Lucene search
+L

211 matches found

debiancve
debiancve
added 2024/02/02 3:34 p.m.31 views

CVE-2024-23831

LedgerSMB is a free web-based double-entry accounting system. When a LedgerSMB database administrator has an active session in /setup.pl, an attacker can trick the admin into clicking on a link which automatically submits a request to setup.pl without the admin's consent. This request can be used...

7.5CVSS5.9AI score0.00274EPSS
Exploits0
osv
osv
added 2024/01/12 3:15 p.m.1 views

CVE-2023-49262

The authentication mechanism can be bypassed by overflowing the value of the Cookie "authentication" field, provided there is an active user session...

9.8CVSS5.8AI score0.00666EPSS
Exploits0References2
ptsecurity
ptsecurity
added 2024/01/12 12:0 a.m.4 views

PT-2024-13719 · Hongdian · H8951-4G-Esp +1

Name of the Vulnerable Software and Affected Versions: Software affected versions not specified Description: The authentication mechanism can be bypassed by overflowing the value of the authentication field in the Cookie, provided there is an active user session. Recommendations: At the moment,...

9.8CVSS7.4AI score0.00666EPSS
Exploits0References7
veracode
veracode
added 2024/01/03 7:45 a.m.23 views

Improper Authorization

github.com/mattermost/mattermost/ is vulnerable to Improper Authorization. The vulnerability is caused when user receives updated permissions during active session. This freshly demoted guest can change group names...

4.3CVSS6.8AI score0.0032EPSS
Exploits0References3Affected Software1
ptsecurity
ptsecurity
added 2023/12/22 12:0 a.m.4 views

PT-2023-9220 · Nextcloud +2 · Nextcloud Enterprise Server +3

Name of the Vulnerable Software and Affected Versions: Nextcloud Server versions prior to 26.0.9 and 27.1.4 Nextcloud Enterprise Server versions prior to 23.0.12.13, 24.0.12.9, 25.0.13.4, 26.0.9, and 27.1.4 Description: The issue is related to Nextcloud Server, an open source cloud platform, wher...

9.8CVSS6AI score0.01041EPSS
Exploits6References93
prion
prion
added 2023/10/26 3:15 p.m.23 views

Code injection

ZITADEL is an identity infrastructure management system. ZITADEL users can upload their own avatar image using various image types including SVG. SVG can include scripts, such as javascript, which can be executed during rendering. Due to a missing security header, an attacker could inject code to...

4.9CVSS5.7AI score0.00437EPSS
Exploits0References3
github
github
added 2023/10/03 6:30 a.m.37 views

asyncua Improper Authentication vulnerability

Versions of the package asyncua before 0.9.96 are vulnerable to Improper Authentication such that it is possible to access Address Space without encryption and authentication. Note: This issue is a result of missing checks for services that require an active session...

7.5CVSS6.8AI score0.00454EPSS
Exploits1References10Affected Software1
nvd
nvd
added 2023/10/03 5:15 a.m.66 views

CVE-2023-26150

Versions of the package asyncua before 0.9.96 are vulnerable to Improper Authentication such that it is possible to access Address Space without encryption and authentication. Note: This issue is a result of missing checks for services that require an active session...

7.5CVSS6.8AI score0.00454EPSS
Exploits1References7
osv
osv
added 2023/10/03 5:15 a.m.96 views

UBUNTU-CVE-2023-26150

Versions of the package asyncua before 0.9.96 are vulnerable to Improper Authentication such that it is possible to access Address Space without encryption and authentication. Note: This issue is a result of missing checks for services that require an active session...

7.5CVSS5.8AI score0.00454EPSS
Exploits1References9
cvelist
cvelist
added 2023/10/03 5:0 a.m.60 views

CVE-2023-26150

Versions of the package asyncua before 0.9.96 are vulnerable to Improper Authentication such that it is possible to access Address Space without encryption and authentication. Note: This issue is a result of missing checks for services that require an active session...

6.5CVSS7.7AI score0.00454EPSS
Exploits1References7
osv
osv
added 2023/10/03 5:0 a.m.11 views

CVE-2023-26150

Versions of the package asyncua before 0.9.96 are vulnerable to Improper Authentication such that it is possible to access Address Space without encryption and authentication. Note: This issue is a result of missing checks for services that require an active session...

