Lucene search
+L

74 matches found

Vulnrichment
Vulnrichment
added 2024/02/19 7:56 p.m.17 views

CVE-2024-25640 Improper Neutralization of Alternate XSS Syntax in iris-web

Iris is a web collaborative platform that helps incident responders share technical details during investigations. A stored Cross-Site Scripting XSS vulnerability has been identified in iris-web, affecting multiple locations in versions prior to v2.4.0. The vulnerability may allow an attacker to...

4.6CVSS5.3AI score0.00337EPSS
Exploits0References1
GithubExploit
GithubExploit
added 2024/02/08 7:2 p.m.507 views

Exploit for SQL Injection in Automattic Woocommerce_Blocks

CVE-2021-32789 Authenticated Blind SQL Injection. Wordpress wo...

7.5CVSS7.7AI score0.17227EPSS
Exploits2
Prion
Prion
added 2023/12/19 9:15 p.m.19 views

Command injection

An authenticated command injection vulnerability in Weintek cMT2078X easyweb Web Version v2.1.3, OS v20220215 allows attackers to execute arbitrary code or access sensitive information via injecting a crafted payload into the HMI Name parameter...

6.5CVSS8AI score0.01904EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2023/12/19 12:0 a.m.54 views

CVE-2023-50466

The CVE-2023-50466 issue affects Weintek cMT2078X EasyWeb Web, Version v2.1.3, OS v20220215. The vulnerability is an authenticated command injection in the HMI Name parameter, allowing an attacker with valid credentials to execute arbitrary code or access sensitive information. Affected component...

8.8CVSS8.7AI score0.01904EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2023/12/19 12:0 a.m.26 views

CVE-2023-50466

An authenticated command injection vulnerability in Weintek cMT2078X easyweb Web Version v2.1.3, OS v20220215 allows attackers to execute arbitrary code or access sensitive information via injecting a crafted payload into the HMI Name parameter...

8.9AI score0.01904EPSS
Exploits0References1
CNNVD
CNNVD
added 2023/10/25 12:0 a.m.5 views

TOTOLINK X2000R Buffer Error Vulnerability

The TOTOLINK X2000R is a wireless router from China's Gion Electronics TOTOLINK. A security vulnerability exists in the TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web version, which stems from a buffer overflow issue in the formWlanRedirect method...

9.8CVSS7.3AI score0.0083EPSS
Exploits1References3
CNNVD
CNNVD
added 2023/10/25 12:0 a.m.7 views

TOTOLINK X2000R Buffer Error Vulnerability

The TOTOLINK X2000R is a wireless router from China's Gion Electronics TOTOLINK. A security vulnerability exists in the TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web version, which stems from a buffer overflow issue in the formWirelessTbl method...

9.8CVSS7.3AI score0.01027EPSS
Exploits1References3
0day.today
0day.today
added 2023/10/02 12:0 a.m.328 views

Electrolink FM/DAB/TV Transmitter Unauthenticated Remote Denial Of Service Vulnerability

Electrolink FM/DAB/TV Transmitter from a denial of service scenario. An unauthenticated attacker can reset the board as well as stop the transmitter operations by sending one GET request to the command.cgi gateway. Electrolink FM/DAB/TV Transmitter Unauthenticated Remote DoS Vendor: Electrolink...

7AI score
Exploits0
Vulnrichment
Vulnrichment
added 2023/06/28 8:23 p.m.18 views

CVE-2023-3243

UNSUPPORTED WHEN ASSIGNED An attacker can capture an authenticating hash and utilize it to create new sessions. The hash is also a poorly salted MD5 hash, which could result in a successful brute force password attack. Impacted product is BCM-WEB version 3.3.X. Recommended fix: Upgrade to a...

8.3CVSS7.2AI score0.00606EPSS
Exploits0References1
Cvelist
Cvelist
added 2023/06/28 8:23 p.m.34 views

CVE-2023-3243

UNSUPPORTED WHEN ASSIGNED An attacker can capture an authenticating hash and utilize it to create new sessions. The hash is also a poorly salted MD5 hash, which could result in a successful brute force password attack. Impacted product is BCM-WEB version 3.3.X. Recommended fix: Upgrade to a...

