Lucene search
K

61 matches found

NVD
NVD
added 2026/06/17 10:40 a.m.9 views

CVE-2026-35267

Vulnerability in the Identity Manager product of Oracle Fusion Middleware component: REST WebServices. Supported versions that are affected are 12.2.1.4.0 and 14.1.2.1.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Identity Manager...

8.8CVSS0.00432EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/03/31 9:15 p.m.3 views

CVE-2026-5214

A vulnerability was found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 up to 20260205. Impacted is the function...

9CVSS6.2AI score0.00715EPSS
Exploits1References5Affected Software20
Vulnrichment
Vulnrichment
added 2026/01/27 11:35 a.m.3 views

CVE-2025-41726 Beckhoff: Arbitrary code execution within privileged processes

A low privileged remote attacker can execute arbitrary code by sending specially crafted calls to the web service of the Device Manager or locally via an API and can cause integer overflows which then may lead to arbitrary code execution within privileged processes...

8.8CVSS6.4AI score0.00414EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2012-0751

Malware in sbrugna...

4.3CVSS6.4AI score0.01206EPSS
Exploits1References5
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2017-15071

Malware in sbrugna...

6.1CVSS6.3AI score0.00761EPSS
Exploits0References3
Snyk
Snyk
added 2025/09/17 7:21 p.m.2 views

Improper Authentication

Overview Affected versions of this package are vulnerable to Improper Authentication via the Manager web UI endpoints /api/v1/jobs and /preheats. An attacker can gain unauthorized access to create, delete, or modify jobs, and initiate preheat jobs by sending unauthenticated requests to these...

9.1CVSS6.8AI score0.00361EPSS
Exploits0References2
Snyk
Snyk
added 2025/09/17 7:21 p.m.1 views

Improper Authentication

Overview Affected versions of this package are vulnerable to Improper Authentication via the Manager web UI endpoints /api/v1/jobs and /preheats. An attacker can gain unauthorized access to create, delete, or modify jobs, and initiate preheat jobs by sending unauthenticated requests to these...

9.1CVSS6.8AI score0.00361EPSS
Exploits0References2
Snyk
Snyk
added 2025/09/17 7:21 p.m.1 views

Improper Authentication

Overview Affected versions of this package are vulnerable to Improper Authentication via the Manager web UI endpoints /api/v1/jobs and /preheats. An attacker can gain unauthorized access to create, delete, or modify jobs, and initiate preheat jobs by sending unauthenticated requests to these...

9.1CVSS6.8AI score0.00361EPSS
Exploits0References2
Snyk
Snyk
added 2025/09/17 7:21 p.m.3 views

Improper Authentication

Overview Affected versions of this package are vulnerable to Improper Authentication via the Manager web UI endpoints /api/v1/jobs and /preheats. An attacker can gain unauthorized access to create, delete, or modify jobs, and initiate preheat jobs by sending unauthenticated requests to these...

9.1CVSS6.8AI score0.00361EPSS
Exploits0References2
Snyk
Snyk
added 2025/09/17 7:21 p.m.1 views

Improper Authentication

Overview Affected versions of this package are vulnerable to Improper Authentication via the Manager web UI endpoints /api/v1/jobs and /preheats. An attacker can gain unauthorized access to create, delete, or modify jobs, and initiate preheat jobs by sending unauthenticated requests to these...

9.1CVSS6.8AI score0.00361EPSS
Exploits0References2
Snyk
Snyk
added 2025/09/17 7:21 p.m.2 views

Improper Authentication

Overview Affected versions of this package are vulnerable to Improper Authentication via the Manager web UI endpoints /api/v1/jobs and /preheats. An attacker can gain unauthorized access to create, delete, or modify jobs, and initiate preheat jobs by sending unauthenticated requests to these...

