Lucene search
K

444 matches found

OSV
OSV
added 2022/03/14 7:15 p.m.2 views

ALPINE-CVE-2022-20001

fish is a command line shell. fish version 3.1.0 through version 3.3.1 is vulnerable to arbitrary code execution. git repositories can contain per-repository configuration that change the behavior of git, including running arbitrary commands. When using the default configuration of fish, changing...

7.8CVSS8AI score0.01417EPSS
Exploits0References1
The Hacker News
The Hacker News
added 2022/02/15 10:12 a.m.39 views

Experts Warn of Hacking Group Targeting Aviation and Defense Sectors

Entities in the aviation, aerospace, transportation, manufacturing, and defense industries have been targeted by a persistent threat group since at least 2017 as part of a string of spear-phishing campaigns mounted to deliver a variety of remote access trojans RATs on compromised systems. The use...

0.4AI score
Exploits0
NVD
NVD
added 2022/01/21 9:15 p.m.12 views

CVE-2022-22552

Dell EMC AppSync versions 3.9 to 4.3 contain a clickjacking vulnerability in AppSync. A remote unauthenticated attacker could potentially exploit this vulnerability to trick the victim into executing state changing operations...

6.9CVSS0.00689EPSS
Exploits0References1
Prion
Prion
added 2022/01/21 9:15 p.m.11 views

Spoofing

Dell EMC AppSync versions 3.9 to 4.3 contain a clickjacking vulnerability in AppSync. A remote unauthenticated attacker could potentially exploit this vulnerability to trick the victim into executing state changing operations...

5.8CVSS6.2AI score0.00689EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2022/01/21 8:15 p.m.18 views

CVE-2022-22552

Dell EMC AppSync versions 3.9 to 4.3 contain a clickjacking vulnerability in AppSync. A remote unauthenticated attacker could potentially exploit this vulnerability to trick the victim into executing state changing operations...

6.9CVSS6.8AI score0.00689EPSS
Exploits0References1
Cvelist
Cvelist
added 2021/12/29 7:15 a.m.15 views

CVE-2021-44161 Changing Information Technology Inc. MOTP(Mobile One Time Password) - SQL Injection

Changing MOTP Mobile One Time Password system’s specific function parameter has insufficient validation for user input. A attacker in local area network can perform SQL injection attack to read, modify or delete backend database without authentication...

8.8CVSS9.1AI score0.00495EPSS
Exploits0References1
Huntr
Huntr
added 2021/12/17 8:47 a.m.16 views

Cross-Site Request Forgery (CSRF) in janeczku/calibre-web

Description CSRF on various endpoints Summary Pretty recently CSRF protection in calibre-web was implemented. However, there are some state-changing endpoints that accept GET requests instead of POST. The most impactful route so far, that allows to completely shutdown the server:...

6.8CVSS0.5AI score0.0054EPSS
Exploits1
Huntr
Huntr
added 2021/12/14 6:18 p.m.8 views

Cross-Site Request Forgery (CSRF) in laravelio/laravel.io

Description This CSRF is capable of making a user unintentionally subscribe and unsubscribe to a thread. Proof of Concept Visit https://laravel.io/forum/storing-sessions-as-in-a-storage-bucket/subscribe Visit https://laravel.io/forum/storing-sessions-as-in-a-storage-bucket/unsubscribe Impact One...

6.9AI score
Exploits0
Huntr
Huntr
added 2021/11/20 5:53 a.m.16 views

Cross-Site Request Forgery (CSRF) in kevinpapst/kimai2

CSRF Set 1 modify invoice status Medium severity Description CSRF in saving invoices / modifying status of invoices pending and cancel only Proof of Concept The following state-changing endpoints are vulnerable to CSRF GET...

4.3CVSS3.5AI score0.00505EPSS
Exploits1
Huntr
Huntr
added 2021/11/15 2:59 p.m.8 views

Cross-Site Request Forgery (CSRF) in hdinnovations/unit3d-community-edition

Description More unprotected CSRF endpoints that allows for state-changing operations. 1: GET /dashboard/moderation/1/approve 2: GET /requests/1/accept 3: GET /requests/1/reject 4: GET /requests/1/unclaim 5: GET /requests/1/reset Proof of Concept CLICK ME! Impact This vulnerability is capable of...

