Lucene search
K

287 matches found

CNVD
CNVD
added 2024/08/23 12:0 a.m.6 views

Warehouse Inventory System Cross-Site Request Forgery Vulnerability (CNVD-2024-38211)

Warehouse Inventory System is a Warehouse Inventory Management System by Siamon Hasan Personal Developer. A cross-site request forgery vulnerability exists in Warehouse Inventory System version v2.0, which stems from a failure of the categorie.php component to adequately validate whether a reques...

8.8CVSS6.5AI score0.00284EPSS
Exploits1References1
OSV
OSV
added 2024/08/15 6:32 a.m.5 views

GHSA-Q83V-HQ3J-4PQ3 Duplicate Advisory: Improper access control in Directus

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-3fff-gqw3-vj86. This link is maintained to preserve external references. Original Description Directus v10.13.0 allows an authenticated external attacker to modify presets created by the same user to assign them...

5.3CVSS5.8AI score0.00326EPSS
Exploits0References4
Zero Day Initiative
Zero Day Initiative
added 2024/08/08 12:0 a.m.9 views

Logsign Unified SecOps Platform Directory Traversal Arbitrary File Deletion Vulnerability

This vulnerability allows remote attackers to delete arbitrary files on affected installations of Logsign Unified SecOps Platform. Authentication is required to exploit this vulnerability. The specific flaw exists within the HTTP API service, which listens on TCP port 443 by default. The issue...

7.1CVSS6.7AI score0.02016EPSS
Exploits0References1
Veracode
Veracode
added 2024/07/25 5:58 p.m.14 views

Code Injection

Woodpecker is vulnerable to Code Injection. The vulnerability is due to insufficient user validation, allowing any user to trigger malicious workflows that can either take over the host running the agent or extract secrets by overwriting plugin entry points...

8.8CVSS7.2AI score0.00737EPSS
Exploits0References8Affected Software2
Veracode
Veracode
added 2024/07/25 8:55 a.m.15 views

Code Injection

Woodpecker is vulnerable to Code Injection. The vulnerability is due to insufficient user validation, allowing any user to trigger malicious workflows that can either take over the host running the agent or extract secrets by overwriting plugin entry points...

8.8CVSS6.9AI score0.00618EPSS
Exploits0References7Affected Software2
CVE
CVE
added 2024/06/29 4:33 a.m.49 views

CVE-2024-5942

CVE-2024-5942 affects the WordPress Page and Post Clone plugin. The issue is an Insecure Direct Object Reference in the content_clone function due to missing validation on a user-controlled key, enabling authenticated attackers with Author+ access to clone and read private posts. Technical detail...

5.4CVSS5AI score0.0031EPSS
Exploits0References3Affected Software1
Zero Day Initiative
Zero Day Initiative
added 2024/06/21 12:0 a.m.17 views

(Pwn2Own) Phoenix Contact CHARX SEC-3100 OCPP Protocol UpdateFirmware Command Injection Remote Code Execution Vulnerability

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Phoenix Contact CHARX SEC-3100 devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of the location parameter of the...

7.5CVSS7.2AI score0.0147EPSS
Exploits0References1
Debian
Debian
added 2024/06/20 6:36 p.m.20 views

[SECURITY] [DSA 5717-1] php8.2 security update

------------------------------------------------------------------------- Debian Security Advisory DSA-5717-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff June 20, 2024 https://www.debian.org/security/faq -...

5.3CVSS6.5AI score0.12117EPSS
Exploits1
Tenable Nessus
Tenable Nessus
added 2024/06/20 12:0 a.m.23 views

Debian dsa-5717 : libapache2-mod-php8.2 - security update

The remote Debian 12 host has packages installed that are affected by a vulnerability as referenced in the dsa-5717 advisory. - ------------------------------------------------------------------------- Debian Security Advisory DSA-5717-1 [email protected] https://www.debian.org/security/ Moritz...

5.3CVSS7AI score0.12117EPSS
Exploits1References4
CVE
CVE
added 2024/06/05 4:15 p.m.65 views

CVE-2024-20405

CVE-2024-20405 affects Cisco Finesse, specifically the web-based management interface. The flaw arises from insufficient input validation for HTTP requests, enabling an unauthenticated, remote attacker to perform a stored XSS by exploiting a remote file inclusion (RFI) vulnerability. A crafted li...

