Lucene search
K

57 matches found

OSV
OSV
added 2026/02/03 6:16 p.m.6 views

CVE-2026-22220

A lack of proper input validation in the HTTP processing path in TP-Link Archer BE230 v1.2 web modules may allow a crafted request to cause the device’s web service to become unresponsive, resulting in a denial of service condition. A network adjacent attacker with high privileges could cause the...

4.5CVSS5.8AI score0.00217EPSS
Exploits0References4
OSV
OSV
added 2026/01/29 7:16 p.m.10 views

CVE-2025-15543

Improper link resolution in USB HTTP access path in VX800v v1.0 allows a crafted USB device to expose root filesystem contents, giving an attacker with physical access read‑only access to system files...

4.6CVSS5.8AI score0.00188EPSS
Exploits0References2
NVD
NVD
added 2026/01/29 7:16 p.m.6 views

CVE-2025-15543

Improper link resolution in USB HTTP access path in VX800v v1.0 allows a crafted USB device to expose root filesystem contents, giving an attacker with physical access read‑only access to system files...

5.1CVSS0.00188EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/01/29 6:6 p.m.3 views

CVE-2025-15543

Improper link resolution in USB HTTP access path in VX800v v1.0 allows a crafted USB device to expose root filesystem contents, giving an attacker with physical access read‑only access to system files...

5.1CVSS5.9AI score0.00188EPSS
Exploits0References3
GithubExploit
GithubExploit
added 2025/10/10 1:53 a.m.242 views

Exploit for CVE-2021-4191

Nuclei POC Duplicate Detection Tool This tool is written in G...

5.3CVSS7AI score0.80004EPSS
Exploits4
OpenVAS
OpenVAS
added 2025/08/04 12:0 a.m.5 views

openSUSE Security Advisory (SUSE-SU-2025:02592-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.4CVSS8.2AI score0.0036EPSS
Exploits0References4
Microsoft CVE
Microsoft CVE
added 2025/07/11 7:0 a.m.3 views

OPA server Data API HTTP path injection of Rego

...

7.4CVSS7AI score0.0036EPSS
Exploits0
OSV
OSV
added 2025/05/05 4:14 p.m.4 views

GO-2025-3660 OPA server Data API HTTP path injection of Rego in github.com/open-policy-agent/opa

OPA server Data API HTTP path injection of Rego in github.com/open-policy-agent/opa...

7.4CVSS6.9AI score0.0036EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/05/01 7:32 p.m.38 views

CVE-2025-46569 OPA server Data API HTTP path injection of Rego

Open Policy Agent OPA is an open source, general-purpose policy engine. Prior to version 1.4.0, when run as a server, OPA exposes an HTTP Data API for reading and writing documents. Requesting a virtual document through the Data API entails policy evaluation, where a Rego query containing a singl...

7.4CVSS0.0036EPSS
Exploits0References2
OSV
OSV
added 2025/05/01 5:2 p.m.6 views

GHSA-6M8W-JC87-6CR7 OPA server Data API HTTP path injection of Rego

Impact When run as a server, OPA exposes an HTTP Data API for reading and writing documents. Requesting a virtual document through the Data API entails policy evaluation, where a Rego query containing a single data document reference is constructed from the requested path. This query is then used...

7.4CVSS7AI score0.0036EPSS
Exploits0References5
OSV
OSV
added 2024/10/30 10:15 p.m.4 views

DEBIAN-CVE-2024-10005

A vulnerability was identified in Consul and Consul Enterprise “Consul” such that using URL paths in L7 traffic intentions could bypass HTTP request path-based access rules...

5.8CVSS7.6AI score0.00731EPSS
Exploits0References1
OSV
OSV
added 2024/10/30 10:15 p.m.7 views

UBUNTU-CVE-2024-10005

A vulnerability was identified in Consul and Consul Enterprise “Consul” such that using URL paths in L7 traffic intentions could bypass HTTP request path-based access rules...

8.1CVSS7.1AI score0.00731EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2024/10/30 12:0 a.m.5 views

PT-2024-8623 · Hashicorp +4 · Hashicorp Consul +4

Name of the Vulnerable Software and Affected Versions: Consul versions 1.9.0 through 1.20.1 Description: A vulnerability was identified in Consul such that using URL paths in L7 traffic intentions could bypass HTTP request path-based access rules. This issue allows a remote attacker to bypass...

9.9CVSS6.3AI score0.97781EPSS
Exploits21References120
CNNVD
CNNVD
added 2023/09/13 12:0 a.m.6 views

Fortinet FortiPresence Security Vulnerability

Fortinet FortiPresence is a comprehensive data analytics solution from Fortinet, Inc. A security vulnerability exists in Fortinet FortiPresence that stems from the lack of a custom error page, which could allow an attacker to obtain sensitive information by navigating to a specific HTTP path...

5.3CVSS6.3AI score0.004EPSS
Exploits0References3
Cvelist
Cvelist
added 2023/07/25 2:2 p.m.48 views

CVE-2023-37895 Apache Jackrabbit RMI access can lead to RCE

Java object deserialization issue in Jackrabbit webapp/standalone on all platforms allows attacker to remotely execute code via RMIVersions up to including 2.20.10 stable branch and 2.21.17 unstable branch use the component "commons-beanutils", which contains a class that can be used for remote...

10AI score0.02657EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2023/03/16 6:13 a.m.40 views

CVE-2023-0100

A flaw was found In Eclipse BIRT, where the default configuration allowed retrieval of a report from the same host using an absolute HTTP path for the report parameter for example, report=http://xyz.com/report.rptdesign. The report would be retrieved if the host indicated in the report parameter...

9.8CVSS8.2AI score0.00735EPSS
Exploits0References4
OSV
OSV
added 2023/03/15 3:30 p.m.73 views

GHSA-4GRC-Q4FJ-45P8 Improper Input Validation In Eclipse BIRT

In Eclipse BIRT, starting from version 2.6.2, the default configuration allowed to retrieve a report from the same host using an absolute HTTP path for the report parameter e.g. report=http://xyz.com/report.rptdesign. If the host indicated in the report parameter matched the HTTP Host header valu...

8.8CVSS8.5AI score0.00735EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2023/03/15 3:30 p.m.32 views

Improper Input Validation In Eclipse BIRT

In Eclipse BIRT, starting from version 2.6.2, the default configuration allowed to retrieve a report from the same host using an absolute HTTP path for the report parameter e.g. report=http://xyz.com/report.rptdesign. If the host indicated in the report parameter matched the HTTP Host header valu...

8.8CVSS8.3AI score0.00735EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2023/03/15 3:15 p.m.20 views

CVE-2023-0100

In Eclipse BIRT, starting from version 2.6.2, the default configuration allowed to retrieve a report from the same host using an absolute HTTP path for the report parameter e.g. report=http://xyz.com/report.rptdesign. If the host indicated in the report parameter matched the HTTP Host header valu...

8.8CVSS8.8AI score
Exploits0References1
NVD
NVD
added 2023/03/15 3:15 p.m.39 views

CVE-2023-0100

In Eclipse BIRT, starting from version 2.6.2, the default configuration allowed to retrieve a report from the same host using an absolute HTTP path for the report parameter e.g. report=http://xyz.com/report.rptdesign. If the host indicated in the report parameter matched the HTTP Host header valu...

8.8CVSS8.6AI score0.00735EPSS
Exploits0References1
Rows per page
Query Builder