Lucene search
K

12 matches found

EUVD
EUVD
added 2025/10/03 8:7 p.m.7 views

EUVD-2022-5675

Malicious code in bioql PyPI...

9.1CVSS9AI score0.01355EPSS
Exploits1References5
RedhatCVE
RedhatCVE
added 2025/05/23 5:18 a.m.7 views

CVE-2023-30995

IBM Aspera Faspex 4.0 through 4.4.2 and 5.0 through 5.0.5 could allow a malicious actor to bypass IP whitelist restrictions using a specially crafted HTTP request. IBM X-Force ID: 254268...

7.5CVSS6.5AI score0.00762EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 4:17 p.m.12 views

CVE-2020-13485

The Knock Knock plugin before 1.2.8 for Craft CMS allows IP Whitelist bypass via an X-Forwarded-For HTTP header...

9.1CVSS7AI score0.01355EPSS
Exploits1
Packet Storm
Packet Storm
added 2024/11/13 12:0 a.m.472 views

Siemens Energy Omnivise T3000 8.2 SP3 Privilege Escalation / File Download

SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Multiple vulnerabilities product: Siemens Energy Omnivise T3000 vulnerable version: =8.2 SP3 fixed version: see solution section CVE number: CVE-2024-38876, CVE-2024-3887...

9.8CVSS7AI score0.11452EPSS
Exploits3
Prion
Prion
added 2023/09/08 9:15 p.m.42 views

Design/Logic Flaw

IBM Aspera Faspex 4.0 through 4.4.2 and 5.0 through 5.0.5 could allow a malicious actor to bypass IP whitelist restrictions using a specially crafted HTTP request. IBM X-Force ID: 254268...

5CVSS7.3AI score0.00762EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2020/05/25 11:15 p.m.15 views

CVE-2020-13485

The Knock Knock plugin before 1.2.8 for Craft CMS allows IP Whitelist bypass via an X-Forwarded-For HTTP header...

9.1CVSS7AI score
Exploits0References2
NVD
NVD
added 2020/05/25 11:15 p.m.17 views

CVE-2020-13485

The Knock Knock plugin before 1.2.8 for Craft CMS allows IP Whitelist bypass via an X-Forwarded-For HTTP header...

9.1CVSS9.3AI score0.01355EPSS
Exploits1References2
CVE
CVE
added 2020/05/25 10:38 p.m.47 views

CVE-2020-13485

The Knock Knock plugin for Craft CMS is affected up to version 1.2.7 (pre-1.2.8). The root cause is a flawed IP whitelisting mechanism that trusts the X-Forwarded-For header, allowing an attacker to bypass IP-based access controls. Impact: potential unauthorized access due to bypassed whitelist; ...

9.1CVSS9.2AI score0.01355EPSS
Exploits1References2Affected Software1
OpenVAS
OpenVAS
added 2020/03/09 12:0 a.m.53 views

Ruby on Rails Web Console IP Whitelist Bypass RCE Vulnerability

The Web Console tool as used in Ruby on Rails is prone to a remote code execution RCE vulnerability. Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier:...

4.3CVSS7.2AI score0.44984EPSS
Exploits6References3
Positive Technologies
Positive Technologies
added 2019/01/27 12:0 a.m.4 views

PT-2019-5513 · Mongodb +1 · Mongodb Server +2

Name of the Vulnerable Software and Affected Versions: MongoDB Server versions 3.6.0 through 3.6.17 MongoDB Server versions 4.0.0 through 4.0.14 MongoDB Server versions 4.2.0 through 4.2.2 MongoDB Server versions 4.3.0 through 4.3.2 Description: The issue is related to improper serialization of...

7.5CVSS5.8AI score0.01655EPSS
Exploits2References31
0day.today
0day.today
added 2017/03/23 12:0 a.m.72 views

Ruby on Rails 4.0.x / 4.1.x / 4.2.x (Web Console v2) - Whitelist Bypass Code Execution Exploit

Exploit for multiple platform in category remote exploits This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class MetasploitModule 'Ruby on Rails Web Console v2 Whitelist Bypass Code Execution',...

4.3CVSS0.2AI score0.44984EPSS
Exploits6
RubySec
RubySec
added 2015/06/16 12:0 a.m.30 views

IP whitelist bypass in Web Console

Specially crafted remote requests can spoof their origin, bypassing the IP whitelist, in any environment where Web Console is enabled development and test, by default. Users whose application is only accessible from localhost as is the default behaviour in Rails 4.2 are not affected, unless a loc...

4.3CVSS5.2AI score0.44984EPSS
Exploits6References1Affected Software1
Rows per page
Query Builder