Lucene search
K

5908 matches found

Vulnrichment
Vulnrichment
added 2024/08/14 8:12 p.m.24 views

CVE-2024-42353 WebOb's location header normalization during redirect leads to open redirect

WebOb provides objects for HTTP requests and responses. When WebOb normalizes the HTTP Location header to include the request hostname, it does so by parsing the URL that the user is to be redirected to with Python's urlparse, and joining it to the base URL. urlparse however treats a // at the...

6.1CVSS7.1AI score0.00497EPSS
Exploits1References2
BDU FSTEC
BDU FSTEC
added 2024/08/14 12:0 a.m.6 views

The vulnerability of the authentication system for microprogrammed software in the FortiExtender signal booster allows attackers to circumvent security restrictions and enhance their privileges.

The vulnerability of the authentication system for microprogrammed software in the FortiExtender signal booster device is related to deficiencies in access control. Exploiting this vulnerability could allow a malicious actor to bypass security restrictions and enhance their privileges by sending...

9CVSS5.5AI score0.0064EPSS
Exploits0References4Affected Software1
CVE
CVE
added 2024/08/13 3:55 a.m.48 views

CVE-2024-41737

CVE-2024-41737 is described across multiple sources as a SSRF flaw in SAP CRM ABAP (Insights Management) . An authenticated attacker can craft HTTP requests to enumerate internal HTTP endpoints, leading to potential information disclosure . The reported impact explicitly notes no changes to integ...

5CVSS4.8AI score0.00262EPSS
Exploits0References2Affected Software1
Tenable Nessus
Tenable Nessus
added 2024/08/13 12:0 a.m.29 views

SUSE SLED15: python311-Twisted / python311-Twisted-all_non_platform / etc (SUSE-SU-2024:2880-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:2880-1 advisory. - CVE-2024-41671: Fixed an information disclosure due to HTTP requests processed out-of-order...

8.3CVSS6.8AI score0.01109EPSS
Exploits0References7
Tenable Nessus
Tenable Nessus
added 2024/08/09 12:0 a.m.27 views

Cisco Smart Software Manager On-Prem Password Change (cisco-sa-cssm-auth-sLw3uhUy)

According to its self-reported version, Cisco Smart Software Manager On-Prem Password Change is affected by a vulnerability. - A vulnerability in the authentication system of Cisco Smart Software Manager On-Prem SSM On-Prem could allow an unauthenticated, remote attacker to change the password of...

10CVSS6.1AI score0.80767EPSS
Exploits3References3
Tenable Nessus
Tenable Nessus
added 2024/08/07 12:0 a.m.30 views

SUSE SLES15 Security Update : python-Twisted (SUSE-SU-2024:2757-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:2757-1 advisory. - CVE-2024-41671: Fixed an information disclosure due to HTTP requests processed out-of-order bsc1228549 - CVE-2024-41810: Fixed...

8.3CVSS6.5AI score0.01109EPSS
Exploits0References7
OpenVAS
OpenVAS
added 2024/08/07 12:0 a.m.19 views

SUSE: Security Advisory (SUSE-SU-2024:2757-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

8.3CVSS6.6AI score0.01109EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2024/08/06 12:0 a.m.21 views

SUSE SLES12 Security Update : python-Twisted (SUSE-SU-2024:2732-1)

The remote SUSE Linux SLES12 / SLESSAP12 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:2732-1 advisory. - CVE-2024-41671: Fixed an information disclosure due to HTTP requests processed out-of-order bsc1228549 - CVE-2024-41810: Fixed...

8.3CVSS6.5AI score0.01109EPSS
Exploits0References7
OSV
OSV
added 2024/08/05 7:58 p.m.19 views

SUSE-SU-2024:2757-1 Security update for python-Twisted

This update for python-Twisted fixes the following issues: - CVE-2024-41671: Fixed an information disclosure due to HTTP requests processed out-of-order bsc1228549 - CVE-2024-41810: Fixed reflected XSS via HTML injection in redirect response bsc1228552...

8.3CVSS5.9AI score0.01109EPSS
Exploits0References5
OSV
OSV
added 2024/08/05 10:56 a.m.18 views

SUSE-SU-2024:2732-1 Security update for python-Twisted

This update for python-Twisted fixes the following issues: - CVE-2024-41671: Fixed an information disclosure due to HTTP requests processed out-of-order bsc1228549 - CVE-2024-41810: Fixed reflected XSS via HTML injection in redirect response bsc1228552...

8.3CVSS5.9AI score0.01109EPSS
Exploits0References5
NVD
NVD
added 2024/08/02 5:16 p.m.33 views

CVE-2024-7314

anji-plus AJ-Report is affected by an authentication bypass vulnerability. A remote and unauthenticated attacker can append ";swagger-ui" to HTTP requests to bypass authentication and execute arbitrary Java on the victim server. Exploitation evidence was observed by the Shadowserver Foundation on...

9.8CVSS0.51468EPSS
Exploits1References4
Vulnrichment
Vulnrichment
added 2024/08/02 4:33 p.m.19 views

CVE-2024-7314 anji-plus AJ-Report Authentication Bypass

anji-plus AJ-Report is affected by an authentication bypass vulnerability. A remote and unauthenticated attacker can append ";swagger-ui" to HTTP requests to bypass authentication and execute arbitrary Java on the victim server. Exploitation evidence was observed by the Shadowserver Foundation on...

9.8CVSS7.4AI score0.51468EPSS
Exploits1References4
CVE
CVE
added 2024/08/02 4:33 p.m.74 views

CVE-2024-7314

CVE-2024-7314 affects AJ-Report (anji-plus). The vulnerability is an authentication bypass in versions before 1.4.1, allowing a remote, unauthenticated attacker to append “;swagger-ui” to HTTP requests to bypass authentication and execute arbitrary Java code on the victim server. The Nuclei templ...

9.8CVSS7.4AI score0.51468EPSS
In wildExploits1References4Affected Software1
GithubExploit
GithubExploit
added 2024/07/31 6:27 p.m.202 views

Exploit for Code Injection in Get-Simple Getsimple_Cms

CVE-2022-41544 Exploit Script This repository contains a scri...

9.8CVSS9.7AI score0.09442EPSS
Exploits12
Veracode
Veracode
added 2024/07/19 8:29 a.m.20 views

Improper Input Validation

io.netty.incubator, netty-incubator-codec-bhttp is vulnerable to Improper Input Validation. The vulnerability is due to improper validation within the readRequestHead method, giving attackers almost complete control over the HTTP requests constructed from the parsed output, which potentially allo...

8.1CVSS7AI score0.00671EPSS
Exploits1References2Affected Software1
NVD
NVD
added 2024/07/17 5:15 p.m.93 views

CVE-2024-20419

A vulnerability in the authentication system of Cisco Smart Software Manager On-Prem SSM On-Prem could allow an unauthenticated, remote attacker to change the password of any user, including administrative users. This vulnerability is due to improper implementation of the password-change process...

10CVSS0.80767EPSS
Exploits3References2
NVD
NVD
added 2024/07/17 5:15 p.m.19 views

CVE-2024-20416

A vulnerability in the upload module of Cisco RV340 and RV345 Dual WAN Gigabit VPN Routers could allow an authenticated, remote attacker to execute arbitrary code on an affected device. This vulnerability is due to insufficient boundary checks when processing specific HTTP requests. An attacker...

6.5CVSS0.00857EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/07/17 4:29 p.m.17 views

CVE-2024-20400

A vulnerability in the web-based management interface of Cisco Expressway Series could allow an unauthenticated, remote attacker to redirect a user to a malicious web page. This vulnerability is due to improper input validation of HTTP request parameters. An attacker could exploit this...

4.7CVSS0.00378EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/07/17 4:29 p.m.11 views

CVE-2024-20416

A vulnerability in the upload module of Cisco RV340 and RV345 Dual WAN Gigabit VPN Routers could allow an authenticated, remote attacker to execute arbitrary code on an affected device. This vulnerability is due to insufficient boundary checks when processing specific HTTP requests. An attacker...

6.5CVSS8.1AI score0.00857EPSS
Exploits0References1
CVE
CVE
added 2024/07/17 4:29 p.m.61 views

CVE-2024-20416

Cisco RV340 and RV345 Dual WAN Gigabit VPN Routers are affected by CVE-2024-20416 in the upload module. The issue arises from insufficient boundary checks when processing certain HTTP requests, allowing an authenticated, remote attacker to trigger arbitrary code execution with root privileges on ...

6.5CVSS7.9AI score0.00857EPSS
Exploits0References1
Rows per page
Query Builder