Lucene search
+L

236 matches found

attackerkb
attackerkb
added 2026/02/19 12:2 p.m.5 views

CVE-2019-25430

Comodo Dome Firewall 2.7.0 contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by submitting crafted input to the username parameter. Attackers can send POST requests to the vpnusers endpoint with script payloads in the usernam...

6.1CVSS5.6AI score0.00369EPSS
Exploits1References4Affected Software1
cve
cve
added 2026/02/19 12:2 p.m.18 views

CVE-2019-25430

Comodo Dome Firewall 2.7.0 is affected by a reflected XSS in the vpn_users endpoint. An unauthenticated attacker can submit crafted input in the username parameter via a POST request to trigger arbitrary JavaScript in a victim’s browser. CVSS v4.0 and v3.1 vectors are provided, with base scores o...

6.1CVSS5.6AI score0.00369EPSS
Exploits1References4Affected Software1
cve
cve
added 2026/02/19 12:2 p.m.15 views

CVE-2019-25428

CVE-2019-25428 affects Comodo Dome Firewall 2.7.0. Affected component: openvpn_users endpoint. Root cause: reflected cross-site scripting via crafted POST parameters (username, remotenets, explicitroutes, static_ip, custom_dns, custom_domain) enabling arbitrary JavaScript in users’ browsers. Impa...

6.1CVSS5.6AI score0.0033EPSS
Exploits1References4Affected Software1
cnnvd
cnnvd
added 2026/02/19 12:0 a.m.11 views

Comodo Dome Firewall 跨站脚本漏洞

Comodo Dome Firewall is a unified threat management and next-generation firewall provided by the Chinese company Comodo. Version 2.7.0 of Comodo Dome Firewall contains a cross-site scripting vulnerability. This vulnerability stems from reflective cross-site scripts present on the vpnusers...

6.1CVSS5.9AI score0.00369EPSS
Exploits1References4
ptsecurity
ptsecurity
added 2026/02/19 12:0 a.m.12 views

PT-2026-20831

Comodo Dome Firewall 2.7.0 contains multiple reflected cross-site scripting vulnerabilities in the openvpn users endpoint that allow attackers to inject malicious scripts through POST parameters. Attackers can submit crafted POST requests with script payloads in the username, remotenets,...

6.1CVSS5.6AI score0.0033EPSS
Exploits1References4
ptsecurity
ptsecurity
added 2026/02/19 12:0 a.m.7 views

PT-2026-20833

Comodo Dome Firewall 2.7.0 contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by submitting crafted input to the username parameter. Attackers can send POST requests to the vpn users endpoint with script payloads in the userna...

6.1CVSS5.6AI score0.00369EPSS
Exploits1References4
ptsecurity
ptsecurity
added 2026/02/18 12:0 a.m.11 views

PT-2026-20470

Name of the Vulnerable Software and Affected Versions Splunk Enterprise versions prior to 10.2.0 Splunk Enterprise versions 10.0.2 through 10.0.2 Splunk Enterprise versions 9.2.12 through 9.4.8 Splunk Enterprise versions 9.3.9 Splunk Cloud Platform versions prior to 10.2.2510.3 Splunk Cloud...

4.3CVSS5.2AI score0.05145EPSS
Exploits0References4
redhatcve
redhatcve
added 2026/02/12 1:3 a.m.9 views

CVE-2024-26478

An issue in Statping-ng v.0.91.0 allows an attacker to obtain sensitive information via a crafted request to the /api/users endpoint...

5.3CVSS5.5AI score0.00386EPSS
Exploits1References1
snyk
snyk
added 2026/02/11 8:56 p.m.5 views

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization via sensitive API endpoints. Low-privileged users can bypass authorization checks to access /api/users, /api/oauth, /api/notifier/amazonsns, and /api/settings/export. Remediation There is no fixed version for...

