Lucene search
K

65 matches found

Cvelist
Cvelist
added 2024/06/03 9:35 p.m.28 views

CVE-2023-24373 WordPress Booking calendar, Appointment Booking System plugin <= 3.2.3 - Bypass vulnerability

External Control of Assumed-Immutable Web Parameter vulnerability in WpDevArt Booking calendar, Appointment Booking System allows Manipulating Hidden Fields.This issue affects Booking calendar, Appointment Booking System: from n/a through 3.2.3...

3.7CVSS4.3AI score0.00354EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2024/04/29 12:0 a.m.13 views

Fedora 40 : rubygem-httparty (2024-a1ce4ef332)

The remote Fedora 40 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-a1ce4ef332 advisory. Automatic update for rubygem-httparty-0.21.0-1.fc40. Changelog Fri Jan 5 2024 Vt Ondruch - 0.21.0-1 - Update to HTTParty 0.20.0. Resolves: rhbz17016...

5.3CVSS5.8AI score0.0129EPSS
Exploits1References2
NVD
NVD
added 2023/10/09 1:15 p.m.30 views

CVE-2023-43697

Modification of Assumed-Immutable Data MAID in RDT400 in SICK APU allows an unprivileged remote attacker to make the site unable to load necessary strings via changing file paths using HTTP requests...

6.5CVSS6.4AI score0.00646EPSS
Exploits0References3
OSV
OSV
added 2023/10/09 1:15 p.m.5 views

CVE-2023-43697

Modification of Assumed-Immutable Data MAID in RDT400 in SICK APU allows an unprivileged remote attacker to make the site unable to load necessary strings via changing file paths using HTTP requests...

6.5CVSS5.6AI score0.00646EPSS
Exploits0References3
Prion
Prion
added 2023/10/09 1:15 p.m.16 views

Design/Logic Flaw

Modification of Assumed-Immutable Data MAID in RDT400 in SICK APU allows an unprivileged remote attacker to make the site unable to load necessary strings via changing file paths using HTTP requests...

6.4CVSS6.4AI score0.00646EPSS
Exploits0References3Affected Software1
Vulnrichment
Vulnrichment
added 2023/10/09 12:3 p.m.10 views

CVE-2023-43697

Modification of Assumed-Immutable Data MAID in RDT400 in SICK APU allows an unprivileged remote attacker to make the site unable to load necessary strings via changing file paths using HTTP requests...

6.5CVSS7.1AI score0.00646EPSS
Exploits0References3
OSV
OSV
added 2023/09/14 7:16 p.m.6 views

CVE-2023-4669

Authentication Bypass by Assumed-Immutable Data vulnerability in Exagate SYSGuard 3001 allows Authentication Bypass.This issue affects SYSGuard 3001: before 3.2.20.0...

9.8CVSS5.8AI score0.00959EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2023/09/14 7:16 p.m.6 views

CVE-2023-4669

Authentication Bypass by Assumed-Immutable Data vulnerability in Exagate SYSGuard 3001 allows Authentication Bypass. This issue affects SYSGuard 3001: before 3.2.20.0...

9.8CVSS7.3AI score0.00959EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2023/09/14 6:34 p.m.16 views

CVE-2023-4669 Authentication Bypass in Exagate SYSGuard 3001

Authentication Bypass by Assumed-Immutable Data vulnerability in Exagate SYSGuard 3001 allows Authentication Bypass. This issue affects SYSGuard 3001: before 3.2.20.0...

9.8CVSS7.3AI score0.00959EPSS
Exploits0References2
Cvelist
Cvelist
added 2023/09/14 6:34 p.m.32 views

CVE-2023-4669 Authentication Bypass in Exagate SYSGuard 3001

Authentication Bypass by Assumed-Immutable Data vulnerability in Exagate SYSGuard 3001 allows Authentication Bypass. This issue affects SYSGuard 3001: before 3.2.20.0...

