Lucene search
K

163 matches found

Tenable Nessus
Tenable Nessus
added 2025/03/04 12:0 a.m.18 views

Linux Distros Unpatched Vulnerability : CVE-2021-29922

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - library/std/src/net/parser.rs in Rust before 1.53.0 does not properly consider extraneous zero characters at the beginning of an IP address string, which in som...

9.1CVSS8.1AI score0.02623EPSS
Exploits1References3
Cvelist
Cvelist
added 2025/02/12 9:4 p.m.29 views

CVE-2025-0110 PAN-OS OpenConfig Plugin: Command Injection Vulnerability in OpenConfig Plugin

A command injection vulnerability in the Palo Alto Networks PAN-OS OpenConfig plugin enables an authenticated administrator with the ability to make gNMI requests to the PAN-OS management web interface to bypass system restrictions and run arbitrary commands. The commands are run as the...

8.6CVSS0.0126EPSS
Exploits0References1
Securelist
Securelist
added 2024/12/19 12:0 p.m.30 views

Attackers exploiting a patched FortiClient EMS vulnerability in the wild

Introduction During a recent incident response, Kaspersky's GERT team identified a set of TTPs and indicators linked to an attacker that infiltrated a company's networks by targeting a Fortinet vulnerability for which a patch was already available. This vulnerability is an improper filtering of S...

9.8CVSS10AI score0.97591EPSS
Exploits4
Positive Technologies
Positive Technologies
added 2024/12/19 12:0 a.m.6 views

PT-2024-35708 · Unknown · Home-Gallery.Org

Name of the Vulnerable Software and Affected Versions: Home-Gallery.org versions 1.15.0 and earlier Description: The default setup of Home-Gallery.org is vulnerable to DNS rebinding due to the lack of TLS and user authentication. An attacker can exploit this by changing the DNS records of their...

5.3CVSS7.2AI score0.00262EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2024/10/11 12:0 a.m.7 views

PT-2024-31601

Name of the Vulnerable Software and Affected Versions: h2o affected versions not specified Description: The issue concerns an HTTP server that supports various HTTP versions. When specific conditions are met, such as receiving an HTTP request using TLS/1.3 early data on top of TCP Fast Open or QU...

7.5CVSS5.8AI score0.00438EPSS
Exploits0References13
Veracode
Veracode
added 2024/07/23 6:27 a.m.9 views

Exposure Of Sensitive Information

org.apache.rocketmq, rocketmq-all is vulnerable to the Exposure of Sensitive Information. The vulnerability is due to specific interfaces that allow an attacker with regular user privileges or listed in the IP whitelist to acquire the administrator's account and password. This vulnerability enabl...

8.8CVSS6.9AI score0.0089EPSS
Exploits0References5Affected Software1
Positive Technologies
Positive Technologies
added 2024/06/04 12:0 a.m.6 views

PT-2024-4045

Name of the Vulnerable Software and Affected Versions net-ip version affected versions not specified Traefik version affected versions not specified Description The issue is related to the incorrect functioning of the Is methods such as IsPrivate, IsLoopback, etc. in the net-ip component of the...

9.8CVSS7.8AI score0.01952EPSS
Exploits0References197
NVD
NVD
added 2024/05/30 3:15 a.m.29 views

CVE-2024-5514

MinMax CMS from MinMax Digital Technology contains a hidden administrator account with a fixed password that cannot be removed or disabled from the management interface. Remote attackers who obtain this account can bypass IP access control restrictions and log in to the backend system without bei...

9.8CVSS9.7AI score0.00653EPSS
Exploits0References4
Cvelist
Cvelist
added 2024/05/30 2:14 a.m.48 views

CVE-2024-5514 MinMax CMS - Hidden Functionality

MinMax CMS from MinMax Digital Technology contains a hidden administrator account with a fixed password that cannot be removed or disabled from the management interface. Remote attackers who obtain this account can bypass IP access control restrictions and log in to the backend system without bei...

9.8CVSS9.7AI score0.00653EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2024/05/30 2:14 a.m.16 views

CVE-2024-5514 MinMax CMS - Hidden Functionality

MinMax CMS from MinMax Digital Technology contains a hidden administrator account with a fixed password that cannot be removed or disabled from the management interface. Remote attackers who obtain this account can bypass IP access control restrictions and log in to the backend system without bei...

