Lucene search
K

16601 matches found

Vulnrichment
Vulnrichment
added 2024/09/10 9:42 p.m.10 views

CVE-2024-45597 Pluto's http.request allows CR and LF in header values

Pluto is a superset of Lua 5.4 with a focus on general-purpose programming. Scripts passing user-controlled values to http.request header values are affected. An attacker could use this to send arbitrary requests, potentially leveraging authentication tokens provided in the same headers table...

5.3CVSS5.5AI score0.00309EPSS
Exploits0References2
OSV
OSV
added 2024/09/10 9:42 p.m.10 views

CVE-2024-45597 Pluto's http.request allows CR and LF in header values

Pluto is a superset of Lua 5.4 with a focus on general-purpose programming. Scripts passing user-controlled values to http.request header values are affected. An attacker could use this to send arbitrary requests, potentially leveraging authentication tokens provided in the same headers table...

5.3CVSS7.1AI score0.00309EPSS
Exploits0References4
NVD
NVD
added 2024/09/10 3:15 p.m.23 views

CVE-2023-44254

An authorization bypass through user-controlled key CWE-639 vulnerability in FortiAnalyzer version 7.4.1 and before 7.2.5 and FortiManager version 7.4.1 and before 7.2.5 may allow a remote attacker with low privileges to read sensitive data via a crafted HTTP request...

6.5CVSS0.00529EPSS
Exploits0References1
CVE
CVE
added 2024/09/10 2:37 p.m.74 views

CVE-2024-21753

Fortinet FortiClientEMS is affected by a path traversal vulnerability (CVE-2024-21753) across multiple releases: 1.2.1–1.2.5, 6.0.0–6.0.8, 6.2.0–6.2.9, 6.4.0–6.4.9, 7.0.0–7.0.13, and 7.2.0–7.2.4. The issue stems from improper limitation of a pathname to a restricted directory, allowing a remote a...

6CVSS7AI score0.00741EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2024/09/10 2:37 p.m.14 views

CVE-2023-44254

An authorization bypass through user-controlled key CWE-639 vulnerability in FortiAnalyzer version 7.4.1 and before 7.2.5 and FortiManager version 7.4.1 and before 7.2.5 may allow a remote attacker with low privileges to read sensitive data via a crafted HTTP request...

5CVSS7AI score0.00529EPSS
Exploits0References1
CVE
CVE
added 2024/09/10 2:37 p.m.66 views

CVE-2023-44254

CVE-2023-44254 describes an authorization bypass via a user-controlled key (CWE-639) in Fortinet FortiAnalyzer and FortiManager. Affected: FortiAnalyzer 7.4.1 and prior to 7.2.5; FortiManager 7.4.1 and prior to 7.2.5. Impact stated: remote attacker with low privileges could read sensitive data th...

6.5CVSS6.8AI score0.00529EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2024/09/10 2:37 p.m.31 views

CVE-2023-44254

An authorization bypass through user-controlled key CWE-639 vulnerability in FortiAnalyzer version 7.4.1 and before 7.2.5 and FortiManager version 7.4.1 and before 7.2.5 may allow a remote attacker with low privileges to read sensitive data via a crafted HTTP request...

5CVSS0.00529EPSS
Exploits0References1
Packet Storm
Packet Storm
added 2024/09/10 12:0 a.m.242 views

Dairy Farm Shop Management System 1.2 SQL Injection / Code Execution

============================================================================================================================================= | Title : Dairy Farm Shop Management System 1.2 php code injection Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozill...

7.4AI score
Exploits0
Positive Technologies
Positive Technologies
added 2024/09/09 12:0 a.m.6 views

PT-2024-7641

Name of the Vulnerable Software and Affected Versions pyload-ng version 0.5.0b3.dev85 pyload running under python3.11 or below Description The issue is related to insufficient input validation in the pyload software, allowing a remote attacker to execute arbitrary code by sending a specially...

10CVSS7.8AI score0.16513EPSS
Exploits4References20
NVD
NVD
added 2024/09/08 12:15 p.m.32 views

CVE-2024-42342

Loway - CWE-444: Inconsistent Interpretation of HTTP Requests 'HTTP Request/Response Smuggling'...

