Lucene search
K

496 matches found

Cvelist
Cvelist
added 2024/09/04 12:34 a.m.26 views

CVE-2024-41716

Cleartext storage of sensitive information vulnerability exists in WindLDR and WindO/I-NV4. If this vulnerability is exploited, an attacker who obtained the product's project file may obtain user credentials of the PLC or Operator Interfaces. As a result, an attacker may be able to manipulate...

0.00447EPSS
Exploits0References2
Cvelist
Cvelist
added 2024/08/29 4:19 p.m.43 views

CVE-2024-41964 Insufficient permission checks in the language settings in Kirby CMS

Kirby is a CMS targeting designers and editors. Kirby allows to restrict the permissions of specific user roles. