Lucene search
+L

145 matches found

Cvelist
Cvelist
added 2025/02/27 12:0 a.m.23 views

CVE-2024-51139

Buffer Overflow vulnerability in Vigor2620/LTE200 3.9.8.9 and earlier and Vigor2860/2925 3.9.8 and earlier and Vigor2862/2926 3.9.9.5 and earlier and Vigor2133/2762/2832 3.9.9 and earlier and Vigor165/166 4.2.7 and earlier and Vigor2135/2765/2766 4.4.5.1 and earlier and Vigor2865/2866/2927 4.4.5....

0.00945EPSS
Exploits0References1
CVE
CVE
added 2025/02/27 12:0 a.m.248 views

CVE-2024-51139

The CVE-2024-51139 entry describes a Buffer Overflow in DrayTek/Vigor devices where the CGI parser mishandles the Content-Length header of HTTP POST requests, enabling potential remote arbitrary-code execution. Affected devices and versions include Vigor2620/LTE200 up to 3.9.8.9 and earlier, Vigo...

9.8CVSS7.6AI score0.00945EPSS
Exploits0References1Affected Software1
CheckPoint Security
CheckPoint Security
added 2025/02/02 12:0 a.m.14 views

Check Point Response to CVE-2024-24911 - Out of Bounds read in the CPCA process on a Check Point Management Server

Cause An Out-of-Bounds read may occur when processing certain HTTP "POST" requests to the Security Management Server / Domain Management Server to the TCP port 18264. Repeated requests can cause a denial-of-service DoS of the cpca process and may lead it to exit unexpectedly with a core dump file...

7.5CVSS6.8AI score0.00386EPSS
Exploits0
OSV
OSV
added 2025/01/08 4:8 p.m.7 views

CVE-2025-22137 Arbitrary File Overwrite via HTTP POST in Pingvin Share

Pingvin Share is a self-hosted file sharing platform and an alternative for WeTransfer. This vulnerability allows an authenticated or unauthenticated if anonymous shares are allowed user to overwrite arbitrary files on the server, including sensitive system files, via HTTP POST requests. The issu...

9.8CVSS6.9AI score0.00576EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2024/10/19 12:0 a.m.28 views

SUSE SLES15: apache2-mod_php7 / php7 / php7-bcmath / php7-bz2 / php7-calendar / etc (SUSE-SU-2024:3733-1)

The remote SUSE Linux SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:3733-1 advisory. - CVE-2024-8925: Fixed erroneous parsing of multipart form data in HTTP POST requests leads to legitimate data not...

7.5CVSS6.7AI score0.01054EPSS
Exploits3References10
Tenable Nessus
Tenable Nessus
added 2024/10/19 12:0 a.m.17 views

SUSE SLES12: apache2-mod_php74 / php74 / php74-bcmath / php74-bz2 / etc (SUSE-SU-2024:3732-1)

The remote SUSE Linux SLES12 / SLESSAP12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:3732-1 advisory. - CVE-2024-8925: Fixed erroneous parsing of multipart form data in HTTP POST requests leads to legitimate data not being processed...

7.5CVSS6.7AI score0.01054EPSS
Exploits3References10
OSV
OSV
added 2024/10/16 2:28 p.m.32 views

SUSE-SU-2024:3664-1 Security update for php8

This update for php8 fixes the following issues: - CVE-2024-8925: Fixed erroneous parsing of multipart form data in HTTP POST requests leads to legitimate data not being processed bsc1231360 - CVE-2024-8927: Fixed cgi.forceredirect configuration is bypassable due to an environment variable...

7.5CVSS6.2AI score0.01054EPSS
Exploits3References7
GithubExploit
GithubExploit
added 2024/09/29 8:20 a.m.111 views

Exploit for Exposure of Sensitive Information to an Unauthorized Actor in Checkpoint Quantum_Spark_Firmware

EN Is a Proof of Concept PoC script to check for vulnerabil...

8.6CVSS7.2AI score0.99978EPSS
Exploits52
NVD
NVD
added 2024/05/28 7:15 p.m.27 views

CVE-2023-43847

Incorrect access control in the outlet control function of web interface in Aten PE6208 2.3.228 and 2.4.232 allows remote authenticated users to control all the outlets as if they were the administrator via HTTP POST requests...

5.3CVSS6.4AI score0.00556EPSS
Exploits1References1
NVD
NVD
added 2024/05/28 7:15 p.m.29 views

CVE-2023-43849

Incorrect access control in firmware upgrade function of web interface in Aten PE6208 2.3.228 and 2.4.232 allows remote authenticated users to submit a firmware image via HTTP POST requests. This may result in DoS or remote code execution...

