Lucene search
K

16600 matches found

OSV
OSV
added 2024/10/28 9:30 p.m.3 views

GHSA-25PW-Q952-X37G Duplicate Advisory: pyload-ng vulnerable to RCE with js2py sandbox escape

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-r9pp-r4xf-597r. This link is maintained to preserve external references. Original Description An issue in pyload-ng v0.5.0b3.dev85 running under python3.11 or below allows attackers to execute arbitrary code via...

9.8CVSS9.6AI score0.16513EPSS
Exploits4References4
OSV
OSV
added 2024/10/28 8:15 p.m.6 views

CVE-2024-39205

An issue in pyload-ng v0.5.0b3.dev85 running under python3.11 or below allows attackers to execute arbitrary code via a crafted HTTP request...

9.8CVSS6.1AI score0.16513EPSS
Exploits4References3
NVD
NVD
added 2024/10/28 8:15 p.m.14 views

CVE-2024-39205

An issue in pyload-ng v0.5.0b3.dev85 running under python3.11 or below allows attackers to execute arbitrary code via a crafted HTTP request...

9.8CVSS0.16513EPSS
Exploits4References3
Cvelist
Cvelist
added 2024/10/28 12:0 a.m.27 views

CVE-2024-39205

An issue in pyload-ng v0.5.0b3.dev85 running under python3.11 or below allows attackers to execute arbitrary code via a crafted HTTP request...

0.16513EPSS
Exploits4References3
Vulnrichment
Vulnrichment
added 2024/10/28 12:0 a.m.22 views

CVE-2024-39205

An issue in pyload-ng v0.5.0b3.dev85 running under python3.11 or below allows attackers to execute arbitrary code via a crafted HTTP request...

7.8AI score0.16513EPSS
Exploits4References3
CVE
CVE
added 2024/10/28 12:0 a.m.148 views

CVE-2024-39205

CVE-2024-39205 affects pyload-ng (v0.5.0b3.dev85 and earlier) on Python 3.11 or below, exposing remote code execution via the /flash/addcrypted2 API. The root cause is the js2py sandbox escape (CVE-2024-28397) leveraged to bypass localhost access and run arbitrary commands on the host. Public dis...

9.8CVSS8AI score0.16513EPSS
Exploits4References3
Positive Technologies
Positive Technologies
added 2024/10/28 12:0 a.m.4 views

PT-2025-16022 · Ibm · Ibm Qradar Wincollect Agent

Name of the Vulnerable Software and Affected Versions: IBM QRadar WinCollect Agent versions 10.0 through 10.1.13 Description: The issue allows a remote attacker to cause a denial of service by interrupting an HTTP request, which could consume memory resources. Recommendations: For versions 10.0...

6.5CVSS6.5AI score0.0033EPSS
Exploits0References7
OpenVAS
OpenVAS
added 2024/10/28 12:0 a.m.14 views

Huawei EulerOS: Security Advisory for python-pip (EulerOS-SA-2024-2696)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

8.1CVSS6.8AI score0.01207EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2024/10/27 12:0 a.m.15 views

EulerOS Virtualization 2.12.0 : python-pip (EulerOS-SA-2024-2778)

According to the versions of the python-pip packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : urllib3 is a user-friendly HTTP client library for Python. urllib3 previously wouldn't remove the HTTP request body when an HTT...

8.1CVSS6.6AI score0.01207EPSS
Exploits1References4
Tenable Nessus
Tenable Nessus
added 2024/10/26 12:0 a.m.9 views

Fortinet FortiWeb OS command injection (FG-IR-21-120)

The version of FortiWeb installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the FG-IR-21-120 advisory. - Multiple improper neutralization of special elements used in a command vulnerabilities CWE-77 in FortiWeb management interfa...

8.8CVSS8.3AI score0.01073EPSS
Exploits0References2
Debian
Debian
added 2024/10/25 6:12 p.m.24 views

[SECURITY] [DSA 5797-1] twisted security update

------------------------------------------------------------------------- Debian Security Advisory DSA-5797-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff October 25, 2024 https://www.debian.org/security/faq -...

8.3CVSS7.3AI score0.01109EPSS
Exploits1
Vulnrichment
Vulnrichment
added 2024/10/25 12:36 p.m.14 views

CVE-2024-10381 Authentication Bypass Vulnerability in Matrix Door Controller

This vulnerability exists in Matrix Door Controller Cosec Vega FAXQ due to improper implementation of session management at the web-based management interface. A remote attacker could exploit this vulnerability by sending a specially crafted http request on the vulnerable device. Successful...

9.3CVSS7.5AI score0.00835EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/10/25 12:36 p.m.28 views

CVE-2024-10381 Authentication Bypass Vulnerability in Matrix Door Controller

This vulnerability exists in Matrix Door Controller Cosec Vega FAXQ due to improper implementation of session management at the web-based management interface. A remote attacker could exploit this vulnerability by sending a specially crafted http request on the vulnerable device. Successful...

9.3CVSS0.00835EPSS
Exploits0References1
CVE
CVE
added 2024/10/25 12:36 p.m.49 views

CVE-2024-10381

CVE-2024-10381 affects Matrix Door Controller Cosec Vega FAXQ, where the web-based management interface has an improper session-management implementation. A remote attacker can send specially crafted HTTP requests to the vulnerable device, potentially gaining unauthorized access and full control....

9.8CVSS9.4AI score0.00835EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2024/10/25 6:18 a.m.24 views

CVE-2024-47801

Sharp and Toshiba Tec MFPs improperly process query parameters in HTTP requests, resulting in a reflected cross-site scripting vulnerability. Accessing a crafted URL which points to an affected product may cause malicious script executed on the web browser...

7.4CVSS0.00338EPSS
Exploits0References3
Cvelist
Cvelist
added 2024/10/25 6:18 a.m.19 views

CVE-2024-47549

Sharp and Toshiba Tec MFPs improperly process query parameters in HTTP requests, which may allow contamination of unintended data to HTTP response headers. Accessing a crafted URL which points to an affected product may cause malicious script executed on the web browser...

7.4CVSS0.00338EPSS
Exploits0References3
CVE
CVE
added 2024/10/25 6:18 a.m.54 views

CVE-2024-47549

CVE-2024-47549 affects Sharp and Toshiba Tec MFPs. The issue stems from improper processing of query parameters in HTTP requests, which can contaminate unintended data into HTTP response headers. Accessing a crafted URL targeting an affected product may cause malicious script execution in the web...

7.4CVSS7.3AI score0.00338EPSS
Exploits0References3Affected Software1
Vulnrichment
Vulnrichment
added 2024/10/25 6:18 a.m.10 views

CVE-2024-43424

Sharp and Toshiba Tec MFPs improperly process HTTP request headers, resulting in an Out-of-bounds Read vulnerability. Crafted HTTP requests may cause affected products crashed...

7.5CVSS7AI score0.00729EPSS
Exploits0References3
CVE
CVE
added 2024/10/25 6:18 a.m.49 views

CVE-2024-43424

CVE-2024-43424 affects Sharp and Toshiba Tec MFPs. The vulnerability arises from improper processing of HTTP request headers, leading to an out-of-bounds read. This can cause crafted HTTP requests to crash affected products. Documents indicate remediation via firmware updates from the vendors, an...

7.5CVSS7.6AI score0.00729EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2024/10/25 6:18 a.m.17 views

CVE-2024-43424

Sharp and Toshiba Tec MFPs improperly process HTTP request headers, resulting in an Out-of-bounds Read vulnerability. Crafted HTTP requests may cause affected products crashed...

7.5CVSS0.00729EPSS
Exploits0References3
Rows per page
Query Builder