Lucene search
K

2007 matches found

Positive Technologies
Positive Technologies
added 2022/11/01 12:0 a.m.5 views

PT-2022-26765 · Unknown · Online Diagnostic Lab Management System

Name of the Vulnerable Software and Affected Versions: Online Diagnostic Lab Management System version 1.0 Description: The issue is related to a SQL injection vulnerability. This vulnerability can be exploited via the id parameter at the "/appointments/manage appointment.php" API endpoint...

7.2CVSS7AI score0.00726EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2022/11/01 12:0 a.m.3 views

PT-2022-26852 · Unknown · Canteen Management System

Name of the Vulnerable Software and Affected Versions: Canteen Management System version 1.0 Description: The issue is related to a SQL injection vulnerability. This vulnerability can be exploited via the id parameter at the "/print.php" API endpoint. Recommendations: For Canteen Management Syste...

7.2CVSS7AI score0.00582EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2022/11/01 12:0 a.m.4 views

PT-2022-26854 · Unknown · Canteen Management System

Name of the Vulnerable Software and Affected Versions: Canteen Management System version 1.0 Description: The issue is related to a SQL injection vulnerability. This vulnerability can be exploited via the id parameter at the "/php action/printOrder.php" API endpoint. Recommendations: For Canteen...

7.2CVSS7.1AI score0.00582EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2022/10/28 12:0 a.m.9 views

PT-2022-23794 · WordPress · Web Stories

Name of the Vulnerable Software and Affected Versions: Web Stories plugin for WordPress versions up to, and including 1.24.0 Description: The issue arises from insufficient validation of URLs supplied via the url parameter in the "/v1/hotlink/proxy" REST API Endpoint. This allows authenticated...

9.6CVSS8.1AI score0.00694EPSS
Exploits0References10
Positive Technologies
Positive Technologies
added 2022/10/28 12:0 a.m.4 views

PT-2022-23912 · Unknown · Seccome Ehoney

Name of the Vulnerable Software and Affected Versions: seccome Ehoney affected versions not specified Description: A critical issue was found in seccome Ehoney. It affects an unknown function of the /api/v1/attack/falco API endpoint. The manipulation of the Payload argument leads to SQL injection...

9.8CVSS9.7AI score0.00439EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2022/10/27 12:0 a.m.5 views

PT-2022-25641 · Unknown · Diaenergie

Name of the Vulnerable Software and Affected Versions: DIAEnergie versions prior to v1.9.01.002 Description: The issue concerns a stored cross-site scripting vulnerability. This vulnerability can be exploited through the "PostEnergyType API" endpoint. Recommendations: For versions prior to...

8.7CVSS5.2AI score0.11111EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2022/10/27 12:0 a.m.35 views

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : grafana (SUSE-SU-2022:3765-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:3765-1 advisory. Updated to version 8.3.10 jscSLE-24565, jscSLE-23422, jscSLE-23439: - CVE-2022-31097: Fixed XSS...

8.8CVSS6.8AI score0.68603EPSS
Exploits1References16
Prion
Prion
added 2022/10/26 6:15 p.m.24 views

Server side request forgery (ssrf)

The url parameter of the /api/geojson endpoint in Metabase versions 44.5 can be used to perform Server Side Request Forgery attacks. Previously implemented blacklists could be circumvented by leveraging 301 and 302 redirects...

4CVSS6.4AI score0.00656EPSS
Exploits1References1Affected Software1
Positive Technologies
Positive Technologies
added 2022/10/26 12:0 a.m.4 views

PT-2022-5272 · D Link · D-Link Dir-816 A2

Name of the Vulnerable Software and Affected Versions: D-Link DIR-816 A2 version 1.10 B05 Description: The issue is related to a stack overflow in the D-Link DIR-816 A2 router's firmware, which can be triggered via the srcip parameter at the "/goform/form2IPQoSTcAdd" API endpoint. This can...

10CVSS9.5AI score0.01191EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2022/10/25 12:0 a.m.4 views

PT-2022-19642 · Abode Systems · Iota All-In-One Security Kit

Name of the Vulnerable Software and Affected Versions: Abode Systems, Inc. iota All-In-One Security Kit versions 6.9X and 6.9Z Description: An authentication bypass issue exists in the web interface, specifically in the /action/factory functionality. This can be triggered by a specially-crafted...

