Lucene search
+L

262 matches found

ptsecurity
ptsecurity
added 2022/05/17 12:0 a.m.3 views

PT-2022-20402 · Jenkins · Jenkins Mercurial Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Mercurial Plugin versions 2.16 and earlier Description: The issue allows attackers who can configure pipelines to check out some SCM repositories stored on the Jenkins controller's file system using local paths as SCM URLs. This enabl...

7.5CVSS7.3AI score0.01382EPSS
Exploits0References9
osv
osv
added 2022/04/29 12:15 p.m.4 views

CVE-2021-41942

The Magic CMS MSVOD v10 video system has a SQL injection vulnerability. Attackers can use vulnerabilities to obtain sensitive information in the database...

7.5CVSS7.1AI score0.01079EPSS
Exploits0References1
attackerkb
attackerkb
added 2022/04/11 3:15 p.m.6 views

CVE-2022-0919

The Salon booking system Free and pro WordPress plugins before 7.6.3 do not have proper authorisation when searching bookings, allowing any unauthenticated users to search other's booking, as well as retrieve sensitive information about the bookings, such as the full name, email and phone number ...

5.3CVSS5.9AI score0.01146EPSS
Exploits2References2
redhat
redhat
added 2022/04/04 10:23 a.m.7 views

gateway: radosgw: CRLF injection

A flaw was found in the Red Hat Ceph Storage RadosGW Ceph Object Gateway. The vulnerability is related to the injection of HTTP headers via a CORS ExposeHeader tag. The newline character in the ExposeHeader tag in the CORS configuration file generates a header injection in the response when makin...

6.5CVSS5.7AI score0.01612EPSS
Exploits0References4
prion
prion
added 2022/02/16 5:15 p.m.21 views

Design/Logic Flaw

MobiSoft - MobiPlus User Take Over and Improper Handling of url Parameters Attacker can navigate to specific url which will expose all the users and password in clear text. http://IP/MobiPlusWeb/Handlers/MainHandler.ashx?MethodName=GridData&GridName=Users...

5CVSS7.6AI score0.00592EPSS
Exploits0References1
cvelist
cvelist
added 2022/02/16 4:38 p.m.22 views

CVE-2022-22792 MobiSoft - MobiPlus User Take Over and Improper Handling of url Parameters

MobiSoft - MobiPlus User Take Over and Improper Handling of url Parameters Attacker can navigate to specific url which will expose all the users and password in clear text. http://IP/MobiPlusWeb/Handlers/MainHandler.ashx?MethodName=GridData&GridName=Users...

6.6CVSS7.8AI score0.00592EPSS
Exploits0References1
ncsc
ncsc
added 2021/09/22 12:0 a.m.3 views

Vulnerabilities fixed in Google Chrome

Google has fixed vulnerabilities in Chrome. The vulnerabilities allow a malicious party to cause a denial-of-service cause and to obtain system data. Potentially, the Denial-of-Service attack could be used to execute arbitrary code. Google has released a new version to address the vulnerabilities...

8.8CVSS6.6AI score0.01662EPSS
Exploits3
cnnvd
cnnvd
added 2021/09/08 12:0 a.m.4 views

Fortinet FortiOS 安全漏洞

Fortinet FortiOS is a security operating system from Fortinet that is dedicated to the FortiGate network security platform. The system provides users with a variety of security features such as firewall, anti-virus, IPSec/SSLVPN, Web content filtering and anti-spam.Fortinet FortiOS has a security...

5CVSS5.7AI score0.00573EPSS
Exploits0References4
osv
osv
added 2021/07/30 2:15 p.m.4 views

CVE-2020-14999

A logic bug in system monitoring driver of Acronis Agent after 12.5.21540 and before 12.5.23094 allowed to bypass Windows memory protection and access sensitive data...

7.5CVSS5.8AI score0.01124EPSS
Exploits0References1
almalinux
almalinux
added 2021/06/29 1:43 p.m.13 views

sanlock bug fix and enhancement update

The sanlock packages provide a shared storage lock manager. Hosts with shared access to a block device or a file can use sanlock to synchronize their activities. VDSM and libvirt use sanlock to synchronize access to shared devices or files. Bug Fixes and Enhancements: bad client message causes...

