Lucene search
K

72 matches found

Cvelist
Cvelist
added 2023/10/06 5:15 p.m.19 views

CVE-2023-44384 Discourse-Jira could make SSRF attack by setting Jira URL to an arbitrary location

Discourse-jira is a Discourse plugin allows Jira projects, issue types, fields and field options will be synced automatically. An administrator user can make an SSRF attack by setting the Jira URL to an arbitrary location and enabling the discoursejiraverboselog site setting. A moderator user cou...

4.1CVSS4.8AI score0.00426EPSS
Exploits0References3
Prion
Prion
added 2023/08/05 6:15 p.m.22 views

Improper access control

A vulnerability was found in Ruijie RG-EW1200G 1.01B1P5. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /api/sys/setpasswd of the component Administrator Password Handler. The manipulation leads to improper access controls. The attack can ...

6.5CVSS8.7AI score0.47109EPSS
Exploits5References3Affected Software1
NVD
NVD
added 2023/06/07 10:15 p.m.31 views

CVE-2023-2904

The External Visitor Manager portal of HID’s SAFE versions 5.8.0 through 5.11.3 are vulnerable to manipulation within web fields in the application programmable interface API. An attacker could log in using account credentials available through a request generated by an internal user and then...

7.3CVSS7.1AI score0.00556EPSS
Exploits0References1
Prion
Prion
added 2023/06/07 10:15 p.m.16 views

Race condition

The External Visitor Manager portal of HID’s SAFE versions 5.8.0 through 5.11.3 are vulnerable to manipulation within web fields in the application programmable interface API. An attacker could log in using account credentials available through a request generated by an internal user and then...

4.9CVSS7AI score0.00556EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2023/06/07 9:59 p.m.35 views

CVE-2023-2904 CVE-2023-2904

The External Visitor Manager portal of HID’s SAFE versions 5.8.0 through 5.11.3 are vulnerable to manipulation within web fields in the application programmable interface API. An attacker could log in using account credentials available through a request generated by an internal user and then...

7.3AI score0.00556EPSS
Exploits0References1
NVD
NVD
added 2023/05/25 9:15 a.m.26 views

CVE-2023-2886

Missing Origin Validation in WebSockets vulnerability in CBOT Chatbot allows Content Spoofing Via Application API Manipulation. This issue affects Chatbot: before Core: v4.0.3.4 Panel: v4.0.3.7...

4.3CVSS4.7AI score0.00208EPSS
Exploits0References2
Cvelist
Cvelist
added 2023/05/25 8:31 a.m.23 views

CVE-2023-2886 Cross-Site WebSocket Hijacking in CBOT's Chatbot

Missing Origin Validation in WebSockets vulnerability in CBOT Chatbot allows Content Spoofing Via Application API Manipulation. This issue affects Chatbot: before Core: v4.0.3.4 Panel: v4.0.3.7...

4.3CVSS5AI score0.00208EPSS
Exploits0References2
CVE
CVE
added 2023/05/25 8:31 a.m.54 views

CVE-2023-2886

The CVE-2023-2886 entry concerns CBOT Chatbot core software and its WebSockets origin validation. Affected: CBOT Chatbot Core prior to v4.0.3.4 and Panel prior to v4.0.3.7. Root cause: Missing Origin Validation in WebSockets, enabling content spoofing via the application API manipulation. Impact:...

4.3CVSS5.8AI score0.00208EPSS
Exploits0References2Affected Software2
Positive Technologies
Positive Technologies
added 2023/05/25 12:0 a.m.9 views

PT-2023-22012 · Unknown · Cbot Chatbot

Name of the Vulnerable Software and Affected Versions: CBOT Chatbot versions prior to Core: v4.0.3.4 CBOT Chatbot versions prior to Panel: v4.0.3.7 Description: The issue is related to Missing Origin Validation in WebSockets, allowing Content Spoofing Via Application API Manipulation...

4.3CVSS4.5AI score0.00208EPSS
Exploits0References6
Exploit DB
Exploit DB
added 2023/05/23 12:0 a.m.217 views

Screen SFT DAB 600/C - Authentication Bypass Account Creation

!/usr/bin/env python3 Exploit Title: Screen SFT DAB 600/C - Authentication Bypass Account Creation Exploit Author: LiquidWorm Vendor: DB Elettronica Telecomunicazioni SpA Product web page: https://www.screen.it | https://www.dbbroadcast.com...