8.3CVSS9.6AI score0.00606EPSS
Exploits0References1
Microsoft CVE
Microsoft CVE
added 2023/03/10 8:0 a.m.4 views

Denial of service via crafted HTTP/2 stream in net/http and golang.org/x/net

...

7.5CVSS6.9AI score0.04561EPSS
Exploits0
NVD
NVD
added 2023/02/15 7:15 p.m.14 views

CVE-2023-23460

Priority Web version 19.1.0.68, parameter manipulation on an unspecified end-point may allow authentication bypass...

9.8CVSS9.6AI score0.00688EPSS
Exploits0References1
Prion
Prion
added 2023/02/15 7:15 p.m.14 views

Authentication flaw

Priority Web version 19.1.0.68, parameter manipulation on an unspecified end-point may allow authentication bypass...

7.5CVSS9.6AI score0.00688EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2023/02/12 12:0 a.m.7 views

Grup Arge Energy and Control Systems SmartPower Energy Management System 输入验证错误漏洞

Grup Arge Energy and Control Systems SmartPower Energy Management System is a web-based system from Grup Arge Energy and Control Systems developed specifically to improve energy efficiency in organizations. A security vulnerability exists in Grup Arge Energy and Control Systems SmartPower Energy...

9.8CVSS8.3AI score0.00724EPSS
Exploits0References3
CNNVD
CNNVD
added 2023/01/26 12:0 a.m.2 views

Carel pCOWeb 安全漏洞

Carel pCOWeb is a programmable control card. A security vulnerability exists in Carel pCOWeb card BIOS version v6.27, BOOT version v5.00, and web version v2.2. An attacker could use this vulnerability to gain access to the configuration and service interfaces...

7.5CVSS7.4AI score0.00934EPSS
Exploits0References3
vulnersOsv
vulnersOsv
added 2022/02/10 8:28 p.m.8 views

ai.konduit.serving:konduit-serving-api (>=0.0.2 <=0.3.0), ai.konduit.serving:konduit-serving-cli (>=0.0.2 <=0.3.0) +1764 more potentially affected by CVE-2019-17640 via io.vertx:vertx-web (>=3.0.0 <=3.9.3)

io.vertx:vertx-web MAVEN version =3.0.0, =0.0.2, =0.0.2, =0.0.2, =0.0.2, =0.0.2, =0.0.2, =0.0.2, =0.0.2, =0.0.2, =0.0.2, =0.0.2, =19.9.0, =22.3.2 and more Source cves: CVE-2019-17640 Source advisory: OSV:GHSA-VJW7-6GFQ-6WF5...

9.8CVSS7.2AI score0.02002EPSS
Exploits0
CNVD
CNVD
added 2021/07/16 12:0 a.m.13 views

Weak Password Vulnerability in Goldilocks SMS Middleware Web Edition

Kindi SMS middleware Web Edition is designed to build a hardware device-based SMS data exchange platform. A weak password vulnerability exists in Kindi SMS Middleware Web Edition, which can be exploited by attackers to obtain sensitive information...

6.9AI score
Exploits0
HackRead
HackRead
added 2021/05/09 6:34 p.m.45 views

WhatsApp is reportedly working on web version without connected phone

By Waqas Apparently, WhatsApp is working on a Universal Windows Platform that would let you use the app on a PC without using your smartphone. This is a post from HackRead.com Read the original post: WhatsApp is reportedly working on web version without connected phone...

2AI score
Exploits0
NVD
NVD
added 2021/04/06 4:15 p.m.23 views

CVE-2020-23533

Union Pay up to 1.2.0, for web based versions contains a CWE-347: Improper Verification of Cryptographic Signature vulnerability, allows attackers to shop for free in merchants' websites and mobile apps, via a crafted authentication code MAC which is generated based on a secret key which is NULL...

7.5CVSS0.00924EPSS
Exploits0References4
CNVD
CNVD
added 2021/02/23 12:0 a.m.3 views

SQL Injection Vulnerability in WEB Version of Online Education System of Shandong Wanyue Information Technology Co.

WEB version of Wanyue online education system is an online education system developed by Shandong Wanyue Information Technology Co. WEB version of Shandong Wanyue Online Education System has a SQL injection vulnerability, which can be exploited by attackers to obtain sensitive information from th...

7.4AI score
Exploits0
Rows per page
Query Builder