Lucene search
K

5908 matches found

RedhatCVE
RedhatCVE
added 2025/02/06 1:45 a.m.9 views

CVE-2022-43630

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-1935 1.03 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of http requests to the web management portal. When...

8.8CVSS7.1AI score0.01006EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/02/05 7:36 p.m.5 views

CVE-2022-39951

A improper neutralization of special elements used in an os command 'os command injection' in Fortinet FortiWeb version 7.0.0 through 7.0.2, FortiWeb version 6.3.6 through 6.3.20, FortiWeb 6.4 all versions allows attacker to execute unauthorized code or commands via specifically crafted HTTP...

8.8CVSS7.4AI score0.01755EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/02/05 7:5 p.m.6 views

CVE-2022-26648

A vulnerability has been identified in SCALANCE X200-4P IRT All versions V5.5.2, SCALANCE X201-3P IRT All versions V5.5.2, SCALANCE X201-3P IRT PRO All versions V5.5.2, SCALANCE X202-2IRT All versions V5.5.2, SCALANCE X202-2IRT All versions V5.5.2, SCALANCE X202-2P IRT All versions V5.5.2, SCALAN...

8.2CVSS6.9AI score0.00839EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/02/05 6:6 p.m.10 views

CVE-2019-3660

Improper Neutralization of HTTP requests in McAfee Advanced Threat Defense ATD prior to 4.8 allows remote authenticated attacker to execute commands on the server remotely via carefully constructed HTTP requests...

8.8CVSS7AI score0.01198EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/02/05 4:0 p.m.6 views

CVE-2020-29011

Instances of SQL Injection vulnerabilities in the checksum search and MTA-quarantine modules of FortiSandbox 3.2.0 through 3.2.2, and 3.1.0 through 3.1.4 may allow an authenticated attacker to execute unauthorized code on the underlying SQL interpreter via specifically crafted HTTP requests...

8.8CVSS8.2AI score0.00976EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/02/05 2:38 p.m.8 views

CVE-2020-6091

An exploitable authentication bypass vulnerability exists in the ESPON Web Control functionality of Epson EB-1470Ui MAIN: 98009273ESWWV107 MAIN2: 8X7325WWV303. A specially crafted series of HTTP requests can cause authentication bypass resulting in information disclosure. An attacker can send an...

9.8CVSS6.6AI score0.02255EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/02/05 10:28 a.m.5 views

CVE-2024-12847

NETGEAR DGN1000 before 1.1.00.48 is vulnerable to an authentication bypass vulnerability. A remote and unauthenticated attacker can execute arbitrary operating system commands as root by sending crafted HTTP requests to the setup.cgi endpoint. This vulnerability has been observed to be exploited ...

9.8CVSS9.2AI score0.28986EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/02/05 4:49 a.m.6 views

CVE-2024-36251

The web interface of the affected devices process some crafted HTTP requests improperly, leading to a device crash. More precisely, a crafted parameter to billcodedefsubsel.html is not processed properly and device-crash happens. As for the details of affected product names, model numbers, and...

7.5CVSS6.7AI score0.03521EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/02/05 2:18 a.m.6 views

CVE-2024-24914

Authenticated Gaia users can inject code or commands by global variables through special HTTP requests. A Security fix that mitigates this vulnerability is available...

8CVSS7.4AI score0.00396EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/02/05 1:25 a.m.3 views

CVE-2024-20418

A vulnerability in the web-based management interface of Cisco Unified Industrial Wireless Software for Cisco Ultra-Reliable Wireless Backhaul URWB Access Points could allow an unauthenticated, remote attacker to perform command injection attacks with root privileges on the underlying operating...

10CVSS8.4AI score0.03146EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/02/05 1:12 a.m.10 views

CVE-2024-20424

A vulnerability in the web-based management interface of Cisco Secure Firewall Management Center FMC Software, formerly Firepower Management Center Software, could allow an authenticated, remote attacker to execute arbitrary commands on the underlying operating system as root. This vulnerability ...

9.9CVSS7.8AI score0.00941EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/02/05 12:5 a.m.8 views

CVE-2024-4851

A Server-Side Request Forgery SSRF vulnerability exists in the stangirard/quivr application, version 0.0.204, which allows attackers to access internal networks. The vulnerability is present in the crawl endpoint where the 'url' parameter can be manipulated to send HTTP requests to arbitrary URLs...

7.7CVSS7.6AI score0.00576EPSS
Exploits1
RedhatCVE
RedhatCVE
added 2025/02/04 11:37 p.m.8 views

CVE-2024-40642

The netty incubator codec.bhttp is a java language binary http parser. In affected versions the BinaryHttpParser class does not properly validate input values thus giving attackers almost complete control over the HTTP requests constructed from the parsed output. Attackers can abuse several issue...

8.1CVSS7.2AI score0.00671EPSS
Exploits1
RedhatCVE
RedhatCVE
added 2025/02/04 11:29 p.m.9 views

CVE-2024-39793

Multiple external config control vulnerabilities exist in the nas.cgi setnas proftpd functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to permission bypass. An attacker can make an authenticated HTTP request to trigger these vulnerabilities.A...

9.1CVSS7AI score0.01457EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2025/02/04 2:47 p.m.15 views

CVE-2024-9643 Four-Faith F3x36 Hidden Debug Credentials

The Four-Faith F3x36 router using firmware v2.0.0 is vulnerable to authentication bypass due to hard-coded credentials in the administrative web server. An attacker with knowledge of the credentials can gain administrative access via crafted HTTP requests. This issue appears similar to...

9.8CVSS7.7AI score0.0296EPSS
Exploits0References2
OSV
OSV
added 2025/02/04 7:22 a.m.7 views

BIT-MLFLOW-2024-1483 Path Traversal Vulnerability in mlflow/mlflow

A path traversal vulnerability exists in mlflow/mlflow version 2.9.2, allowing attackers to access arbitrary files on the server. By crafting a series of HTTP POST requests with specially crafted 'artifactlocation' and 'source' parameters, using a local URI with '' instead of '?', an attacker can...

7.5CVSS7.3AI score0.02718EPSS
Exploits1References2
Metasploit
Metasploit
added 2025/02/03 6:58 p.m.231 views

Ivanti Connect Secure HTTP Scanner

This module will perform authentication scanning against Ivanti Connect Secure Module Options msf use auxiliary/scanner/ivanti/loginscanner msf auxiliaryloginscanner show actions ...actions... msf auxiliaryloginscanner set ACTION msf auxiliaryloginscanner show options ...show and set options... m...

7.3AI score
Exploits0
Vulnrichment
Vulnrichment
added 2025/01/31 12:0 a.m.12 views

CVE-2025-23001

A Host header injection vulnerability exists in CTFd 3.7.5, due to the application failing to properly validate or sanitize the Host header. An attacker can manipulate the Host header in HTTP requests, which may lead to phishing attacks, reset password, or cache poisoning. NOTE: the Supplier's...

6.3AI score0.00285EPSS
Exploits0References3
CVE
CVE
added 2025/01/30 6:21 p.m.50 views

CVE-2025-24501

CVE-2025-24501 affects Broadcom Symantec Privileged Access Management (PAM). The provided sources describe an improper input validation that allows an unauthenticated attacker to alter PAM logs by sending a specially crafted HTTP request. The impact is log tampering of PAM activity; no evidence o...

5.3CVSS6.6AI score0.00284EPSS
Exploits0References1
F5 Networks
F5 Networks
added 2025/01/29 6:17 p.m.10 views

K000149537: AsyncHttpClient vulnerability CVE-2024-53990

Security Advisory Description The AsyncHttpClient AHC library allows Java applications to easily execute HTTP requests and asynchronously process HTTP responses. When making any HTTP request, the automatically enabled and self-managed CookieStore aka cookie jar will silently replace explicitly...

9.2CVSS7.8AI score0.00587EPSS
Exploits0
Rows per page
Query Builder