Lucene search
K

278 matches found

Tenable Nessus
Tenable Nessus
added 2025/08/09 12:0 a.m.4 views

Linux Distros Unpatched Vulnerability : CVE-2024-42099

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: s390/dasd: Fix invalid dereferencing of indirect CCW data pointer Fix invalid dereferencing ...

5.5CVSS5.1AI score0.00205EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/07/23 5:0 a.m.13 views

CVE-2025-8020

All versions of the package private-ip are vulnerable to Server-Side Request Forgery SSRF where an attacker can provide an IP or hostname that resolves to a multicast IP address 224.0.0.0/4 which is not included as part of the private IP ranges in the package's source code...

8.8CVSS0.00309EPSS
Exploits0References2
OSV
OSV
added 2025/07/22 7:46 p.m.2 views

MINI-CJJR-6VFP-MH2W

Bulletin has no description...

4.9CVSS7.4AI score0.00559EPSS
Exploits0
CVE
CVE
added 2025/07/15 7:27 p.m.23 views

CVE-2025-50060

CVE-2025-50060 affects Oracle BI Publisher (Web Server) in Oracle Analytics. Affected versions: 7.6.0.0.0, 8.2.0.0.0, 12.2.1.4.0. The vulnerability allows a low‑privileged, unauthenticated attacker with network access via HTTP to compromise BI Publisher, enabling unauthorized creation/deletion/mo...

8.1CVSS7.1AI score0.00258EPSS
Exploits0References1Affected Software1
RedhatCVE
RedhatCVE
added 2025/06/27 8:20 a.m.17 views

CVE-2024-51980

An unauthenticated attacker may perform a limited server side request forgery SSRF, forcing the target device to open a TCP connection to an arbitrary port number on an arbitrary IP address. This SSRF leverages the WS-Addressing ReplyTo element in a Web service HTTP TCP port 80 SOAP request. The...

5.3CVSS7.4AI score0.00858EPSS
Exploits0References1
NVD
NVD
added 2025/06/25 8:15 a.m.19 views

CVE-2024-51981

An unauthenticated attacker may perform a blind server side request forgery SSRF, due to a CLRF injection issue that can be leveraged to perform HTTP request smuggling. This SSRF leverages the WS-Addressing feature used during a WS-Eventing subscription SOAP operation. The attacker can control al...

5.3CVSS0.00822EPSS
Exploits0References10
ATTACKERKB
ATTACKERKB
added 2025/06/25 8:15 a.m.4 views

CVE-2024-51980

An unauthenticated attacker may perform a limited server side request forgery SSRF, forcing the target device to open a TCP connection to an arbitrary port number on an arbitrary IP address. This SSRF leverages the WS-Addressing ReplyTo element in a Web service HTTP TCP port 80 SOAP request. The...

5.3CVSS7.3AI score0.00858EPSS
Exploits0References10Affected Software46
Vulnrichment
Vulnrichment
added 2025/06/25 7:22 a.m.6 views

CVE-2024-51980 Unauthenticated Server Side Request Forgery (SSRF) via WS-Addressing affecting multiple models from Brother Industries, Ltd, FUJIFILM Business Innovation, Ricoh, Toshiba Tec, and Konica Minolta, Inc.

An unauthenticated attacker may perform a limited server side request forgery SSRF, forcing the target device to open a TCP connection to an arbitrary port number on an arbitrary IP address. This SSRF leverages the WS-Addressing ReplyTo element in a Web service HTTP TCP port 80 SOAP request. The...

5.3CVSS7.3AI score0.00858EPSS
Exploits0References10
CVE
CVE
added 2025/06/25 7:22 a.m.28 views

CVE-2024-51980

CVE-2024-51980 is an unauthenticated SSRF that, via WS-Addressing ReplyTo in a SOAP web service on HTTP (port 80), forces affected devices to open a TCP connection to an arbitrary IP/port. The vulnerability is reported across multiple Brother Konica Minolta, FUJIFILM, Ricoh, and Toshiba devices (...

5.3CVSS7.3AI score0.00858EPSS
Exploits0References10
Cvelist
Cvelist
added 2025/06/25 7:22 a.m.31 views

CVE-2024-51980 Unauthenticated Server Side Request Forgery (SSRF) via WS-Addressing affecting multiple models from Brother Industries, Ltd, FUJIFILM Business Innovation, Ricoh, Toshiba Tec, and Konica Minolta, Inc.

An unauthenticated attacker may perform a limited server side request forgery SSRF, forcing the target device to open a TCP connection to an arbitrary port number on an arbitrary IP address. This SSRF leverages the WS-Addressing ReplyTo element in a Web service HTTP TCP port 80 SOAP request. The...

