Lucene search
K

214 matches found

osv
osv
added 2024/01/16 2:15 a.m.3 views

CVE-2023-51059

An issue in MOKO TECHNOLOGY LTD MOKOSmart MKGW1 BLE Gateway v.1.1.1 and before allows a remote attacker to escalate privileges via the session management component of the administrative web interface...

8.8CVSS5.8AI score0.00862EPSS
Exploits1References3
attackerkb
attackerkb
added 2023/09/27 3:18 p.m.0 views

CVE-2023-35793

An issue was discovered in Cassia Access Controller 2.1.1.2303271039. Establishing a web SSH session to gateways is vulnerable to Cross Site Request Forgery CSRF attacks...

8.8CVSS5.5AI score0.00888EPSS
Exploits1References4
ptsecurity
ptsecurity
added 2023/09/26 12:0 a.m.6 views

PT-2023-5722 · Unknown · Cassia Access Controller

Name of the Vulnerable Software and Affected Versions: Cassia Access Controller version 2.1.1.2303271039 Description: The issue is related to insufficient authentication of executed requests in the Cassia Access Controller, which can allow a remote attacker to perform a Cross Site Request Forgery...

10CVSS8.8AI score0.00888EPSS
Exploits1References9
thn
thn
added 2023/08/16 11:12 a.m.34 views

Guide: How Google Workspace-based Organizations can leverage Chrome to improve Security

More and more organizations are choosing Google Workspace as their default employee toolset of choice. But despite the productivity advantages, this organizational action also incurs a new security debt. Security teams now have to find a way to adjust their security architecture to this new cloud...

6.6AI score
Exploits0
susecve
susecve
added 2023/02/15 5:33 a.m.4 views

SUSE CVE-2013-6634

The OneClickSigninHelper::ShowInfoBarIfPossible function in browser/ui/sync/oneclicksigninhelper.cc in Google Chrome before 31.0.1650.63 uses an incorrect URL during realm validation, which allows remote attackers to conduct session fixation attacks and hijack web sessions by triggering improper...

6.8CVSS9.1AI score0.01439EPSS
Exploits0References3
ptsecurity
ptsecurity
added 2023/02/09 12:0 a.m.7 views

PT-2023-12674 · Johnson Controls · Johnson Controls System Configuration Tool

Name of the Vulnerable Software and Affected Versions: Johnson Controls System Configuration Tool SCT versions 14 prior to 14.2.3 Johnson Controls System Configuration Tool SCT versions 15 prior to 15.0.3 Description: The issue allows access to a sensitive cookie in an HTTPS session due to the la...

7.5CVSS6.2AI score0.00372EPSS
Exploits0References4
osv
osv
added 2022/12/16 4:15 p.m.4 views

CVE-2022-25626

An unauthenticated user can access Identity Manager’s management console specific page URLs. However, the system doesn’t allow the user to carry out server side tasks without a valid web session...

5.3CVSS5.8AI score0.00687EPSS
Exploits0References1
cvelist
cvelist
added 2022/12/16 12:0 a.m.24 views

CVE-2022-25626

An unauthenticated user can access Identity Manager’s management console specific page URLs. However, the system doesn’t allow the user to carry out server side tasks without a valid web session...

5.6AI score0.00687EPSS
Exploits0References1
ptsecurity
ptsecurity
added 2022/12/16 12:0 a.m.5 views

PT-2022-17418 · Unknown · Identity Manager

Name of the Vulnerable Software and Affected Versions: Identity Manager affected versions not specified Description: An unauthenticated user can access specific page URLs of Identity Manager's management console. However, the system does not allow the user to carry out server-side tasks without a...

5.3CVSS5.2AI score0.00687EPSS
Exploits0References4
osv
osv
added 2022/07/12 10:15 a.m.4 views

CVE-2022-33137

A vulnerability has been identified in SIMATIC MV540 H All versions V3.3, SIMATIC MV540 S All versions V3.3, SIMATIC MV550 H All versions V3.3, SIMATIC MV550 S All versions V3.3, SIMATIC MV560 U All versions V3.3, SIMATIC MV560 X All versions V3.3. The web session management of affected devices...

