Lucene search
K

636 matches found

CVE
CVE
added 2024/10/23 5:30 p.m.50 views

CVE-2024-20379

Cisco Secure Firewall Management Center (FMC) Software contains a vulnerability in its web-based management interface that could allow an authenticated, remote attacker to read arbitrary files from the underlying operating system. The issue arises from improper validation of user-supplied input; ...

6.5CVSS6.3AI score0.00615EPSS
Exploits0References1Affected Software2
NVD
NVD
added 2024/10/23 5:15 p.m.14 views

CVE-2024-20275

A vulnerability in the cluster backup feature of Cisco Secure Firewall Management Center FMC Software, formerly Firepower Management Center Software, could allow an authenticated, remote attacker to execute arbitrary commands on the underlying operating system. This vulnerability is due to...

6.1CVSS0.00509EPSS
Exploits0References3
CVE
CVE
added 2024/10/23 5:9 p.m.53 views

CVE-2024-20340

The CVE-2024-20340 issue affects Cisco Secure Firewall Management Center (formerly Firepower FMC) web-based management. The vulnerability is an SQL injection caused by insufficient validation of user-supplied input in the FMC web interface, exploitable by an authenticated attacker who has a valid...

6.5CVSS6.1AI score0.00448EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2024/10/23 5:7 p.m.54 views

CVE-2024-20275

Cisco Secure Firewall Management Center (FMC) Software’s cluster backup feature is vulnerable due to insufficient validation of data from the web-based management interface. An authenticated user with Network Administrator privileges could trigger a near-user action (cluster backup) to cause the ...

6.1CVSS6.6AI score0.00509EPSS
Exploits0References3Affected Software1
BDU FSTEC
BDU FSTEC
added 2024/10/23 12:0 a.m.5 views

The vulnerability of the application software interface of the Trend Micro Cloud Edge device for comprehensive network security management allows a perpetrator to execute arbitrary code.

The vulnerability of the application software interface of the Trend Micro Cloud Edge device for comprehensive network security management is related to the failure to take measures for data cleaning at the management level. Exploiting this vulnerability allows a malicious actor to execute...

10CVSS8.4AI score0.0246EPSS
Exploits0References5Affected Software1
Cvelist
Cvelist
added 2024/10/03 12:0 a.m.19 views

CVE-2024-34535

In Mastodon 4.1.6, API endpoint rate limiting can be bypassed by setting a crafted HTTP request header...

0.00371EPSS
Exploits0References2
OSV
OSV
added 2024/10/02 7:15 p.m.5 views

CVE-2024-20499

Multiple vulnerabilities in the Cisco AnyConnect VPN server of Cisco Meraki MX and Cisco Meraki Z Series Teleworker Gateway devices could allow an unauthenticated, remote attacker to cause a DoS condition in the AnyConnect service on an affected device. These vulnerabilities are due to insufficie...

7.5CVSS5.8AI score
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/09/25 12:0 a.m.9 views

CVE-2024-44678

Gigastone TR1 Travel Router R101 v1.0.2 is vulnerable to Command Injection. This allows an authenticated attacker to execute arbitrary commands on the device by sending a crafted HTTP request to the ssid parameter in the request...

7.5AI score0.01289EPSS
Exploits0References2
GithubExploit
GithubExploit
added 2024/09/23 4:11 p.m.74 views

Exploit for CVE-2024-7954

RCECVE-2024-7954 Description: The porteplume plugin used by...

9.8CVSS9.8AI score0.89783EPSS
Exploits10
Vulnrichment
Vulnrichment
added 2024/09/19 4:30 p.m.28 views

CVE-2024-8651 Netcat CMS: user enumeration

A vulnerability in NetCat CMS allows an attacker to send a specially crafted http request that can be used to check whether a user exists in the system, which could be a basis for further attacks. This issue affects NetCat CMS v. 6.4.0.24126.2 and possibly others. Apply patch from vendor...

