Lucene search
K

151 matches found

RedhatCVE
RedhatCVE
added 2025/05/23 6:39 a.m.11 views

CVE-2024-22067

ZTE NH8091 product has an improper permission control vulnerability. Due to improper permission control of the Web module interface, an authenticated attacker may exploit the vulnerability to execute arbitrary commands...

8.8CVSS7.5AI score0.00673EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 5:9 p.m.5 views

CVE-2020-36827

The XAO::Web module before 1.84 for Perl mishandles characters in JSON output during use of json-embed in Web::Action...

5.4CVSS6.9AI score0.00339EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/22 4:46 p.m.8 views

CVE-2020-6873

A ZTE product has a DoS vulnerability. Because the equipment couldn’t distinguish the attack packets and normal packets with valid http links, the remote attackers could use this vulnerability to cause the equipment WEB/TELNET module denial of service and make the equipment be out of management...

5.3CVSS6.9AI score0.01251EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 3:41 p.m.9 views

CVE-2020-6876

A ZTE product is impacted by an XSS vulnerability. The vulnerability is caused by the lack of correct verification of client data in the WEB module. By inserting malicious scripts into the web module, a remote attacker could trigger an XSS attack when the user browses the web page. Then the...

5.4CVSS6.1AI score0.00614EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 1:9 p.m.10 views

CVE-2018-15641

Cross-site scripting XSS issue in web module in Odoo Community 11.0 through 14.0 and Odoo Enterprise 11.0 through 14.0, allows remote authenticated internal users to inject arbitrary web script in the browser of a victim via crafted calendar event attributes...

6.3CVSS5.7AI score0.00702EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/11/18 6:45 a.m.48 views

CVE-2024-22067 ZTE NH8091 product has an improper permission control vulnerability

ZTE NH8091 product has an improper permission control vulnerability. Due to improper permission control of the Web module interface, an authenticated attacker may exploit the vulnerability to execute arbitrary commands...

6.8CVSS0.00673EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/11/18 6:45 a.m.10 views

CVE-2024-22067 ZTE NH8091 product has an improper permission control vulnerability

ZTE NH8091 product has an improper permission control vulnerability. Due to improper permission control of the Web module interface, an authenticated attacker may exploit the vulnerability to execute arbitrary commands...

6.8CVSS7.7AI score0.00673EPSS
Exploits0References1
CVE
CVE
added 2024/11/18 6:45 a.m.56 views

CVE-2024-22067

The CVE-2024-22067 entry concerns the ZTE NH8091, where the Web module interface suffers improper permission control. An authenticated attacker could execute arbitrary commands due to insufficient access checks. The NVD reports a CVSSv3.1 base score of 8.8 (High) with network attack vector, low a...

8.8CVSS7.3AI score0.00673EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2024/11/18 12:0 a.m.2 views

ZTE NH8091 安全漏洞

ZTE NH8091 is a modem from ZTE Corporation ZTE, China. A security vulnerability exists in the ZTE NH8091 V1.8 version, which originates from improper control of the Web module interface privileges and can be exploited by an authenticated attacker to execute arbitrary commands...

8.8CVSS7.2AI score0.00673EPSS
Exploits0References1
BDU FSTEC
BDU FSTEC
added 2024/11/14 12:0 a.m.5 views

The vulnerability in the web module of the Spring Cloud Function software platform allows a attacker to perform a “denial-of-service” attack.

The vulnerability in the Spring Cloud Function software platform’s web module is related to insufficient validation of input data. Exploiting this vulnerability allows a remote attacker to execute a “denial-of-service” attack...

8.5CVSS6.8AI score0.0036EPSS
Exploits0References5Affected Software1
Vulnrichment
Vulnrichment
added 2024/07/09 12:50 p.m.20 views

CVE-2024-22271 Spring Cloud Function Web DOS Vulnerability

In Spring Cloud Function framework, versions 4.1.x prior to 4.1.2, 4.0.x prior to 4.0.8 an application is vulnerable to a DOS attack when attempting to compose functions with non-existing functions. Specifically, an application is vulnerable when all of the following are true: User is using Sprin...

