Lucene search
K

2010 matches found

Positive Technologies
Positive Technologies
added 2024/03/28 12:0 a.m.8 views

PT-2024-23336 · Shanghai Brad Technology · Bladex

Name of the Vulnerable Software and Affected Versions: Shanghai Brad Technology BladeX version 3.4.0 Description: A critical vulnerability has been found in the API component of Shanghai Brad Technology BladeX, specifically affecting an unknown function of the file /api/blade-user/export-user. Th...

9.8CVSS7AI score0.00698EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2024/03/26 12:0 a.m.6 views

PT-2024-3766 · Grafana +6 · Grafana +6

Name of the Vulnerable Software and Affected Versions: Grafana versions 9.5.0 through 9.5.17 Grafana versions 10.0.0 through 10.0.12 Grafana versions 10.1.0 through 10.1.8 Grafana versions 10.2.0 through 10.2.5 Grafana versions 10.3.0 through 10.3.4 Description: The issue is related to a Broken...

9.8CVSS6.2AI score0.1765EPSS
Exploits9References118
OSV
OSV
added 2024/03/22 11:7 a.m.3 views

OESA-2024-1302 docker security update

Docker is an open source project to build, ship and run any application as a lightweight container. Security Fixes: Moby is an open-source project created by Docker to enable software containerization. The classic builder cache system is prone to cache poisoning if the image is built FROM scratch...

7.8CVSS8.2AI score0.00258EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2024/03/22 12:0 a.m.6 views

PT-2024-21447 · WordPress · Instawp Connect

Name of the Vulnerable Software and Affected Versions: InstaWP Connect – 1-click WP Staging & Migration plugin for WordPress versions up to, and including, 0.1.0.22 Description: The issue is related to arbitrary file uploads due to insufficient file validation in the...

9.8CVSS6.4AI score0.05747EPSS
Exploits0References8
NVD
NVD
added 2024/03/19 9:15 p.m.7 views

CVE-2024-28715

Cross Site Scripting vulnerability in DOraCMS v.2.18 and before allows a remote attacker to execute arbitrary code via the markdown0 function in the /app/public/apidoc/oas3/wrap-components/markdown.jsx endpoint...

8.8CVSS7AI score0.01071EPSS
Exploits1References1
CNNVD
CNNVD
added 2024/03/19 12:0 a.m.3 views

DoraCMS Security Vulnerability

DoraCMS is a software application. A content management system written based on Nodejs + eggjs + mongodb. A security vulnerability exists in DoraCMS v.2.1.8 and earlier versions, which stems from a cross-site scripting vulnerability that allows remote attackers to execute arbitrary code via the...

8.8CVSS7AI score0.01071EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2024/03/18 12:0 a.m.8 views

PT-2024-3607 · Unknown · Open-Webui

Name of the Vulnerable Software and Affected Versions: Open WebUI versions prior to 0.1.117 Description: The issue is related to an authenticated blind server-side request forgery vulnerability. It involves the download file stream function in the backend/apps/web/routers/utils.py file of the Ope...

7.5CVSS6.4AI score0.00412EPSS
Exploits1References10
BDU FSTEC
BDU FSTEC
added 2024/03/14 12:0 a.m.3 views

The vulnerability of the setTermsHashAction method in the component /opt/webapp/lib/PureApi/CCApi.class.php allows a violator to execute arbitrary SQL queries within the GTB Central Console’s DLP system.

The vulnerability of the setTermsHashAction method in the /opt/webapp/lib/PureApi/CCApi.class.php file of the DLP system’s GTB Central Console relates to the lack of protective measures for the SQL query structure. Exploiting this vulnerability allows a malicious actor to execute arbitrary SQL...

10CVSS8.2AI score0.00836EPSS
Exploits1References5Affected Software1
OSV
OSV
added 2024/03/13 4:15 p.m.6 views

CVE-2024-1763

The Wp Social Login and Register Social Counter plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the /wpsocial/v1/ REST API endpoint in all versions up to, and including, 3.0.0. This makes it possible for unauthenticated attackers to...

