Lucene search
+L

275 matches found

OSV
OSV
added 2025/05/21 6:33 p.m.8 views

GHSA-CVGC-MX2W-H3W8 The Front End User Registration extension for TYPO3 (sr_feuser_register) allows Insecure Direct Object Reference

The srfeuserregister extension through 12.4.8 for TYPO3 allows Insecure Direct Object Reference. This allows attackers to read arbitrary files...

8.6CVSS7.1AI score0.00301EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2025/05/20 11:16 p.m.12 views

CVE-2023-5964

The 1E-Exchange-DisplayMessageinstruction that is part of the End-User Interaction product pack available on the 1E Exchange does not properly validate the Caption or Message parameters, which allows for a specially crafted input to perform arbitrary code execution with SYSTEM permissions. This...

9.9CVSS7.7AI score0.00828EPSS
Exploits0References4
Citrix
Citrix
added 2025/04/07 12:0 a.m.21 views

Citrix End User Experience Monitoring service fails to start on the VDA

Citrix End User Experience Monitoring service fails to start. When you try to start the service manually you get the error: service started and then stopped. CDF trace from the VDA shows the event: SemsController,NotMetricRelated Failed to start with exception: System.Security.SecurityException:...

7AI score
Exploits0
OSV
OSV
added 2025/03/27 5:15 p.m.7 views

UBUNTU-CVE-2022-49761

In the Linux kernel, the following vulnerability has been resolved: btrfs: always report error in runonedelayedref Currently we have a btrfsdebug for runonedelayedref failure, but if end users hit such problem, there will be no chance that btrfsdebug is enabled. This can lead to very little usefu...

7.8CVSS6.1AI score0.00182EPSS
Exploits0References7
CVE
CVE
added 2025/03/20 10:10 a.m.49 views

CVE-2024-10719

CVE-2024-10719 affects phpipam 1.5.2, with a stored XSS in the circuits options feature. The vulnerability allows injecting malicious scripts via the option parameter in POST requests to /phpipam/app/admin/circuits/edit-options-submit.php, which can execute in the user’s browser and potentially l...

5.4CVSS3.1AI score0.00312EPSS
Exploits1References2Affected Software1
Vulnrichment
Vulnrichment
added 2024/12/04 7:32 a.m.12 views

CVE-2024-11293 Registration Forms – User Registration Forms, Invitation-Based Registrations, Front-end User Profile, Login Form & Content Restriction Social Sites Login <= 1.7.9 - Authentication Bypass via WordPress.com OAuth provider

The Registration Forms – User Registration Forms, Invitation-Based Registrations, Front-end User Profile, Login Form & Content Restriction Social Sites Login plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 1.7.9. This is due to insufficient...

8.1CVSS8.2AI score0.00517EPSS
Exploits0References2
NVD
NVD
added 2024/11/12 7:15 p.m.23 views

CVE-2023-52268

The End-User Portal module before 1.0.65 for FreeScout sometimes allows an attacker to authenticate as an arbitrary user because a session token can be sent to the /auth endpoint. NOTE: this module is not part of freescout-helpdesk/freescout on GitHub...

9.1CVSS0.00609EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2024/11/12 12:0 a.m.12 views

CVE-2023-52268

The End-User Portal module before 1.0.65 for FreeScout sometimes allows an attacker to authenticate as an arbitrary user because a session token can be sent to the /auth endpoint. NOTE: this module is not part of freescout-helpdesk/freescout on GitHub...

7AI score0.00609EPSS
Exploits1References3
Cvelist
Cvelist
added 2024/11/12 12:0 a.m.23 views

CVE-2023-52268

The End-User Portal module before 1.0.65 for FreeScout sometimes allows an attacker to authenticate as an arbitrary user because a session token can be sent to the /auth endpoint. NOTE: this module is not part of freescout-helpdesk/freescout on GitHub...

0.00609EPSS
Exploits1References3
CVE
CVE
added 2024/11/12 12:0 a.m.61 views

CVE-2023-52268

CVE-2023-52268 affects the FreeScout End-User Portal module pre-1.0.65. The root cause is improper session token handling at the /auth endpoint, enabling an attacker to authenticate as arbitrary users and impersonate them to access their tickets. Impact is high confidentiality/integrity loss with...

9.1CVSS7AI score0.00609EPSS
Exploits1References3
GithubExploit
GithubExploit
added 2024/10/13 2:17 a.m.888 views

Exploit for CVE-2023-52268

FreeScout End-User Portal Authentication Bypass Exploit CVE-2...

