Lucene search
K

5908 matches found

Cvelist
Cvelist
added 2024/11/06 4:59 p.m.27 views

CVE-2024-20418 Cisco Ultra-Reliable Wireless Backhaul Software Command Injection Vulnerability

A vulnerability in the web-based management interface of Cisco Unified Industrial Wireless Software for Cisco Ultra-Reliable Wireless Backhaul URWB Access Points could allow an unauthenticated, remote attacker to perform command injection attacks with root privileges on the underlying operating...

10CVSS0.03146EPSS
Exploits0References1
NVD
NVD
added 2024/11/05 7:15 p.m.14 views

CVE-2024-51740

Combodo iTop is a simple, web based IT Service Management tool. This vulnerability can be used to create HTTP requests on behalf of the server, from a low privileged user. The user portal form manager has been fixed to only instantiate classes derived from it. This issue has been addressed in...

8.8CVSS0.00528EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/11/05 6:13 p.m.21 views

CVE-2024-51740 SSRF through arbitrary PHP class instantiation in the user portal in Combodo iTop

Combodo iTop is a simple, web based IT Service Management tool. This vulnerability can be used to create HTTP requests on behalf of the server, from a low privileged user. The user portal form manager has been fixed to only instantiate classes derived from it. This issue has been addressed in...

4.3CVSS0.00528EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/11/05 6:13 p.m.12 views

CVE-2024-51740 SSRF through arbitrary PHP class instantiation in the user portal in Combodo iTop

Combodo iTop is a simple, web based IT Service Management tool. This vulnerability can be used to create HTTP requests on behalf of the server, from a low privileged user. The user portal form manager has been fixed to only instantiate classes derived from it. This issue has been addressed in...

4.3CVSS6.7AI score0.00528EPSS
Exploits0References1
CVE
CVE
added 2024/11/05 6:13 p.m.57 views

CVE-2024-51740

Combodo iTop is affected by CVE-2024-51740, a SSRF through arbitrary PHP class instantiation in the user portal. A low-privilege user can cause the server to make HTTP requests, exposing potential appetite for unintended requests from the server context. Fixed in iTop versions 2.7.11, 3.0.5, 3.1....

8.8CVSS4.9AI score0.00528EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2024/11/05 6:13 p.m.14 views

CVE-2024-51740 SSRF through arbitrary PHP class instantiation in the user portal in Combodo iTop

Combodo iTop is a simple, web based IT Service Management tool. This vulnerability can be used to create HTTP requests on behalf of the server, from a low privileged user. The user portal form manager has been fixed to only instantiate classes derived from it. This issue has been addressed in...

4.3CVSS7.6AI score0.00528EPSS
Exploits0References3
CVE
CVE
added 2024/11/04 11:13 p.m.57 views

CVE-2024-50346

WebFeed is a lightweight RSS/Atom reader extension for Firefox/Chrome. The identified issue comprises multiple HTML injection vulnerabilities in WebFeed (prior to version 0.9.2) that can lead to CSRF and UI spoofing. A remote attacker can supply malicious RSS feeds and lure a user to visit them v...

5.1CVSS7AI score0.00581EPSS
Exploits0References2
OSV
OSV
added 2024/11/04 11:13 p.m.11 views

CVE-2024-50346 WebFeed HTML injection vulnerabilities

WebFeed is a lightweight web feed reader extension for Firefox/Chrome. Multiple HTML injection vulnerabilities in WebFeed can lead to CSRF and UI spoofing attacks. A remote attacker can provide malicious RSS feeds and attract the victim user to visit it using WebFeed. The attacker can then inject...

5.1CVSS7.2AI score0.00581EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2024/11/04 12:0 a.m.14 views

RHEL 5 : tomcat5 and tomcat6 (RHSA-2010:0581)

The remote Redhat Enterprise Linux 5 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2010:0581 advisory. Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages JSP technologies. A flaw was found in the way Tomcat handled the...

6.4CVSS5.6AI score0.54779EPSS
Exploits2References6
Tenable Nessus
Tenable Nessus
added 2024/11/04 12:0 a.m.16 views

RHEL 6 / 7 : php55-php (RHSA-2016:1611)

The remote Redhat Enterprise Linux 6 / 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2016:1611 advisory. PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. Security Fixes: It was discovered that PHP did not properly...

8.1CVSS7AI score0.50427EPSS
Exploits0References5
GithubExploit
GithubExploit
added 2024/11/02 12:26 a.m.139 views

Exploit for Code Injection in Vmware Spring_Framework

Project Spring4Shell CVE-2022-22965 Blocker Firewall Se...

9.8CVSS8.8AI score0.99677EPSS
Exploits100
OSV
OSV
added 2024/10/31 9:31 p.m.19 views

GHSA-95J2-W8X7-HM88 Ollama Out-of-bounds Read

An issue was discovered in Ollama before 0.1.46. An attacker can use two HTTP requests to upload a malformed GGUF file containing just 4 bytes starting with the GGUF custom magic header. By leveraging a custom Modelfile that includes a FROM statement pointing to the attacker-controlled blob file,...

8.8CVSS8.1AI score0.02479EPSS
Exploits1References6
Vulnrichment
Vulnrichment
added 2024/10/31 12:0 a.m.24 views

CVE-2024-39720

An issue was discovered in Ollama before 0.1.46. An attacker can use two HTTP requests to upload a malformed GGUF file containing just 4 bytes starting with the GGUF custom magic header. By leveraging a custom Modelfile that includes a FROM statement pointing to the attacker-controlled blob file,...

6.9AI score0.02479EPSS
Exploits1References2
NVD
NVD
added 2024/10/30 6:15 p.m.13 views

CVE-2024-48647

A file disclosure vulnerability exists in Sage 1000 v7.0.0. This vulnerability allows remote attackers to retrieve arbitrary files from the server's file system by manipulating the URL parameter in HTTP requests. The attacker can exploit this flaw to access sensitive information, including...

7.2CVSS0.00757EPSS
Exploits2References1
NVD
NVD
added 2024/10/30 2:15 p.m.19 views

CVE-2024-31152

The LevelOne WBR-6012 router with firmware R0.40e6 is vulnerable to improper resource allocation within its web application, where a series of crafted HTTP requests can cause a reboot. This could lead to network service interruptions...

7.5CVSS0.17156EPSS
Exploits1References2
Cvelist
Cvelist
added 2024/10/30 1:35 p.m.21 views

CVE-2024-31152

The LevelOne WBR-6012 router with firmware R0.40e6 is vulnerable to improper resource allocation within its web application, where a series of crafted HTTP requests can cause a reboot. This could lead to network service interruptions...

5.3CVSS0.17156EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2024/10/30 1:35 p.m.13 views

CVE-2024-31152

The LevelOne WBR-6012 router with firmware R0.40e6 is vulnerable to improper resource allocation within its web application, where a series of crafted HTTP requests can cause a reboot. This could lead to network service interruptions...

5.3CVSS6.9AI score0.17156EPSS
Exploits1References1
CVE
CVE
added 2024/10/30 12:0 a.m.53 views

CVE-2024-48647

CVE-2024-48647 — Sage 1000 v7.0.0 : A Local File Disclosure vulnerability exists where an attacker can retrieve arbitrary files from the server by manipulating URL parameters. Public documentation confirms this impacts Sage 1000 version 7.0.0 and enables access to sensitive files such as configur...

7.2CVSS7AI score0.00757EPSS
Exploits2References1Affected Software1
Vulnrichment
Vulnrichment
added 2024/10/30 12:0 a.m.9 views

CVE-2024-48647

A file disclosure vulnerability exists in Sage 1000 v7.0.0. This vulnerability allows remote attackers to retrieve arbitrary files from the server's file system by manipulating the URL parameter in HTTP requests. The attacker can exploit this flaw to access sensitive information, including...

7AI score0.00757EPSS
Exploits2References1
Cvelist
Cvelist
added 2024/10/30 12:0 a.m.14 views

CVE-2024-48647

A file disclosure vulnerability exists in Sage 1000 v7.0.0. This vulnerability allows remote attackers to retrieve arbitrary files from the server's file system by manipulating the URL parameter in HTTP requests. The attacker can exploit this flaw to access sensitive information, including...

0.00757EPSS
Exploits2References1
Rows per page
Query Builder