9.1CVSS6.8AI score0.00361EPSS
Exploits0References2
CVE
CVE
added 2025/09/17 7:5 p.m.15 views

CVE-2025-59345

CVE-2025-59345 affects Dragonfly (open source P2P file distribution/image acceleration). Before version 2.1.0, the Manager web UI endpoints /api/v1/jobs and /preheats were accessible without authentication, allowing any user with network access to create, delete, and modify jobs and to create pre...

9.1CVSS6.5AI score0.00361EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2025/09/17 12:0 a.m.3 views

PT-2025-38253

Name of the Vulnerable Software and Affected Versions Dragonfly versions prior to 2.1.0 Description The /api/v1/jobs and /preheats endpoints in the Manager web UI are accessible without authentication. An unauthenticated adversary with network access to a Manager web UI can create, delete, and...

9.9CVSS6.6AI score0.02829EPSS
Exploits11References46
GitLab Advisory Database
GitLab Advisory Database
added 2025/09/17 12:0 a.m.5 views

Dragonfly doesn't have authentication enabled for some Manager’s endpoints

The /api/v1/jobs and /preheats endpoints in Manager web UI are accessible without authentication. Any user with network access to the Manager can create, delete, and modify jobs, and create preheat jobs. An unauthenticated adversary with network access to a Manager web UI uses /api/v1/jobs endpoi...

9.1CVSS7AI score0.00361EPSS
Exploits0References6Affected Software1
RedhatCVE
RedhatCVE
added 2025/05/22 6:49 p.m.6 views

CVE-2021-42369

Imagicle Application Suite for Cisco UC before 2021.Summer.2 allows SQL injection. A low-privileged user could inject a SQL statement through the "Export to CSV" feature of the Contact Manager web GUI...

9.9CVSS7.8AI score0.01017EPSS
Exploits0
Veracode
Veracode
added 2025/05/12 9:33 a.m.10 views

Cross-site Scripting (XSS)

com.liferay:com.liferay.marketplace.app.manager.web is vulnerable to Cross-site Scripting XSS. The vulnerability is due to improper input sanitization due to failure to properly escape user-supplied input in the Marketplace App Manager Web module, allowing injection of JavaScript by unauthenticat...

6.9CVSS6.8AI score0.03446EPSS
Exploits0References4Affected Software1
Vulnrichment
Vulnrichment
added 2023/10/18 4:27 p.m.1 views

CVE-2023-20261

A vulnerability in the web UI of Cisco Catalyst SD-WAN Manager could allow an authenticated, remote attacker to retrieve arbitrary files from an affected system. This vulnerability is due to improper validation of parameters that are sent to the web UI. An attacker could exploit this vulnerabilit...

6.5CVSS7.1AI score0.00529EPSS
Exploits0References1
Veracode
Veracode
added 2023/10/17 8:9 p.m.18 views

Information Disclosure

org.apache.inlong: manager-web is vulnerable to Information Disclosure. The vulnerability is due to the list and getByName functions in UserController.java lacking Role-Based Access Control. This allows any authenticated user to access data that meant for admin regardless of their role...

6.5CVSS6.7AI score0.00432EPSS
Exploits0References3Affected Software1
BDU FSTEC
BDU FSTEC
added 2023/10/03 12:0 a.m.8 views

The vulnerability in the web interface of the Cisco Catalyst SD-WAN Manager (formerly Cisco SD-WAN vManage) allows a attacker to perform cross-site scripting attacks.

The vulnerability in the web interface of the Cisco Catalyst SD-WAN Manager formerly Cisco SD-WAN vManage relates to the lack of protection for the web page structure during the processing of element fields. Exploiting this vulnerability allows a malicious actor to perform cross-site scripting...

4.3CVSS5.6AI score0.00352EPSS
Exploits0References4Affected Software1
Citrix
Citrix
added 2023/09/27 12:0 a.m.12 views

Can't view license usage on Studio - Error "Citrix license server unavailable"

Can't view license usage on Studio - "Citrix License server unavailable." When accessing the License Manager web console, error Unsupported Protocol with the message "The client and server don't support a common ssl protocol version or cipher suite" appears...

7.1AI score
Exploits0
Rows per page
Query Builder