Lucene search
K

16601 matches found

CVE
CVE
added 2024/09/19 4:30 p.m.45 views

CVE-2024-8651

CVE-2024-8651 — NetCat CMS: user enumeration involves a vulnerability where an attacker can send a specially crafted HTTP request to check whether a user exists in the system. Affected are NetCat CMS versions around 6.4.0.24126.2 up to 6.4.0.24247, with a patch available starting from 6.4.0.24248...

6.9CVSS5.3AI score0.00427EPSS
Exploits0References1Affected Software1
ICS
ICS
added 2024/09/19 6:0 a.m.14 views

MegaSys Computer Technologies Telenium Online Web Application (Update A)

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.3 ATTENTION : Exploitable remotely/low attack complexity Vendor : MegaSys Computer Technologies Equipment : Telenium Online Web Application Vulnerability : Improper Input Validation 2. RISK EVALUATION Successful exploitation of this vulnerability could...

9.8CVSS7.6AI score0.00895EPSS
Exploits0References10
CNNVD
CNNVD
added 2024/09/19 12:0 a.m.3 views

NetCat CMS 安全漏洞

NetCat CMS is a content management system from NetCat, Inc. A security vulnerability exists in NetCat CMS prior to version 6.4.0.24248. An attacker exploiting this vulnerability could send a specially crafted http request to check for the presence of a user on the system...

6.9CVSS6.6AI score0.00427EPSS
Exploits0References2
IBM Security Bulletins
IBM Security Bulletins
added 2024/09/18 4:17 p.m.20 views

Security Bulletin: Vulnerabilities in GoLang Go and Kubernetes affect IBM watsonx.data

Summary Kubernetes vulnerabilities could allow a local authenticated attack to obtain sensitive information and could allow a denial of service attack. GoLang Go could allow denial of service attacks, HTTP request smuggling, HTML injections, local attacks to execute arbritray code execution, and...

9.8CVSS9.3AI score0.04561EPSS
Exploits0Affected Software1
Github Security Blog
Github Security Blog
added 2024/09/17 9:58 p.m.175 views

Next.js Cache Poisoning

Impact By sending a crafted HTTP request, it is possible to poison the cache of a non-dynamic server-side rendered route in the pages router this does not affect the app router. When this crafted request is sent it could coerce Next.js to cache a route that is meant to not be cached and send a...

7.5CVSS6.7AI score0.60625EPSS
Exploits3References5Affected Software1
Cvelist
Cvelist
added 2024/09/17 9:55 p.m.48 views

CVE-2024-46982 Cache Poisoning in next.js

Next.js is a React framework for building full-stack web applications. By sending a crafted HTTP request, it is possible to poison the cache of a non-dynamic server-side rendered route in the pages router this does not affect the app router. When this crafted request is sent it could coerce Next....

7.5CVSS0.60625EPSS
Exploits3References3
Vulnrichment
Vulnrichment
added 2024/09/17 9:55 p.m.48 views

CVE-2024-46982 Cache Poisoning in next.js

Next.js is a React framework for building full-stack web applications. By sending a crafted HTTP request, it is possible to poison the cache of a non-dynamic server-side rendered route in the pages router this does not affect the app router. When this crafted request is sent it could coerce Next....

7.5CVSS7.5AI score0.60625EPSS
Exploits3References3
OSV
OSV
added 2024/09/17 9:55 p.m.27 views

CVE-2024-46982 Cache Poisoning in next.js

Next.js is a React framework for building full-stack web applications. By sending a crafted HTTP request, it is possible to poison the cache of a non-dynamic server-side rendered route in the pages router this does not affect the app router. When this crafted request is sent it could coerce Next....

7.5CVSS6.3AI score0.60625EPSS
Exploits3References5
CVE
CVE
added 2024/09/17 9:55 p.m.574 views

CVE-2024-46982

CVE-2024-46982 affects Next.js pages router SSR caching: crafted requests can poison non-dynamic SSR routes (e.g., pages/dashboard.tsx) and lead to caching of sensitive responses with Cache-Control: s-maxage=1, stale-while-revalidate, potentially spreading via upstream CDNs. Affected versions are...

7.5CVSS7.3AI score0.60625EPSS
Exploits3References3Affected Software1
Tenable Nessus
Tenable Nessus
added 2024/09/17 12:0 a.m.25 views

Fortinet FortiAnalyzer Authorization Bypass (FG-IR-23-204)

The remote host is running a version of FortiAnalyzer that is 6.2.x, 6.4.x, 7.0.x, 7.2.x through 7.2.4, or 7.4.x through 7.4.1. It is, therefore, affected by an authorization bypass vulnerability through user-controlled key CWE-639 vulnerability that may allow a remote attacker with low privilege...

