Lucene search
K

15 matches found

Vulnrichment
Vulnrichment
added 2026/03/13 8:36 p.m.3 views

CVE-2026-3555 Philips Hue Bridge Zigbee Stack Custom Command Handler Heap-based Buffer Overflow Remote Code Execution Vulnerability

Philips Hue Bridge Zigbee Stack Custom Command Handler Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Philips Hue Bridge. User interaction is required to exploit this...

8CVSS7.8AI score0.00355EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 9:46 a.m.10 views

CVE-2024-25840

In the module "Account Manager | Sales Representative & Dealers | CRM" prestasalesmanager up to 9.0 from Presta World for PrestaShop, a guest can download personal information without restriction by performing a path traversal attack...

7.5CVSS7.4AI score0.00582EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 9:37 a.m.11 views

CVE-2024-24309

In the module "Survey TMA" ecomizsurveytma up to version 2.0.0 from Ecomiz for PrestaShop, a guest can download personal information without restriction...

7.5CVSS6.7AI score0.00581EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 7:31 a.m.10 views

CVE-2024-48052

In gradio =4.42.0, the gr.DownloadButton function has a hidden server-side request forgery SSRF vulnerability. The reason is that within the saveurltocache function, there are no restrictions on the URL, which allows access to local target resources. This can lead to the download of local resourc...

6.5CVSS6.6AI score0.00464EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/23 4:58 a.m.8 views

CVE-2023-6554

When access to the "admin" folder is not protected by some external authorization mechanisms e.g. Apache Basic Auth, it is possible for any user to download protected information like exam answers...

6.5CVSS6.7AI score0.00581EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/23 4:26 a.m.9 views

CVE-2023-43984

Insecure permissions in Smart Soft advancedexport before v4.4.7 allow unauthenticated attackers to arbitrarily download user information from the pscustomer table...

7.5CVSS6.7AI score0.00608EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/23 3:42 a.m.8 views

CVE-2023-30195

In the module "Detailed Order" lgdetailedorder in version up to 1.1.20 from Linea Grafica for PrestaShop, a guest can download personal informations without restriction formatted in json...

7.5CVSS6.9AI score0.0053EPSS
Exploits0References1
OSV
OSV
added 2024/11/04 12:0 a.m.4 views

CVE-2024-48052

In gradio =4.42.0, the gr.DownloadButton function has a hidden server-side request forgery SSRF vulnerability. The reason is that within the saveurltocache function, there are no restrictions on the URL, which allows access to local target resources. This can lead to the download of local resourc...

6.5CVSS6.9AI score0.00464EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2024/02/27 12:0 a.m.7 views

PT-2024-21152 · Unknown · Prestasalesmanager +1

Name of the Vulnerable Software and Affected Versions: PrestaShop module "Account Manager | Sales Representative & Dealers | CRM" prestasalesmanager versions up to 9.0 Description: A guest can download personal information without restriction by performing a path traversal attack in the affected...

7.5CVSS6.2AI score0.00582EPSS
Exploits0References6
CNNVD
CNNVD
added 2024/02/07 12:0 a.m.4 views

PrestaShop Security Breach

PrestaShop is an open source e-commerce solution from PrestaShop, Inc. in the United States. The solution offers multiple payment methods, short message alerts and product image scaling. A security vulnerability exists in PrestaShop versions prior to 3.5.1, which stems from a vulnerability that...

7.5CVSS6.5AI score0.00528EPSS
Exploits0References3
CVE
CVE
added 2023/11/07 12:0 a.m.60 views

CVE-2023-43984

CVE-2023-43984 affects the PrestaShop Smart Soft Advanced Export module. Before v4.4.7, insecure permissions allow unauthenticated attackers to download user data from the ps_customer table due to improper access controls in the advancedexport component. Impact is user information disclosure; CVS...

7.5CVSS7.4AI score0.00608EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2023/06/07 1:51 a.m.10 views

CVE-2021-4375 Welcart e-Commerce < 2.2.8 - Missing Capabilities Check to Information Disclosure

The Welcart e-Commerce plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the uscesdownloadsysteminformation function in versions up to, and including, 2.2.7. This makes it possible for authenticated attackers to download information including WordPres...

4.3CVSS5.9AI score0.0061EPSS
Exploits1References2
CNNVD
CNNVD
added 2022/07/26 12:0 a.m.5 views

Orange Station SQL注入漏洞

Orange Station is a garage management system by Mayuri K. Personal developer. It helps users to manage all vehicles, cars and motorcycles. Orange Station version 1.0 suffers from a SQL injection vulnerability that stems from a security issue with the username parameter, which can be exploited by ...

9.8CVSS8.4AI score0.01038EPSS
Exploits1References2
Cisco
Cisco
added 2013/10/23 4:0 p.m.72 views

Multiple Vulnerabilities in Cisco Identity Services Engine

Cisco Identity Services Engine ISE contains the following vulnerabilities: Cisco ISE Authenticated Arbitrary Command Execution Vulnerability Cisco ISE Support Information Download Authentication Bypass Vulnerability These vulnerabilities are independent of each other; a release that is affected b...

9CVSS7.2AI score0.02291EPSS
Exploits0References1
exploitpack
exploitpack
added 2006/11/24 12:0 a.m.13 views

Cahier de texte 2.0 - Database Backup Source Disclosure

Cahier de texte 2.0 - Database Backup Source Disclosure !/usr/bin/perl INFORMATIONS ============ Affected.scr..: Cahier de texte V2.0 Poc.ID........: 15061124 Type..........: Predictable backup filename, Source disclosure Risk.level....: High Conditions....: registerglobals = on Src.download..:...

Exploits0
Rows per page
Query Builder