5.3CVSS5.8AI score0.0044EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2024/03/13 12:0 a.m.4 views

PT-2024-22516 · Dedecms · Dedecms

Name of the Vulnerable Software and Affected Versions: DedeCMS version 5.7 Description: A Cross-Site Request Forgery CSRF issue was found in DedeCMS via the "/dede/diy edit.php" API endpoint. Recommendations: For DedeCMS version 5.7, update to a newer version that contains a fix for this issue...

8.8CVSS7AI score0.00316EPSS
Exploits1References3
Prion
Prion
added 2024/03/12 11:15 p.m.12 views

Default credentials

The Post Grid Combo – 36+ Gutenberg Blocks plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.2.68 via the 'getposts' REST API Endpoint. This makes it possible for unauthenticated attackers to extract sensitive data including full draft...

5CVSS7.2AI score0.00618EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2024/03/12 10:32 p.m.10 views

CVE-2023-7072

The Post Grid Combo – 36+ Gutenberg Blocks plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.2.68 via the 'getposts' REST API Endpoint. This makes it possible for unauthenticated attackers to extract sensitive data including full draft...

7.5CVSS7.1AI score0.00618EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2024/03/11 12:0 a.m.9 views

PT-2024-3067

Name of the Vulnerable Software and Affected Versions: OpenMetadata versions prior to 1.2.4 Description: The issue is related to the AlertUtil::validateExpression method, which can lead to Remote Code Execution. An attacker can send a PUT request to "/api/v1/events/subscriptions" to exploit this...

9CVSS8.9AI score0.02372EPSS
Exploits1References42
OSV
OSV
added 2024/03/06 11:1 a.m.13 views

BIT-MATTERMOST-2023-27265

Mattermost fails to honor the ShowEmailAddress setting when constructing a response to the "Regenerate Invite Id" API endpoint, allowing an attacker with team admin privileges to learn the team owner's email address in the response...

2.7CVSS3.5AI score0.00526EPSS
Exploits0References2
OSV
OSV
added 2024/03/06 11:1 a.m.12 views

BIT-MATTERMOST-2023-27266

Mattermost fails to honor the ShowEmailAddress setting when constructing a response to the /api/v4/users/me/teams API endpoint, allowing an attacker with team admin privileges to learn the team owner's email address in the response...

2.7CVSS3.5AI score0.00526EPSS
Exploits0References2
OSV
OSV
added 2024/02/27 3:15 p.m.9 views

CVE-2024-25723

ZenML Server in the ZenML machine learning package before 0.46.7 for Python allows remote privilege escalation because the /api/v1/users/usernameorid/activate REST API endpoint allows access on the basis of a valid username along with a new password in the request body. These are also patched...

8.8CVSS7.3AI score
Exploits0References5
CVE
CVE
added 2024/02/27 12:0 a.m.3484 views

CVE-2024-25723

CVE-2024-25723 affects ZenML Server in the ZenML Python package (prior to 0.46.7). The REST endpoint /api/v1/users/{user_name_or_id}/activate allows remote privilege escalation by authenticating with a valid username and a new password in the request body, enabling total compromise of the account...

8.8CVSS7.2AI score0.70581EPSS
Exploits1References5Affected Software1
Prion
Prion
added 2024/02/21 4:15 p.m.13 views

Open redirect

An issue was discovered in LIVEBOX Collaboration vDesk through v031. A URL Redirection to an Untrusted Site Open Redirect can occur under the /api/v1/notification/createnotification endpoint, allowing an authenticated user to send an arbitrary push notification to any other user of the system. Th...

7AI score0.00265EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/02/21 12:0 a.m.34 views

CVE-2022-45179

An issue was discovered in LIVEBOX Collaboration vDesk through v031. A basic XSS vulnerability exists under the /api/v1/vdeskintegration/todo/createorupdate endpoint via the title parameter and /dashboard/reminders. A remote user authenticated to the product can store arbitrary HTML code in the...

6.3AI score0.00397EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2024/02/20 12:0 a.m.7 views

PT-2024-15696 · WordPress · Ppwp

Name of the Vulnerable Software and Affected Versions: PPWP – Password Protect Pages plugin for WordPress versions up to, and including, 1.8.9 Description: The issue allows unauthenticated attackers to obtain sensitive information, including post titles, IDs, slugs, and other data for...

5.3CVSS6.2AI score0.00486EPSS
Exploits0References5
Rows per page
Query Builder