Lucene search
K

5908 matches found

OSV
OSV
added 2024/10/10 10:1 p.m.11 views

GHSA-576C-3J53-R9JJ Gradio vulnerable to SSRF in the path parameter of /queue/join

Impact What kind of vulnerability is it? Who is impacted? This vulnerability relates to Server-Side Request Forgery SSRF in the /queue/join endpoint. Gradio’s asyncsaveurltocache function allows attackers to force the Gradio server to send HTTP requests to user-controlled URLs. This could enable...

7.2CVSS9.3AI score0.00463EPSS
Exploits0References4
Cvelist
Cvelist
added 2024/10/10 9:47 p.m.15 views

CVE-2024-47167 SSRF in the path parameter of /queue/join in Gradio

Gradio is an open-source Python package designed for quick prototyping. This vulnerability relates to Server-Side Request Forgery SSRF in the /queue/join endpoint. Gradio’s asyncsaveurltocache function allows attackers to force the Gradio server to send HTTP requests to user-controlled URLs. This...

6.9CVSS0.00463EPSS
Exploits0References1
GithubExploit
GithubExploit
added 2024/10/10 9:29 p.m.376 views

Exploit for CVE-2024-9441

CVE-2024-9441 Description of the Vulnerability: This code exp...

9.8CVSS8.3AI score0.53697EPSS
Exploits3
OSV
OSV
added 2024/10/08 6:1 p.m.7 views

CVE-2024-47773 Anonymous cache poisoning via XHR requests in Discourse

Discourse is an open source platform for community discussion. An attacker can make several XHR requests until the cache is poisoned with a response without any preloaded data. This issue only affects anonymous visitors of the site. This problem has been patched in the latest version of Discourse...

8.2CVSS6.5AI score0.01593EPSS
Exploits2References3
NVD
NVD
added 2024/10/08 5:15 p.m.10 views

CVE-2024-9622

A vulnerability was found in the resteasy-netty4 library arising from improper handling of HTTP requests using smuggling techniques. When an HTTP smuggling request with an ASCII control character is sent, it causes the Netty HttpObjectDecoder to transition into a BADMESSAGE state. As a result, an...

5.3CVSS0.00653EPSS
Exploits0References4
CVE
CVE
added 2024/10/08 4:26 p.m.73 views

CVE-2024-9622

CVE-2024-9622 applies to the resteasy-netty4 library, where improper handling of HTTP requests containing ASCII control characters can trigger the Netty HttpObjectDecoder BAD_MESSAGE state. This causes subsequent legitimate requests on the same connection to be ignored, leading to client timeouts...

5.3CVSS5.2AI score0.00653EPSS
Exploits0References4
CVE
CVE
added 2024/10/08 2:19 p.m.55 views

CVE-2024-33506

CVE-2024-33506 affects Fortinet FortiManager. Affected: FortiManager 7.4.2 and below, 7.2.5 and below, 7.0.12 and below. Issue: exposure of sensitive information to an unauthorized actor via crafted HTTP requests, allowing a remote authenticated attacker assigned to an Administrative Domain (ADOM...

4.3CVSS6.3AI score0.00442EPSS
Exploits0References1Affected Software1
RedhatCVE
RedhatCVE
added 2024/10/08 8:56 a.m.12 views

CVE-2024-9622

A vulnerability was found in the resteasy-netty4 library arising from improper handling of HTTP requests using smuggling techniques. When an HTTP smuggling request with an ASCII control character is sent, it causes the Netty HttpObjectDecoder to transition into a BADMESSAGE state. As a result, an...

5.3CVSS6.9AI score0.00653EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2024/10/08 12:0 a.m.3 views

PT-2025-2806 · Flxeon · Flxeon

Name of the Vulnerable Software and Affected Versions: FLXEON versions through = 9.3.4 Description: The issue is related to a lack of origin validation in WebSockets, which allows unauthorized HTTPS requests due to insufficient session management. This can be exploited by a remote attacker to...

9.4CVSS7.2AI score0.00888EPSS
Exploits4References11
NVD
NVD
added 2024/10/03 6:15 p.m.10 views

CVE-2024-41987

The TEM Opera Plus FM Family Transmitter application interface allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests. This can be exploited to perform certain actions with administrative privileges if a logged-in user visits a...

8.6CVSS0.00235EPSS
Exploits1References1
Cvelist
Cvelist
added 2024/10/03 5:38 p.m.29 views

CVE-2024-41987 Cross-Site Request Forgery (CSRF) vulnerability in TEM Opera Plus FM Family Transmitter

The TEM Opera Plus FM Family Transmitter application interface allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests. This can be exploited to perform certain actions with administrative privileges if a logged-in user visits a...

8.6CVSS0.00235EPSS
Exploits1References1
CVE
CVE
added 2024/10/03 5:38 p.m.54 views

CVE-2024-41987

CVE-2024-41987 corresponds to a Cross-Site Request Forgery (CSRF) vulnerability in TEM Opera Plus FM Family Transmitter. Public documentation (CISA ICS advisory and vendor/community reports) confirms the affected product is TEM Opera Plus FM Family Transmitter, specifically version 35.45, with th...

8.6CVSS6.4AI score0.00235EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2024/10/03 5:38 p.m.21 views

CVE-2024-41987 Cross-Site Request Forgery (CSRF) vulnerability in TEM Opera Plus FM Family Transmitter

The TEM Opera Plus FM Family Transmitter application interface allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests. This can be exploited to perform certain actions with administrative privileges if a logged-in user visits a...

8.6CVSS6.8AI score0.00235EPSS
Exploits1References1
Tenable Nessus
Tenable Nessus
added 2024/10/03 12:0 a.m.11 views

Cisco RV340 and RV345 Dual WAN Gigabit VPN Routers Authenticated RCE (cisco-sa-sb-rv34x-rce-7pqFU2e)

According to its self-reported version, Cisco RV340 and RV345 Dual WAN Gigabit VPN Routers Authenticated Remote Code Execution is affected by a vulnerability. - A vulnerability in the upload module of Cisco RV340 and RV345 Dual WAN Gigabit VPN Routers could allow an authenticated, remote attacker...

6.5CVSS6.4AI score0.00857EPSS
Exploits0References3
NVD
NVD
added 2024/10/02 5:15 p.m.11 views

CVE-2024-20519

A vulnerability in the web-based management interface of Cisco Small Business RV042, RV042G, RV320, and RV325 Routers could allow an authenticated, Administrator-level, remote attacker to execute arbitrary code as the root user. To exploit this vulnerability, an attacker would need to have valid...

9.1CVSS0.00628EPSS
Exploits0References1
NVD
NVD
added 2024/10/02 5:15 p.m.17 views

CVE-2024-20518

A vulnerability in the web-based management interface of Cisco Small Business RV042, RV042G, RV320, and RV325 Routers could allow an authenticated, Administrator-level, remote attacker to execute arbitrary code as the root user. To exploit this vulnerability, an attacker would need to have valid...

9.1CVSS0.00628EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/10/02 4:56 p.m.13 views

CVE-2024-20521 Cisco Small Business RV042, RV042G, RV320, and RV325 Remote Command Execution Vulnerabilities

A vulnerability in the web-based management interface of Cisco Small Business RV042, RV042G, RV320, and RV325 Routers could allow an authenticated, Administrator-level, remote attacker to execute arbitrary code as the root user. To exploit this vulnerability, an attacker would need to have valid...

6.5CVSS7.8AI score0.00674EPSS
Exploits0References1
CVE
CVE
added 2024/10/02 4:56 p.m.48 views

CVE-2024-20521

CVE-2024-20521 affects Cisco Small Business RV042, RV042G, RV320, and RV325 routers. The vulnerability arises from improper validation of user-supplied input in the web-based management interface, enabling an authenticated Administrator to execute arbitrary code as root via crafted HTTP requests....

9.1CVSS7.2AI score0.00674EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2024/10/02 4:56 p.m.18 views

CVE-2024-20520 Cisco Small Business RV042, RV042G, RV320, and RV325 Remote Command Execution Vulnerabilities

A vulnerability in the web-based management interface of Cisco Small Business RV042, RV042G, RV320, and RV325 Routers could allow an authenticated, Administrator-level, remote attacker to execute arbitrary code as the root user. To exploit this vulnerability, an attacker would need to have valid...

6.5CVSS0.00628EPSS
Exploits0References1
CVE
CVE
added 2024/10/02 4:56 p.m.54 views

CVE-2024-20520

CVE-2024-20520 affects Cisco Small Business RV042, RV042G, RV320, and RV325 routers. The issue is in the web-based management interface, caused by improper validation of user-supplied input, allowing an authenticated Administrator to execute arbitrary code as root via crafted HTTP requests. Explo...

9.1CVSS7.2AI score0.00628EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder