Lucene search
K

16601 matches found

Vulnrichment
Vulnrichment
added 2023/06/23 12:0 a.m.15 views

CVE-2023-30258

Command Injection vulnerability in MagnusSolution magnusbilling 6.x and 7.x allows remote attackers to run arbitrary commands via unauthenticated HTTP request...

7.8AI score0.9425EPSS
Exploits15References4
Cvelist
Cvelist
added 2023/06/23 12:0 a.m.28 views

CVE-2023-30258

Command Injection vulnerability in MagnusSolution magnusbilling 6.x and 7.x allows remote attackers to run arbitrary commands via unauthenticated HTTP request...

10AI score0.9425EPSS
Exploits15References4
Tenable Nessus
Tenable Nessus
added 2023/06/23 12:0 a.m.53 views

F5 Networks BIG-IP : Apache vulnerability (K26314875)

The version of F5 Networks BIG-IP installed on the remote host is prior to 15.1.10.3 / 16.1.4.2 / 17.1.1.1. It is, therefore, affected by a vulnerability as referenced in the K26314875 advisory. Inconsistent Interpretation of HTTP Requests 'HTTP Request Smuggling' vulnerability in modproxyajp of...

7.5CVSS8.7AI score0.19008EPSS
Exploits1References2
CVE
CVE
added 2023/06/23 12:0 a.m.185 views

CVE-2023-30258

CVE-2023-30258 affects MagnusBilling magnusbilling 6.x and 7.x with an unauthenticated remote command injection in lib/icepay/icepay.php via the democ parameter. An attacker can craft a request to run arbitrary OS commands, enabling full system compromise as indicated by connected templates and e...

9.8CVSS9.8AI score0.9425EPSS
In wildExploits15References4Affected Software1
CISA KEV Catalog
CISA KEV Catalog
added 2023/06/23 12:0 a.m.39 views

Zyxel Multiple NAS Devices Command Injection Vulnerability

Multiple Zyxel network-attached storage NAS devices contain a pre-authentication command injection vulnerability that could allow an unauthenticated attacker to execute commands remotely via a crafted HTTP request...

9.8CVSS8.1AI score0.84195EPSS
In wildExploits0
Redos
Redos
added 2023/06/22 12:0 a.m.33 views

ROS-20230621-04

A vulnerability in the curl program is related to incorrect certificate validation when matching wildcards in TLS certificates for IDNs. wildcards in TLS certificates for IDNs. Exploitation of the vulnerability could allow an attacker acting remotely to create a specially crafted certificate that...

7.5CVSS6.5AI score0.02489EPSS
Exploits2
vulnersOsv
vulnersOsv
added 2023/06/21 10:0 p.m.8 views

@backstage/plugin-scaffolder-backend (>=0.0.0-nightly-2021712211 <=0.15.24-next.0), @backstage/plugin-scaffolder-backend-module-confluence-to-markdown (>=0.0.0-nightly-20230325022054 <=0.0.0-nightly-20230801022410) +8 more potentially affected by CVE-2023-35926 via @backstage/plugin-scaffolder-backend (>=0.0.0-nightly-20220708025041 <=0.18.0)

@backstage/plugin-scaffolder-backend NPM version =0.0.0-nightly-20220708025041, =0.0.0-nightly-2021712211, =0.0.0-nightly-20230325022054, =0.0.0-nightly-2022122206, =0.0.0-nightly-2022122206, =0.0.0-nightly-20230112022659, =0.0.0-nightly-2022122206, =1.0.8, =1.0.0, =1.0.0, =2.2.0 -...

9.9CVSS7.2AI score0.01888EPSS
Exploits0
IBM Security Bulletins
IBM Security Bulletins
added 2023/06/21 6:36 p.m.45 views

Security Bulletin: IBM Storage Protect Server is vulnerable to various attacks due to Eclipse jetty

Summary Jetty is used by the IBM Storage Protect Server and may be vulnerable to these attacks. Vulnerability Details CVEID:CVE-2020-27216 DESCRIPTION: Eclipse Jetty could allow a local authenticated attacker to gain elevated privileges on the system, caused by a race condition in the creation of...

9.8CVSS8.4AI score0.7848EPSS
Exploits5Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/06/21 5:31 p.m.48 views

Security Bulletin: Vulnerabilities in Node.js, XStream, Linux kernel can affect IBM Spectrum Protect Plus

Summary IBM Spectrum Protect Plus can be affected by vulnerabilities in Node.js, XStream, and Linux kernel. Vulnerabilities include causing a denial of service condition and HTTP request smuggling, as described by the CVEs in the "Vulnerability Details" section. These vulnerabilities have been...

7.5CVSS8.1AI score0.19653EPSS
Exploits2Affected Software1
Hacker One
Hacker One
added 2023/06/21 2:33 a.m.85 views

Internet Bug Bounty: HTTP Request Smuggling via Empty headers separated by CR

The llhttp parser in the Node.js http module did not strictly use the CRLF sequence to delimit HTTP requests, which allowed for HTTP Request Smuggling HRS. This vulnerability affected all active versions of Node.js...

7.5CVSS7.7AI score0.03906EPSS
Exploits1
IBM Security Bulletins
IBM Security Bulletins
added 2023/06/20 9:38 a.m.144 views

Security Bulletin: Vulnerability in Apache HTTP Server ( CVE-2023-25690 ) affects Power HMC

Summary Apache HTTP Server is used by Power Hardware Management Console HMC. HMC has addressed the applicable CVE's. Vulnerability Details CVEID:CVE-2023-25690 DESCRIPTION: Apache HTTP Server is vulnerable to HTTP request splitting attacks, caused by an error when modproxy is enabled along with...

9.8CVSS9.3AI score0.8377EPSS
Exploits5Affected Software2
IBM Security Bulletins
IBM Security Bulletins
added 2023/06/20 9:31 a.m.73 views

Security Bulletin: Vulnerability in Apache HTTP Server (CVE-2022-36760 and CVE-2022-37436 ) affects Power HMC

Summary Apache HTTP Server is used by Power Hardware Management Console HMC. HMC has addressed the applicable CVE's. Vulnerability Details CVEID:CVE-2022-36760 DESCRIPTION: Apache HTTP Server is vulnerable to HTTP request smuggling, caused by an inconsistent interpretation of HTTP Requests...

9CVSS7.3AI score0.57941EPSS
Exploits0Affected Software1
Positive Technologies
Positive Technologies
added 2023/06/20 12:0 a.m.7 views

PT-2023-4497 · Node.Js +8 · Node.Js +8

Name of the Vulnerable Software and Affected Versions: Node.js versions v16 through v20 Description: The issue is related to the llhttp parser in the http module, which does not strictly use the CRLF sequence to delimit HTTP requests, leading to HTTP Request Smuggling HRS. The CR character withou...

9.8CVSS6.2AI score0.87211EPSS
Exploits5References197
NVD
NVD
added 2023/06/19 12:15 p.m.33 views

CVE-2023-27992

The pre-authentication command injection vulnerability in the Zyxel NAS326 firmware versions prior to V5.21AAZF.14C0, NAS540 firmware versions prior to V5.21AATB.11C0, and NAS542 firmware versions prior to V5.21ABAG.11C0 could allow an unauthenticated attacker to execute some operating system OS...

9.8CVSS9.9AI score0.84195EPSS
Exploits0References2
OSV
OSV
added 2023/06/19 12:15 p.m.4 views

CVE-2023-27992

The pre-authentication command injection vulnerability in the Zyxel NAS326 firmware versions prior to V5.21AAZF.14C0, NAS540 firmware versions prior to V5.21AATB.11C0, and NAS542 firmware versions prior to V5.21ABAG.11C0 could allow an unauthenticated attacker to execute some operating system OS...

9.8CVSS6AI score0.84195EPSS
Exploits0References2
Prion
Prion
added 2023/06/19 12:15 p.m.30 views

Command injection

The pre-authentication command injection vulnerability in the Zyxel NAS326 firmware versions prior to V5.21AAZF.14C0, NAS540 firmware versions prior to V5.21AATB.11C0, and NAS542 firmware versions prior to V5.21ABAG.11C0 could allow an unauthenticated attacker to execute some operating system OS...

7.5CVSS9.8AI score0.84195EPSS
Exploits0References1Affected Software3
CVE
CVE
added 2023/06/19 11:42 a.m.525 views

CVE-2023-27992

CVE-2023-27992 affects Zyxel NAS326 (firmware before V5.21(AAZF.14)C0), NAS540 (before V5.21(AATB.11)C0), and NAS542 (before V5.21(ABAG.11)C0). It is a pre-authentication command-injection vulnerability allowing an unauthenticated attacker to remotely execute OS commands via crafted HTTP requests...

9.8CVSS9.7AI score0.84195EPSS
In wildExploits0References2Affected Software1
Cvelist
Cvelist
added 2023/06/19 11:42 a.m.43 views

CVE-2023-27992

The pre-authentication command injection vulnerability in the Zyxel NAS326 firmware versions prior to V5.21AAZF.14C0, NAS540 firmware versions prior to V5.21AATB.11C0, and NAS542 firmware versions prior to V5.21ABAG.11C0 could allow an unauthenticated attacker to execute some operating system OS...

9.8CVSS10AI score0.84195EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2023/06/19 12:0 a.m.37 views

CVE-2023-27992

The pre-authentication command injection vulnerability in the Zyxel NAS326 firmware versions prior to V5.21AAZF.14C0, NAS540 firmware versions prior to V5.21AATB.11C0, and NAS542 firmware versions prior to V5.21ABAG.11C0 could allow an unauthenticated attacker to execute some operating system OS...

9.8CVSS9.8AI score0.84195EPSS
In wildExploits0References2
NVD
NVD
added 2023/06/15 10:15 p.m.14 views

CVE-2023-23841

SolarWinds Serv-U is submitting an HTTP request when changing or updating the attributes for File Share or File request. Part of the URL of the request discloses sensitive data...

7.5CVSS7.6AI score0.00455EPSS
Exploits0References2
Rows per page
Query Builder