Lucene search
K

58 matches found

Positive Technologies
Positive Technologies
added 2024/02/05 12:0 a.m.4 views

PT-2024-1547

Name of the Vulnerable Software and Affected Versions Fortinet FortiSIEM versions 6.4.0 through 6.4.2 Fortinet FortiSIEM versions 6.5.0 through 6.5.2 Fortinet FortiSIEM versions 6.6.0 through 6.6.3 Fortinet FortiSIEM versions 6.7.0 through 6.7.8 Fortinet FortiSIEM versions 7.0.0 through 7.0.2...

10CVSS9.9AI score0.78375EPSS
Exploits2References58
Vulnrichment
Vulnrichment
added 2024/01/03 1:59 a.m.3 views

CVE-2023-50346 An information disclosure affects DRYiCE MyXalytics

HCL DRYiCE MyXalytics is impacted by an information disclosure vulnerability. Certain endpoints within the application disclose detailed file information...

3.1CVSS6.8AI score0.00314EPSS
Exploits0References1
Snyk
Snyk
added 2023/08/03 6:30 p.m.1 views

Cross-site Scripting (XSS)

Overview org.craftercms:crafter-engine is a Crafter Content Delivery Engine. Affected versions of this package are vulnerable to Cross-site Scripting XSS via API endpoints that reflect some input parameter and do produce XML responses. An attacker can inject malicious scripts by sending crafted...

7.4CVSS5.3AI score0.01304EPSS
Exploits2References2
Vulnrichment
Vulnrichment
added 2022/12/13 3:11 a.m.7 views

CVE-2022-41274

SAP Disclosure Management - version 10.1, allows an authenticated attacker to exploit certain misconfigured application endpoints to read sensitive data. These endpoints are normally exposed over the network and successful exploitation can lead to the exposure of data like financial reports...

6.5CVSS6.8AI score0.00555EPSS
Exploits0References2
CNNVD
CNNVD
added 2022/11/30 12:0 a.m.2 views

Open-Xchange OX App Suite 资源管理错误漏洞

Open-Xchange OX App Suite is an email and productivity suite client software from Open-Xchange Germany. A security vulnerability exists in Open-Xchange OX App Suite version 7.10.6 and earlier, which stems from insufficiently checking that request body sizes are reasonable for certain API endpoint...

5.3CVSS5.8AI score0.00916EPSS
Exploits2References5
Positive Technologies
Positive Technologies
added 2022/11/02 12:0 a.m.3 views

PT-2022-5476 · Cisco · Cisco Email Security Appliance +1

Name of the Vulnerable Software and Affected Versions: Cisco Email Security Appliance affected versions not specified Cisco Secure Email and Web Manager affected versions not specified Description: A vulnerability in the web-based management interface could allow an authenticated, remote attacker...

8.5CVSS6.6AI score0.0075EPSS
Exploits0References7
OSV
OSV
added 2022/10/11 11:15 a.m.6 views

CVE-2022-40179

A vulnerability has been identified in Desigo PXM30-1 All versions V02.20.126.11-41, Desigo PXM30.E All versions V02.20.126.11-41, Desigo PXM40-1 All versions V02.20.126.11-41, Desigo PXM40.E All versions V02.20.126.11-41, Desigo PXM50-1 All versions V02.20.126.11-41, Desigo PXM50.E All versions...

8.1CVSS6AI score0.00305EPSS
Exploits0References1
CNNVD
CNNVD
added 2022/08/25 12:0 a.m.9 views

Atlassian Bitbucket Server 安全漏洞

Atlassian Bitbucket Server is a Git code hosting solution from Atlassian Australia. The solution is capable of managing and reviewing code with features such as diff views, JIRA integration, and build integration.A command execution vulnerability exists in Atlassian Bitbucket Server and Data...

8.8CVSS7.8AI score0.99077EPSS
Exploits24References7
NVD
NVD
added 2022/06/02 2:15 p.m.10 views

CVE-2022-29540

resi-calltrace in RESI Gemini-Net 4.2 is affected by Multiple XSS issues. Unauthenticated remote attackers can inject arbitrary web script or HTML into an HTTP GET parameter that reflects user input without sanitization. This exists on numerous application endpoints,...

