Lucene search
K

214 matches found

Tenable Nessus
Tenable Nessus
added 2025/09/10 12:0 a.m.3 views

Linux Distros Unpatched Vulnerability : CVE-2022-35945

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - GLPI stands for Gestionnaire Libre de Parc Informatique and is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licens...

6.3CVSS7.2AI score0.00538EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/08/15 12:30 a.m.16 views

CVE-2025-43989

The /goform/formJsonAjaxReq POST endpoint of Shenzhen Tuoshi NR500-EA RG500UEAABxCOMSLICv3.4.2731.16.43 devices mishandles the settimesetting action with the ntpserver0 parameter, which is used in a system command. By setting a username=admin cookie bypassing normal session checks, an...

6.5CVSS8.1AI score0.05765EPSS
Exploits0References1
NVD
NVD
added 2025/08/13 7:15 p.m.6 views

CVE-2025-43989

The /goform/formJsonAjaxReq POST endpoint of Shenzhen Tuoshi NR500-EA RG500UEAABxCOMSLICv3.4.2731.16.43 devices mishandles the settimesetting action with the ntpserver0 parameter, which is used in a system command. By setting a username=admin cookie bypassing normal session checks, an...

6.5CVSS0.05765EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2025/08/13 12:0 a.m.3 views

CVE-2025-43989

The /goform/formJsonAjaxReq POST endpoint of Shenzhen Tuoshi NR500-EA RG500UEAABxCOMSLICv3.4.2731.16.43 devices mishandles the settimesetting action with the ntpserver0 parameter, which is used in a system command. By setting a username=admin cookie bypassing normal session checks, an...

8AI score0.05765EPSS
Exploits0References4
CVE
CVE
added 2025/08/13 12:0 a.m.54 views

CVE-2025-43989

CVE-2025-43989 affects Shenzhen Tuoshi NR500-EA RG500UEAABxCOMSLIC firmware 3.4.2731.16.43. The /goform/formJsonAjaxReq POST endpoint mishandles set_timesetting with ntpserver0; setting a username=admin cookie bypasses session checks and allows an unauthenticated attacker to execute arbitrary OS ...

6.5CVSS8AI score0.05765EPSS
Exploits0References4
Cvelist
Cvelist
added 2025/08/13 12:0 a.m.10 views

CVE-2025-43989

The /goform/formJsonAjaxReq POST endpoint of Shenzhen Tuoshi NR500-EA RG500UEAABxCOMSLICv3.4.2731.16.43 devices mishandles the settimesetting action with the ntpserver0 parameter, which is used in a system command. By setting a username=admin cookie bypassing normal session checks, an...

0.05765EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2025/07/18 7:58 a.m.1 views

CVE-2024-27779

An insufficient session expiration vulnerability CWE-613 in FortiSandbox FortiSandbox version 4.4.4 and below, version 4.2.6 and below, 4.0 all versions, 3.2 all versions and FortiIsolator version 2.4 and below, 2.3 all versions, 2.2 all versions, 2.1 all versions, 2.0 all versions, 1.2 all...

6.7CVSS5.6AI score0.00474EPSS
Exploits0References2Affected Software2
RedhatCVE
RedhatCVE
added 2025/05/22 1:15 p.m.8 views

CVE-2018-10080

Secutech RiS-11, RiS-22, and RiS-33 devices with firmware V5.07.52esFRI01 allow DNS settings changes via a goform/AdvSetDns?GO=wandns.asp request in conjunction with a crafted admin cookie...

8.6CVSS7.1AI score0.00571EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 7:17 a.m.8 views

CVE-2018-10947

An issue was discovered in versions earlier than 1.3.2 for Polycom RealPresence Debut where the admin cookie is reset only after a Debut is rebooted...

3.1CVSS7AI score0.00424EPSS
Exploits0References1
GithubExploit
GithubExploit
added 2025/04/12 11:17 p.m.550 views

Exploit for Cross-site Scripting in Moodle

PoC for CVE-2025-26529 – Moodle XSS to RCE Exploit This is a...

