Lucene search
K

180 matches found

Positive Technologies
Positive Technologies
added 2024/07/31 12:0 a.m.5 views

PT-2024-11622 · Motorola · Q14 Mesh Router Firmware

Name of the Vulnerable Software and Affected Versions: No specific software or versions mentioned. Description: An authentication bypass issue could allow an attacker to access API functions without authentication. Recommendations: At the moment, there is no information about a newer version that...

7.3CVSS7.2AI score0.00342EPSS
Exploits0References3
OSV
OSV
added 2024/07/29 11:15 p.m.6 views

CVE-2024-40778

An authentication issue was addressed with improved state management. This issue is fixed in macOS Sonoma 14.6, iOS 17.6 and iPadOS 17.6, iOS 16.7.9 and iPadOS 16.7.9. Photos in the Hidden Photos Album may be viewed without authentication...

3.3CVSS5.7AI score
Exploits0References9
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2024/07/29 1:23 a.m.5 views

Multiple products from Check Point Software Technologies vulnerable to information disclosure

Overview Multiple products from Check Point Software Technologies contain an information disclosure vulnerability CWE-200,CVE-2024-24919. JPCERT/CC coordinated with Check Point Software Technologies to publish this advisory in order to notify users of this vulnerability. Impact A remote attacker...

8.6CVSS6.2AI score0.99978EPSS
Exploits52References9
CNNVD
CNNVD
added 2024/06/25 12:0 a.m.6 views

Nepstech Router Security Vulnerability

Nepstech Router is a series of routers from Nepstech. A security vulnerability exists in Nepstech Router xpon terminal NTPL-Xpon1GFEVN. An attacker could exploit the vulnerability to execute arbitrary code via the router's Telnet port 2345 without authentication credentials...

8.4CVSS7.8AI score0.0048EPSS
Exploits0References1
OSV
OSV
added 2024/06/19 12:15 a.m.3 views

CVE-2024-6144

Actiontec WCB6200Q Multipart Boundary Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Actiontec WCB6200Q routers. Authentication is not required to exploit this...

8.8CVSS6.3AI score0.01119EPSS
Exploits0References1
OSV
OSV
added 2024/06/12 2:15 p.m.3 views

CVE-2024-1659

Arbitrary File Upload vulnerability in MegaBIP software allows attacker to upload any file to the server including a PHP code file without an authentication. This issue affects MegaBIP software versions through 5.10...

9.8CVSS5.8AI score0.00571EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2024/05/03 3:15 a.m.8 views

CVE-2023-44403

D-Link DAP-1325 HNAP SetWLanRadioSettings Channel Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1325 routers. Authentication is not required to exploit this vulnerabilit...

8.8CVSS6.3AI score0.01109EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2024/05/03 3:15 a.m.4 views

CVE-2023-41190

D-Link DAP-1325 HNAP SetAPLanSettings IPAddr Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1325 routers. Authentication is not required to exploit this vulnerability. Th...

8.8CVSS6.3AI score0.01187EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2024/05/03 2:15 a.m.3 views

CVE-2023-37322

D-Link DAP-2622 DDP Set SSID List RADIUS Server Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2622 routers. Authentication is not required to exploit this...

8.8CVSS6.3AI score0.00637EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2024/05/03 2:15 a.m.4 views

CVE-2023-37312

D-Link DAP-2622 DDP Set Device Info Device Name Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2622 routers. Authentication is not required to exploit this...

8.8CVSS7.9AI score0.00637EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2024/05/03 2:15 a.m.2 views

CVE-2023-35725

D-Link DAP-2622 DDP User Verification Auth Username Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2622 routers. Authentication is not required to exploit this...

8.8CVSS6.4AI score0.00855EPSS
Exploits0References3
CNNVD
CNNVD
added 2024/03/28 12:0 a.m.5 views

Apple macOS Sonoma 安全漏洞

Apple macOS Sonoma is a desktop operating system from Apple Inc. in the United States. A security vulnerability exists in Apple macOS Sonoma version 14.2, which originates from a process that may gain administrator privileges without proper authentication...

8.3CVSS4.5AI score0.01171EPSS
Exploits2References5
CNNVD
CNNVD
added 2024/03/07 12:0 a.m.4 views

Apple macOS Sonoma Security Vulnerability

Apple macOS Sonoma is a desktop operating system from Apple, Inc. A security vulnerability exists in Apple macOS Sonoma version 14.4, which originates from viewing photos in hidden albums without authentication...

9.1CVSS6.5AI score0.00672EPSS
Exploits0References3
CNNVD
CNNVD
added 2024/03/05 12:0 a.m.4 views

Artica Proxy Security Vulnerability

Artica Proxy is an open source Artica proxy solution from the Spanish company Artica. A security vulnerability exists in Artica Proxy that stems from the Rich Filemanager feature being enabled to run as root user without authentication by default...

9.8CVSS7AI score0.00933EPSS
Exploits3References3
BDU FSTEC
BDU FSTEC
added 2024/02/13 12:0 a.m.4 views

The vulnerability of the Solr software solution for enterprise resource planning by Apache OFBiz, which allows attackers to modify protected information

The vulnerability of the Solr software for enterprise resource planning software Apache OFBiz lies in the lack of authentication for a critical function. Exploiting this vulnerability allows an attacker to remotely modify protected information...

5.3CVSS5.9AI score0.01793EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2023/11/16 9:15 p.m.2 views

CVE-2023-6020

LFI in Ray's /static/ directory allows attackers to read any file on the server without authentication...

7.5CVSS5.8AI score0.14652EPSS
Exploits3References1
Positive Technologies
Positive Technologies
added 2023/11/15 12:0 a.m.4 views

PT-2023-29273 · Apache · Apache Activemq

Name of the Vulnerable Software and Affected Versions: Apache ActiveMQ versions prior to 5.15.16 Apache ActiveMQ versions prior to 5.16.7 Apache ActiveMQ versions prior to 5.17.6 Apache ActiveMQ versions prior to 5.18.3 Description: A new PoC exploit for the Apache ActiveMQ vulnerability allows...

8.2AI score
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2023/10/31 3:15 p.m.5 views

CVE-2023-46992

TOTOLINK A3300R V17.0.0cu.557B20221024 is vulnerable to Incorrect Access Control. Attackers are able to reset serveral critical passwords without authentication by visiting specific pages...

7.5CVSS5.8AI score0.00537EPSS
Exploits1References2
BDU FSTEC
BDU FSTEC
added 2023/10/02 12:0 a.m.8 views

The vulnerability of the CGI microprogramming interface of the D-Link DAP-1325 wireless signal booster allows a intruder to disclose protected information.

The vulnerability of the CGI microprogramming interface of the D-Link DAP-1325 wireless signal booster exists due to the lack of authentication checks before access to functions is granted. Exploiting this vulnerability could allow a malicious actor to disclose protected information...

6.5CVSS6.5AI score0.00682EPSS
Exploits0References5Affected Software1
ATTACKERKB
ATTACKERKB
added 2023/09/20 10:15 p.m.5 views

CVE-2023-43135

There is an unauthorized access vulnerability in TP-LINK ER5120G 4.0 2.0.0 Build 210817 Rel.80868n, which allows attackers to obtain sensitive information of the device without authentication, obtain user tokens, and ultimately log in to the device backend management...

9.8CVSS7.3AI score0.00769EPSS
Exploits1References2
Rows per page
Query Builder