5.3CVSS0.00858EPSS
Exploits0References10
Positive Technologies
Positive Technologies
added 2025/06/25 12:0 a.m.4 views

PT-2025-26814 · Brother Industries +4 · Ads-2400N +680

Name of the Vulnerable Software and Affected Versions: The product name cannot be determined. Description: An unauthenticated attacker may perform a blind server side request forgery SSRF, due to a CLRF injection issue that can be leveraged to perform HTTP request smuggling. This SSRF leverages t...

5.3CVSS6.5AI score0.00822EPSS
Exploits0References14
RedhatCVE
RedhatCVE
added 2025/05/23 5:39 a.m.4 views

CVE-2023-26431

IPv4-mapped IPv6 addresses did not get recognized as "local" by the code and a connection attempt is made. Attackers with access to user accounts could use this to bypass existing deny-list functionality and trigger requests to restricted network infrastructure to gain insight about topology and...

5CVSS7.2AI score0.0084EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 7:11 p.m.23 views

CVE-2021-21783

A code execution vulnerability exists in the WS-Addressing plugin functionality of Genivia gSOAP 2.8.107. A specially crafted SOAP request can lead to remote code execution. An attacker can send an HTTP request to trigger this vulnerability...

9.8CVSS7.8AI score0.04983EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 5:10 p.m.6 views

CVE-2020-35473

An information leakage vulnerability in the Bluetooth Low Energy advertisement scan response in Bluetooth Core Specifications 4.0 through 5.2, and extended scan response in Bluetooth Core Specifications 5.0 through 5.2, may be used to identify devices using Resolvable Private Addressing RPA by...

4.3CVSS6.9AI score0.00338EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/21 8:53 p.m.8 views

CVE-2005-4857

eZ publish 3.5 before 3.5.7, 3.6 before 3.6.5, 3.7 before 3.7.3, and 3.8 before 20051128 allows remote authenticated users to cause a denial of service Apache httpd segmentation fault via a request to content/advancedsearch.php with an empty SearchContentClassID parameter, reportedly related to a...

4CVSS6.5AI score0.00933EPSS
Exploits0References1
OSV
OSV
added 2025/05/20 3:21 p.m.7 views

CVE-2025-37931 btrfs: adjust subpage bit start based on sectorsize

In the Linux kernel, the following vulnerability has been resolved: btrfs: adjust subpage bit start based on sectorsize When running machines with 64k page size and a 16k nodesize we started seeing tree log corruption in production. This turned out to be because we were not writing out dirty bloc...

5.5CVSS6.2AI score0.00163EPSS
Exploits0References9
OSV
OSV
added 2025/05/07 7:11 p.m.10 views

RLSA-2024:4237 Moderate: go-toolset security update

Go Toolset provides the Go programming language tools and libraries. Go is alternatively known as golang. Security Fixes: golang: archive/zip: Incorrect handling of certain ZIP files CVE-2024-24789 golang: net/netip: Unexpected behavior from Is methods for IPv4-mapped IPv6 addresses CVE-2024-2479...

7.5CVSS6.5AI score0.01952EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/03/29 3:29 p.m.13 views

CVE-2025-21875

In the Linux kernel, the following vulnerability has been resolved: mptcp: always handle address removal under msk socket lock Syzkaller reported a lockdep splat in the PM control path: WARNING: CPU: 0 PID: 6693 at ./include/net/sock.h:1711 sockownedbyme include/net/sock.h:1711 inline WARNING: CP...

5.5CVSS7.1AI score0.00194EPSS
Exploits0References4
CVE
CVE
added 2025/03/10 6:9 p.m.57 views

CVE-2025-22603

CVE-2025-22603 affects AutoGPT platform prior to autogpt-platform-beta-v0.4.2. The vulnerability is in the Send Web Request component where IPv6 addresses are not restricted or filtered, enabling a server-side request forgery (SSRF) to visit an IPv6 service. The issue is addressed in autogpt-plat...

8.7CVSS7.1AI score0.00534EPSS
Exploits1References4Affected Software1
Tenable Nessus
Tenable Nessus
added 2025/03/03 12:0 a.m.7 views

Linux Distros Unpatched Vulnerability : CVE-2011-4109

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Double free vulnerability in OpenSSL 0.9.8 before 0.9.8s, when X509VFLAGPOLICYCHECK is enabled, allows remote attackers to have an unspecified impact by...

9.3CVSS8.3AI score0.17687EPSS
Exploits0References2
Rows per page
Query Builder