Lucene search
K

5909 matches found

Redos
Redos
added 2024/04/23 12:0 a.m.14 views

ROS-20240423-05

The FreeIpa server kinit command context vulnerability is related to sending HTTP requests with parameters, that can be interpreted as command arguments to kinit. Exploitation of the vulnerability could Allow an attacker acting remotely to cause a denial of service to the system...

5.3CVSS6.8AI score0.0111EPSS
Exploits1
Redos
Redos
added 2024/04/23 12:0 a.m.35 views

ROS-20240423-07

The aiohttp HTTP client vulnerability is related to an incorrect restriction of the path name to a directory with restricted access. Exploitation of the vulnerability could allow an attacker acting remotely to gain unauthorized access to protected information The aiohttp HTTP client vulnerability...

7.5CVSS7AI score0.76875EPSS
Exploits16
NVD
NVD
added 2024/04/22 11:15 p.m.21 views

CVE-2024-32657

Hydra is a Continuous Integration service for Nix based projects. Attackers can execute arbitrary code in the browser context of Hydra and execute authenticated HTTP requests. The abused feature allows Nix builds to specify files that Hydra serves to clients. One use of this functionality is...

5.4CVSS5.1AI score0.00463EPSS
Exploits0References4
CVE
CVE
added 2024/04/22 10:24 p.m.105 views

CVE-2024-32657

CVE-2024-32657 affects Hydra, the CI service for Nix-based projects. The vulnerability arises from a feature that lets Nix builds specify files served to clients, with HTML build artifacts being exploitable in the browser context and capable of triggering arbitrary code execution when viewed. Imp...

5.4CVSS7AI score0.00463EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2024/04/22 10:24 p.m.25 views

CVE-2024-32657 Hydra has persistent XSS vulnerability serving HTML build outputs

Hydra is a Continuous Integration service for Nix based projects. Attackers can execute arbitrary code in the browser context of Hydra and execute authenticated HTTP requests. The abused feature allows Nix builds to specify files that Hydra serves to clients. One use of this functionality is...

4.6CVSS7.8AI score0.00463EPSS
Exploits0References6
Vulnrichment
Vulnrichment
added 2024/04/22 10:24 p.m.12 views

CVE-2024-32657 Hydra has persistent XSS vulnerability serving HTML build outputs

Hydra is a Continuous Integration service for Nix based projects. Attackers can execute arbitrary code in the browser context of Hydra and execute authenticated HTTP requests. The abused feature allows Nix builds to specify files that Hydra serves to clients. One use of this functionality is...

4.6CVSS7.3AI score0.00463EPSS
Exploits0References4
BDU FSTEC
BDU FSTEC
added 2024/04/19 12:0 a.m.5 views

The vulnerability of the Radio Scheduling function in wireless access points Tp-Link AC1350 and Tp-Link N300 allows a hacker to execute arbitrary code.

The vulnerability of the Radio Scheduling function in Tp-Link AC1350 and Tp-Link N300 wireless access points is related to the execution of operations outside the buffer during the processing of the profile parameter. Exploiting this vulnerability allows a malicious actor to execute arbitrary cod...

9CVSS8.2AI score0.01822EPSS
Exploits1References2
OpenVAS
OpenVAS
added 2024/04/17 12:0 a.m.26 views

Ubuntu: Security Advisory (USN-6735-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5CVSS7.9AI score0.03906EPSS
Exploits1References2
GithubExploit
GithubExploit
added 2024/04/16 5:8 p.m.276 views

Exploit for Improper Input Validation in Paloaltonetworks Pan-Os

CVE-2024-3400 RCE Test Script Overview This Python script...

10CVSS10AI score0.99999EPSS
Exploits43
Positive Technologies
Positive Technologies
added 2024/04/12 12:0 a.m.5 views

PT-2024-24366 · Opentelemetry · Opentelemetry.Instrumentation.Aspnetcore +1

Name of the Vulnerable Software and Affected Versions: OpenTelemetry.Instrumentation.Http versions prior to 1.8.1 OpenTelemetry.Instrumentation.AspNetCore versions prior to 1.8.1 Description: The issue concerns the OpenTelemetry.Instrumentation.Http and OpenTelemetry.Instrumentation.AspNetCore...

4.1CVSS6.6AI score0.00291EPSS
Exploits0References10
Tenable Nessus
Tenable Nessus
added 2024/04/12 12:0 a.m.22 views

Cisco Identity Services Engine Server-Side Request Forgery (cisco-sa-ise-ssrf-FtSTh5Oz)

According to its self-reported version, Cisco Identity Services Engine Server-Side Request Forgery is affected by a vulnerability. - A vulnerability in the web-based management interface of Cisco Identity Services Engine ISE could allow an authenticated, remote attacker to conduct a server-side...

5.5CVSS5.8AI score0.00369EPSS
Exploits0References3
CNVD
CNVD
added 2024/04/11 12:0 a.m.5 views

Unspecified Vulnerability in TP-LINK AC1350 (CNVD-2024-23784)

The TP-LINK AC1350 is a router from China P&L TP-LINK. The TP-LINK AC1350 contains a security vulnerability that can be exploited by an attacker to cause remote code execution via a series of specially crafted HTTP requests...

8.8CVSS7.7AI score0.01822EPSS
Exploits1References1
CNVD
CNVD
added 2024/04/11 12:0 a.m.5 views

Unspecified Vulnerability in TP-LINK AC1350 (CNVD-2024-20287)

The TP-LINK AC1350 is a router from China P&L TP-LINK. The TP-LINK AC1350 suffers from a security vulnerability that can be exploited by an attacker to cause remote code execution via a series of specially crafted HTTP requests...

8.8CVSS7.7AI score0.01919EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2024/04/10 8:39 p.m.13 views

CVE-2024-1481 Freeipa: specially crafted http requests potentially lead to denial of service

A flaw was found in FreeIPA. This issue may allow a remote attacker to craft a HTTP request with parameters that can be interpreted as command arguments to kinit on the FreeIPA server, which can lead to a denial of service...

5.3CVSS6.7AI score0.0111EPSS
Exploits1References4
NVD
NVD
added 2024/04/10 5:15 p.m.13 views

CVE-2024-2217

gaizhenbiao/chuanhuchatgpt is vulnerable to improper access control, allowing unauthorized access to the config.json file. This vulnerability is present in both authenticated and unauthenticated versions of the application, enabling attackers to obtain sensitive information such as API keys...

7.5CVSS7.3AI score0.00779EPSS
Exploits1References2
OSV
OSV
added 2024/04/10 5:15 p.m.45 views

CVE-2024-2217

gaizhenbiao/chuanhuchatgpt is vulnerable to improper access control, allowing unauthorized access to the config.json file. This vulnerability is present in both authenticated and unauthenticated versions of the application, enabling attackers to obtain sensitive information such as API keys...

7.5CVSS6.4AI score
Exploits0References2
NVD
NVD
added 2024/04/10 5:15 p.m.23 views

CVE-2024-1741

lunary-ai/lunary version 1.0.1 is vulnerable to improper authorization, allowing removed members to read, create, modify, and delete prompt templates using an old authorization token. Despite being removed from an organization, these members can still perform operations on prompt templates by...

9.1CVSS9.3AI score0.00586EPSS
Exploits1References2
OSV
OSV
added 2024/04/10 5:15 p.m.28 views

CVE-2024-1741

lunary-ai/lunary version 1.0.1 is vulnerable to improper authorization, allowing removed members to read, create, modify, and delete prompt templates using an old authorization token. Despite being removed from an organization, these members can still perform operations on prompt templates by...

9.1CVSS6.8AI score0.00586EPSS
Exploits1References2
CVE
CVE
added 2024/04/10 5:8 p.m.95 views

CVE-2024-1741

CVE-2024-1741 affects lunary-ai/lunary v1.0.1, with an improper authorization flaw enabling removed members to read, create, modify, and delete prompt templates by reusing an old authorization token. The issue allows operations on prompt templates despite removal from an organization, via HTTP re...

9.1CVSS9AI score0.00586EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2024/04/10 5:8 p.m.14 views

CVE-2024-2217 Improper Access Control in gaizhenbiao/chuanhuchatgpt

gaizhenbiao/chuanhuchatgpt is vulnerable to improper access control, allowing unauthorized access to the config.json file. This vulnerability is present in both authenticated and unauthenticated versions of the application, enabling attackers to obtain sensitive information such as API keys...

7.5CVSS7.5AI score0.00779EPSS
Exploits1References2
Rows per page
Query Builder