Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

742 matches found

OSV
OSVadded 2024/11/07 11:34 p.m.15 views

CVE-2024-51998 Path traversal using file URI scheme without supplying hostname in changedetection.io

changedetection.io is a free open source web page change detection tool. The validation for the file URI scheme falls short, and results in an attacker being able to read any file on the system. This issue only affects instances with a webdriver enabled, and ALLOWFILEURI false or not defined. The...

8.6CVSS6.2AI score0.00697EPSS
Exploits0References5
Snyk
Snykadded 2024/11/07 10:0 p.m.4 views

Directory Traversal

Overview changedetection.io is a Website change detection and monitoring service Affected versions of this package are vulnerable to Directory Traversal due to improper validation for the file URI scheme. An attacker can read any file on the system by crafting a URL that bypasses the intended...

8.6CVSS7.3AI score0.00697EPSS
Exploits0References2
OSV
OSVadded 2024/11/07 10:0 p.m.12 views

GHSA-6JRF-RCJF-245R changedetection.io path traversal using file URI scheme without supplying hostname

Summary The validation for the file URI scheme falls short, and results in an attacker being able to read any file on the system. This issue only affects instances with a webdriver enabled, and ALLOWFILEURI false or not defined. Details The check used for URL protocol, issafeurl, allows file: as ...

8.6CVSS8.3AI score0.00697EPSS
Exploits0References7
Github Security Blog
Github Security Blogadded 2024/11/07 10:0 p.m.21 views

changedetection.io path traversal using file URI scheme without supplying hostname

Summary The validation for the file URI scheme falls short, and results in an attacker being able to read any file on the system. This issue only affects instances with a webdriver enabled, and ALLOWFILEURI false or not defined. Details The check used for URL protocol, issafeurl, allows file: as ...

8.6CVSS6.5AI score0.00697EPSS
Exploits0References7Affected Software1
Positive Technologies
Positive Technologiesadded 2024/11/07 12:0 a.m.4 views

PT-2024-35086 · Unknown · Changedetection.Io

Name of the Vulnerable Software and Affected Versions: changedetection.io versions prior to 0.47.06 Description: The validation for the file URI scheme in changedetection.io falls short, allowing an attacker to read any file on the system. This issue only affects instances with a webdriver enable...

8.6CVSS6.8AI score0.00697EPSS
Exploits0References15
Github Security Blog
Github Security Blogadded 2024/11/01 9:39 p.m.28 views

changedetection.io Path Traversal

Summary When a WebDriver is used to fetch files source:file:///etc/passwd can be used to retrieve local system files, where the more traditional file:///etc/passwd gets blocked Details The root cause is the payload source:file:///etc/passwdpasses the regex here and also passes the check here wher...

6.9CVSS6.6AI score0.0229EPSS
Exploits0References6Affected Software1
OSV
OSVadded 2024/11/01 9:39 p.m.11 views

GHSA-CWGG-57XJ-G77R changedetection.io Path Traversal

Summary When a WebDriver is used to fetch files source:file:///etc/passwd can be used to retrieve local system files, where the more traditional file:///etc/passwd gets blocked Details The root cause is the payload source:file:///etc/passwdpasses the regex here and also passes the check here wher...

6.9CVSS6.1AI score0.0229EPSS
Exploits0References6
Vulnrichment
Vulnrichmentadded 2024/11/01 4:19 p.m.22 views

CVE-2024-51483 changedetection.io Path Traversal vulnerability

changedetection.io is free, open source web page change detection software. Prior to version 0.47.5, when a WebDriver is used to fetch files, source:file:///etc/passwd can be used to retrieve local system files, where the more traditional file:///etc/passwd gets blocked. Version 0.47.5 fixes the...

6.9CVSS6.7AI score0.0229EPSS
Exploits0References4
Cvelist
Cvelistadded 2024/11/01 4:19 p.m.51 views

CVE-2024-51483 changedetection.io Path Traversal vulnerability

changedetection.io is free, open source web page change detection software. Prior to version 0.47.5, when a WebDriver is used to fetch files, source:file:///etc/passwd can be used to retrieve local system files, where the more traditional file:///etc/passwd gets blocked. Version 0.47.5 fixes the...

6.9CVSS0.0229EPSS
Exploits0References4
Positive Technologies
Positive Technologiesadded 2024/11/01 12:0 a.m.3 views

PT-2024-34647 · Unknown · Changedetection.Io

Name of the Vulnerable Software and Affected Versions: changedetection.io versions prior to 0.47.5 Description: The issue allows retrieval of local system files when a WebDriver is used to fetch files, by utilizing source:file:///etc/passwd, which bypasses the block on traditional...