0.8AI score
Exploits0
bdu_fstec
bdu_fstec
added 2021/06/25 12:0 a.m.7 views

The vulnerability of the Dovecot mail server arises from incorrect neutralization of special elements in the output data used by the incoming component, allowing attackers to expose user credentials.

The vulnerability of the Dovecot mail server is related to incorrect neutralization of special elements in the output data used by the incoming component. Exploiting this vulnerability can allow a remote attacker to expose user credentials...

4.2CVSS6.8AI score0.02837EPSS
Exploits0References9Affected Software13
cnvd
cnvd
added 2021/06/17 12:0 a.m.6 views

IBM Financial Transaction Manager Cross-Site Scripting Vulnerability

IBM Financial Transaction Manager for Check Services FTM CHK is a financial transaction manager from IBM, USA. The product is primarily used to monitor, track and report on financial payments and transactions. IBM Financial Transaction Manager suffers from a cross-site scripting vulnerability tha...

5.4CVSS6AI score0.00471EPSS
Exploits0References1
cnvd
cnvd
added 2021/05/08 12:0 a.m.4 views

Unauthorized Access Vulnerability in AXIS M3004 Network Camera

Axis is an IT company that specializes in providing web video solutions. An unauthorized access vulnerability exists in the AXIS M3004 Network Camera, which can be exploited by attackers to obtain sensitive information...

6.8AI score
Exploits0
cnnvd
cnnvd
added 2021/02/24 12:0 a.m.7 views

Foreman Information Disclosure Vulnerability

Foreman is a set of lifecycle management tools for use in physical and virtual servers. The tool provides service provisioning, configuration management, and status reporting. An information disclosure vulnerability exists in Foreman project, which can be exploited by a local attacker to expose...

7.8CVSS7.1AI score0.00273EPSS
Exploits0References2
nvd
nvd
added 2021/02/03 4:15 p.m.30 views

CVE-2020-35667

JetBrains TeamCity Plugin before 2020.2.85695 SSRF. Vulnerability that could potentially expose user credentials...

7.5CVSS0.0134EPSS
Exploits1References2
osv
osv
added 2021/01/26 12:0 a.m.8 views

UBUNTU-CVE-2021-23961

Further techniques that built on the slipstream research combined with a malicious webpage could have exposed both an internal network's hosts as well as services running on the user's local machine. This vulnerability affects Firefox 85...

7.4CVSS7.2AI score0.01323EPSS
Exploits0References6
nessus
nessus
added 2021/01/18 12:0 a.m.29 views

Ubuntu 16.04 LTS : icoutils vulnerabilities (USN-4695-1)

The remote Ubuntu 16.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-4695-1 advisory. Choongwoo Han discovered that icoutils incorrectly handled certain files. An attacker could possibly use this issue to cause a denial of service or execu...

8.8CVSS7.1AI score0.03591EPSS
Exploits3References8
bdu_fstec
bdu_fstec
added 2021/01/13 12:0 a.m.7 views

The vulnerability of the NGINX Controller Agent monitoring and management platform, related to deficiencies in path name restriction, allows attackers to compromise the confidentiality, integrity, and accessibility of protected information.

The vulnerability of the NGINX Controller Agent monitoring and management platform is related to deficiencies in path name restriction for the directory. Exploiting this vulnerability could allow a malicious actor to compromise the confidentiality, integrity, and accessibility of the protected...

10CVSS7.8AI score0.01693EPSS
Exploits0References2Affected Software1
osv
osv
added 2020/12/09 5:15 p.m.5 views

CVE-2020-26837

SAP Solution Manager 7.2 User Experience Monitoring, version - 7.2, allows an authenticated user to upload a malicious script that can exploit an existing path traversal vulnerability to compromise confidentiality exposing elements of the file system, partially compromise integrity allowing the...

9.1CVSS7.3AI score0.01872EPSS
Exploits0References4
threatpost
threatpost
added 2020/12/01 9:28 p.m.33 views

Android Messenger App Still Leaking Photos, Videos

The GO SMS Pro Android app has published two new versions on Google Play since a major security weakness was disclosed in November – but neither fixes the original issue, leaving 100 million users at risk for privacy violations, researchers said. Meanwhile, a raft of exploitation tools have been...

0.4AI score
Exploits0References5
Rows per page
Query Builder