Lucene search
K

5908 matches found

Veracode
Veracode
added 2024/06/10 5:59 a.m.8 views

Denial Of Service (DoS)

go.opentelemetry.io/collector/config/configgrpc is vulnerable to Denial Of Service DoS. The vulnerability is due to compressed HTTP requests which can be maliciously designed to crash the system by consuming excessive memory. Attackers can exploit this by sending specially crafted "zip bomb"...

7AI score
Exploits0
Vulnrichment
Vulnrichment
added 2024/06/10 12:0 a.m.16 views

CVE-2022-45176

An issue was discovered in LIVEBOX Collaboration vDesk through v018. Stored Cross-site Scripting XSS can occur under the /api/v1/getbodyfile endpoint via the uri parameter. The web application through its vShare functionality section doesn't properly check parameters, sent in HTTP requests as...

5.3AI score0.00314EPSS
Exploits1References1
CVE
CVE
added 2024/06/10 12:0 a.m.87 views

CVE-2022-45176

CVE-2022-45176 affects LIVEBOX Collaboration vDesk through v018. The issue is a stored Cross-site Scripting (XSS) vulnerability at the endpoint /api/v1/getbodyfile, triggered by the input parameter uri . The web application does not properly validate parameters before saving them on the server, a...

6.1CVSS6.1AI score0.00314EPSS
Exploits1References1Affected Software1
Tenable Nessus
Tenable Nessus
added 2024/06/10 12:0 a.m.23 views

Hirschmann Automation and Control HiOS and HiSecOS Products Buffer Copy Without Checking Size of Input (CVE-2020-6994)

A buffer overflow vulnerability was found in some devices of Hirschmann Automation and Control HiOS and HiSecOS. The vulnerability is due to improper parsing of URL arguments. An attacker could exploit this vulnerability by specially crafting HTTP requests to overflow an internal buffer. The...

9.8CVSS8.5AI score0.01606EPSS
Exploits0References2
NVD
NVD
added 2024/06/06 7:16 p.m.18 views

CVE-2024-4851

A Server-Side Request Forgery SSRF vulnerability exists in the stangirard/quivr application, version 0.0.204, which allows attackers to access internal networks. The vulnerability is present in the crawl endpoint where the 'url' parameter can be manipulated to send HTTP requests to arbitrary URLs...

7.7CVSS0.00576EPSS
Exploits1References1
OSV
OSV
added 2024/06/06 7:16 p.m.8 views

CVE-2024-4851

A Server-Side Request Forgery SSRF vulnerability exists in the stangirard/quivr application, version 0.0.204, which allows attackers to access internal networks. The vulnerability is present in the crawl endpoint where the 'url' parameter can be manipulated to send HTTP requests to arbitrary URLs...

7.7CVSS7.1AI score
Exploits0References1
Cvelist
Cvelist
added 2024/06/06 6:39 p.m.22 views

CVE-2024-4851 SSRF Vulnerability in stangirard/quivr

A Server-Side Request Forgery SSRF vulnerability exists in the stangirard/quivr application, version 0.0.204, which allows attackers to access internal networks. The vulnerability is present in the crawl endpoint where the 'url' parameter can be manipulated to send HTTP requests to arbitrary URLs...

7.7CVSS0.00576EPSS
Exploits1References1
CVE
CVE
added 2024/06/06 6:39 p.m.58 views

CVE-2024-4851

The CVE-2024-4851 entry concerns stangirard/quivr v0.0.204 with a Server-Side Request Forgery in the crawl endpoint. The issue arises from the url parameter allowing requests to arbitrary URLs, enabling SSRF to access internal networks via backend/routes/crawl_routes.py (crawl_endpoint). The haza...

7.7CVSS7.6AI score0.00576EPSS
Exploits1References1Affected Software1
Redos
Redos
added 2024/06/06 12:0 a.m.24 views

ROS-20240606-07

Vulnerability in the MULTIPARTPARTHEADERS component of the open source web application firewall ModSecurity is related to improper analysis of HTTP requests. Exploitation of the vulnerability could allow an an attacker acting remotely to bypass the firewall's protections...

7.5CVSS6.7AI score0.01169EPSS
Exploits0
Vulnrichment
Vulnrichment
added 2024/06/05 4:15 p.m.20 views

CVE-2024-20405

A vulnerability in the web-based management interface of Cisco Finesse could allow an unauthenticated, remote attacker to conduct a stored XSS attack by exploiting an RFI vulnerability. This vulnerability is due to insufficient validation of user-supplied input for specific HTTP requests that are...

4.8CVSS6.4AI score0.00648EPSS
Exploits1References1
Cvelist
Cvelist
added 2024/06/05 4:15 p.m.24 views

CVE-2024-20405

A vulnerability in the web-based management interface of Cisco Finesse could allow an unauthenticated, remote attacker to conduct a stored XSS attack by exploiting an RFI vulnerability. This vulnerability is due to insufficient validation of user-supplied input for specific HTTP requests that are...

4.8CVSS5.3AI score0.00648EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2024/06/05 4:14 p.m.18 views

CVE-2024-20404

A vulnerability in the web-based management interface of Cisco Finesse could allow an unauthenticated, remote attacker to conduct an SSRF attack on an affected system. This vulnerability is due to insufficient validation of user-supplied input for specific HTTP requests that are sent to an affect...

7.2CVSS6.5AI score0.231EPSS
Exploits1References1
OSV
OSV
added 2024/06/05 3:11 p.m.10 views

GHSA-C7P6-3C9C-F88Q Information Disclosure in TYPO3 CMS

HTTP requests being performed using the TYPO3 API expose the specific TYPO3 version to the called endpoint...

3.7CVSS7.1AI score
Exploits0References3
NVD
NVD
added 2024/06/05 8:15 a.m.18 views

CVE-2024-23669

An improper authorization in Fortinet FortiWebManager version 7.2.0 and 7.0.0 through 7.0.4 and 6.3.0 and 6.2.3 through 6.2.4 and 6.0.2 allows attacker to execute unauthorized code or commands via HTTP requests or CLI...

8.8CVSS6.8AI score0.00542EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/06/05 7:45 a.m.33 views

CVE-2024-23669

An improper authorization in Fortinet FortiWebManager version 7.2.0 and 7.0.0 through 7.0.4 and 6.3.0 and 6.2.3 through 6.2.4 and 6.0.2 allows attacker to execute unauthorized code or commands via HTTP requests or CLI...

6.5CVSS6.8AI score0.00542EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/06/05 7:45 a.m.28 views

CVE-2024-23669

An improper authorization in Fortinet FortiWebManager version 7.2.0 and 7.0.0 through 7.0.4 and 6.3.0 and 6.2.3 through 6.2.4 and 6.0.2 allows attacker to execute unauthorized code or commands via HTTP requests or CLI...

6.5CVSS7.5AI score0.00542EPSS
Exploits0References1
CNVD
CNVD
added 2024/06/05 12:0 a.m.8 views

Fortinet FortiWebManager Authorization Issues Vulnerability

Fortinet FortiWebManager is a Web application firewall from the U.S. company Fiat Fortinet. Fortinet FortiWebManager suffers from an authorization issue vulnerability that can be exploited by an attacker to execute unauthorized code or commands via HTTP requests or the CLI...

8.8CVSS7.3AI score0.00439EPSS
Exploits0References1
OSV
OSV
added 2024/06/03 10:15 a.m.3 views

CVE-2024-23668

An improper authorization in Fortinet FortiWebManager version 7.2.0 and 7.0.0 through 7.0.4 and 6.3.0 and 6.2.3 through 6.2.4 and 6.0.2 allows attacker to execute unauthorized code or commands via HTTP requests or CLI...

8.8CVSS5.9AI score0.00651EPSS
Exploits0References1
NVD
NVD
added 2024/06/03 10:15 a.m.13 views

CVE-2024-23670

An improper authorization in Fortinet FortiWebManager version 7.2.0 and 7.0.0 through 7.0.4 and 6.3.0 and 6.2.3 through 6.2.4 and 6.0.2 allows attacker to execute unauthorized code or commands via HTTP requests or CLI...

8.8CVSS7.8AI score0.00439EPSS
Exploits0References1
NVD
NVD
added 2024/06/03 10:15 a.m.17 views

CVE-2024-23668

An improper authorization in Fortinet FortiWebManager version 7.2.0 and 7.0.0 through 7.0.4 and 6.3.0 and 6.2.3 through 6.2.4 and 6.0.2 allows attacker to execute unauthorized code or commands via HTTP requests or CLI...

8.8CVSS8.9AI score0.00651EPSS
Exploits0References1
Rows per page
Query Builder