Lucene search
K

27 matches found

Cvelist
Cvelist
added 2023/12/27 6:45 p.m.38 views

CVE-2023-52077 External apps using tokens issued by administrators and moderators can call admin APIs

Nexkey is a lightweight fork of Misskey v12 optimized for small to medium size servers. Prior to 12.23Q4.5, Nexkey allows external apps using tokens issued by administrators and moderators to call admin APIs. This allows malicious third-party apps to perform operations such as updating server...

8.9CVSS9.6AI score0.00693EPSS
Exploits0References4
OSV
OSV
added 2023/12/27 6:45 p.m.23 views

CVE-2023-52077 External apps using tokens issued by administrators and moderators can call admin APIs

Nexkey is a lightweight fork of Misskey v12 optimized for small to medium size servers. Prior to 12.23Q4.5, Nexkey allows external apps using tokens issued by administrators and moderators to call admin APIs. This allows malicious third-party apps to perform operations such as updating server...

8.9CVSS9AI score0.00693EPSS
Exploits0References6
CVE
CVE
added 2023/12/27 6:45 p.m.70 views

CVE-2023-52077

CVE-2023-52077 concerns Nexkey, a Misskey v12 fork. Before 12.23Q4.5, external apps using administrator/moderator-issued tokens could call admin APIs, enabling operations like updating server settings and risking object storage and email credentials. The issue is patched in 12.23Q4.5. No exploita...

9.8CVSS9.3AI score0.00693EPSS
Exploits0References4Affected Software1
CNVD
CNVD
added 2020/07/30 12:0 a.m.2 views

CentOS Web Panel Operating System Command Injection Vulnerability (CNVD-2020-43609)

CentOS Web Panel CWP is a free web hosting control panel. An operating system command injection vulnerability exists in the ajaxadminapis.php file in the CentOS Web Panel cwp-el7-0.9.8.891 release, which stems from failure to properly validate user-supplied strings before executing system calls. ...

10CVSS8.1AI score0.08083EPSS
Exploits0References1
CNVD
CNVD
added 2020/07/29 12:0 a.m.4 views

CentOS Web Panel Code Execution Vulnerability (CNVD-2020-43140)

CentOS Web Panel CWP is a free web hosting control panel that makes it easy to manage multiple servers Dedicated and VPS without having to access the servers via SSH. A code execution vulnerability in CentOS Web Panel version cwp-e17.0.9.8.923, which stems from the ajaxadminapis.php file not...

10CVSS8AI score0.08083EPSS
Exploits0References1
OSV
OSV
added 2020/07/28 5:15 p.m.4 views

CVE-2020-15607

This vulnerability allows remote attackers to execute arbitrary code on affected installations of CentOS Web Panel cwp-e17.0.9.8.923. Authentication is not required to exploit this vulnerability. The specific flaw exists within ajaxadminapis.php. When parsing the line parameter, the process does...

9.8CVSS7.7AI score0.08083EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2020/06/25 12:0 a.m.5 views

PT-2020-14529 · Centos · Centos Web Panel

Name of the Vulnerable Software and Affected Versions: CentOS Web Panel version cwp-e17.0.9.8.923 Description: This issue allows remote attackers to execute arbitrary code on affected installations. Authentication is not required to exploit this issue. The flaw exists within the ajax admin apis.p...

10CVSS9.8AI score0.08083EPSS
Exploits0References2
Rows per page
Query Builder