Lucene search
K

38 matches found

Vulnrichment
Vulnrichment
added 2025/02/11 10:9 a.m.4 views

CVE-2025-0526

In affected versions of Octopus Deploy it was possible to upload files to unexpected locations on the host using an API endpoint. The field lacked validation which could potentially result in ways to circumvent expected workflows...

2.3CVSS7.7AI score0.00337EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/02/05 5:21 a.m.6 views

CVE-2024-1522

A Cross-Site Request Forgery CSRF vulnerability in the parisneo/lollms-webui project allows remote attackers to execute arbitrary code on a victim's system. The vulnerability stems from the /executecode API endpoint, which does not properly validate requests, enabling an attacker to craft a...

8.8CVSS9AI score0.00445EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2024/12/23 12:0 a.m.4 views

PT-2024-17789 · Foxcms · Foxcms

Name of the Vulnerable Software and Affected Versions: FoxCMS versions up to 1.2 Description: A critical issue was found in the API Endpoint component, specifically in the file /app/api/controller/Site.php. The manipulation of the password argument leads to improper authorization, allowing for...

6.9CVSS5.2AI score0.006EPSS
Exploits0References9
Positive Technologies
Positive Technologies
added 2024/12/18 12:0 a.m.3 views

PT-2024-36564 · Kanboard +1 · Kanboard +1

Name of the Vulnerable Software and Affected Versions: Kanboard versions prior to 1.2.43 Description: Kanboard is project management software that focuses on the Kanban methodology. In affected versions, sessions are still usable even though their lifetime has exceeded. Kanboard implements a cust...

6.5CVSS7.4AI score0.00492EPSS
Exploits1References17
Vulnrichment
Vulnrichment
added 2024/12/12 12:2 p.m.12 views

CVE-2024-9387 URL Redirection to Untrusted Site ('Open Redirect') in GitLab

An issue was discovered in GitLab CE/EE affecting all versions from 11.8 before 17.4.6, 17.5 before 17.5.4, and 17.6 before 17.6.2. An attacker could potentially perform an open redirect against a given releases API endpoint...

6.4CVSS6.5AI score0.0038EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2024/11/07 12:0 a.m.3 views

PT-2024-16672 · Unknown · 1000 Projects Bookstore Management System

Name of the Vulnerable Software and Affected Versions: 1000 Projects Bookstore Management System version 1.0 Description: A critical issue affects some unknown functionality of the file /admin/login process.php of the component Login. The manipulation of the argument unm leads to SQL injection. T...

9.8CVSS7.5AI score0.0062EPSS
Exploits1References11
Positive Technologies
Positive Technologies
added 2024/04/15 12:0 a.m.3 views

PT-2024-15530 · Mintplex · Anything-Llm

Name of the Vulnerable Software and Affected Versions: mintplex-labs/anything-llm repository affected versions not specified Description: A mass assignment vulnerability exists in the "/api/invite/:code" endpoint, allowing unauthorized creation of high-privileged accounts. By intercepting and...

9.1CVSS8.9AI score0.00783EPSS
Exploits1References8
Positive Technologies
Positive Technologies
added 2024/03/22 12:0 a.m.9 views

PT-2024-21447 · WordPress · Instawp Connect

Name of the Vulnerable Software and Affected Versions: InstaWP Connect – 1-click WP Staging & Migration plugin for WordPress versions up to, and including, 0.1.0.22 Description: The issue is related to arbitrary file uploads due to insufficient file validation in the...

9.8CVSS6.4AI score0.05747EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2023/10/29 12:0 a.m.5 views

PT-2023-30248 · Unknown · Peppermint Ticket Management

Name of the Vulnerable Software and Affected Versions: Peppermint Ticket Management versions 0.2.4 and earlier Description: The issue allows remote attackers to read arbitrary files via a "/api/v1/ticket/1/file/download?filepath=../" POST request. This is achieved by exploiting the filepath...

