on the vulnerable system, or under specific circumstances to take over a user's session. The vulnerability with attribute CVE-2023-33308...

9.8CVSS7.8AI score0.02121EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2023/06/13 12:0 a.m.6 views

PT-2023-22718

Name of the Vulnerable Software and Affected Versions TMT Lockcell versions prior to 15 Description The issue is related to an Authorization Bypass Through User-Controlled Key vulnerability, which allows for Authentication Abuse and Authentication Bypass. Recommendations For versions prior to 15,...

9.8CVSS7.3AI score0.01306EPSS
Exploits1References8
CNNVD
CNNVD
added 2023/05/25 12:0 a.m.6 views

CBOT Chatbot 安全漏洞

CBOT Chatbot is an AI-powered real-time chat solution from CBOT. A security vulnerability exists in CBOT Chatbot Core prior to v4.0.3.4, Panel prior to v4.0.3.7, which stems from a vulnerability that allows token emulation, privilege abuse, and authorization bypass by a user-controlled key...

8.8CVSS7.9AI score0.00683EPSS
Exploits0References2
CNNVD
CNNVD
added 2023/05/20 12:0 a.m.5 views

Ideasoft E-commerce Platform 安全漏洞

Ideasoft E-commerce Platform is an open source e-commerce platform from Ideasoft. A security vulnerability exists in Ideasoft E-commerce Platform versions prior to 23.05, which stems from a vulnerability in Rental Module that allows an attacker to bypass authorization via a controlled user key...

9.8CVSS8.3AI score0.00765EPSS
Exploits0References2
SUSE CVE
SUSE CVE
added 2023/02/15 6:15 a.m.4 views

SUSE CVE-2006-1522

The sysaddkey function in the keyring code in Linux kernel 2.6.16.1 and 2.6.17-rc1, and possibly earlier versions, allows local users to cause a denial of service OOPS via keyctl requests that add a key to a user key instead of a keyring key, which causes an invalid dereference in the...

4.9CVSS6.7AI score0.00438EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2023/02/15 4:50 a.m.4 views

SUSE CVE-2017-5460

A use-after-free vulnerability in frame selection triggered by a combination of malicious script content and key presses by a user. This results in a potentially exploitable crash. This vulnerability affects Thunderbird 52.1, Firefox ESR 45.9, Firefox ESR 52.1, and Firefox 53...

9.8CVSS7.1AI score0.03036EPSS
Exploits1References10
Positive Technologies
Positive Technologies
added 2022/12/28 12:0 a.m.3 views

PT-2022-28100 · Unknown · Usememos/Memos

Name of the Vulnerable Software and Affected Versions: usememos/memos versions prior to 0.9.1 Description: The issue is related to an Authorization Bypass Through User-Controlled Key, which can lead to Improper Authentication. This allows unauthorized access, potentially compromising the security...

8.6CVSS8.5AI score0.00762EPSS
Exploits1References11
OSV
OSV
added 2022/10/19 3:47 p.m.8 views

USN-5690-1 libxdmcp vulnerability

It was discovered that libXdmcp was generating weak session keys. A local attacker could possibly use this issue to perform a brute force attack and obtain another user's key...

6.5CVSS6.9AI score0.00534EPSS
Exploits3References2
OSV
OSV
added 2022/09/29 3:15 a.m.8 views

CVE-2020-15343

Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has an unauthenticated zyinstalluserkey API...

5.3CVSS5.8AI score0.0058EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2022/02/15 11:15 p.m.7 views

CVE-2021-46249

An authorization bypass exploited by a user-controlled key in SpecificApps REST API in ScratchOAuth2 before commit d856dc704b2504cd3b92cf089fdd366dd40775d6 allows app owners to set flags that indicate whether an app is verified on their own apps...

6.5CVSS6.6AI score0.00643EPSS
Exploits0References2
CNNVD
CNNVD
added 2021/07/01 12:0 a.m.7 views

Bachmann Electronic All M-Base Controllers 加密问题漏洞

Bachmann Electronic All M-Base Controllers is a controller system from Bachmann, Germany, used to control networks. A cryptographic issue vulnerability exists in Bachmann Electronic All M-Base Controllers that stems from not properly using the relevant cryptographic algorithms, resulting in...

8.8CVSS7.9AI score0.00824EPSS
Exploits0References5
Hacker One
Hacker One
added 2019/11/08 2:19 p.m.34 views

Nextcloud: Improper integrity protection of server-side encryption keys

The public keys used for the server-side encryption are not integrity-protected. These can easily replaced by anyone who has access to the data-at-rest data even when the per-user-keys are enabled, as described in https://nextcloud.com/security/threat-model/. This holds true for all key types -...

5.5CVSS0.6AI score0.00727EPSS
Exploits1
Cvelist
Cvelist
added 2018/06/11 9:0 p.m.35 views

CVE-2017-5460

A use-after-free vulnerability in frame selection triggered by a combination of malicious script content and key presses by a user. This results in a potentially exploitable crash. This vulnerability affects Thunderbird 52.1, Firefox ESR 45.9, Firefox ESR 52.1, and Firefox 53...

8.5AI score0.03036EPSS
Exploits1References11
RedHat Linux
RedHat Linux
added 2017/04/21 12:49 a.m.7 views

Mozilla: Use-after-free in frame selection (MFSA 2017-11, MFSA 2017-12)

A use-after-free vulnerability in frame selection triggered by a combination of malicious script content and key presses by a user. This results in a potentially exploitable crash. This vulnerability affects Thunderbird 52.1, Firefox ESR 45.9, Firefox ESR 52.1, and Firefox 53...

9.8CVSS7.3AI score0.03036EPSS
Exploits1References5
Rows per page
Query Builder