9.1CVSS6.9AI score0.00609EPSS
Exploits1
Positive Technologies
Positive Technologies
added 2024/10/12 12:0 a.m.9 views

PT-2024-14501 · Unknown · Freescout End-User Portal

Name of the Vulnerable Software and Affected Versions: FreeScout End-User Portal module versions prior to 1.0.65 Description: The issue allows an attacker to authenticate as an arbitrary user because a session token can be sent to the "/auth" endpoint. Recommendations: For versions prior to 1.0.6...

9.1CVSS7AI score0.00609EPSS
Exploits1References8
RedHat Linux
RedHat Linux
added 2024/10/10 2:0 p.m.10 views

apache-avro: Schema parsing may trigger Remote Code Execution (RCE)

A vulnerability was found in Apache Avro. The project is affected and at risk if it accepts an org.apache.Avro/avroAvro schema for parsing provided by an end user. This flaw allows an attacker to trigger remote code execution by using the special "java-class" attribute...

9.2CVSS7.9AI score0.03256EPSS
Exploits0References4
OSV
OSV
added 2024/09/26 6:15 p.m.3 views

CVE-2024-47122

In the goTenna Pro App, the encryption keys are stored along with a static IV on the End User Device EUD. This allows for complete decryption of keys stored on the EUD if physically compromised. This allows an attacker to decrypt all encrypted broadcast communications based on encryption keys...

6.5CVSS5.8AI score0.00138EPSS
Exploits0References1
Krebs on Security
Krebs on Security
added 2024/09/19 7:39 p.m.9 views

This Windows PowerShell Phish Has Scary Potential

ManyGitHub users this week received a novel phishing email warning of critical security holes in their code. Those who clicked the link for details were asked to distinguish themselves from bots by pressing a combination of keyboard keys that causes Microsoft Windows to download password-stealing...

7AI score
Exploits0
Positive Technologies
Positive Technologies
added 2024/09/11 12:0 a.m.4 views

PT-2024-39177 · Palo Alto Networks · Pan-Os

Name of the Vulnerable Software and Affected Versions: Palo Alto Networks PAN-OS affected versions not specified Description: An information exposure issue exists in the software, allowing a GlobalProtect end user to obtain the configured GlobalProtect uninstall password and the configured disabl...

7.1CVSS6.9AI score0.00405EPSS
Exploits0References16
Tenable Nessus
Tenable Nessus
added 2024/09/06 12:0 a.m.13 views

Atlassian Confluence 7.20.x < 8.5.14 Multiple Vulnerabilities

According to its self-reported version number, the Atlassian Confluence application running on the remote host is prior to 7.19.26, 7.20.x prior to 8.5.14, 8.6.x prior to 8.9.5 or 9.0.x prior to 9.0.1. It is, therefore, affected by a reflected Cross-Site Scripting XSS and a CSRF Cross-Site Reques...

8.2CVSS6.8AI score0.00712EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2024/09/06 12:0 a.m.16 views

Atlassian Confluence 9.0.x < 9.0.1 Multiple Vulnerabilities

According to its self-reported version number, the Atlassian Confluence application running on the remote host is prior to 7.19.26, 7.20.x prior to 8.5.14, 8.6.x prior to 8.9.5 or 9.0.x prior to 9.0.1. It is, therefore, affected by a reflected Cross-Site Scripting XSS and a CSRF Cross-Site Reques...

8.2CVSS6.8AI score0.00712EPSS
Exploits0References2
Cvelist
Cvelist
added 2024/06/10 12:14 p.m.33 views

CVE-2024-5786 Cross-Site Request Forgery vulnerability in Comtrend router

Cross-Site Request Forgery vulnerability in Comtrend router WLD71-T1v2.0.201820, affecting the GRG-4280us version. This vulnerability allows an attacker to force an end user to execute unwanted actions in a web application to which he is authenticated...

6.5CVSS0.00184EPSS
Exploits0References1
NVD
NVD
added 2024/06/06 11:15 p.m.27 views

CVE-2023-37539

The Domino Catalog template is susceptible to a Stored Cross-Site Scripting XSS vulnerability. An attacker with the ability to edit documents in the catalog application/database created from this template can embed a cross site scripting attack. The attack would be activated by an end user clicki...

8.4CVSS0.00306EPSS
Exploits0References1
Rows per page
Query Builder