6.9CVSS7.1AI score0.00427EPSS
Exploits0References1
NVD
NVD
added 2024/09/10 3:15 p.m.23 views

CVE-2023-44254

An authorization bypass through user-controlled key CWE-639 vulnerability in FortiAnalyzer version 7.4.1 and before 7.2.5 and FortiManager version 7.4.1 and before 7.2.5 may allow a remote attacker with low privileges to read sensitive data via a crafted HTTP request...

6.5CVSS0.00529EPSS
Exploits0References1
NVD
NVD
added 2024/09/03 2:15 a.m.18 views

CVE-2024-6343

A buffer overflow vulnerability in the CGI program of Zyxel ATP series firmware versions from V4.32 through V5.38, USG FLEX series firmware versions from V4.50 through V5.38, USG FLEX 50W series firmware versions from V4.16 through V5.38, and USG20W-VPN series firmware versions from V4.16 through...

4.9CVSS0.00605EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/09/03 1:28 a.m.14 views

CVE-2024-6343

A buffer overflow vulnerability in the CGI program of Zyxel ATP series firmware versions from V4.32 through V5.38, USG FLEX series firmware versions from V4.50 through V5.38, USG FLEX 50W series firmware versions from V4.16 through V5.38, and USG20W-VPN series firmware versions from V4.16 through...

4.9CVSS7.2AI score0.00605EPSS
Exploits0References1
Packet Storm
Packet Storm
added 2024/08/31 12:0 a.m.228 views

Brother Debut http Denial Of Service

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Brother Debut http Denial Of Service', 'Description' = %q The Debut embedded HTTP server MSFLICENSE, 'Author' = 'z00n ', vulnerability disclosure...

7.8CVSS7AI score0.59386EPSS
Exploits7
NVD
NVD
added 2024/08/27 8:15 a.m.17 views

CVE-2024-41176

The MPD package included in TwinCAT/BSD allows an authenticated, low-privileged local attacker to induce a Denial-of-Service DoS condition on the daemon and execute code in the context of user “root” via a crafted HTTP request...

7.3CVSS0.00265EPSS
Exploits0References1
OSV
OSV
added 2024/08/27 8:15 a.m.7 views

CVE-2024-41176

The MPD package included in TwinCAT/BSD allows an authenticated, low-privileged local attacker to induce a Denial-of-Service DoS condition on the daemon and execute code in the context of user “root” via a crafted HTTP request...

7.3CVSS5.9AI score0.00265EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/08/27 8:1 a.m.19 views

CVE-2024-41176 Beckhoff: Local Denial of Service issue in package MDP included in TwinCAT/BSD

The MPD package included in TwinCAT/BSD allows an authenticated, low-privileged local attacker to induce a Denial-of-Service DoS condition on the daemon and execute code in the context of user “root” via a crafted HTTP request...

7.3CVSS0.00265EPSS
Exploits0References1
CVE
CVE
added 2024/08/27 8:1 a.m.95 views

CVE-2024-41176

CVE-2024-41176 affects Beckhoff: TwinCAT/BSD MPD package. An authenticated, low-privileged local attacker can cause a DoS in the daemon and execute code in the root context via a crafted HTTP request. Documented impact is local, with potential for full system compromise; exploitation status is no...

7.3CVSS7.1AI score0.00265EPSS
Exploits0References1Affected Software2
Cvelist
Cvelist
added 2024/08/26 12:0 a.m.36 views

CVE-2024-45256

An arbitrary file write issue in the exfiltration endpoint in BYOB Build Your Own Botnet 2.0 allows attackers to overwrite SQLite databases and bypass authentication via an unauthenticated HTTP request with a crafted parameter. This occurs in fileadd in api/files/routes.py...

0.05635EPSS
Exploits3References3
Cvelist
Cvelist
added 2024/08/23 5:43 p.m.25 views

CVE-2024-7954 SPIP porte_plume Plugin Arbitrary PHP Execution

The porteplume plugin used by SPIP before 4.30-alpha2, 4.2.13, and 4.1.16 is vulnerable to an arbitrary code execution vulnerability. A remote and unauthenticated attacker can execute arbitrary PHP as the SPIP user by sending a crafted HTTP request...

9.8CVSS0.89783EPSS
Exploits10References3
Rows per page
Query Builder