2AI score
Exploits0
Huntr
Huntr
added 2021/11/15 5:47 a.m.26 views

Cross-Site Request Forgery (CSRF) in pterodactyl/panel

Description Following state-changing endpoints are vulnerable to CSRF: 1: GET /admin/nodes/view/1/settings/token auto-generates token when token not generated yet 2: GET /admin/settings/mail/test The X-CSRF-Token header for the API request is not validated on backend, should be a POST request to...

0.2AI score
Exploits0
CNNVD
CNNVD
added 2021/11/03 12:0 a.m.5 views

Cisco Umbrella 安全漏洞

Cisco Umbrella is a suite of cloud security platforms from Cisco. The platform prevents cyber threats such as phishing, malware and ransomware. Cisco Umbrella suffers from an enumeration vulnerability that stems from an overly descriptive error message appearing on the dashboard when a user...

4.3CVSS5.7AI score0.00845EPSS
Exploits0References4
NVD
NVD
added 2021/10/04 5:15 p.m.22 views

CVE-2021-36850

Cross-Site Request Forgery CSRF vulnerability in WordPress Media File Renamer – Auto & Manual Rename plugin versions = 5.1.9. Affected parameters "posttitle", "filename", "lock". This allows changing the uploaded media title, media file name, and media locking state...

5.4CVSS0.00423EPSS
Exploits1References2
Cvelist
Cvelist
added 2021/10/04 4:57 p.m.22 views

CVE-2021-36850 WordPress Media File Renamer – Auto & Manual Rename plugin <= 5.1.9 - Cross-Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability in WordPress Media File Renamer – Auto & Manual Rename plugin versions = 5.1.9. Affected parameters "posttitle", "filename", "lock". This allows changing the uploaded media title, media file name, and media locking state...

5.4CVSS5.9AI score0.00423EPSS
Exploits1References2
Trend Micro Simply Security
Trend Micro Simply Security
added 2021/08/13 12:0 a.m.17 views

#LetsTalkSecurity - Security at the Speed of Change

Let's Talk Security: Season 02 // Episode 05: Host, Rik Ferguson, interviews Vice President and Chief Information Security Officer for Carrier, Nicole Darden Ford. Together they discuss the changing cybersecurity landscape...

1.4AI score
Exploits0
CNNVD
CNNVD
added 2021/07/12 12:0 a.m.4 views

Nextcloud 授权问题漏洞

Nextcloud is a set of open source self-hosted file synchronization and sharing communication application platform from Nextcloud, Germany. A security vulnerability exists in Nextcloud Server that stems from a lack of privilege checking in Nextcloud Server, where tokens are able to change their ow...

8.8CVSS5.6AI score0.02309EPSS
Exploits0References8
NVD
NVD
added 2021/06/25 12:15 p.m.29 views

CVE-2021-28958

Zoho ManageEngine ADSelfService Plus through 6101 is vulnerable to unauthenticated Remote Code Execution while changing the password...

9.8CVSS0.73126EPSS
Exploits0References4
OSV
OSV
added 2021/05/21 8:15 p.m.2 views

CVE-2021-21549

Dell EMC XtremIO Versions prior to 6.3.3-8, contain a Cross-Site Request Forgery Vulnerability in XMS. A non-privileged attacker could potentially exploit this vulnerability, leading to a privileged victim application user being tricked into sending state-changing requests to the vulnerable...

8.8CVSS5.8AI score0.00429EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2021/04/30 5:34 p.m.166 views

Authentication bypass in Apache Airflow

The previous default setting for Airflow's Experimental API was to allow all API requests without authentication, but this poses security risks to users who miss this fact. From Airflow 1.10.11 the default has been changed to deny all requests by default and is documented at...

9.8CVSS9.3AI score0.997EPSS
Exploits8References12Affected Software1
Trend Micro Simply Security
Trend Micro Simply Security
added 2021/03/17 12:0 a.m.10 views

How XDR can enable your enterprise

Extended detection and response XDR provides enhanced visibility, detection, and response across your entire IT infrastructure—enabling you to be more resilient in the face of ever-changing attacks...

2.8AI score
Exploits0
Rows per page
Query Builder