Lucene search
+L

137 matches found

RedhatCVE
RedhatCVE
added 2025/05/23 5:20 a.m.5 views

CVE-2023-21848

Vulnerability in the Oracle Communications Convergence product of Oracle Communications Applications component: Admin Configuration. The supported version that is affected is 3.0.3.1.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Orac...

8.8CVSS6.8AI score0.00631EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 4:37 p.m.14 views

CVE-2020-35126

Typesetter CMS 5.x through 5.1 allows admins to conduct Site Title persistent XSS attacks via an Admin/Configuration URI. NOTE: the significance of this report is disputed because "admins are considered trustworthy...

4.8CVSS6.1AI score0.00694EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/04/16 4:8 p.m.25 views

CVE-2017-15808

In phpMyFaq before 2.9.9, there is CSRF in admin/ajax.config.php...

8.8CVSS6.9AI score0.01173EPSS
Exploits2References1
Drupal
Drupal
added 2025/02/26 12:0 a.m.9 views

OAuth2 Server - Moderately critical - Access bypass - SA-CONTRIB-2025-020

Provides OAuth2 server functionality based on the oauth2-server-php library. The module does not consistently enforce admin configurations allowing users on a disabled server to still authenticate...

9.8CVSS5.5AI score0.00401EPSS
Exploits0References2
CNNVD
CNNVD
added 2024/08/20 12:0 a.m.9 views

Kliqqi CMS 安全漏洞

Kliqqi CMS Pligg CMS is Kliqqi open source a content management system . Kliqqi CMS v2.0.2 version of the cross-site request forgery vulnerability , the vulnerability stems from /admin/adminconfig.php?action=save&varid=32 does not adequately verify whether the request is from a trusted user , an...

8.8CVSS7AI score0.00279EPSS
Exploits1References2
NCSC
NCSC
added 2024/02/08 12:0 a.m.22 views

Vulnerabilities fixed in Cisco Expressway

Cisco has fixed vulnerabilities in Expressway. A malicious party could exploit the vulnerabilities to perform a Cross-Site-Request-forgery to execute on the Web-based management interface. Such an attack can lead to execution of arbitrary commands in the victim's context. Because cannot be ruled...

9.6CVSS7.5AI score0.00846EPSS
Exploits0
OSV
OSV
added 2024/01/30 1:15 a.m.3 views

CVE-2024-1026

A vulnerability was found in Cogites eReserv 7.7.58 and classified as problematic. This issue affects some unknown processing of the file front/admin/config.php. The manipulation of the argument id with the input %22%3E%3Cscript%3Ealert%27XSS%27%3C/script%3E leads to cross site scripting. The...

6.1CVSS3.9AI score0.00312EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2023/11/21 12:0 a.m.48 views

Grafana Enterprise Datasource Network Restrictions Bypass (CVE-2023-4399)

According to its self-reported version number, the version of Grafana Enterprise running on the remote host is a version 9.4.x prior to 9.4.17, 9.5.x prior to 9.5.13, 10.0.x prior to 10.0.9 or 10.1.x prior to 10.1.5. It is, therefore, affected by a restriction bypass vulnerability. In Grafana...

7.2CVSS7.6AI score0.01082EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2023/11/14 5:0 p.m.3 views

c-ares: Buffer Underwrite in ares_inet_net_pton()

A vulnerability was found in c-ares. This issue occurs in the aresinetnetpton function, which is vulnerable to a buffer underflow for certain ipv6 addresses. "0::00:00:00/2" in particular was found to cause an issue. C-ares only uses this function internally for configuration purposes, which woul...

6.4CVSS7.5AI score0.00333EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2023/07/13 5:15 p.m.4 views

CVE-2023-37786

Multiple cross-site scripting XSS vulnerabilities in Geeklog v2.2.2 allow attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Mail Settingsbackend, Mail Settingshost, Mail Settingsport and Mail Settingsauth parameters of the /admin/configuration.php...

