Lucene search
K

35 matches found

RedhatCVE
RedhatCVE
added 2025/05/23 10:27 a.m.10 views

CVE-2024-20478

A vulnerability in the software upgrade component of Cisco Application Policy Infrastructure Controller APIC and Cisco Cloud Network Controller, formerly Cisco Cloud APIC, could allow an authenticated, remote attacker with Administrator-level privileges to install a modified software image, leadi...

7.2CVSS8AI score0.0074EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 7:48 a.m.14 views

CVE-2024-20473

A vulnerability in the web-based management interface of Cisco Secure Firewall Management Center FMC Software could allow an authenticated, remote attacker to conduct SQL injection attacks on an affected system. This vulnerability exists because the web-based management interface does not validat...

6.5CVSS7.7AI score0.00436EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 5:3 p.m.8 views

CVE-2020-6960

The following versions of MAXPRO VMS and NVR, MAXPRO VMS:HNMSWVMS prior to Version VMS560 Build 595 T2-Patch, HNMSWVMSLT prior to Version VMS560 Build 595 T2-Patch, MAXPRO NVR: MAXPRO NVR XE prior to Version NVR 5.6 Build 595 T2-Patch, MAXPRO NVR SE prior to Version NVR 5.6 Build 595 T2-Patch,...

9.8CVSS8AI score0.0114EPSS
Exploits0References1
NVD
NVD
added 2024/10/23 6:15 p.m.18 views

CVE-2024-20472

A vulnerability in the web-based management interface of Cisco Secure Firewall Management Center FMC Software could allow an authenticated, remote attacker to conduct SQL injection attacks on an affected system. This vulnerability exists because the web-based management interface does not validat...

6.5CVSS0.00436EPSS
Exploits0References1
NVD
NVD
added 2024/10/23 6:15 p.m.24 views

CVE-2024-20471

A vulnerability in the web-based management interface of Cisco Secure Firewall Management Center FMC Software could allow an authenticated, remote attacker to conduct SQL injection attacks on an affected system. This vulnerability exists because the web-based management interface does not validat...

6.5CVSS0.00436EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/10/23 5:50 p.m.20 views

CVE-2024-20472

A vulnerability in the web-based management interface of Cisco Secure Firewall Management Center FMC Software could allow an authenticated, remote attacker to conduct SQL injection attacks on an affected system. This vulnerability exists because the web-based management interface does not validat...

6.5CVSS0.00436EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/10/23 5:47 p.m.11 views

CVE-2024-20471

A vulnerability in the web-based management interface of Cisco Secure Firewall Management Center FMC Software could allow an authenticated, remote attacker to conduct SQL injection attacks on an affected system. This vulnerability exists because the web-based management interface does not validat...

6.5CVSS7.7AI score0.00436EPSS
Exploits0References1
CVE
CVE
added 2024/10/23 5:30 p.m.45 views

CVE-2024-20374

Cisco Secure Firewall Management Center (FMC) Command Injection (CVE-2024-20374) affects FMC web-based management interface. The root cause is insufficient input validation of certain HTTP request parameters, enabling an authenticated administrator to execute arbitrary commands on the underlying ...

7.2CVSS6.8AI score0.00782EPSS
Exploits0References1Affected Software1
Cisco
Cisco
added 2024/10/23 4:0 p.m.14 views

Cisco Secure Firewall Management Center Software Command Injection Vulnerability

A vulnerability in the web-based management interface of Cisco Secure Firewall Management Center FMC Software, formerly Firepower Management Center Software, could allow an authenticated, remote attacker with Administrator-level privileges to execute arbitrary commands on the underlying operating...

6.5CVSS6.8AI score0.00782EPSS
Exploits0References1
CVE
CVE
added 2024/09/11 4:38 p.m.104 views

CVE-2024-20483

CVE-2024-20483 involves multiple vulnerabilities in Cisco Routed PON Controller Software (Docker container on Cisco IOS XR hardware) where insufficient validation of arguments to configuration commands can allow an authenticated, admin-level attacker on the PON Manager or direct access to its Mon...