7.4AI score
Exploits0
NVD
NVD
added 2023/02/09 5:15 p.m.46 views

CVE-2023-0575

External Control of Critical State Data, Improper Control of Generation of Code 'Code Injection' vulnerability in YugaByte, Inc. Yugabyte DB on Windows, Linux, MacOS, iOS DevopsBase.Java:execCommand, TableManager.Java:runCommand modules allows API Manipulation, Privilege Abuse. This vulnerability...

9.8CVSS7.5AI score0.00776EPSS
Exploits0References1
OSV
OSV
added 2023/02/09 5:15 p.m.47 views

CVE-2023-0575

External Control of Critical State Data, Improper Control of Generation of Code 'Code Injection' vulnerability in YugaByte, Inc. Yugabyte DB on Windows, Linux, MacOS, iOS DevopsBase.Java:execCommand, TableManager.Java:runCommand modules allows API Manipulation, Privilege Abuse. This vulnerability...

9.8CVSS6.8AI score
Exploits0References1
Prion
Prion
added 2023/02/09 5:15 p.m.30 views

Code injection

External Control of Critical State Data, Improper Control of Generation of Code 'Code Injection' vulnerability in YugaByte, Inc. Yugabyte DB on Windows, Linux, MacOS, iOS DevopsBase.Java:execCommand, TableManager.Java:runCommand modules allows API Manipulation, Privilege Abuse. This vulnerability...

7.5CVSS9.1AI score0.00776EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2023/02/09 4:12 p.m.56 views

CVE-2023-0575

CVE-2023-0575 affects YugabyteDB prior to 2.2.0.0. Public sources describe an External Control of Critical State Data and Code Injection flaw involving DevopsBase.Java:execCommand, TableManager.Java:runCommand, and the program file backup.Py. The issue is exploitable over the network and could al...

9.8CVSS8.2AI score0.00776EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2023/02/09 4:12 p.m.9 views

CVE-2023-0575 Remote Code Execution

External Control of Critical State Data, Improper Control of Generation of Code 'Code Injection' vulnerability in YugaByte, Inc. Yugabyte DB on Windows, Linux, MacOS, iOS DevopsBase.Java:execCommand, TableManager.Java:runCommand modules allows API Manipulation, Privilege Abuse. This vulnerability...

7.2CVSS7.1AI score0.00776EPSS
Exploits0References1
Cvelist
Cvelist
added 2023/02/09 4:12 p.m.53 views

CVE-2023-0575 Remote Code Execution

External Control of Critical State Data, Improper Control of Generation of Code 'Code Injection' vulnerability in YugaByte, Inc. Yugabyte DB on Windows, Linux, MacOS, iOS DevopsBase.Java:execCommand, TableManager.Java:runCommand modules allows API Manipulation, Privilege Abuse. This vulnerability...

7.2CVSS9.5AI score0.00776EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2023/01/03 12:0 a.m.3 views

CVE-2022-43438 HWA JIUH DIGITAL TECHNOLOGY LTD. EasyTest - Incorrect Authorization

The Administrator function of EasyTest has an Incorrect Authorization vulnerability. A remote attacker authenticated as a general user can exploit this vulnerability to bypass the intended access restrictions, to make API functions calls, manipulate system and terminate service...

8.8CVSS8.6AI score0.00794EPSS
Exploits0References1
Cvelist
Cvelist
added 2023/01/03 12:0 a.m.23 views

CVE-2022-43438 HWA JIUH DIGITAL TECHNOLOGY LTD. EasyTest - Incorrect Authorization

The Administrator function of EasyTest has an Incorrect Authorization vulnerability. A remote attacker authenticated as a general user can exploit this vulnerability to bypass the intended access restrictions, to make API functions calls, manipulate system and terminate service...

8.8CVSS8.8AI score0.00794EPSS
Exploits0References1
NVD
NVD
added 2022/08/25 5:15 p.m.20 views

CVE-2022-37160

Claroline 13.5.7 and prior allows an authenticated attacker to elevate privileges via the arbitrary creation of a privileged user. By combining the XSS vulnerability present in several upload forms and a javascript request to the present API, it is possible to trigger the creation of a user with...

5.4CVSS0.0053EPSS
Exploits1References1
CNVD
CNVD
added 2022/08/04 12:0 a.m.19 views

IBM Robotic Process Automation权限提升漏洞

IBM Robotic Process Automation is a robotic process automation product from IBM, Inc. It helps you automate more business and IT processes at scale with the ease and speed of traditional RPA. IBM Robotic Process Automation has an elevation of privilege vulnerability that stems from improper...

8CVSS2.9AI score0.00807EPSS
Exploits0References1
Rows per page
Query Builder