4.8CVSS5.9AI score0.00532EPSS
Exploits1References2
Code423n4
Code423n4
added 2023/03/15 12:0 a.m.9 views

Wrong accounting of share leading to incorrect amount of BYTES be minted per second

Lines of code Vulnerability details Impact In NeoTokyoStaker, staker is a competitive system where stakers compete for a fixed emission rate in each of the S1 Citizen, S2 Citizen, and LP token staking pools. For each staking pool, there are some reward windows. Each reward window has different...

6.7AI score
Exploits0
BDU FSTEC
BDU FSTEC
added 2023/01/30 12:0 a.m.7 views

The vulnerability of the Admin Configuration sub-component of the Oracle Communications Convergence component in the Oracle Communications Applications network management and organization software package allows a attacker to execute arbitrary code.

The vulnerability of the Admin Configuration sub-component of the Oracle Communications Convergence component in the Oracle Communications Applications network management and organization software package is related to insufficient validation of input data. Exploiting this vulnerability could all...

9CVSS8.1AI score0.00631EPSS
Exploits0References2Affected Software1
NVD
NVD
added 2023/01/18 12:15 a.m.14 views

CVE-2023-21848

Vulnerability in the Oracle Communications Convergence product of Oracle Communications Applications component: Admin Configuration. The supported version that is affected is 3.0.3.1.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Orac...

8.8CVSS8.4AI score0.00631EPSS
Exploits0References1
OSV
OSV
added 2023/01/18 12:15 a.m.10 views

CVE-2023-21848

Vulnerability in the Oracle Communications Convergence product of Oracle Communications Applications component: Admin Configuration. The supported version that is affected is 3.0.3.1.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Orac...

8.8CVSS7.3AI score0.00631EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2023/01/17 12:0 a.m.6 views

PT-2023-1195 · Oracle · Oracle Communications Convergence

Name of the Vulnerable Software and Affected Versions: Oracle Communications Convergence versions 3.0.3.1.0 Description: The issue is related to insufficient input validation in the Admin Configuration component of Oracle Communications Convergence, part of Oracle Communications Applications. Thi...

9CVSS8.9AI score0.00631EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2022/08/26 4:15 p.m.3 views

CVE-2022-25625

A malicious unauthorized PAM user can access the administration configuration data and change the values...

8.8CVSS5.3AI score0.00728EPSS
Exploits0References2
OSV
OSV
added 2022/08/26 4:15 p.m.2 views

CVE-2022-25625

A malicious unauthorized PAM user can access the administration configuration data and change the values...

8.8CVSS5.8AI score0.00728EPSS
Exploits0References1
CVE
CVE
added 2022/08/26 3:25 p.m.69 views

CVE-2022-25625

CVE-2022-25625 relates to Broadcom Symantec Privileged Access Management. The connected sources describe an elevation-of-privilege issue where a malicious unauthorized PAM user can access the administration configuration data and change values. The vulnerability is characterized by MFA-enabled en...

8.8CVSS8.6AI score0.00728EPSS
Exploits0References1Affected Software1
Code423n4
Code423n4
added 2022/07/11 12:0 a.m.7 views

Upgraded Q -> M from 270 [1657580270573]

Judge has assessed an item in Issue 270 as Medium risk. The relevant finding follows: 6.L- Admin config ProtocolFee and gasFee missing max amount check which can be used to take fund from user With PROTOCOLFEEBPS 10000 more than 100%, the exchange can steal user WETH who might approve max WETH...

7.1AI score
Exploits0
ATTACKERKB
ATTACKERKB
added 2022/06/30 6:15 p.m.4 views

CVE-2022-34814

Jenkins Request Rename Or Delete Plugin 1.1.0 and earlier does not correctly perform a permission check in an HTTP endpoint, allowing attackers with Overall/Read permission to view an administrative configuration page listing pending requests...

4.3CVSS5.9AI score0.00557EPSS
Exploits0References2
Rows per page
Query Builder