4.3CVSS0.00264EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/09/08 11:58 a.m.55 views

CVE-2024-42342 Loway - CWE-444: Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')

Loway - CWE-444: Inconsistent Interpretation of HTTP Requests 'HTTP Request/Response Smuggling'...

4.3CVSS0.00264EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/09/08 11:58 a.m.16 views

CVE-2024-42342 Loway - CWE-444: Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')

Loway - CWE-444: Inconsistent Interpretation of HTTP Requests 'HTTP Request/Response Smuggling'...

4.3CVSS7.2AI score0.00264EPSS
Exploits0References1
CVE
CVE
added 2024/09/08 11:58 a.m.57 views

CVE-2024-42342

Loway QueueMetrics is affected by an HTTP request/response smuggling vulnerability (CWE-444). The linked documents identify the issue in QueueMetrics and cite version 22.11.6 as affected, describing it as an environmental issue vulnerability. No explicit fix/version is provided across the connect...

4.3CVSS4.7AI score0.00264EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2024/09/06 8:43 p.m.20 views

GO-2024-3118 Windmill HTTP Request users.rs excessive authentication in github.com/windmill-labs/windmill

Windmill HTTP Request users.rs excessive authentication in github.com/windmill-labs/windmill...

6.3CVSS4.2AI score0.00541EPSS
Exploits0References6
OSV
OSV
added 2024/09/06 4:15 p.m.19 views

CVE-2024-8517

SPIP before 4.3.2, 4.2.16, and 4.1.18 is vulnerable to a command injection issue. A remote and unauthenticated attacker can execute arbitrary operating system commands by sending a crafted multipart file upload HTTP request...

9.8CVSS8AI score
Exploits0References4
Debian CVE
Debian CVE
added 2024/09/06 3:55 p.m.18 views

CVE-2024-8517

SPIP before 4.3.2, 4.2.16, and 4.1.18 is vulnerable to a command injection issue. A remote and unauthenticated attacker can execute arbitrary operating system commands by sending a crafted multipart file upload HTTP request...

9.8CVSS9AI score0.94618EPSS
Exploits7
IBM Security Bulletins
IBM Security Bulletins
added 2024/09/06 8:22 a.m.40 views

Security Bulletin: Multiple vulnerabilities in Netty affect Apache Solr, Apache Zookeeper and Logstash shipped with IBM Operations Analytics - Log Analysis

Summary There are vulnerabilities in various versions of Netty that affect Apache Solr, Apache Zookeeper and Logstash. The vulnerabilities are in Vulnerability Details section Vulnerability Details CVEID:CVE-2019-20444 DESCRIPTION: Netty is vulnerable to HTTP request smuggling, caused by a flaw i...

9.1CVSS8.3AI score0.25448EPSS
Exploits5Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/09/05 6:50 p.m.37 views

Security Bulletin: Vulnerability in Go affects watsonx.data

Summary Golang Go is vulnerable to HTTP request smuggling, caused by a flaw when using MaxBytesHandler. This could affect watsonx.data. Vulnerability Details CVEID:CVE-2022-41721 DESCRIPTION: Golang Go is vulnerable to HTTP request smuggling, caused by a flaw when using MaxBytesHandler. By sendin...

7.5CVSS7.2AI score0.01814EPSS
Exploits1Affected Software1
Github Security Blog
Github Security Blog
added 2024/09/05 3:33 p.m.30 views

Windmill HTTP Request users.rs excessive authentication in github.com/windmill-labs/windmill

A vulnerability was found in Windmill 1.380.0. It has been classified as problematic. Affected is an unknown function of the file backend/windmill-api/src/users.rs of the component HTTP Request Handler. The manipulation leads to improper restriction of excessive authentication attempts. It is...

6.3CVSS7.1AI score0.00541EPSS
Exploits0References8Affected Software1
OSV
OSV
added 2024/09/05 3:33 p.m.12 views

GHSA-G6Q4-W3J3-JFC4 Windmill HTTP Request users.rs excessive authentication in github.com/windmill-labs/windmill

A vulnerability was found in Windmill 1.380.0. It has been classified as problematic. Affected is an unknown function of the file backend/windmill-api/src/users.rs of the component HTTP Request Handler. The manipulation leads to improper restriction of excessive authentication attempts. It is...

6.3CVSS4.2AI score0.00541EPSS
Exploits0References8
Rows per page
Query Builder