9.8CVSS8.5AI score0.01218EPSS
Exploits1References2
Prion
Prion
added 2022/10/17 4:15 p.m.25 views

Remote code execution

A vulnerability in GitLab CE/EE affecting all versions from 11.10 prior to 15.1.6, 15.2 to 15.2.4, 15.3 to 15.3.2 allows an authenticated user to achieve remote code execution via the Import from GitHub API endpoint...

6.5CVSS9.4AI score0.86194EPSS
Exploits5References4Affected Software1
UbuntuCve
UbuntuCve
added 2022/10/17 4:15 p.m.64 views

CVE-2022-2884

A vulnerability in GitLab CE/EE affecting all versions from 11.3.4 prior to 15.1.5, 15.2 to 15.2.3, 15.3 to 15.3 to 15.3.1 allows an an authenticated user to achieve remote code execution via the Import from GitHub API endpoint...

9.9CVSS7.9AI score0.75718EPSS
Exploits4References2
Positive Technologies
Positive Technologies
added 2022/10/17 12:0 a.m.4 views

PT-2022-25879 · 74Cmsse · 74Cmsse

Name of the Vulnerable Software and Affected Versions: 74cmsSE version 3.12.0 Description: The issue allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Title field. This is achieved through the /api/admin/notice/add API endpoint. Recommendations: For...

5.4CVSS5.6AI score0.00384EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2022/10/17 12:0 a.m.5 views

PT-2022-25865 · Xzs · Xzs

Name of the Vulnerable Software and Affected Versions: xzs version 3.8.0 Description: The issue allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Title text field in the /admin/question/edit API endpoint. This enables the execution of malicious code...

5.4CVSS6AI score0.00628EPSS
Exploits1References7
Positive Technologies
Positive Technologies
added 2022/10/17 12:0 a.m.4 views

PT-2022-26294 · Tenda · Tenda Ac10

Name of the Vulnerable Software and Affected Versions: Tenda AC10 version 15.03.06.23 Description: The issue is related to a stack overflow vulnerability. This vulnerability can be exploited via the API endpoint "/goform/fromSetIpMacBind". Recommendations: For Tenda AC10 version 15.03.06.23, as a...

9.8CVSS9.3AI score0.00928EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2022/10/17 12:0 a.m.5 views

PT-2022-26291 · Tenda · Tenda Ac10

Name of the Vulnerable Software and Affected Versions: Tenda AC10 version 15.03.06.23 Description: The issue is related to a stack overflow vulnerability. This vulnerability can be exploited via the "/goform/formSetDeviceName" API endpoint. Recommendations: For Tenda AC10 version 15.03.06.23, as ...

9.8CVSS9.4AI score0.00928EPSS
Exploits1References4
CVE
CVE
added 2022/10/17 12:0 a.m.2137 views

CVE-2022-2992

CVE-2022-2992 is a GitLab GitHub Import API deserialization flaw that enables authenticated users to trigger remote code execution. Affected products are GitLab CE/EE with versions 11.10–11.10.x? (per the wording) and all releases prior to 15.1.6, 15.2 up to 15.2.4, and 15.3 up to 15.3.2. The roo...

9.9CVSS9.4AI score0.86194EPSS
Exploits5References4Affected Software1
Positive Technologies
Positive Technologies
added 2022/10/17 12:0 a.m.5 views

PT-2022-26298 · Tenda · Tenda Ac10

Name of the Vulnerable Software and Affected Versions: Tenda AC10 version 15.03.06.23 Description: The issue is related to a stack overflow vulnerability. This vulnerability can be exploited via the "/goform/saveParentControlInfo" API endpoint. Recommendations: For Tenda AC10 version 15.03.06.23,...

9.8CVSS9.3AI score0.00928EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2022/10/17 12:0 a.m.4 views

PT-2022-26297 · Tenda · Tenda Ac10

Name of the Vulnerable Software and Affected Versions: Tenda AC10 version 15.03.06.23 Description: The issue is related to a stack overflow vulnerability. This vulnerability can be exploited via the API endpoint "/goform/formWifiWpsStart". Recommendations: For Tenda AC10 version 15.03.06.23, as a...

9.8CVSS9.3AI score0.00928EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2022/10/17 12:0 a.m.4 views

PT-2022-26289 · Tenda · Tenda Ac10

Name of the Vulnerable Software and Affected Versions: Tenda AC10 version 15.03.06.23 Description: The issue is related to a stack overflow that can be triggered via the "/goform/fromNatStaticSetting" API endpoint. Recommendations: For Tenda AC10 version 15.03.06.23, consider restricting access t...

9.8CVSS9.4AI score0.00928EPSS
Exploits1References3
Rows per page
Query Builder