Lucene search
K

123 matches found

RedhatCVE
RedhatCVE
added 2025/05/22 5:10 p.m.11 views

CVE-2020-35284

Flamingo aka FlamingoIM through 2020-09-29 allows ../ directory traversal because the only ostensibly unpredictable part of a file-transfer request is an MD5 computation; however, this computation occurs on the client side, and the computation details can be easily determined because the product'...

7.5CVSS7.2AI score0.01617EPSS
Exploits1
RedhatCVE
RedhatCVE
added 2025/05/22 3:40 p.m.5 views

CVE-2020-6200

The SAP Commerce SmartEdit Extension, versions- 6.6, 6.7, 1808, 1811, is vulnerable to client-side angularjs template injection, a variant of Cross-Site-Scripting XSS that exploits the templating facilities of the angular framework...

5.4CVSS6.5AI score0.00536EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/21 9:4 p.m.10 views

CVE-2003-0745

SNMPc 6.0.8 and earlier performs authentication to the server on the client side, which allows remote attackers to gain privileges by decrypting the password that is returned by the server...

10CVSS7.8AI score0.02363EPSS
Exploits0References1
FreeBSD
FreeBSD
added 2025/05/12 12:0 a.m.11 views

www/varnish7 -- Request Smuggling Attack

The Varnish Development Team reports: A client-side desync vulnerability can be triggered in Varnish Cache and Varnish Enterprise. This vulnerability can be triggered under specific circumstances involving malformed HTTP/1 requests. An attacker can abuse a flaw in Varnish's handling of chunked...

7.1AI score
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/04/30 12:0 a.m.4 views

PT-2025-18332 · Hcl · Hcl Domino Volt

Name of the Vulnerable Software and Affected Versions: HCL Domino Volt affected versions not specified Description: The issue is related to improper sanitization of SVG files, which allows client-side script injection in deployed applications. This can potentially lead to malicious script executi...

4.6CVSS6.4AI score0.00182EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2025/04/26 9:7 p.m.16 views

CVE-2022-44759

Improper sanitization of SVG files in HCL Leap allows client-side script injection in deployed applications...

4.6CVSS7.2AI score0.00182EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/04/26 5:28 p.m.13 views

CVE-2024-30147

Multiple vectors in HCL Leap allow client-side script injection in the authoring environment and deployed applications...

6.5CVSS7.2AI score0.0021EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/04/17 3:37 p.m.8 views

CVE-2024-45712

SolarWinds Serv-U is vulnerable to a client-side cross-site scripting XSS vulnerability. The vulnerability can only be performed by an authenticated account, on the local machine, from the local browser session. Therefore the risk is very low...

2.6CVSS5.6AI score0.00328EPSS
Exploits1References4
Vulnrichment
Vulnrichment
added 2025/04/15 8:39 a.m.8 views

CVE-2024-45712 SolarWinds Serv-U Client-Side Cross-Site Scripting Vulnerability

SolarWinds Serv-U is vulnerable to a client-side cross-site scripting XSS vulnerability. The vulnerability can only be performed by an authenticated account, on the local machine, from the local browser session. Therefore the risk is very low...

2.6CVSS3.4AI score0.00328EPSS
Exploits1References2
CVE
CVE
added 2025/04/15 8:39 a.m.83 views

CVE-2024-45712

CVE-2024-45712 affects SolarWinds Serv-U. The vulnerability is a client-side cross-site scripting (XSS) issue that can be exploited only by an authenticated user from the local browser session. The documented risk is described as very low. Affected guidance indicates versions prior to 15.5.1 are ...

5.4CVSS3.4AI score0.00328EPSS
Exploits1References2Affected Software1
Tenable Nessus
Tenable Nessus
added 2025/04/15 12:0 a.m.9 views

SolarWinds Serv-U 15.0 < 15.5.1 XSS

The version of SolarWinds Serv-U installed on the remote host is prior to 15.5.1. It is, therefore, affected by a vulnerability as referenced in the solarwindsserv-u1551 advisory. - SolarWinds Serv-U is vulnerable to a client-side cross-site scripting XSS vulnerability. The vulnerability can only...

5.4CVSS5.2AI score0.00328EPSS
Exploits1References2
NVD
NVD
added 2025/04/14 12:15 p.m.22 views

CVE-2024-49705

Internet Starter, one of SoftCOM iKSORIS system modules, is vulnerable to client-side Denial of Servise DoS attacks. An attacker might trick a user into using an URL with a d parameter set to an unhandled value. All the subsequent requests will not be accepted as the server returns an error...

6.5CVSS0.00286EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/04/02 5:32 a.m.12 views

CVE-2025-24517

Use of client-side authentication issue exists in CHOCO TEI WATCHER mini IB-MCT001 all versions. If this issue is exploited, a remote attacker may obtain the product login password without authentication...

7.5CVSS7.7AI score0.00787EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/03/28 6:22 p.m.21 views

CVE-2025-2499

Client side access control bypass in the permission component in Devolutions Remote Desktop Manager on Windows. An authenticated user can exploit this flaw to bypass certain permission restrictions—specifically View Password, Edit Asset, and Edit Permissions by performing specific actions. This...

5.4CVSS7AI score0.00363EPSS
Exploits0References3
CVE
CVE
added 2025/03/26 5:14 p.m.63 views

CVE-2025-2499

CVE-2025-2499 affects Devolutions Remote Desktop Manager for Windows. The issue is a client-side access control bypass in the permission component, allowing an authenticated user to bypass specific restrictions (View Password, Edit Asset, Edit Permissions) by performing certain actions. Affected ...

5.4CVSS7AI score0.00363EPSS
Exploits0References1Affected Software1
RedhatCVE
RedhatCVE
added 2025/03/15 6:16 a.m.7 views

CVE-2024-52960

A client-side enforcement of server-side security vulnerability CWE-602 in Fortinet FortiSandbox version 5.0.0, 4.4.0 through 4.4.6 and before 4.2.7 allows an authenticated attacker with at least read-only permission to execute unauthorized commands via crafted requests...

8.8CVSS7.2AI score0.00305EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/03/11 2:54 p.m.9 views

CVE-2024-52960

A client-side enforcement of server-side security vulnerability CWE-602 in Fortinet FortiSandbox version 5.0.0, 4.4.0 through 4.4.6 and before 4.2.7 allows an authenticated attacker with at least read-only permission to execute unauthorized commands via crafted requests...

4.3CVSS0.00305EPSS
Exploits0References1
OpenVAS
OpenVAS
added 2024/12/23 12:0 a.m.7 views

Mageia: Security Advisory (MGASA-2024-0395)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

5.3CVSS7.5AI score0.00835EPSS
Exploits0References5
BDU FSTEC
BDU FSTEC
added 2024/12/19 12:0 a.m.9 views

The vulnerability of the client-side and server-side implementations of the SSHv2 asyncssh protocol in Python programming language allows attackers to carry out “man-in-the-middle” type attacks.

The vulnerability of the client-side and server-side implementations of the SSHv2 asyncssh protocol in Python lies in the ability to bypass authentication using a user-controlled key. Exploiting this vulnerability allows an attacker to perform “man-in-the-middle” attacks remotely...

7.1CVSS6.6AI score0.00867EPSS
Exploits0References12Affected Software5
FreeBSD
FreeBSD
added 2024/12/17 12:0 a.m.7 views

www/varnish7 -- client-side desync vulnerability

The Varnish Development Team reports: A client-side desync vulnerability can be triggered in Varnish Cache and Varnish Enterprise. This vulnerability can be triggered under specific circumstances involving malformed HTTP/1 requests...

5.4CVSS6.9AI score0.00289EPSS
Exploits0References1
Rows per page
Query Builder