8.3CVSS8.5AI score0.00478EPSS
Exploits1
Cvelist
Cvelist
added 2024/06/14 3:39 a.m.54 views

CVE-2024-27162 DOM-based XSS

Toshiba printers provide a web interface that will load the JavaScript file. The file contains insecure codes vulnerable to XSS and is loaded inside all the webpages provided by the printer. An attacker can steal the cookie of an admin user. As for the affected products/models/versions, see the...

6.1CVSS0.21218EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2024/02/28 12:0 a.m.3 views

PT-2024-13941 · Couchbase · Couchbase Server

Name of the Vulnerable Software and Affected Versions: Couchbase Server versions prior to 7.2.4 Description: An issue was discovered in Couchbase Server where the otpCookie is shown with full admin access on /pools/default/serverGroups and engageCluster2. Recommendations: For versions prior to...

8.6CVSS6.8AI score0.00683EPSS
Exploits0References7
OSV
OSV
added 2023/08/22 7:16 p.m.3 views

CVE-2023-24516

Cross-site Scripting XSS vulnerability in the Pandora FMS Special Days component allows an attacker to use it to steal the session cookie value of admin users easily with little user interaction. This issue affects Pandora FMS v767 version and prior versions on all platforms...

5.4CVSS5.8AI score
Exploits0References2
CNNVD
CNNVD
added 2023/06/13 12:0 a.m.5 views

Rockwell Automation FactoryTalk Services Platform 信任管理问题漏洞

Rockwell Automation FactoryTalk Services Platform is a suite of services platforms from Rockwell Automation, Inc. that consists of multiple products that provide applications with routine services such as diagnostic information, health monitoring, and real-time data access. A security vulnerabili...

8.2CVSS7.7AI score0.00203EPSS
Exploits0References2
GithubExploit
GithubExploit
added 2023/05/30 5:58 p.m.9 views

Exploit for Cross-site Scripting in Escanav Escan_Management_Console

eScan Management Console 14.0.1400.2281 - Reflected Cross Sit...

6.1CVSS6.7AI score0.00808EPSS
Exploits2
0day.today
0day.today
added 2023/05/02 12:0 a.m.232 views

Companymaps v8.0 - Stored Cross Site Scripting Vulnerability

Exploit Title: Companymaps V8.0 - Stored Cross Site Scripting XSS Exploit Author: Lucas Noki 0xPrototype Vendor Homepage: https://github.com/vogtmh Software Link: https://github.com/vogtmh/cmaps Version: 8.0 Tested on: Mac, Windows, Linux CVE : CVE-2023-29983 Steps to reproduce: 1. Clone the...

5.4CVSS6.6AI score0.05097EPSS
Exploits4
Exploit DB
Exploit DB
added 2023/03/31 12:0 a.m.176 views

Judging Management System v1.0 - Remote Code Execution (RCE)

Exploit Title: Judging Management System v1.0 - Remote Code Execution RCE Date: 12/11/2022 Exploit Author: Angelo Pio Amirante Vendor Homepage: https://www.sourcecodester.com/ Software Link: https://www.sourcecodester.com/php/15910/judging-management-system-using-php-and-mysql-free-source-code.ht...

7.4AI score
Exploits0
OSV
OSV
added 2023/02/15 4:15 a.m.5 views

UBUNTU-CVE-2022-45436

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Artica PFMS Pandora FMS v765 on all platforms, allows Cross-Site Scripting XSS. As a manager privilege user , create a network map containing name as xss payload. Once created, admin user must clic...

6.1CVSS5.8AI score0.00614EPSS
Exploits0References3
CVE
CVE
added 2023/02/15 12:0 a.m.55 views

CVE-2022-45436

Pandora FMS/Artica PFMS v765 is affected by a vulnerability described as improper neutralization of input during web page generation (XSS) in the network maps editor. A manager-privilege attacker can create a network map whose name contains an XSS payload; when an admin user later edits network m...

6.1CVSS5.1AI score0.00614EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2023/01/27 10:15 p.m.6 views

CVE-2022-43980

There is a stored cross-site scripting vulnerability in Pandora FMS v765 in the network maps editing functionality. An attacker could modify a network map, including on purpose the name of an XSS payload. Once created, if a user with admin privileges clicks on the edited network maps, the XSS...

5.4CVSS5.7AI score0.0028EPSS
Exploits0References2
Rows per page
Query Builder