6.5CVSS5.6AI score0.00529EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2024/09/17 12:0 a.m.19 views

Fortinet FortiManager Authorization Bypass (FG-IR-23-204)

The remote host is running a version of FortiManager that is 6.2.x, 6.4.x 7.0.x, 7.2.x through 7.2.4, or 7.4.x through 7.4.1. It is, therefore, affected by an authorization bypass vulnerability through user-controlled key CWE-639 vulnerability that may allow a remote attacker with low privileges ...

5.5CVSS5.5AI score0.00264EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2024/09/16 12:0 a.m.20 views

Sony Network Cameras OS Command Injection (CVE-2018-3937)

An exploitable command injection vulnerability exists in the measurementBitrateExec functionality of Sony IPELA E Series Network Camera G5 firmware 1.87.00. A specially crafted GET request can cause arbitrary commands to be executed. An attacker can send an HTTP request to trigger this...

9.1CVSS8.1AI score0.09617EPSS
Exploits2References2
Debian
Debian
added 2024/09/14 8:9 p.m.11 views

[SECURITY] [DLA 3886-1] nodejs security update

------------------------------------------------------------------------- Debian LTS Advisory DLA-3886-1 [email protected] https://www.debian.org/lts/security/ Bastien Roucariès September 14, 2024 https://wiki.debian.org/LTS -...

8.2CVSS7.2AI score0.87211EPSS
Exploits3
Tenable Nessus
Tenable Nessus
added 2024/09/14 12:0 a.m.23 views

Debian dla-3886 : libnode-dev - security update

The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3886 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-3886-1 [email protected]...

8.2CVSS7.5AI score0.87211EPSS
Exploits3References18
OSV
OSV
added 2024/09/13 10:12 p.m.17 views

RHSA-2021:0937 Red Hat Security Advisory: rubygem-em-http-request security update

Bulletin has no description...

7.4CVSS7.2AI score0.00905EPSS
Exploits1References7
Cvelist
Cvelist
added 2024/09/12 4:35 p.m.45 views

CVE-2024-6840 Automation-controller: gain access to the k8s api server via job execution with container group

An improper authorization flaw exists in the Ansible Automation Controller. This flaw allows an attacker using the k8S API server to send an HTTP request with a service account token mounted via automountServiceAccountToken: true, resulting in privilege escalation to a service account...

6.6CVSS0.00428EPSS
Exploits0References3
IBM Security Bulletins
IBM Security Bulletins
added 2024/09/12 9:22 a.m.15 views

Security Bulletin: Potential denial of service vulnerability in Apache Solr affect IBM Operations Analytics - Log Analysis (CVE-2021-33813)

Summary An XXE issue allows attacker to cause denial of service in Apache Solr. Vulnerability Details CVEID:CVE-2021-33813 DESCRIPTION: JDOM is vulnerable to a denial of service, caused by an XXE issue in SAXBuilder. By sending a specially-crafted HTTP request, a remote attacker could exploit thi...

7.5CVSS7.4AI score0.19442EPSS
Exploits1Affected Software1
Tenable Nessus
Tenable Nessus
added 2024/09/12 12:0 a.m.20 views

Beckhoff TwinCAT/BSD Buffer Copy without Checking Size of Input (CVE-2024-41176)

The MPD package included in TwinCAT/BSD allows an authenticated, low- privileged local attacker to induce a Denial-of-Service DoS condition on the daemon and execute code in the context of user root via a crafted HTTP request. This plugin only works with Tenable.ot. Please visit...

7.3CVSS5.7AI score0.00265EPSS
Exploits0References2
0day.today
0day.today
added 2024/09/11 12:0 a.m.489 views

VICIdial 2.14-917a Remote Code Execution Vulnerability

An attacker with authenticated access to VICIdial version 2.14-917a as an agent can execute arbitrary shell commands as the root user. This attack can be chained with CVE-2024-8503 to execute arbitrary shell commands starting from an unauthenticated perspective. Title: VICIdial Authenticated Remo...

9.8CVSS7.9AI score0.79059EPSS
Exploits12
NVD
NVD
added 2024/09/10 10:15 p.m.13 views

CVE-2024-45597

Pluto is a superset of Lua 5.4 with a focus on general-purpose programming. Scripts passing user-controlled values to http.request header values are affected. An attacker could use this to send arbitrary requests, potentially leveraging authentication tokens provided in the same headers table...

5.3CVSS0.00309EPSS
Exploits0References2
Rows per page
Query Builder