CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

parisneo/lollms-webui is vulnerable to authentication bypass due to insufficient protection over sensitive endpoints. The application checks if the host parameter is not '0.0.0.0' to restrict access, which is inadequate when the application is bound to a specific interface, allowing unauthorized...

8.2CVSS8.3AI score0.00067EPSS

Exploits1References1

Positive Technologies•added 2022/10/21 12:0 a.m.•1 views

PT-2022-26312 · Unknown · Phpgurukul Hospital Management System

Name of the Vulnerable Software and Affected Versions: PHPGurukul Hospital Management System version 4.0 Description: The issue concerns a Cross Site Scripting XSS vulnerability. It affects the "doctor/view-patient.php", "admin/view-patient.php", and "view-medhistory.php" endpoints...

5.4CVSS5.3AI score0.00224EPSS

Exploits1References3

Talos•added 2022/06/30 12:0 a.m.•51 views

Robustel R1510 web_server action endpoints OS command injection vulnerabilities

Summary Multiple command injection vulnerabilities exist in the webserver action endpoints functionalities of Robustel R1510 3.3.0. A specially-crafted network request can lead to arbitrary command execution. An attacker can send a sequence of requests to trigger these vulnerabilities. Tested...

9.8CVSS10AI score0.0352EPSS

Exploits3

Positive Technologies•added 2022/03/09 12:0 a.m.•3 views

PT-2022-1802 · Terramaster · Terramaster Nas

Name of the Vulnerable Software and Affected Versions: TerraMaster NAS versions prior to 4.2.31 Description: The issue is related to the createRaid module in TerraMaster NAS devices, which allows for the injection of arbitrary commands. This can enable a remote attacker to execute arbitrary code...

10CVSS9.7AI score0.94404EPSS

Exploits10References14

Huntr•added 2021/10/01 6:23 p.m.•9 views

Cross-Site Request Forgery (CSRF) in collectiveaccess/pawtucket2

Description The following endpoints are vulnerable to CSRF attacks via GET requests even though they use AJAX: 1: Delete lightbox 2: Delete comments 3: Create comments 4: Create comments on objects 5: Add items into lightbox 6: Delete items from lightbox Proof of Concept Copy and paste the...

0.5AI score

Exploits0

ThreatPost•added 2021/08/27 1:0 p.m.•21 views

Top Strategies That Define the Success of a Modern Vulnerability Management Program

The CVE database reported 18,325 vulnerabilities in 2020. To add to this, more than 40% of the vulnerabilities do not even have a CVE identifier assigned, and open vulnerabilities on organizations’ infrastructure are the most widely exploited pain points for malicious attacks – including...

8.8AI score

Exploits0References2

NCSC•added 2020/11/12 12:0 a.m.•3 views

Vulnerabilities fixed in McAfee Endpoint

McAfee has fixed vulnerabilities in Endpoint Security for Windows. A malicious party could exploit the vulnerabilities to cause a denial-of-service or execute arbitrary code with user privileges through a Cross-Site-Scripting Attack XSS or a Cross-Site-Request-Forgery XSRF. McAfee has released...

8.8CVSS6.9AI score0.00412EPSS

Exploits0

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by