9.8CVSS7.2AI score0.00653EPSS
Exploits0References4
CVE
CVE
added 2024/05/30 2:14 a.m.86 views

CVE-2024-5514

CVE-2024-5514 affects MinMax CMS by MinMax Digital Technology and involves a hidden administrative account with a fixed password that cannot be removed or disabled via the management interface. This allows remote attackers to bypass IP-based access controls and log in to the backend without being...

9.8CVSS9.7AI score0.00653EPSS
Exploits0References4
OSV
OSV
added 2024/04/16 8:15 p.m.4 views

DEBIAN-CVE-2022-24808

net-snmp provides various tools relating to the Simple Network Management Protocol. Prior to version 5.9.2, a user with read-write credentials can use a malformed OID in a SET request to NET-SNMP-AGENT-MIB::nsLogTable to cause a NULL pointer dereference. Version 5.9.2 contains a patch. Users shou...

6.5CVSS6.7AI score0.01131EPSS
Exploits0References1
OSV
OSV
added 2024/03/12 1:15 p.m.8 views

CVE-2024-2049

Server-Side Request Forgery SSRF in Citrix SD-WAN Standard/Premium Editions on or after 11.4.0 and before 11.4.4.46 allows an attacker to disclose limited information from the appliance via Access to management IP...

5.3CVSS5.8AI score0.00368EPSS
Exploits0References2
CNNVD
CNNVD
added 2024/03/12 12:0 a.m.8 views

Citrix SD-WAN Code Issue Vulnerability

Citrix Systems Citrix SD-WAN is a networking product from Citrix Systems, Inc. It virtualizes and optimizes enterprise site-to-site networks. A code issue vulnerability exists in Citrix SD-WAN versions 11.4.0 through 11.4.4.46, which originated from a code issue that allows an attacker to disclos...

6.5CVSS6.6AI score0.00368EPSS
Exploits0References3
OSV
OSV
added 2022/12/05 7:15 p.m.9 views

CVE-2022-43515

Zabbix Frontend provides a feature that allows admins to maintain the installation and ensure that only certain IP addresses can access it. In this way, any user will not be able to access the Zabbix Frontend while it is being maintained and possible sensitive data will be prevented from being...

9.8CVSS9.3AI score
Exploits0References3
Citrix
Citrix
added 2022/09/30 12:0 a.m.7 views

[Citrix Gateway VPN] Cannot access intranet applications in VPN over Proxy environment

When you connect Citrix Gateway VPN. You may observe VPN establishment is OK but cannot access internal applications/networks when the following conditions both match: Client has proxy configured and VPN connection goes through Proxy. Client PC has an interface IP in 169.254.0.0/16 subnet Usually...

7.1AI score
Exploits0
GithubExploit
GithubExploit
added 2022/05/09 2:1 p.m.346 views

Exploit for Missing Authentication for Critical Function in F5 Big-Ip_Access_Policy_Manager

Vuln Impact This vulnerability may allow an unauthenticated...

9.8CVSS10AI score0.99956EPSS
Exploits63
CNNVD
CNNVD
added 2022/04/14 12:0 a.m.8 views

Arista Networks Arista EOS 安全漏洞

Arista Networks Arista EOS is a scalable operating system for data centers and cloud network centers from Arista Networks, Inc. Arista EOS builds cloud architectures that scale to hundreds of thousands of compute and storage nodes with management and provisioning capabilities for large-scale jobs...

7.5CVSS7.3AI score0.00869EPSS
Exploits1References2
CNNVD
CNNVD
added 2022/01/19 12:0 a.m.11 views

F5 BIG-IP APM 访问控制错误漏洞

F5 BIG-IP APM is a suite of access and security solutions from F5 USA. The product provides unified access to business-critical applications and networks. F5 BIG-IP APM suffers from an Access Control Error vulnerability that arises from a connection to the BIG-IP Edge Client on Mac and Windows wh...

5.3CVSS5.8AI score0.00404EPSS
Exploits0References4
NVD
NVD
added 2021/09/17 5:15 p.m.16 views

CVE-2021-40825

nLight ECLYPSE nECY system Controllers running software prior to 1.17.21245.754 contain a default key vulnerability. The nECY does not force a change to the key upon the initial configuration of an affected device. nECY system controllers utilize an encrypted channel to secure SensorViewTM...

8.6CVSS0.01125EPSS
Exploits0References2
Rows per page
Query Builder