8CVSS5.7AI score0.00816EPSS
Exploits0References1
attackerkb
attackerkb
added 2022/07/12 10:15 a.m.6 views

CVE-2022-33137

A vulnerability has been identified in SIMATIC MV540 H All versions V3.3, SIMATIC MV540 S All versions V3.3, SIMATIC MV550 H All versions V3.3, SIMATIC MV550 S All versions V3.3, SIMATIC MV560 U All versions V3.3, SIMATIC MV560 X All versions V3.3. The web session management of affected devices...

8CVSS5.8AI score0.00816EPSS
Exploits0References2
prion
prion
added 2022/07/12 10:15 a.m.16 views

Design/Logic Flaw

A vulnerability has been identified in SIMATIC MV540 H All versions V3.3, SIMATIC MV540 S All versions V3.3, SIMATIC MV550 H All versions V3.3, SIMATIC MV550 S All versions V3.3, SIMATIC MV560 U All versions V3.3, SIMATIC MV560 X All versions V3.3. The web session management of affected devices...

6CVSS7.5AI score0.00816EPSS
Exploits0References1Affected Software6
osv
osv
added 2022/05/17 3:53 a.m.2 views

GHSA-8JFX-H6Q2-V4G3 Jenkins session fixation vulnerability

Session fixation vulnerability in Jenkins before 1.551 and LTS before 1.532.2 allows remote attackers to hijack web sessions via vectors involving the "override" of Jenkins cookies...

6.8CVSS5.9AI score0.02061EPSS
Exploits0References5
zdi
zdi
added 2022/02/22 12:0 a.m.33 views

(Pwn2Own) Cisco RV340 NGINX Missing Authentication Information Disclosure Vulnerability

This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of Cisco RV340 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the configuration of the NGINX web server. The issue results from...

6.3CVSS8.3AI score0.04915EPSS
Exploits0References1
attackerkb
attackerkb
added 2022/02/09 11:15 p.m.6 views

CVE-2022-22812

A CWE-79: Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability exists that could cause a web session compromise when an attacker injects and then executes arbitrary malicious JavaScript code inside the target browser. Affected Product: spaceLYnk V2.6.2...

6.1CVSS6.6AI score0.00604EPSS
Exploits0References2
redhat
redhat
added 2021/11/04 4:47 p.m.2 views

Mozilla: Use-after-free in HTTP2 Session object

The Mozilla Foundation Security Advisory describes this flaw as: A use-after-free could have occured when an HTTP2 session object was released on a different thread, leading to memory corruption and a potentially exploitable crash...

8.8CVSS7.4AI score0.0111EPSS
Exploits0References4
hackerone
hackerone
added 2021/06/11 4:14 a.m.10 views

U.S. Dept Of Defense: XSS Reflected - ██████████

Hi Team, I found a XSS Reflected. https://██████████/███onload=%22prompt1 Thanks DRauschkolb Impact XSS vulnerabilities can be used to trick a web user into executing a malicious script, potentially revealing a user's web session information or modify web content & even steal cookies. System Host...

0.6AI score
Exploits0
hackerone
hackerone
added 2021/06/11 4:11 a.m.20 views

U.S. Dept Of Defense: XSS Reflected - ███

Hi Team, I found a XSS Reflected. https://██████/Telerik.ReportViewer.axd?optype=Parameters&bgColor=000000%22onload=%22prompt1 Thans DRauschkolb Impact XSS vulnerabilities can be used to trick a web user into executing a malicious script, potentially revealing a user's web session information or...

0.6AI score
Exploits0
osv
osv
added 2021/02/26 10:15 p.m.3 views

CVE-2021-26560

Cleartext transmission of sensitive information vulnerability in synoagentregisterd in Synology DiskStation Manager DSM before 6.2.3-25426-3 allows man-in-the-middle attackers to spoof servers via an HTTP session...

7.4CVSS7.2AI score
Exploits0References2
cnnvd
cnnvd
added 2021/02/26 12:0 a.m.9 views

Synology DiskStation Manager 安全漏洞

Synology DiskStation Manager DSM is an operating system for use on Network Storage Servers NAS from Synology Inc. of Taiwan, China. This operating system manages information such as data, files, photos, music, and more. A sensitive information clear text transfer vulnerability exists in synorelay...

8.3CVSS6.9AI score0.00669EPSS
Exploits1References4
Rows per page
Query Builder