6.5CVSS7.2AI score0.00503EPSS
Exploits1References1
Cvelist
Cvelist
added 2024/05/28 6:18 p.m.32 views

CVE-2023-43847

Incorrect access control in the outlet control function of web interface in Aten PE6208 2.3.228 and 2.4.232 allows remote authenticated users to control all the outlets as if they were the administrator via HTTP POST requests...

6.4AI score0.00556EPSS
Exploits1References1
Veracode
Veracode
added 2024/04/17 2:28 p.m.15 views

Path Traversal

mlflow is vulnerable to Path Traversal. The vulnerability is due to insufficient validation of user-supplied input in the server's handlers, allowing attackers to access arbitrary files on the server by crafting HTTP POST requests with specially crafted parameters...

7.5CVSS7.1AI score0.02718EPSS
Exploits1References2Affected Software1
NVD
NVD
added 2024/04/16 12:15 a.m.20 views

CVE-2024-1569

parisneo/lollms-webui is vulnerable to a denial of service DoS attack due to uncontrolled resource consumption. Attackers can exploit the /opencodeinvscode and similar endpoints without authentication by sending repeated HTTP POST requests, leading to the opening of Visual Studio Code or the...

7.5CVSS5.5AI score0.00782EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2024/04/16 12:0 a.m.14 views

CVE-2024-1569 Uncontrolled Resource Consumption in parisneo/lollms-webui

parisneo/lollms-webui is vulnerable to a denial of service DoS attack due to uncontrolled resource consumption. Attackers can exploit the /opencodeinvscode and similar endpoints without authentication by sending repeated HTTP POST requests, leading to the opening of Visual Studio Code or the...

5.3CVSS5.6AI score0.00782EPSS
Exploits1References2
OSV
OSV
added 2024/04/16 12:0 a.m.8 views

CVE-2024-1483 Path Traversal Vulnerability in mlflow/mlflow

A path traversal vulnerability exists in mlflow/mlflow version 2.9.2, allowing attackers to access arbitrary files on the server. By crafting a series of HTTP POST requests with specially crafted 'artifactlocation' and 'source' parameters, using a local URI with '' instead of '?', an attacker can...

7.5CVSS7.2AI score0.02718EPSS
Exploits1References3
CVE
CVE
added 2024/04/16 12:0 a.m.93 views

CVE-2024-1483

Summary: CVE-2024-1483 is a path traversal vulnerability in mlflow/mlflow 2.9.2 that allows an attacker to access arbitrary server files. The issue stems from insufficient validation of user-supplied input in server handlers, enabling traversal via crafted HTTP POST requests using crafted artifac...

7.5CVSS7.4AI score0.02718EPSS
Exploits1References1Affected Software1
OSV
OSV
added 2024/04/16 12:0 a.m.21 views

CVE-2024-1569 Uncontrolled Resource Consumption in parisneo/lollms-webui

parisneo/lollms-webui is vulnerable to a denial of service DoS attack due to uncontrolled resource consumption. Attackers can exploit the /opencodeinvscode and similar endpoints without authentication by sending repeated HTTP POST requests, leading to the opening of Visual Studio Code or the...

5.3CVSS6.2AI score0.00782EPSS
Exploits1References4
Vulnrichment
Vulnrichment
added 2024/04/10 12:3 a.m.9 views

CVE-2023-40148 PingFederate Server Side Request Forgery vulnerability

Server-side request forgery SSRF in PingFederate allows unauthenticated http requests to attack network resources and consume server-side resources via forged HTTP POST requests...

6.5CVSS7.1AI score0.00461EPSS
Exploits0References2
Prion
Prion
added 2023/02/16 7:15 p.m.21 views

Authorization

An improper authorization vulnerability CWE-285 in Fortinet FortiNAC version 9.4.0 through 9.4.1 and before 9.2.6 allows an unauthenticated user to perform some administrative operations over the FortiNAC instance via crafted HTTP POST requests...

7.5CVSS9.3AI score0.01079EPSS
Exploits0References1Affected Software2
Vulnrichment
Vulnrichment
added 2023/02/16 6:6 p.m.15 views

CVE-2022-38375

An improper authorization vulnerability CWE-285 in Fortinet FortiNAC version 9.4.0 through 9.4.1 and before 9.2.6 allows an unauthenticated user to perform some administrative operations over the FortiNAC instance via crafted HTTP POST requests...

9.1CVSS7AI score0.01079EPSS
Exploits0References1
Rows per page
Query Builder