7.2CVSS7.7AI score0.01098EPSS
In wildExploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2024/09/11 4:38 p.m.16 views

CVE-2024-20483 Cisco IOS XR PON Controller Command Injection Vulnerabilities

Multiple vulnerabilities in Cisco Routed PON Controller Software, which runs as a docker container on hardware that is supported by Cisco IOS XR Software, could allow an authenticated, remote attacker with Administrator-level privileges on the PON Manager or direct access to the PON Manager Mongo...

7.2CVSS8.3AI score0.01098EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/08/28 4:30 p.m.32 views

CVE-2024-20478 Cisco Application Policy Infrastructure Controller App Privilege Escalation Vulnerability

A vulnerability in the software upgrade component of Cisco Application Policy Infrastructure Controller APIC and Cisco Cloud Network Controller, formerly Cisco Cloud APIC, could allow an authenticated, remote attacker with Administrator-level privileges to install a modified software image, leadi...

6.5CVSS0.0074EPSS
Exploits0References1
Cisco
Cisco
added 2024/08/28 4:0 p.m.21 views

Cisco Application Policy Infrastructure Controller Privilege Escalation Vulnerability

A vulnerability in the software upgrade component of Cisco Application Policy Infrastructure Controller APIC and Cisco Cloud Network Controller, formerly Cisco Cloud APIC, could allow an authenticated, remote attacker with Administrator-level privileges to install a modified software image, leadi...

6.5CVSS6.9AI score0.0074EPSS
Exploits0References1
NVD
NVD
added 2024/08/17 10:15 a.m.19 views

CVE-2023-3419

The tagDiv Opt-In Builder plugin is vulnerable to Blind SQL Injection via the 'couponId' parameter of the 'recreatestripesubscription' REST API endpoint in versions up to, and including, 1.4.4 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the...

7.2CVSS0.00557EPSS
Exploits0References2
NVD
NVD
added 2024/08/17 10:15 a.m.23 views

CVE-2023-3416

The tagDiv Opt-In Builder plugin is vulnerable to Blind SQL Injection via the 'subscriptionCouponId' parameter via the 'createstripesubscription' REST API endpoint in versions up to, and including, 1.4.4 due to insufficient escaping on the user supplied parameter and lack of sufficient preparatio...

7.2CVSS0.00561EPSS
Exploits0References2
CVE
CVE
added 2024/08/17 9:38 a.m.85 views

CVE-2023-3419

CVE-2023-3419 concerns tagDiv Opt-In Builder (WordPress plugin) with a Blind SQL Injection in the couponId parameter of the recreate_stripe_subscription REST endpoint. Affected versions up to and including 1.4.4 allow an authenticated administrator to append SQL statements to existing queries, en...

7.2CVSS7.3AI score0.00557EPSS
Exploits0References2
Cvelist
Cvelist
added 2024/08/17 9:38 a.m.23 views

CVE-2023-3419 tagDiv Opt-In Builder <= 1.4.4 - Authenticated (Admin+) SQL Injection

The tagDiv Opt-In Builder plugin is vulnerable to Blind SQL Injection via the 'couponId' parameter of the 'recreatestripesubscription' REST API endpoint in versions up to, and including, 1.4.4 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the...

7.2CVSS0.00557EPSS
Exploits0References2
Cvelist
Cvelist
added 2024/04/24 7:40 p.m.19 views

CVE-2024-20356

A vulnerability in the web-based management interface of Cisco Integrated Management Controller IMC could allow an authenticated, remote attacker with Administrator-level privileges to perform command injection attacks on an affected system and elevate their privileges to root. This vulnerability...

8.7CVSS9.1AI score0.32697EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2024/04/24 7:38 p.m.19 views

CVE-2024-20358

A vulnerability in the Cisco Adaptive Security Appliance ASA restore functionality that is available in Cisco ASA Software and Cisco Firepower Threat Defense FTD Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system with root-level...

6CVSS6.4AI score0.00705EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/03/29 8:31 a.m.30 views

CVE-2024-2409 MasterStudy LMS <= 3.3.1 - Unauthenticated Privilege Escalation via stm_lms_register AJAX Action

The MasterStudy LMS plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 3.3.1. This is due to insufficient validation checks within the registeruser function called by the 'wpajaxnoprivstmlmsregister' AJAX action. This makes it possible for...

9.8CVSS9.6AI score0.00834EPSS
Exploits0References3
Rows per page
Query Builder