Lucene search
K

22 matches found

Nuclei
Nuclei
added 2 hours ago37 views

FortiWeb - Cross Site Scripting

FortiWeb 6.3.0 through 6.3.7 and versions before 6.2.4 contain an unauthenticated cross-site scripting vulnerability. Improper neutralization of input during web page generation can allow a remote attacker to inject malicious payload in vulnerable API end-points. id: CVE-2021-22122 info: name:...

6.1CVSS6.3AI score0.1052EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2026/01/20 2:26 p.m.3 views

CVE-2026-0554 NotificationX <= 3.1.11 - Missing Authorization to Authenticated (Contributor+) Analytics Reset

The NotificationX plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'regenerate' and 'reset' REST API endpoints in all versions up to, and including, 3.1.11. This makes it possible for authenticated attackers, with Contributor-level...

4.3CVSS5.5AI score0.00264EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/07 12:30 a.m.7 views

EUVD-2012-6456

Malware in sbrugna...

7.5CVSS7.5AI score0.02123EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/05/23 4:53 a.m.6 views

CVE-2023-20233

A vulnerability in the Connectivity Fault Management CFM feature of Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on an affected device. This vulnerability is due to incorrect processing of invalid continuity check messages CCMs. ...

6.5CVSS7AI score0.00273EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/07/18 3:39 p.m.19 views

CVE-2024-30473

Dell ECS, versions prior to 3.8.1, contain a privilege elevation vulnerability in user management. A remote high privileged attacker could potentially exploit this vulnerability, gaining access to unauthorized end points...

4.9CVSS0.00328EPSS
Exploits0References1
Debian CVE
Debian CVE
added 2024/01/10 12:33 p.m.39 views

CVE-2023-5455

A Cross-site request forgery vulnerability exists in ipa/session/loginpassword in all supported versions of IPA. This flaw allows an attacker to trick the user into submitting a request that could perform actions as the user, resulting in a loss of confidentiality and system integrity. During...

6.5CVSS6.5AI score0.0057EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2024/01/10 12:0 a.m.32 views

CentOS 7 : ipa (RHSA-2024:0145)

The remote CentOS Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:0145 advisory. - A Cross-site request forgery vulnerability exists in ipa/session/loginpassword in all supported versions of IPA. This flaw allows an attacker to trick the use...

6.5CVSS6.7AI score0.0057EPSS
Exploits0References2
NVD
NVD
added 2023/09/13 5:15 p.m.16 views

CVE-2023-20233

A vulnerability in the Connectivity Fault Management CFM feature of Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on an affected device. This vulnerability is due to incorrect processing of invalid continuity check messages CCMs. ...

6.5CVSS5.5AI score0.00273EPSS
Exploits0References1
Cisco
Cisco
added 2023/09/13 4:0 p.m.27 views

Cisco IOS XR Software Connectivity Fault Management Denial of Service Vulnerability

A vulnerability in the Connectivity Fault Management CFM feature of Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on an affected device. This vulnerability is due to incorrect processing of invalid continuity check messages CCMs. ...

4.3CVSS6.6AI score0.00273EPSS
Exploits0References1
Prion
Prion
added 2021/02/08 4:15 p.m.15 views

Cross site scripting

An improper neutralization of input during web page generation in FortiWeb GUI interface 6.3.0 through 6.3.7 and version before 6.2.4 may allow an unauthenticated, remote attacker to perform a reflected cross site scripting attack XSS by injecting malicious payload in different vulnerable API...

4.3CVSS6AI score0.1052EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2021/02/08 3:55 p.m.18 views

CVE-2021-22122

An improper neutralization of input during web page generation in FortiWeb GUI interface 6.3.0 through 6.3.7 and version before 6.2.4 may allow an unauthenticated, remote attacker to perform a reflected cross site scripting attack XSS by injecting malicious payload in different vulnerable API...

6.3AI score0.1052EPSS
Exploits0References1
NVD
NVD
added 2020/01/28 5:15 p.m.13 views

CVE-2012-6609

Directory traversal vulnerability in agetlog.cgi in Polycom HDX Video End Points before 3.0.4 and UC APL before 2.7.1.J allows remote attackers to read arbitrary files via a .. dot dot in the name parameter...

7.5CVSS7.5AI score0.02123EPSS
Exploits0References2
NVD
NVD
added 2020/01/28 5:15 p.m.18 views

CVE-2012-6610

Polycom HDX Video End Points before 3.0.4 and UC APL before 2.7.1.J allows remote authenticated users to execute arbitrary commands as demonstrated by a ; semicolon to the ping command feature...

9CVSS8.9AI score0.1088EPSS
Exploits0References2
Cvelist
Cvelist
added 2020/01/28 4:28 p.m.24 views

CVE-2012-6609

Directory traversal vulnerability in agetlog.cgi in Polycom HDX Video End Points before 3.0.4 and UC APL before 2.7.1.J allows remote attackers to read arbitrary files via a .. dot dot in the name parameter...

7.4AI score0.02123EPSS
Exploits0References2
CVE
CVE
added 2020/01/28 4:28 p.m.42 views

CVE-2012-6609

CVE-2012-6609 is a directory traversal in Polycom HDX Video Endpoints (before 3.0.4) and UC APL (before 2.7.1.J). An attacker can read arbitrary files by supplying .. in the name parameter via a_getlog.cgi. The NVD entry reports CVSSv2 base score 5.0 (MEDIUM) and CVSSv3.1 base score 7.5 (HIGH), w...

7.5CVSS7.4AI score0.02123EPSS
Exploits0References2Affected Software2
CVE
CVE
added 2020/01/28 4:28 p.m.43 views

CVE-2012-6610

CVE-2012-6610 affects Polycom HDX Video End Points before 3.0.4 and UC APL before 2.7.1.J. The vulnerability is a command injection that allows remote authenticated users to execute arbitrary commands via the ping feature, demonstrated by using a semicolon to inject commands. Evidence from multip...

9CVSS8.8AI score0.1088EPSS
Exploits0References2Affected Software2
Cvelist
Cvelist
added 2020/01/28 4:28 p.m.25 views

CVE-2012-6610

Polycom HDX Video End Points before 3.0.4 and UC APL before 2.7.1.J allows remote authenticated users to execute arbitrary commands as demonstrated by a ; semicolon to the ping command feature...

9AI score0.1088EPSS
Exploits0References2
NVD
NVD
added 2018/04/20 6:29 p.m.18 views

CVE-2018-1289

In Apache Fineract versions 1.0.0, 0.6.0-incubating, 0.5.0-incubating, 0.4.0-incubating, the system exposes different REST end points to query domain specific entities with a Query Parameter 'orderBy' and 'sortOrder' which are appended directly with SQL statements. A hacker/user can inject/draft...

8.8CVSS8.8AI score0.02673EPSS
Exploits0References2
Atlassian
Atlassian
added 2014/02/13 11:39 p.m.22 views

Accept Answer URL should be idempotent and accept PUT or POST requests only

panel:bgColor=e7f4fa NOTE: This bug report is for Confluence Cloud. Using Confluence Server? See the corresponding bug report|http://jira.atlassian.com/browse/CONFSERVER-46610. panel Answers currently users a single URL to both accept and un-accept answers: noformat $baseurl/acceptanswer/$answeri...

0.6AI score
Exploits0Affected Software1
securityvulns
securityvulns
added 2013/01/02 12:0 a.m.27 views

Polycom HDX Video End Points crossite scripting

Crossite scripting in web management interface...

4.3CVSS1.4AI score0.01148EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder