16601 matches found
CVE-2024-8651
CVE-2024-8651 — NetCat CMS: user enumeration involves a vulnerability where an attacker can send a specially crafted HTTP request to check whether a user exists in the system. Affected are NetCat CMS versions around 6.4.0.24126.2 up to 6.4.0.24247, with a patch available starting from 6.4.0.24248...
MegaSys Computer Technologies Telenium Online Web Application (Update A)
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.3 ATTENTION : Exploitable remotely/low attack complexity Vendor : MegaSys Computer Technologies Equipment : Telenium Online Web Application Vulnerability : Improper Input Validation 2. RISK EVALUATION Successful exploitation of this vulnerability could...
NetCat CMS 安全漏洞
NetCat CMS is a content management system from NetCat, Inc. A security vulnerability exists in NetCat CMS prior to version 6.4.0.24248. An attacker exploiting this vulnerability could send a specially crafted http request to check for the presence of a user on the system...
Security Bulletin: Vulnerabilities in GoLang Go and Kubernetes affect IBM watsonx.data
Summary Kubernetes vulnerabilities could allow a local authenticated attack to obtain sensitive information and could allow a denial of service attack. GoLang Go could allow denial of service attacks, HTTP request smuggling, HTML injections, local attacks to execute arbritray code execution, and...
Next.js Cache Poisoning
Impact By sending a crafted HTTP request, it is possible to poison the cache of a non-dynamic server-side rendered route in the pages router this does not affect the app router. When this crafted request is sent it could coerce Next.js to cache a route that is meant to not be cached and send a...
CVE-2024-46982 Cache Poisoning in next.js
Next.js is a React framework for building full-stack web applications. By sending a crafted HTTP request, it is possible to poison the cache of a non-dynamic server-side rendered route in the pages router this does not affect the app router. When this crafted request is sent it could coerce Next....
CVE-2024-46982 Cache Poisoning in next.js
Next.js is a React framework for building full-stack web applications. By sending a crafted HTTP request, it is possible to poison the cache of a non-dynamic server-side rendered route in the pages router this does not affect the app router. When this crafted request is sent it could coerce Next....
CVE-2024-46982 Cache Poisoning in next.js
Next.js is a React framework for building full-stack web applications. By sending a crafted HTTP request, it is possible to poison the cache of a non-dynamic server-side rendered route in the pages router this does not affect the app router. When this crafted request is sent it could coerce Next....
CVE-2024-46982
CVE-2024-46982 affects Next.js pages router SSR caching: crafted requests can poison non-dynamic SSR routes (e.g., pages/dashboard.tsx) and lead to caching of sensitive responses with Cache-Control: s-maxage=1, stale-while-revalidate, potentially spreading via upstream CDNs. Affected versions are...
Fortinet FortiAnalyzer Authorization Bypass (FG-IR-23-204)
The remote host is running a version of FortiAnalyzer that is 6.2.x, 6.4.x, 7.0.x, 7.2.x through 7.2.4, or 7.4.x through 7.4.1. It is, therefore, affected by an authorization bypass vulnerability through user-controlled key CWE-639 vulnerability that may allow a remote attacker with low privilege...
Fortinet FortiManager Authorization Bypass (FG-IR-23-204)
The remote host is running a version of FortiManager that is 6.2.x, 6.4.x 7.0.x, 7.2.x through 7.2.4, or 7.4.x through 7.4.1. It is, therefore, affected by an authorization bypass vulnerability through user-controlled key CWE-639 vulnerability that may allow a remote attacker with low privileges ...
Sony Network Cameras OS Command Injection (CVE-2018-3937)
An exploitable command injection vulnerability exists in the measurementBitrateExec functionality of Sony IPELA E Series Network Camera G5 firmware 1.87.00. A specially crafted GET request can cause arbitrary commands to be executed. An attacker can send an HTTP request to trigger this...
[SECURITY] [DLA 3886-1] nodejs security update
------------------------------------------------------------------------- Debian LTS Advisory DLA-3886-1 [email protected] https://www.debian.org/lts/security/ Bastien Roucariès September 14, 2024 https://wiki.debian.org/LTS -...
Debian dla-3886 : libnode-dev - security update
The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3886 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-3886-1 [email protected]...
RHSA-2021:0937 Red Hat Security Advisory: rubygem-em-http-request security update
Bulletin has no description...
CVE-2024-6840 Automation-controller: gain access to the k8s api server via job execution with container group
An improper authorization flaw exists in the Ansible Automation Controller. This flaw allows an attacker using the k8S API server to send an HTTP request with a service account token mounted via automountServiceAccountToken: true, resulting in privilege escalation to a service account...
Security Bulletin: Potential denial of service vulnerability in Apache Solr affect IBM Operations Analytics - Log Analysis (CVE-2021-33813)
Summary An XXE issue allows attacker to cause denial of service in Apache Solr. Vulnerability Details CVEID:CVE-2021-33813 DESCRIPTION: JDOM is vulnerable to a denial of service, caused by an XXE issue in SAXBuilder. By sending a specially-crafted HTTP request, a remote attacker could exploit thi...
Beckhoff TwinCAT/BSD Buffer Copy without Checking Size of Input (CVE-2024-41176)
The MPD package included in TwinCAT/BSD allows an authenticated, low- privileged local attacker to induce a Denial-of-Service DoS condition on the daemon and execute code in the context of user root via a crafted HTTP request. This plugin only works with Tenable.ot. Please visit...
VICIdial 2.14-917a Remote Code Execution Vulnerability
An attacker with authenticated access to VICIdial version 2.14-917a as an agent can execute arbitrary shell commands as the root user. This attack can be chained with CVE-2024-8503 to execute arbitrary shell commands starting from an unauthenticated perspective. Title: VICIdial Authenticated Remo...
CVE-2024-45597
Pluto is a superset of Lua 5.4 with a focus on general-purpose programming. Scripts passing user-controlled values to http.request header values are affected. An attacker could use this to send arbitrary requests, potentially leveraging authentication tokens provided in the same headers table...