Lucene search
K

5908 matches found

Vulnrichment
Vulnrichment
added 2024/10/02 4:56 p.m.13 views

CVE-2024-20519 Cisco Small Business RV042, RV042G, RV320, and RV325 Remote Command Execution Vulnerabilities

A vulnerability in the web-based management interface of Cisco Small Business RV042, RV042G, RV320, and RV325 Routers could allow an authenticated, Administrator-level, remote attacker to execute arbitrary code as the root user. To exploit this vulnerability, an attacker would need to have valid...

6.5CVSS7.8AI score0.00628EPSS
Exploits0References1
CVE
CVE
added 2024/10/02 4:56 p.m.52 views

CVE-2024-20519

The CVE-2024-20519 affects Cisco Small Business RV042, RV042G, RV320, and RV325 Routers. The vulnerability exists in the web-based management interface due to improper validation of user-supplied input, allowing an authenticated Administrator to execute arbitrary code as root via crafted HTTP req...

9.1CVSS7.2AI score0.00628EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2024/10/02 4:56 p.m.14 views

CVE-2024-20519 Cisco Small Business RV042, RV042G, RV320, and RV325 Remote Command Execution Vulnerabilities

A vulnerability in the web-based management interface of Cisco Small Business RV042, RV042G, RV320, and RV325 Routers could allow an authenticated, Administrator-level, remote attacker to execute arbitrary code as the root user. To exploit this vulnerability, an attacker would need to have valid...

6.5CVSS0.00628EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/10/02 4:56 p.m.14 views

CVE-2024-20518 Cisco Small Business RV042, RV042G, RV320, and RV325 Remote Command Execution Vulnerabilities

A vulnerability in the web-based management interface of Cisco Small Business RV042, RV042G, RV320, and RV325 Routers could allow an authenticated, Administrator-level, remote attacker to execute arbitrary code as the root user. To exploit this vulnerability, an attacker would need to have valid...

6.5CVSS7.8AI score0.00628EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/10/02 4:56 p.m.21 views

CVE-2024-20518 Cisco Small Business RV042, RV042G, RV320, and RV325 Remote Command Execution Vulnerabilities

A vulnerability in the web-based management interface of Cisco Small Business RV042, RV042G, RV320, and RV325 Routers could allow an authenticated, Administrator-level, remote attacker to execute arbitrary code as the root user. To exploit this vulnerability, an attacker would need to have valid...

6.5CVSS0.00628EPSS
Exploits0References1
CVE
CVE
added 2024/10/02 4:56 p.m.50 views

CVE-2024-20518

CVE-2024-20518 affects Cisco Small Business RV042, RV042G, RV320, and RV325 routers via the web-based management interface. The vulnerability arises from improper validation of user-supplied input in the web UI, allowing an authenticated, Administrator-level attacker to execute arbitrary code as ...

9.1CVSS7.2AI score0.00628EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2024/09/27 6:15 p.m.26 views

CVE-2024-38308

Advantech ADAM 5550's web application includes a "logs" page where all the HTTP requests received are displayed to the user. The device doesn't correctly neutralize malicious code when parsing HTTP requests to generate page output...

8.8CVSS0.00301EPSS
Exploits0References1
CVE
CVE
added 2024/09/27 5:28 p.m.55 views

CVE-2024-38308

CVE-2024-38308 affects Advantech ADAM-5550. The vulnerability is a Cross-Site Scripting issue on the device’s web application “logs” page where HTTP requests are displayed without proper neutralization of malicious code, enabling potential web content injection. Connected sources confirm affected...

8.8CVSS7.5AI score0.00301EPSS
Exploits0References1Affected Software1
The Hacker News
The Hacker News
added 2024/09/26 4:2 p.m.22 views

Hackers Could Have Remotely Controlled Kia Cars Using Only License Plates

Cybersecurity researchers have disclosed a set of now patched vulnerabilities in Kia vehicles that, if successfully exploited, could have allowed remote control over key functions simply by using only a license plate. "These attacks could be executed remotely on any hardware-equipped vehicle in...

7.8AI score
Exploits0
NVD
NVD
added 2024/09/25 5:15 p.m.29 views

CVE-2024-20508

A vulnerability in Cisco Unified Threat Defense UTD Snort Intrusion Prevention System IPS Engine for Cisco IOS XE Software could allow an unauthenticated, remote attacker to bypass configured security policies or cause a denial of service DoS condition on an affected device. This vulnerability is...

6.5CVSS0.00426EPSS
Exploits0References1
CNVD
CNVD
added 2024/09/24 12:0 a.m.6 views

DataEase XML External Entity Injection Vulnerability

DataEase is a lightweight, high-performance self-service data visualization and analysis tool that helps users quickly explore and understand complex data, provides real-time data analysis and report generation capabilities, supports a variety of data sources, and is designed to improve data...

7.5CVSS6.8AI score0.00666EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2024/09/19 12:0 a.m.4 views

PT-2024-6618

Name of the Vulnerable Software and Affected Versions: Puma versions prior to 6.4.3 Puma versions prior to 5.6.9 Description: The issue is related to the handling of HTTP requests in Puma, a Ruby/Rack web server. Clients could overwrite values set by intermediate proxies, such as X-Forwarded-For,...

9.8CVSS6.7AI score0.03977EPSS
Exploits0References61
Veracode
Veracode
added 2024/09/18 6:58 a.m.11 views

Cache Poisoning

Next is vulnerable to Cache Poisoning. The vulnerability is due to improper handling of crafted HTTP requests, causing the incorrect caching of non-dynamic server-side rendered routes in the pages router. It allows an attacker to manipulate the cache, potentially serving stale or incorrect conten...

7.5CVSS7.4AI score0.60625EPSS
Exploits3References4Affected Software1
Tenable Nessus
Tenable Nessus
added 2024/09/18 12:0 a.m.198 views

Spring Framework < 5.3.40 / 6.0.x < 6.0.24 / 6.1.x < 6.1.13 Path Traversal (CVE-2024-38816)

The remote host contains a Spring Framework version is affected by a path traversal vulnerability. Applications serving static resources through the functional web frameworks WebMvc.fn or WebFlux.fn are vulnerable to path traversal attacks. An attacker can craft malicious HTTP requests and obtain...

7.5CVSS7.2AI score0.14718EPSS
Exploits1References2
OSV
OSV
added 2024/09/13 9:53 p.m.17 views

GO-2024-3098 The req library may send an unintended request when a malformed URL is provided in github.com/imroc/req

The req library is a widely used HTTP library in Go. However, it does not handle malformed URLs effectively. As a result, after parsing a malformed URL, the library may send HTTP requests to unexpected destinations, potentially leading to security vulnerabilities or unintended behavior in...

9.8CVSS10AI score0.00724EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2024/09/13 3:43 p.m.46 views

CVE-2024-38816

A flaw was found in Spring applications using the WebMvc.fn or WebFlux.fn frameworks. This issue can allow attackers to perform path traversal attacks via crafted HTTP requests when the application serves static resources using RouterFunctions and explicitly configures resource handling with a...

7.5CVSS6.5AI score0.14718EPSS
Exploits1References4
Github Security Blog
Github Security Blog
added 2024/09/13 6:30 a.m.175 views

Path traversal vulnerability in functional web frameworks

Applications serving static resources through the functional web frameworks WebMvc.fn or WebFlux.fn are vulnerable to path traversal attacks. An attacker can craft malicious HTTP requests and obtain any file on the file system that is also accessible to the process in which the Spring application...

7.5CVSS6.7AI score0.14718EPSS
Exploits1References5Affected Software2
Tenable Nessus
Tenable Nessus
added 2024/09/13 12:0 a.m.28 views

Fortinet FortiClient EMS < 7.2.5 (FG-IR-23-362)

The version of Fortinet FortiClient EMS installed on the remote host is prior to 7.2.5. It is, therefore, affected by a vulnerability as referenced in the FG-IR-23-362 advisory. - A improper limitation of a pathname to a restricted directory 'path traversal' in Fortinet FortiClientEMS versions...

6CVSS6AI score0.00741EPSS
Exploits0References2
NVD
NVD
added 2024/09/11 10:15 a.m.17 views

CVE-2024-45327

An improper authorization vulnerability CWE-285 in FortiSOAR version 7.4.0 through 7.4.3, 7.3.0 through 7.3.2, 7.2.0 through 7.2.2, 7.0.0 through 7.0.3 change password endpoint may allow an authenticated attacker to perform a brute force attack on users and administrators password via crafted HTT...

7.5CVSS0.0034EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/09/11 9:53 a.m.15 views

CVE-2024-45327

An improper authorization vulnerability CWE-285 in FortiSOAR version 7.4.0 through 7.4.3, 7.3.0 through 7.3.2, 7.2.0 through 7.2.2, 7.0.0 through 7.0.3 change password endpoint may allow an authenticated attacker to perform a brute force attack on users and administrators password via crafted HTT...

7.5CVSS0.0034EPSS
Exploits0References1
Rows per page
Query Builder