174 matches found
EUVD-2023-52819
Malicious code in bioql PyPI...
EUVD-2023-49873
Malicious code in bioql PyPI...
EUVD-2024-33140
Malicious code in bioql PyPI...
EUVD-2024-19373
Malicious code in bioql PyPI...
CVE-2025-46659
An issue was discovered in ExonautWeb in 4C Strategies Exonaut 21.6. Information disclosure can occur via an external HTTPS request...
CVE-2023-48786
A server-side request forgery vulnerability CWE-918 in Fortinet FortiClientEMS version 7.4.0 through 7.4.2 and before 7.2.6 may allow an authenticated attacker to perform internal requests via crafted HTTP or HTTPS requests...
CVE-2023-48786
A server-side request forgery vulnerability CWE-918 in Fortinet FortiClientEMS version 7.4.0 through 7.4.2 and before 7.2.6 may allow an authenticated attacker to perform internal requests via crafted HTTP or HTTPS requests...
CVE-2025-3116
CWE-20: Improper Input Validation vulnerability exists that could cause Denial of Service when an authenticated malicious user sends special malformed HTTPS request containing improper formatted body data to the controller...
CVE-2023-44250
An improper privilege management vulnerability CWE-269 in a Fortinet FortiOS HA cluster version 7.4.0 through 7.4.1 and 7.2.5 and in a FortiProxy HA cluster version 7.4.0 through 7.4.1 allows an authenticated attacker to perform elevated actions via crafted HTTP or HTTPS requests...
CVE-2023-20095
A vulnerability in the remote access VPN feature of Cisco Adaptive Security Appliance ASA Software and Cisco Firepower Threat Defense FTD Software could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on an affected device. This vulnerability is due to imprope...
CVE-2013-1451
Microsoft Internet Explorer 8 and 9, when the Proxy Settings configuration has the same Proxy address and Port values in the HTTP and Secure rows, does not ensure that the SSL lock icon is consistent with the Address bar, which makes it easier for remote attackers to spoof web sites via a crafted...
Exploit for CVE-2025-1974
CVE-2025-1974IngressNightmare poc IngressNightmare Script...
CVE-2024-37359 Hitachi Vantara Pentaho Business Analytics Server – Server Side Request Forgery
The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination. CWE-918 Hitachi Vantara Pentaho Business Analytics Server versions before 10.2.0.0...
ABB FLXeon Security Bypass Vulnerability
The ABB FLXeon is a series of controllers from ABB Switzerland. ABB FLXeon suffers from a security bypass vulnerability that stems from insufficient session management to prevent unauthorized HTTPS requests. No detailed vulnerability details are provided at this time...
CVE-2024-10497
CWE-639: Authorization Bypass Through User-Controlled Key vulnerability exists that could allow an authorized attacker to modify values outside those defined by their privileges Elevation of Privileges when the attacker sends modified HTTPS requests to the device...
CVE-2024-48849
Missing Origin Validation in WebSockets vulnerability in FLXEON. Session management was not sufficient to prevent unauthorized HTTPS requests. This issue affects FLXEON: through = 9.3.4...
CVE-2024-10497
CWE-639: Authorization Bypass Through User-Controlled Key vulnerability exists that could allow an authorized attacker to modify values outside those defined by their privileges Elevation of Privileges when the attacker sends modified HTTPS requests to the device...
CVE-2024-10497
CWE-639: Authorization Bypass Through User-Controlled Key vulnerability exists that could allow an authorized attacker to modify values outside those defined by their privileges Elevation of Privileges when the attacker sends modified HTTPS requests to the device...
CVE-2024-10497
Schneider Electric PowerLogic HDPM6000 is affected by CVE-2024-10497 (Authorization Bypass Through User-Controlled Key). The vulnerability allows an authorized attacker to modify values outside defined privileges by sending modified HTTPS requests, resulting in Elevation of Privileges. Documents ...
CVE-2024-10497
CWE-639: Authorization Bypass Through User-Controlled Key vulnerability exists that could allow an authorized attacker to modify values outside those defined by their privileges Elevation of Privileges when the attacker sends modified HTTPS requests to the device...