6.9CVSS7AI score0.0229EPSS
Exploits0References10
Exploit DB
Exploit DBadded 2024/03/06 12:0 a.m.400 views

CSZ CMS Version 1.3.0 - Authenticated Remote Command Execution

Exploit Title: CSZ CMS Version 1.3.0 Remote Command Execution Date: 17/11/2023 Exploit Author: tmrswrr Vendor Homepage: https://www.cszcms.com/ Software Link: https://www.cszcms.com/link/3https://sourceforge.net/projects/cszcms/files/latest/download Version: Version 1.3.0 Tested on:...

7.4AI score
Exploits0
Kitploit
Kitploitadded 2024/02/27 11:30 a.m.51 views

Huntr-Com-Bug-Bounties-Collector - Keep Watching New Bug Bounty (Vulnerability) Postings

New bug bountyvulnerabilities collector Requirements Chrome with GUI If you encounter trouble with script execution, check the status of VMs GPU features, if available. Chrome WebDriver Preview python3 main.py 2024-02-20 16:14:47.836189 1. Arbitrary File Reading due to Lack of Input Filepath...

9.4CVSS8.8AI score0.00892EPSS
Exploits1References1
Packet Storm
Packet Stormadded 2023/11/27 12:0 a.m.268 views

CSZ CMS 1.3.0 Remote Command Execution

Exploit Title: CSZ CMS Version 1.3.0 Remote Command Execution Date: 17/11/2023 Exploit Author: tmrswrr Vendor Homepage: https://www.cszcms.com/ Software Link: https://www.cszcms.com/link/3https://sourceforge.net/projects/cszcms/files/latest/download Version: Version 1.3.0 Tested on:...

7.4AI score
Exploits0
Snyk
Snykadded 2023/10/15 11:49 p.m.3 views

NULL Pointer Dereference

Overview Selenium.WebDriver is a .NET bindings for the Selenium WebDriver API Affected versions of this package are vulnerable to NULL Pointer Dereference due to an insufficient check on CookieWndProc function. An attacker can cause the application to crash by sending specially crafted data that...

7.5CVSS6.9AI score0.00852EPSS
Exploits1References2
0day.today
0day.todayadded 2023/09/20 12:0 a.m.377 views

WordPress My Login Theme 2FA Brute Force Exploit

The theme my login plugin before 1.2 does not check how often a 2FA code was wrongly entered, allowing a bruteforce of codes to bypass 2FA effectively. A working python exploit: from typing import KeysView from selenium.webdriver.common.by import By from selenium import webdriver from...

7.4AI score
Exploits0
Veracode
Veracodeadded 2023/08/06 9:36 a.m.27 views

Authorization Bypass

firefox and thunderbird are vulnerable to Authorization Bypasses. This vulnerability occurs when Firefox parses a specially crafted WebDriver command. If the command is valid, Firefox could execute arbitrary JavaScript code in the context of the current web page. This could be used to steal the...

4.3CVSS7.3AI score0.00636EPSS
Exploits0References8Affected Software3
SUSE CVE
SUSE CVEadded 2023/02/15 3:28 a.m.4 views

SUSE CVE-2022-22757

Remote Agent, used in WebDriver, did not validate the Host or Origin headers. This could have allowed websites to connect back locally to the user's browser to control it. This bug only affected Firefox when WebDriver was enabled, which is not the default configuration.. This vulnerability affect...

6.5CVSS8.5AI score0.00231EPSS
Exploits0References4
CNVD
CNVDadded 2022/12/30 12:0 a.m.26 views

Mozilla Firefox Access Control Error Vulnerability (CNVD-2023-03068)

Mozilla Firefox is an open source Web browser from the Mozilla Foundation in the U.S. An access control error vulnerability exists in Mozilla Firefox, which stems from the Remote Agent used in WebDriver not validating the Host or Origin header. An attacker could exploit the vulnerability to force...

6.5CVSS2.5AI score0.00231EPSS
Exploits0References1
OSV
OSVadded 2022/12/22 8:15 p.m.3 views

CVE-2022-22757

Remote Agent, used in WebDriver, did not validate the Host or Origin headers. This could have allowed websites to connect back locally to the user's browser to control it. This bug only affected Firefox when WebDriver was enabled, which is not the default configuration.. This vulnerability affect...

6.5CVSS7.4AI score0.00231EPSS
Exploits0References2
NVD
NVDadded 2022/12/22 8:15 p.m.17 views

CVE-2022-22757

Remote Agent, used in WebDriver, did not validate the Host or Origin headers. This could have allowed websites to connect back locally to the user's browser to control it. This bug only affected Firefox when WebDriver was enabled, which is not the default configuration.. This vulnerability affect...

6.5CVSS0.00231EPSS
Exploits0References2
Rows per page
Query Builder