5.3CVSS5.2AI score0.00658EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2023/08/24 12:0 a.m.6 views

PT-2023-27681 · Dedecms · Dedecms

Name of the Vulnerable Software and Affected Versions: DedeCMS versions up to and including 5.7.110 Description: The issue concerns multiple cross-site scripting XSS vulnerabilities. These vulnerabilities are located at the "/dede/vote add.php" API endpoint via the votename and voteitem1...

5.4CVSS5.5AI score0.00387EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2023/07/31 12:0 a.m.6 views

PT-2023-24376 · Guanzhou Tozed Kangwei Intelligent Technology · Zlts10G

Name of the Vulnerable Software and Affected Versions: Guanzhou Tozed Kangwei Intelligent Technology ZLTS10G version S10G 3.11.6 Description: A Cross-Site Request Forgery CSRF issue allows attackers to takeover user accounts by sending a crafted POST request to the "/goform/goform set cmd process...

8.8CVSS8.7AI score0.00319EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2023/07/13 12:0 a.m.6 views

PT-2023-26107 · Geeklog · Geeklog

Name of the Vulnerable Software and Affected Versions: Geeklog version 2.2.2 Description: The issue allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Rule and Route parameters of "/admin/router.php" API endpoint. This enables the execution of...

4.8CVSS5.5AI score0.00399EPSS
Exploits1References6
Positive Technologies
Positive Technologies
added 2023/06/27 12:0 a.m.13 views

PT-2023-11501 · Jymusic · Jymusic

Name of the Vulnerable Software and Affected Versions: Jymusic version 2.0.0 Description: A cross-site request forgery CSRF issue allows attackers to execute arbitrary code via the "/admin.php?s=/addons/config.html&id=6" API endpoint to modify payment information. This can be achieved by exploiti...

6.8CVSS6.9AI score0.00365EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2022/12/02 12:0 a.m.5 views

PT-2022-27198 · Tenda · Tenda I21

Name of the Vulnerable Software and Affected Versions: Tenda i21 version 1.0.0.144656 Description: The issue is related to a Buffer Overflow that can be triggered via the "/goform/setUplinkInfo" API endpoint. This allows for potential exploitation. Recommendations: For Tenda i21 version...

9.8CVSS9.2AI score0.00928EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2022/10/17 12:0 a.m.4 views

PT-2022-25879 · 74Cmsse · 74Cmsse

Name of the Vulnerable Software and Affected Versions: 74cmsSE version 3.12.0 Description: The issue allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Title field. This is achieved through the /api/admin/notice/add API endpoint. Recommendations: For...

5.4CVSS5.6AI score0.00384EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2022/10/13 12:0 a.m.5 views

PT-2022-25892 · Unknown · Clippercms

Name of the Vulnerable Software and Affected Versions: ClipperCMS version 1.3.3 Description: The issue is related to a Server-Side Request Forgery SSRF that can be exploited via the rss url news parameter at the "/manager/index.php" API endpoint. Recommendations: For ClipperCMS version 1.3.3, avo...

9.8CVSS9.3AI score0.0089EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2022/09/07 12:0 a.m.4 views

PT-2022-24364 · Tenda · Tenda Ac18

Name of the Vulnerable Software and Affected Versions: Tenda AC18 router versions 15.03.05.05 through 15.03.05.19 Description: A stack overflow issue was discovered via the time parameter at the "/goform/saveParentControlInfo" API endpoint. Recommendations: For versions 15.03.05.05 through...

9.8CVSS9.4AI score0.00973EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2021/06/29 12:0 a.m.9 views

PT-2021-5345

Name of the Vulnerable Software and Affected Versions ForgeRock Access Management AM Core Server versions prior to 7.0 ForgeRock OpenAM version 14.6.3 and earlier Description The issue is related to a Java deserialization vulnerability in the jato.pageSession parameter on multiple pages. This...

10CVSS7.8AI score0.99999EPSS
Exploits8References43
Rows per page
Query Builder