Lucene search
K

56 matches found

ATTACKERKB
ATTACKERKB
added 2023/05/11 8:47 a.m.4 views

CVE-2022-46308

SGUDA U-Lock central lock control service’s user management function has incorrect authorization. A remote attacker with general user privilege can exploit this vulnerability to call privileged APIs to access, modify and delete user information...

8.8CVSS7.4AI score0.00734EPSS
Exploits0References2
CNNVD
CNNVD
added 2023/03/29 12:0 a.m.5 views

Xiaomi router 访问控制错误漏洞

Xiaomi router is a series of wireless routers from Chinese company Xiaomi. A security vulnerability exists in firmware version 2020 of the Xiaomi router, which stems from the lack of access control policies on some API interfaces, which could lead to WIFI password leakage and allow attackers to...

7.5CVSS7.4AI score0.01031EPSS
Exploits0References2
SUSE CVE
SUSE CVE
added 2023/02/15 4:52 a.m.6 views

SUSE CVE-2017-3253

Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE subcomponent: 2D. Supported versions that are affected are Java SE: 6u131, 7u121 and 8u112; Java SE Embedded: 8u111; JRockit: R28.3.12. Easily exploitable vulnerability allows unauthenticated attacker with network...

7.5CVSS8.3AI score0.03868EPSS
Exploits0References9
SUSE CVE
SUSE CVE
added 2023/02/15 4:34 a.m.4 views

SUSE CVE-2018-2637

Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE subcomponent: JMX. Supported versions that are affected are Java SE: 6u171, 7u161, 8u152 and 9.0.1; Java SE Embedded: 8u151; JRockit: R28.3.16. Difficult to exploit vulnerability allows unauthenticated attacker wi...

7.4CVSS6.4AI score0.04618EPSS
Exploits0References13
OSV
OSV
added 2023/02/09 5:15 p.m.4 views

CVE-2022-48299

The WMS module lacks the authentication mechanism in some APIs. Successful exploitation of this vulnerability may affect data confidentiality...

7.5CVSS5.8AI score0.00417EPSS
Exploits0References2
CNNVD
CNNVD
added 2023/01/03 12:0 a.m.4 views

EasyTest 安全漏洞

Huaqi Digital Technology Easytest is an online learning quiz platform of China Huaqi Digital Technology Company. A security vulnerability exists in EasyTest. A remote attacker can exploit this vulnerability to bypass intended access restrictions, call API functions, manipulate the system, and...

8.8CVSS8.1AI score0.00794EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2022/05/24 5:21 p.m.4 views

Mattermost Server exposes account details to any Team Administrator

An issue was discovered in Mattermost Server before 3.0.0. It offers superfluous APIs for a Team Administrator to view account details...

4.3CVSS6.9AI score0.00651EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2022/01/28 8:15 p.m.4 views

CVE-2021-40416

An incorrect default permission vulnerability exists in the cgiserver.cgi cgicheckability functionality of reolink RLC-410W v3.0.0.13620121102. All the Get APIs that are not included in cgicheckability are already executable by any logged-in users. An attacker can send an HTTP request to trigger...

8.8CVSS7.1AI score0.00867EPSS
Exploits1References1
OSV
OSV
added 2022/01/10 2:10 p.m.2 views

CVE-2021-39998

There is Vulnerability of APIs being concurrently called for multiple times in HwConnectivityExService a in smartphones. Successful exploitation of this vulnerability may cause the system to crash and restart...

7.5CVSS5.8AI score0.00697EPSS
Exploits0References2
Gitee
Gitee
added 2021/08/22 7:39 p.m.4 views

Pocsuite

This project is an open-sourced remote vulnerability testing and proof-of-concept development framework called Pocsuite. It is developed by the Knownsec 404 Team and supports Python 2.6+. The framework comes with a powerful proof-of-concept engine and many niche features for penetration testers a...

7.1AI score
Exploits0
Positive Technologies
Positive Technologies
added 2020/09/08 12:0 a.m.1 views

PT-2020-3961 · Microsoft · Sharepoint Foundation +1

Name of the Vulnerable Software and Affected Versions: Microsoft SharePoint Server affected versions not specified Microsoft SharePoint Foundation affected versions not specified Microsoft SharePoint Enterprise Server affected versions not specified Description: A remote code execution issue exis...

9.9CVSS9.2AI score0.01954EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2020/07/14 12:0 a.m.6 views

PT-2020-3529

Name of the Vulnerable Software and Affected Versions Java SE versions 7u261 and 8u251 Java SE Embedded version 8u251 Description The issue is related to insufficient input validation in the Libraries component of Oracle Java SE and Java SE Embedded. This can be exploited by an unauthenticated...

8.3CVSS7.2AI score0.37618EPSS
Exploits0References303
ATTACKERKB
ATTACKERKB
added 2019/08/06 6:15 p.m.1 views

CVE-2019-13143

An HTTP parameter pollution issue was discovered on Shenzhen Dragon Brothers Fingerprint Bluetooth Round Padlock FB50 2.3. With the user ID, user name, and the lock's MAC address, anyone can unbind the existing owner of the lock, and bind themselves instead. This leads to complete takeover of the...

9.8CVSS5.6AI score0.03061EPSS
Exploits1References3
CNVD
CNVD
added 2019/07/16 12:0 a.m.2 views

Unspecified vulnerability in Amcrest IPM-721S (CNVD-2019-24190)

The Amcrest IPM-721S is a wireless IP camera from Amcrest. An unspecified vulnerability exists in the Amcrest IPM-721S V2.420.AC00.16.R.20160909 release. An attacker can exploit the vulnerability by leveraging HTTP APIs to add an administrative user to the web management interface and perform...

8.8CVSS6.8AI score0.01661EPSS
Exploits1References1
CNVD
CNVD
added 2016/07/28 12:0 a.m.2 views

Unauthorized Access Vulnerability in Sandbox Profiles Component of Multiple Apple Products

Apple iOS, OS X, tvOS, and watchOS are products of Apple Inc. Apple iOS is an operating system for mobile devices; OS X is a specialized operating system for Mac computers; tvOS is an operating system for smart TVs; and watchOS is an operating system for smart watches. Sandbox Profiles is one of...

7.8CVSS6.4AI score0.01253EPSS
Exploits0References1
CNVD
CNVD
added 2016/02/26 12:0 a.m.5 views

CloudBees Jenkins CI and LTS Arbitrary Code Execution Vulnerability

CloudBees Jenkins CI is a set of Java-based development of continuous integration tools , it is mainly used to monitor the continuous software version of the release/testing project and some of the timed execution of the task . LTS is a long-term support for CloudBees Jenkins CI version . A...

9CVSS9.8AI score0.82697EPSS
Exploits23References1
Rows per page
Query Builder