8.2CVSS6.6AI score0.0036EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/07/09 12:50 p.m.38 views

CVE-2024-22271 Spring Cloud Function Web DOS Vulnerability

In Spring Cloud Function framework, versions 4.1.x prior to 4.1.2, 4.0.x prior to 4.0.8 an application is vulnerable to a DOS attack when attempting to compose functions with non-existing functions. Specifically, an application is vulnerable when all of the following are true: User is using Sprin...

8.2CVSS0.0036EPSS
Exploits0References1
Spring Security Advisories
Spring Security Advisories
added 2024/06/19 12:0 a.m.7 views

Spring Cloud Function Web DOS Vulnerability

Description In Spring Cloud Function framework, versions 4.1.x prior to 4.1.2, 4.0.x prior to 4.0.8 an application is vulnerable to a DOS attack when attempting to compose functions with non-existing functions. Specifically, an application is vulnerable when all of the following are true: User is...

8.2CVSS7.1AI score0.0127EPSS
Exploits0
Vulnrichment
Vulnrichment
added 2024/03/24 12:0 a.m.8 views

CVE-2020-36827

The XAO::Web module before 1.84 for Perl mishandles characters in JSON output during use of json-embed in Web::Action...

6.9AI score0.00339EPSS
Exploits0References2
OpenVAS
OpenVAS
added 2024/03/08 12:0 a.m.20 views

Fedora: Security Advisory for openjfx8 (FEDORA-2024-129d8ca6fc)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

8.8CVSS9.2AI score0.02557EPSS
Exploits3References2
CNNVD
CNNVD
added 2023/10/25 12:0 a.m.3 views

IDAttend IDWeb SQL Injection Vulnerability

IDAttend IDWeb is a web-based module from IDAttend, Inc. A security vulnerability exists in IDAttend IDWeb version 3.1.052 and prior versions that stems from an unauthenticated SQL injection in the GetExcursionList method...

9.8CVSS8AI score0.00759EPSS
Exploits0References2
CNNVD
CNNVD
added 2023/10/25 12:0 a.m.2 views

IDAttend IDWeb SQL Injection Vulnerability

IDAttend IDWeb is a web-based module from IDAttend, Inc. A security vulnerability exists in the IDAttend IDWeb application version 3.1.052 and prior versions, which stems from an unauthenticated SQL injection in the GetVisitors method...

9.8CVSS8AI score0.00556EPSS
Exploits0References2
CNNVD
CNNVD
added 2023/10/25 12:0 a.m.3 views

IDAttend IDWeb Access Control Error Vulnerability

IDAttend IDWeb is a web-based module from IDAttend, Inc. A security vulnerability exists in IDAttend IDWeb version 3.1.052 and prior versions, which stems from a lack of authentication in the StudentPopupDetailsContactDetails method...

7.5CVSS7AI score0.00695EPSS
Exploits0References2
CNNVD
CNNVD
added 2023/10/25 12:0 a.m.4 views

IDAttend IDWeb Access Control Error Vulnerability

IDAttend IDWeb is a web-based module from IDAttend, Inc. A security vulnerability exists in IDAttend IDWeb version 3.1.052 and prior versions, which stems from a lack of authentication in the DeleteAssignments method...

6.5CVSS7AI score0.00526EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2023/09/07 12:0 a.m.22 views

Oracle Linux 8 : squid:4 (ELSA-2019-3476)

The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2019-3476 advisory. - The cachemgr.cgi web module of Squid through 4.7 has XSS via the username or auth parameter. CVE-2019-13345 Note that Nessus has not tested for this issue but...

6.1CVSS6.1AI score0.74477EPSS
Exploits1References2
Rows per page
Query Builder