9.8CVSS9.7AI score0.00959EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2023/09/14 12:0 a.m.4 views

PT-2023-30161

Name of the Vulnerable Software and Affected Versions Exagate SYSGuard 3001 versions prior to 3.2.20.0 Description The issue is related to an Authentication Bypass by Assumed-Immutable Data vulnerability, which allows for authentication bypass. This vulnerability affects Exagate SYSGuard 3001...

9.8CVSS7.3AI score0.00959EPSS
Exploits0References9
Snyk
Snyk
added 2023/01/03 1:36 p.m.1 views

External Control of Assumed-Immutable Web Parameter

Overview Affected versions of this package are vulnerable to External Control of Assumed-Immutable Web Parameter due to improper escape of the " character in the generatemultipart function, which allows injecting malicious content to the filename parameter via the Content-Disposition header. PoC...

6.5CVSS7AI score0.0129EPSS
Exploits1References2
NVD
NVD
added 2022/12/19 11:15 a.m.19 views

CVE-2022-3875

A vulnerability classified as critical was found in Click Studios Passwordstate and Passwordstate Browser Extension Chrome. This vulnerability affects unknown code of the component API. The manipulation leads to authentication bypass by assumed-immutable data. The attack can be initiated remotely...

7.5CVSS0.00968EPSS
Exploits1References3
Cvelist
Cvelist
added 2022/12/19 12:0 a.m.23 views

CVE-2022-3875 Click Studios Passwordstate API authentication bypass by assumed-immutable data

A vulnerability classified as critical was found in Click Studios Passwordstate and Passwordstate Browser Extension Chrome. This vulnerability affects unknown code of the component API. The manipulation leads to authentication bypass by assumed-immutable data. The attack can be initiated remotely...

7.3CVSS8.1AI score0.00968EPSS
Exploits1References3
Github Security Blog
Github Security Blog
added 2022/05/19 12:0 a.m.34 views

External Control of Assumed-Immutable Web Parameter in moodle

A flaw was found in moodle where the description user field was not hidden when being set as a hidden user field...

5.3CVSS7.1AI score0.01213EPSS
Exploits0References9Affected Software1
OSV
OSV
added 2022/05/19 12:0 a.m.27 views

GHSA-X6GM-QQWP-76GR External Control of Assumed-Immutable Web Parameter in moodle

A flaw was found in moodle where the description user field was not hidden when being set as a hidden user field...

5.3CVSS6.9AI score0.01213EPSS
Exploits0References9
Prion
Prion
added 2022/05/04 3:15 p.m.16 views

Code injection

DISPUTED Experian Hunter 1.16 allows remote authenticated users to modify assumed-immutable elements via the 1 rule name parameter to the Rules page or the 2 subrule name or 3 categories name parameter to the Subrules page. NOTE: the vendor disputes this because version 1.16 has never existed...

4CVSS4.5AI score0.00944EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2022/05/04 2:23 p.m.27 views

CVE-2022-29950

Experian Hunter 1.16 allows remote authenticated users to modify assumed-immutable elements via the 1 rule name parameter to the Rules page or the 2 subrule name or 3 categories name parameter to the Subrules page. NOTE: the vendor disputes this because version 1.16 has never existed...

4.7AI score0.00944EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2022/05/04 12:0 a.m.3 views

PT-2022-19930 · Experian · Experian Hunter

Name of the Vulnerable Software and Affected Versions: Experian Hunter version 1.16 Description: The issue allows remote authenticated users to modify assumed-immutable elements. This can be achieved via the rule name parameter to the "Rules page" or the subrule name or categories name parameter ...

4.3CVSS6.7AI score0.00944EPSS
Exploits1References7
ICS
ICS
added 2021/09/14 12:0 a.m.78 views

Siemens SINEMA Remote Connect Server

1. EXECUTIVE SUMMARY CVSS v3 7.4 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: SINEMA Remote Connect Server Vulnerabilities: Modification of Assumed-Immutable Data, Improper Access Control, Exposure of Sensitive Information to an Unauthorized Actor, Improper...

6.5CVSS5.8AI score0.00375EPSS
Exploits0References11
Rows per page
Query Builder