5.4CVSS5.5AI score0.00534EPSS
Exploits1References2
snyk
snyk
added 2026/02/11 8:56 p.m.4 views

Improperly Controlled Modification of Dynamically-Determined Object Attributes

Overview Affected versions of this package are vulnerable to Improperly Controlled Modification of Dynamically-Determined Object Attributes via the /api/users endpoint. A remote attacker with a low-privileged API token can create new administrative users by abusing the "admin" parameter in a POST...

8.8CVSS5.7AI score0.00494EPSS
Exploits1References2
snyk
snyk
added 2026/02/11 8:56 p.m.5 views

Authorization Bypass Through User-Controlled Key

Overview Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key via the /api/users endpoint. An attacker can access sensitive information by sending a specially crafted request. Remediation There is no fixed version for...

8.8CVSS5.6AI score0.00386EPSS
Exploits1References2
ptsecurity
ptsecurity
added 2026/02/11 12:0 a.m.9 views

PT-2026-7652

Name of the Vulnerable Software and Affected Versions Statping-ng version 0.91.0 Description An issue allows an attacker to obtain sensitive information via a crafted request to the /api/users endpoint. The vulnerable parameter is not specified. Recommendations Update to a newer version that...

5.3CVSS5.3AI score0.00386EPSS
Exploits1References8
cvelist
cvelist
added 2026/02/11 12:0 a.m.23 views

CVE-2024-26478

An issue in Statping-ng v.0.91.0 allows an attacker to obtain sensitive information via a crafted request to the /api/users endpoint...

0.00386EPSS
Exploits1References4
cve
cve
added 2026/02/11 12:0 a.m.12 views

CVE-2024-26478

CVE-2024-26478 affects Statping-ng v0.91.0, where a flaw in the /api/users endpoint can lead to disclosure of sensitive information. Public sources consistently identify the issue as an authorization/privacy weakness tied to that endpoint; Red Hat, NVD, OSV, and third-party advisories reference t...

5.3CVSS5.5AI score0.00386EPSS
Exploits1References4Affected Software1
vulnrichment
vulnrichment
added 2026/02/11 12:0 a.m.2 views

CVE-2024-26478

An issue in Statping-ng v.0.91.0 allows an attacker to obtain sensitive information via a crafted request to the /api/users endpoint...

5.5AI score0.00386EPSS
Exploits1References4
attackerkb
attackerkb
added 2026/02/11 12:0 a.m.4 views

CVE-2024-26478

An issue in Statping-ng v.0.91.0 allows an attacker to obtain sensitive information via a crafted request to the /api/users endpoint...

5.5AI score0.00386EPSS
Exploits1References5
cnnvd
cnnvd
added 2026/02/11 12:0 a.m.7 views

statping-ng 安全漏洞

Statping-ng is an open-source server monitoring software developed by Statping-ng. Version 0.91.0 of Statping-ng contains a security vulnerability. This vulnerability stems from improper handling of specially crafted requests for the /api/users endpoint, which could lead to the disclosure of...

5.3CVSS5.8AI score0.00386EPSS
Exploits1References4
osv
osv
added 2026/02/11 12:0 a.m.6 views

CVE-2024-26478

An issue in Statping-ng v.0.91.0 allows an attacker to obtain sensitive information via a crafted request to the /api/users endpoint...

5.3CVSS5.9AI score0.00386EPSS
Exploits1References6
vulnrichment
vulnrichment
added 2026/02/06 8:30 p.m.4 views

CVE-2026-25729 DeepAudit Affected by User Enumeration via Broken Access Control

DeepAudit is a multi-agent system for code vulnerability discovery. In 3.0.4 and earlier, there is an improper access control vulnerability in the /api/v1/users/ endpoint allows any authenticated user to enumerate all users in the system and retrieve sensitive information including email addresse...

5.3CVSS5.5AI score0.00209EPSS
Exploits0References2
cve
cve
added 2026/02/06 8:30 p.m.21 views

CVE-2026-25729

DeepAudit is affected by an improper access control vulnerability in the /api/v1/users/ endpoint present in version 3.0.4 and earlier. An authenticated user can enumerate all users and retrieve sensitive fields (emails, phone numbers, full names, roles). The issue is documented across multiple so...

6.5CVSS5.5AI score0.00209EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder