Lucene search
K

5909 matches found

CVE
CVE
added 2024/04/10 5:8 p.m.120 views

CVE-2024-2217

CVE-2024-2217 concerns improper access control in gaizhenbiao/chuanhuchatgpt, allowing unauthorized access to the config.json file in both authenticated and unauthenticated versions. The flaw enables retrieval of sensitive data such as OpenAI/Google/XMChat API keys, configuration details, and use...

7.5CVSS7.2AI score0.00779EPSS
Exploits1References2Affected Software1
Vulnrichment
Vulnrichment
added 2024/04/10 5:8 p.m.16 views

CVE-2024-2217 Improper Access Control in gaizhenbiao/chuanhuchatgpt

gaizhenbiao/chuanhuchatgpt is vulnerable to improper access control, allowing unauthorized access to the config.json file. This vulnerability is present in both authenticated and unauthenticated versions of the application, enabling attackers to obtain sensitive information such as API keys...

7.5CVSS6.6AI score0.00779EPSS
Exploits1References2
CVE
CVE
added 2024/04/10 12:3 a.m.28 views

CVE-2023-40148

CVE-2023-40148 is a PingFederate SSRF vulnerability. The issue: an unauthenticated attacker can make forged HTTP POST requests to trigger server-side requests, potentially reaching internal network resources and consuming server-side resources. Documents identify PingFederate as affected; root ca...

6.5CVSS7AI score0.00461EPSS
Exploits0References2
NVD
NVD
added 2024/04/09 3:15 p.m.11 views

CVE-2024-31487

A improper limitation of a pathname to a restricted directory 'path traversal' vulnerability in Fortinet FortiSandbox 4.4.0 through 4.4.4, FortiSandbox 4.2.1 through 4.2.6, FortiSandbox 4.0 all versions, FortiSandbox 3.2 all versions, FortiSandbox 3.1 all versions, FortiSandbox 3.0 all versions,...

6.5CVSS5.5AI score0.00858EPSS
Exploits0References1
NVD
NVD
added 2024/04/09 3:15 p.m.12 views

CVE-2024-23671

A improper limitation of a pathname to a restricted directory 'path traversal' vulnerability in Fortinet FortiSandbox 4.4.0 through 4.4.3, FortiSandbox 4.2.1 through 4.2.6, FortiSandbox 4.0.0 through 4.0.4 allows attacker to execute unauthorized code or commands via crafted HTTP requests...

8.1CVSS8.3AI score0.01159EPSS
Exploits0References1
NVD
NVD
added 2024/04/09 3:15 p.m.16 views

CVE-2024-23662

An exposure of sensitive information to an unauthorized actor in Fortinet FortiOS at least version at least 7.4.0 through 7.4.1 and 7.2.0 through 7.2.5 and 7.0.0 through 7.0.15 and 6.4.0 through 6.4.15 allows attacker to information disclosure via HTTP requests...

7.5CVSS5.1AI score0.00695EPSS
Exploits0References1
NVD
NVD
added 2024/04/09 3:15 p.m.28 views

CVE-2023-49911

A stack-based buffer overflow vulnerability exists in the web interface Radio Scheduling functionality of Tp-Link AC1350 Wireless MU-MIMO Gigabit Access Point EAP225 V3 v5.1.0 Build 20220926. A specially crafted series of HTTP requests can lead to remote code execution. An attacker can make an...

8.8CVSS7.4AI score0.01822EPSS
Exploits1References2
NVD
NVD
added 2024/04/09 3:15 p.m.23 views

CVE-2023-49909

A stack-based buffer overflow vulnerability exists in the web interface Radio Scheduling functionality of Tp-Link AC1350 Wireless MU-MIMO Gigabit Access Point EAP225 V3 v5.1.0 Build 20220926. A specially crafted series of HTTP requests can lead to remote code execution. An attacker can make an...

8.8CVSS7.4AI score0.01822EPSS
Exploits1References2
NVD
NVD
added 2024/04/09 3:15 p.m.18 views

CVE-2023-49908

A stack-based buffer overflow vulnerability exists in the web interface Radio Scheduling functionality of Tp-Link AC1350 Wireless MU-MIMO Gigabit Access Point EAP225 V3 v5.1.0 Build 20220926. A specially crafted series of HTTP requests can lead to remote code execution. An attacker can make an...

8.8CVSS7.4AI score0.01822EPSS
Exploits1References2
CVE
CVE
added 2024/04/09 2:24 p.m.56 views

CVE-2024-31487

Fortinet FortiSandbox suffers a path-traversal information-disclosure vulnerability (CVE-2024-31487) affecting FortiSandbox versions 2.4.0–2.4.1, 2.5.0–2.5.2, 3.0.0–3.0.7, 3.1.0–3.1.5, 3.2.0–3.2.4, 4.0.0–4.0.5, 4.2.0–4.2.6, and 4.4.0–4.4.4, allowing an attacker to disclose information via crafted...

6.5CVSS5.8AI score0.00858EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2024/04/09 2:24 p.m.21 views

CVE-2024-31487

A improper limitation of a pathname to a restricted directory 'path traversal' vulnerability in Fortinet FortiSandbox 4.4.0 through 4.4.4, FortiSandbox 4.2.1 through 4.2.6, FortiSandbox 4.0 all versions, FortiSandbox 3.2 all versions, FortiSandbox 3.1 all versions, FortiSandbox 3.0 all versions,...

5.9CVSS5.7AI score0.00858EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/04/09 2:24 p.m.19 views

CVE-2024-31487

A improper limitation of a pathname to a restricted directory 'path traversal' vulnerability in Fortinet FortiSandbox 4.4.0 through 4.4.4, FortiSandbox 4.2.1 through 4.2.6, FortiSandbox 4.0 all versions, FortiSandbox 3.2 all versions, FortiSandbox 3.1 all versions, FortiSandbox 3.0 all versions,...

5.9CVSS5.8AI score0.00858EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/04/09 2:24 p.m.9 views

CVE-2024-23671

A improper limitation of a pathname to a restricted directory 'path traversal' vulnerability in Fortinet FortiSandbox 4.4.0 through 4.4.3, FortiSandbox 4.2.1 through 4.2.6, FortiSandbox 4.0.0 through 4.0.4 allows attacker to execute unauthorized code or commands via crafted HTTP requests...

8.1CVSS6.9AI score0.01159EPSS
Exploits0References1
CVE
CVE
added 2024/04/09 2:24 p.m.59 views

CVE-2024-23671

CVE-2024-23671 describes a path traversal vulnerability in Fortinet FortiSandbox versions 4.0.0–4.0.4, 4.2.0–4.2.6, and 4.4.0–4.4.3 that allows an attacker to execute unauthorized code or commands via crafted HTTP requests. The root cause is improper limitation of a pathname to a restricted direc...

8.1CVSS6.9AI score0.01159EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2024/04/09 2:24 p.m.25 views

CVE-2024-23671

A improper limitation of a pathname to a restricted directory 'path traversal' vulnerability in Fortinet FortiSandbox 4.4.0 through 4.4.3, FortiSandbox 4.2.1 through 4.2.6, FortiSandbox 4.0.0 through 4.0.4 allows attacker to execute unauthorized code or commands via crafted HTTP requests...

8.1CVSS8.4AI score0.01159EPSS
Exploits0References1
CVE
CVE
added 2024/04/09 2:24 p.m.67 views

CVE-2024-23662

CVE-2024-23662 is an information-disclosure vulnerability in Fortinet FortiOS that affects FortiOS versions 6.4.0–6.4.15, 7.0.0–7.0.15, 7.2.0–7.2.5, and 7.4.0–7.4.1, enabling an unauthenticated attacker to access sensitive data via HTTP requests. Connected sources provide concrete version ranges ...

7.5CVSS6.2AI score0.00695EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2024/04/09 2:24 p.m.21 views

CVE-2024-23662

An exposure of sensitive information to an unauthorized actor in Fortinet FortiOS at least version at least 7.4.0 through 7.4.1 and 7.2.0 through 7.2.5 and 7.0.0 through 7.0.15 and 6.4.0 through 6.4.15 allows attacker to information disclosure via HTTP requests...

5.3CVSS5.3AI score0.00695EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/04/09 2:24 p.m.11 views

CVE-2024-23662

An exposure of sensitive information to an unauthorized actor in Fortinet FortiOS at least version at least 7.4.0 through 7.4.1 and 7.2.0 through 7.2.5 and 7.0.0 through 7.0.15 and 6.4.0 through 6.4.15 allows attacker to information disclosure via HTTP requests...

5.3CVSS6.4AI score0.00695EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/04/09 2:12 p.m.28 views

CVE-2023-49906

A stack-based buffer overflow vulnerability exists in the web interface Radio Scheduling functionality of Tp-Link AC1350 Wireless MU-MIMO Gigabit Access Point EAP225 V3 v5.1.0 Build 20220926. A specially crafted series of HTTP requests can lead to remote code execution. An attacker can make an...

7.2CVSS7.6AI score0.01919EPSS
Exploits1References1
CVE
CVE
added 2024/04/09 2:12 p.m.72 views

CVE-2023-49906

CVE-2023-49906 is a stack-based buffer overflow in the TP-Link AC1350 (EAP225 V3) web interface, specifically in the httpd_portal function handling the scheduling/ssid parameter. A crafted authenticated HTTP POST to /data/scheduler.association.json can overflow the stack via multiple input buffer...

8.8CVSS7.8AI score0.01919EPSS
Exploits1References2Affected Software1
Rows per page
Query Builder