Lucene search
K

2010 matches found

Packet Storm
Packet Storm
added 2023/12/21 12:0 a.m.475 views

Vinchin Backup And Recovery Command Injection

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Vinchin Backup and Recovery Command Injection', 'Description' = %q This module exploits a command injection vulnerability in Vinchin Backup &...

9.8CVSS7.4AI score0.20477EPSS
Exploits4
OSV
OSV
added 2023/12/16 9:15 a.m.18 views

CVE-2023-6850

A vulnerability was found in kalcaddle KodExplorer up to 4.51.03. It has been declared as critical. This vulnerability affects unknown code of the file /index.php?pluginApp/to/yzOffice/getFile of the component API Endpoint Handler. The manipulation of the argument path/file leads to unrestricted...

9.8CVSS7.1AI score
Exploits0References5
NVD
NVD
added 2023/12/16 9:15 a.m.20 views

CVE-2023-6850

A vulnerability was found in kalcaddle KodExplorer up to 4.51.03. It has been declared as critical. This vulnerability affects unknown code of the file /index.php?pluginApp/to/yzOffice/getFile of the component API Endpoint Handler. The manipulation of the argument path/file leads to unrestricted...

9.8CVSS0.00841EPSS
Exploits0References5
Prion
Prion
added 2023/12/16 9:15 a.m.16 views

Design/Logic Flaw

A vulnerability was found in kalcaddle KodExplorer up to 4.51.03. It has been declared as critical. This vulnerability affects unknown code of the file /index.php?pluginApp/to/yzOffice/getFile of the component API Endpoint Handler. The manipulation of the argument path/file leads to unrestricted...

6.5CVSS7.3AI score0.00841EPSS
Exploits0References5Affected Software1
CVE
CVE
added 2023/12/16 8:31 a.m.60 views

CVE-2023-6850

CVE-2023-6850 affects kalcaddle KodExplorer up to version 4.51.03. The vulnerability resides in the API Endpoint Handler (file: /index.php?pluginApp/to/yzOffice/getFile) where manipulation of the path/file argument enables unrestricted upload. Exploitation can be performed remotely, and the vulne...

9.8CVSS8.2AI score0.00841EPSS
Exploits0References5Affected Software1
Cvelist
Cvelist
added 2023/12/16 8:31 a.m.27 views

CVE-2023-6850 kalcaddle KodExplorer API Endpoint unrestricted upload

A vulnerability was found in kalcaddle KodExplorer up to 4.51.03. It has been declared as critical. This vulnerability affects unknown code of the file /index.php?pluginApp/to/yzOffice/getFile of the component API Endpoint Handler. The manipulation of the argument path/file leads to unrestricted...

6.5CVSS9.8AI score0.00841EPSS
Exploits0References5
OSV
OSV
added 2023/12/14 4:15 p.m.4 views

CVE-2023-6368

In WhatsUp Gold versions released before 2023.1, an API endpoint was found to be missing an authentication mechanism. It is possible for an unauthenticated attacker to enumerate information related to a registered device being monitored by WhatsUp Gold...

5.3CVSS5.7AI score0.00554EPSS
Exploits0References2
NVD
NVD
added 2023/12/14 4:15 p.m.26 views

CVE-2023-6595

In WhatsUp Gold versions released before 2023.1, an API endpoint was found to be missing an authentication mechanism. It is possible for an unauthenticated attacker to enumerate ancillary credential information stored within WhatsUp Gold...

7.5CVSS0.008EPSS
Exploits0References2
NVD
NVD
added 2023/12/14 4:15 p.m.18 views

CVE-2023-6368

In WhatsUp Gold versions released before 2023.1, an API endpoint was found to be missing an authentication mechanism. It is possible for an unauthenticated attacker to enumerate information related to a registered device being monitored by WhatsUp Gold...

5.9CVSS0.00554EPSS
Exploits0References2
Prion
Prion
added 2023/12/14 4:15 p.m.20 views

Authentication flaw

In WhatsUp Gold versions released before 2023.1, an API endpoint was found to be missing an authentication mechanism. It is possible for an unauthenticated attacker to enumerate ancillary credential information stored within WhatsUp Gold...

5CVSS6.9AI score0.008EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2023/12/14 4:6 p.m.22 views

CVE-2023-6368 WhatsUp Gold Unauthenticated Access to an API Endpoint

In WhatsUp Gold versions released before 2023.1, an API endpoint was found to be missing an authentication mechanism. It is possible for an unauthenticated attacker to enumerate information related to a registered device being monitored by WhatsUp Gold...

5.9CVSS6.4AI score0.00554EPSS
Exploits0References2
Cvelist
Cvelist
added 2023/12/14 4:6 p.m.26 views

CVE-2023-6595 WhatsUp Gold Unauthenticated Access to an API Endpoint

In WhatsUp Gold versions released before 2023.1, an API endpoint was found to be missing an authentication mechanism. It is possible for an unauthenticated attacker to enumerate ancillary credential information stored within WhatsUp Gold...

7.5CVSS7.7AI score0.008EPSS
Exploits0References2
Prion
Prion
added 2023/12/13 10:15 p.m.17 views

Design/Logic Flaw

Cube is a semantic layer for building data applications. Prior to version 0.34.34, it is possible to make the entire Cube API unavailable by submitting a specially crafted request to a Cube API endpoint. The issue has been patched in v0.34.34 and it's recommended that all users exposing Cube APIs...

5CVSS7AI score0.00722EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2023/12/13 9:34 a.m.8 views

SUSE-SU-2023:4758-1 Security update for SUSE Manager Server 4.3

This update fixes the following issues: release-notes-susemanager: - Update to SUSE Manager 4.3.10 SUSE Linux Enterprise Server Micro 5.5 support CLM filter by package build date Enhanced Errata.getDetails API endpoint CVEs fixed: CVE-2023-22644 Bugs mentioned: bsc1191143, bsc1204235, bsc1207012,...

9.4CVSS7AI score0.00452EPSS
Exploits0References33
Cvelist
Cvelist
added 2023/12/12 12:0 a.m.13 views

CVE-2023-36654

Directory traversal in the log-download REST API endpoint in ProLion CryptoSpike 3.0.15P2 allows remote authenticated attackers to download host server SSH private keys associated with a Linux root user by injecting paths inside REST API endpoint parameters...

6.4AI score0.01241EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2023/12/07 12:0 a.m.6 views

PT-2023-7508 · Tenda · Tenda Ax12

Name of the Vulnerable Software and Affected Versions: Tenda AX12 version V22.03.01.46 Description: The issue is related to a command injection vulnerability in the mac parameter at the "/goform/SetOnlineDevName" API endpoint. This vulnerability is due to the lack of input validation when...

9.8CVSS8.1AI score0.02499EPSS
Exploits1References7
Debian
Debian
added 2023/12/01 8:29 p.m.30 views

[SECURITY] [DSA 5571-1] rabbitmq-server security update

------------------------------------------------------------------------- Debian Security Advisory DSA-5571-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff December 01, 2023 https://www.debian.org/security/faq -...

4.9CVSS6.4AI score0.01077EPSS
Exploits0
Cvelist
Cvelist
added 2023/11/28 3:36 a.m.41 views

CVE-2023-32065 OroCommerce get-totals-for-checkout API endpoint returns unwanted data

OroCommerce is an open-source Business to Business Commerce application built with flexibility in mind. Detailed Order totals information may be received by Order ID. This issue is patched in version 5.0.11 and 5.1.1...

5.8CVSS5.6AI score0.00491EPSS
Exploits0References1
OSV
OSV
added 2023/11/27 12:30 p.m.12 views

GHSA-WQ8Q-99P5-XFRW Apache Superset Cross-site Scripting vulnerability

Improper payload validation and an improper REST API response type, made it possible for an authenticated malicious actor to store malicious code into Chart's metadata, this code could get executed if a user specifically accesses a specific deprecated API endpoint. This issue affects Apache...

4.3CVSS5.4AI score0.01004EPSS
Exploits0References5
Hacker One
Hacker One
added 2023/11/27 11:14 a.m.112 views

EXNESS: Unrestricted Access to Celery Flower Instance

The publicly accessible Celery Flower instance allowed unrestricted access, exposing sensitive information, and the ability to manipulate tasks...

6.9AI score
Exploits0
Rows per page
Query Builder