6.1CVSS0.00734EPSS
Exploits0References2
Prion
Prion
added 2022/06/02 2:15 p.m.12 views

Cross site scripting

resi-calltrace in RESI Gemini-Net 4.2 is affected by Multiple XSS issues. Unauthenticated remote attackers can inject arbitrary web script or HTML into an HTTP GET parameter that reflects user input without sanitization. This exists on numerous application endpoints,...

4.3CVSS6AI score0.00734EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2022/05/31 8:34 p.m.20 views

CVE-2022-29540

resi-calltrace in RESI Gemini-Net 4.2 is affected by Multiple XSS issues. Unauthenticated remote attackers can inject arbitrary web script or HTML into an HTTP GET parameter that reflects user input without sanitization. This exists on numerous application endpoints,...

6.1AI score0.00734EPSS
Exploits0References2
OSV
OSV
added 2022/05/14 3:57 a.m.6 views

GHSA-8572-5JRG-MX52 Exposure of Sensitive Information in Jenkins Core

Jenkins before 2.3 and LTS before 1.651.2 allow remote authenticated users with read access to obtain sensitive plugin installation information by leveraging missing permissions checks in unspecified XML/JSON API endpoints...

4.3CVSS6.8AI score0.01926EPSS
Exploits0References5
Prion
Prion
added 2021/10/12 3:15 p.m.19 views

Information disclosure

SAP BusinessObjects Analysis edition for OLAP - versions 420, 430, allows an attacker to exploit certain application endpoints to read sensitive data. These endpoints are normally exposed over the network and successful exploitation could lead to exposure of some system specific data like its...

5CVSS5.1AI score0.00823EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2021/09/22 12:0 a.m.4 views

PT-2021-5380 · Cisco · Cisco Sd-Wan Vmanage

Name of the Vulnerable Software and Affected Versions: Cisco SD-WAN vManage Software affected versions not specified Description: The issue is related to insufficient protection of registration data in the disaster recovery feature of Cisco SD-WAN vManage Software. This could allow a remote...

6.5CVSS6.5AI score0.00944EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2020/01/31 12:0 a.m.4 views

PT-2020-19874 · Hashicorp +1 · Hashicorp Consul +2

Name of the Vulnerable Software and Affected Versions: HashiCorp Consul and Consul Enterprise versions 1.4.1 through 1.6.2 Description: The issue results from the non-uniform enforcement of Access Control Lists ACLs across all API endpoints, potentially leading to unintended information disclosur...

7.5CVSS6.5AI score0.02851EPSS
Exploits1References27
Prion
Prion
added 2018/07/05 4:29 p.m.13 views

Cross site request forgery (csrf)

railsadmin ruby gem v1.1.1 is vulnerable to cross-site request forgery CSRF attacks. Non-GET methods were not validating CSRF tokens and, as a result, an attacker could hypothetically gain access to the application administrative endpoints exposed by the gem...

6.8CVSS7.3AI score0.00983EPSS
Exploits1References3Affected Software1
Positive Technologies
Positive Technologies
added 2007/10/14 12:0 a.m.9 views

PT-2007-6476 · Unknown · Crs Manager

Name of the Vulnerable Software and Affected Versions: CRS Manager affected versions not specified Description: The issue concerns multiple PHP remote file inclusion vulnerabilities. These vulnerabilities allow remote attackers to execute arbitrary PHP code via a URL in the DOCUMENT ROOT paramete...

7.5CVSS8AI score0.0322EPSS
Exploits1References9
Positive Technologies
Positive Technologies
added 2007/02/07 12:0 a.m.6 views

PT-2007-2274 · Atsphp · Atsphp

Name of the Vulnerable Software and Affected Versions: Atsphp version 5.0.1 Description: Multiple PHP remote file inclusion issues allow remote attackers to execute arbitrary PHP code via a URL in the CONFpath parameter to API endpoints such as "index.php", "sources/usercp.php", or...

7.5CVSS8AI score0.01209EPSS
Exploits0References4
Rows per page
Query Builder