6.1CVSS6.3AI score0.00648EPSS
Exploits1References1Affected Software1
OSV
OSV
added 2024/05/23 4:27 p.m.4 views

USN-6785-1 gnome-remote-desktop vulnerability

Matthias Gerstner discovered that GNOME Remote Desktop incorrectly performed certain user validation checks. A local attacker could possibly use this issue to obtain sensitive information, or take control of remote desktop connections...

7.5CVSS5.8AI score0.00569EPSS
Exploits0References2
Ubuntu
Ubuntu
added 2024/05/23 4:27 p.m.93 views

USN-6785-1: GNOME Remote Desktop vulnerability

Matthias Gerstner discovered that GNOME Remote Desktop incorrectly performed certain user validation checks. A local attacker could possibly use this issue to obtain sensitive information, or take control of remote desktop connections...

7.5CVSS7.3AI score0.00569EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2024/05/23 12:0 a.m.21 views

Ubuntu 24.04 LTS : GNOME Remote Desktop vulnerability (USN-6785-1)

The remote Ubuntu 24.04 LTS host has a package installed that is affected by a vulnerability as referenced in the USN-6785-1 advisory. Matthias Gerstner discovered that GNOME Remote Desktop incorrectly performed certain user validation checks. A local attacker could possibly use this issue to...

7.5CVSS7.4AI score0.00569EPSS
Exploits0References2
Zero Day Initiative
Zero Day Initiative
added 2024/05/22 12:0 a.m.28 views

LAquis SCADA LGX Report TextFile Open Path Traversal Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of LAquis SCADA. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the implementation of...

7.8CVSS7.8AI score0.00411EPSS
Exploits0References1
CVE
CVE
added 2024/05/03 1:57 a.m.95 views

CVE-2023-34276

CVE-2023-34276 affects D-Link DIR-2150 routers. The vulnerability is a command-injection in the SOAP API interface listening on TCP port 80, caused by improper validation of a user-supplied string before it is used in a system call. This allows an attacker with network access to execute code with...

8CVSS7.3AI score0.0176EPSS
Exploits0References1Affected Software1
CNVD
CNVD
added 2024/04/16 12:0 a.m.5 views

WordPress LifterLMS plugin cross-site request forgery vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site request forger...

8.8CVSS6.4AI score0.00322EPSS
Exploits0References1
0day.today
0day.today
added 2024/04/15 12:0 a.m.324 views

djangorestframework-simplejwt 5.3.1 - Information Disclosure Exploit

Exploit Title: djangorestframework-simplejwt 5.3.1 - Information Disclosure Date: 26/01/2024 Exploit Author: Dhrumil Mistry dmdhrumilmistry Vendor Homepage: https://github.com/jazzband/djangorestframework-simplejwt/ Software...

5.5CVSS7AI score0.00804EPSS
Exploits3
Packet Storm
Packet Storm
added 2024/04/15 12:0 a.m.504 views

Django REST Framework SimpleJWT 5.3.1 Information Disclosure

Exploit Title: djangorestframework-simplejwt 5.3.1 - Information Disclosure Date: 26/01/2024 Exploit Author: Dhrumil Mistry dmdhrumilmistry Vendor Homepage: https://github.com/jazzband/djangorestframework-simplejwt/ Software...

7.4AI score0.00804EPSS
Exploits3
Exploit DB
Exploit DB
added 2024/04/15 12:0 a.m.318 views

djangorestframework-simplejwt 5.3.1 - Information Disclosure

Exploit Title: djangorestframework-simplejwt 5.3.1 - Information Disclosure Date: 26/01/2024 Exploit Author: Dhrumil Mistry dmdhrumilmistry Vendor Homepage: https://github.com/jazzband/djangorestframework-simplejwt/ Software...

5.5CVSS6.4AI score0.00804EPSS
Exploits3
CNNVD
CNNVD
added 2024/04/12 12:0 a.m.7 views

WordPress Plugin LifterLMS 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site request forger...

8.8CVSS6.7AI score0.00322EPSS
Exploits0References2
Rows per page
Query Builder