CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Improper access control in the HTTP server in YI Car Dashcam v3.88 allows unrestricted file downloads, uploads, and API commands. API commands can also be made to make unauthorized modifications to the device settings, such as disabling recording, disabling sounds, factory reset...

9.8CVSS7AI score0.00249EPSS

Exploits1References1

CVE•added 2025/02/24 12:0 a.m.•91 views

CVE-2024-56897

The CVE-2024-56897 issue affects YI Car Dashcam v3.88, caused by improper access control in the device’s HTTP server. This vulnerability allows unauthenticated attackers to perform unrestricted file downloads and uploads and to issue API commands that can modify device settings (e.g., disable rec...

9.8CVSS7.1AI score0.00249EPSS

Exploits1References3Affected Software1

Vulnrichment•added 2025/02/24 12:0 a.m.•8 views

CVE-2024-56897

9.5AI score0.00249EPSS

Exploits1References3

Cvelist•added 2025/02/24 12:0 a.m.•7 views

CVE-2024-56897

0.00249EPSS

Exploits1References3

OSV•added 2024/01/11 5:56 p.m.•12 views

CVE-2024-22197 Authenticated (user role) remote command execution by modifying `nginx` settings (GHSL-2023-269)

Nginx-ui is online statistics for Server Indicators Monitor CPU usage, memory usage, load average, and disk usage in real-time. The Home Preference page exposes a small list of nginx settings such as Nginx Access Log Path and Nginx Error Log Path. However, the API also exposes testconfigcmd,...

7.7CVSS8.4AI score0.03099EPSS

Exploits1References4

CNNVD•added 2023/10/25 12:0 a.m.•1 views

Lenovo XClarity Controller Security Vulnerability

Lenovo XClarity Controller XCC is a server-embedded management engine from Lenovo China that is used to standardize and automate basic server management tasks. Lenovo XClarity Controller suffers from a security vulnerability that originates from the fact that an authenticated XCC user can change...

8.8CVSS6.7AI score0.00125EPSS

Exploits0References2

NVD•added 2023/06/29 9:15 p.m.•11 views

CVE-2023-36607

The affected TBox RTUs are missing authorization for running some API commands. An attacker running these commands could reveal sensitive information such as software versions and web server file contents...

5.3CVSS6AI score0.00115EPSS

Exploits0References1

Prion•added 2023/06/29 9:15 p.m.•14 views

Authorization

5CVSS6AI score0.00115EPSS

Exploits0References1Affected Software5

Vulnrichment•added 2023/06/29 8:30 p.m.•7 views

CVE-2023-36607 CVE-2023-36607

6.8AI score0.00115EPSS

Exploits0References1

CNNVD•added 2023/06/29 12:0 a.m.•1 views

Ovarro TBox RTU 安全漏洞

Ovarro TBox RTUs is a modular remote monitoring and automation solution from Ovarro Germany. A security vulnerability exists in the Ovarro TBox RTUs that stems from a lack of authorization to run certain API commands, which could be exploited by an attacker to disclose sensitive information, such...

5.3CVSS5.6AI score0.00115EPSS

Exploits0References2

Positive Technologies•added 2023/06/29 12:0 a.m.•1 views

PT-2023-25628 · Tbox Rtus · Tbox Rtus

Name of the Vulnerable Software and Affected Versions: TBox RTUs affected versions not specified Description: The issue concerns missing authorization for running certain API commands, which could allow an attacker to reveal sensitive information, including software versions and web server file...

5.3CVSS5.1AI score0.00115EPSS

Exploits0References3

Tenable Nessus•added 2022/11/04 12:0 a.m.•20 views

Fortinet Fortigate Read-Only users able to add/modify the Interface fields using the API (FG-IR-22-174)

The version of Fortigate installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the FG-IR-22-174 advisory. - An improper access control CWE-284 vulnerability in FortiOS version 7.2.0 and versions 7.0.0 through 7.0.7 may allow a remo...

4.3CVSS5.2AI score0.00199EPSS

Exploits0References2

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by