6.5CVSS7AI score0.00454EPSS
Exploits1References9
bdu_fstec
bdu_fstec
added 2023/09/19 12:0 a.m.7 views

The vulnerability of the QMS.Mobile module of the quality management software for automobile manufacturers allows a violator to intercept an active session.

The vulnerability of the QMS.Mobile module of the quality management software for automobile manufacturers, QMS Automotive, is related to incorrect session duration. Exploiting this vulnerability could allow an attacker to intercept the active session...

3.9CVSS5.5AI score0.00144EPSS
Exploits0References2Affected Software1
prion
prion
added 2023/08/09 12:15 p.m.25 views

Cross site request forgery (csrf)

A cross-site request forgery CSRF token bypass was identified in PRTG 23.2.84.1566 and earlier versions that allows remote attackers to perform actions with the permissions of a victim user, provided the victim user has an active session and is induced to trigger the malicious request. This could...

6.8CVSS8.8AI score0.00506EPSS
Exploits0References3Affected Software1
snyk
snyk
added 2023/06/09 1:10 p.m.2 views

Improper Authentication

Overview Affected versions of this package are vulnerable to Improper Authentication such that it is possible to access Address Space without encryption and authentication. Note: This issue is a result of missing checks for services that require an active session. Remediation Upgrade asyncua to...

7.5CVSS6.9AI score0.00454EPSS
Exploits1References2
attackerkb
attackerkb
added 2023/01/11 12:0 a.m.47 views

CVE-2022-4874

Authentication bypass in Netcomm router models NF20MESH, NF20, and NL1902 allows an unauthenticated user to access content. In order to serve static content, the application performs a check for the existence of specific characters in the URL .css, .png etc. If it exists, it performs a “fake logi...

7.5CVSS7.8AI score0.11009EPSS
In wildExploits1References2
cnvd
cnvd
added 2022/11/09 12:0 a.m.32 views

Siemens POWER METER SICAM Q100 Session Fixed Vulnerability

The POWER METER SICAM Q100 is a multifunctional device for detecting, reporting and analyzing measured values and events. A session fixation vulnerability exists in the Siemens POWER METER SICAM Q100, which can be exploited by an attacker to gain access to a user's account via an active session...

8.8CVSS8.7AI score0.00489EPSS
Exploits0References1
osv
osv
added 2022/10/17 10:15 p.m.4 views

CVE-2020-8976

The integrated server of the ZGR TPS200 NG on its 2.00 firmware version and 1.01 hardware version, allows a remote attacker to perform actions with the permissions of a victim user. For this to happen, the victim user has to have an active session and triggers the malicious request...

8.8CVSS5.8AI score0.00474EPSS
Exploits0References1
nvd
nvd
added 2022/10/17 10:15 p.m.20 views

CVE-2020-8976

The integrated server of the ZGR TPS200 NG on its 2.00 firmware version and 1.01 hardware version, allows a remote attacker to perform actions with the permissions of a victim user. For this to happen, the victim user has to have an active session and triggers the malicious request...

9.6CVSS0.00474EPSS
Exploits0References1
vulnrichment
vulnrichment
added 2022/10/17 9:18 p.m.7 views

CVE-2020-8976 ZGR TPS200 Cross-Site Request Forgery (CSRF)

The integrated server of the ZGR TPS200 NG on its 2.00 firmware version and 1.01 hardware version, allows a remote attacker to perform actions with the permissions of a victim user. For this to happen, the victim user has to have an active session and triggers the malicious request...

9.6CVSS9.3AI score0.00474EPSS
Exploits0References1
cve
cve
added 2022/10/17 9:18 p.m.43 views

CVE-2020-8976

CVE-2020-8976 affects ZGR TPS200 NG (firmware 2.00, hardware 1.01). The vulnerability allows a remote attacker to perform actions with the victim user’s permissions when the victim has an active session and triggers a malicious request (CSRF). Documented impacts include high/critical Confidential...

9.6CVSS8.7AI score0.00474EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder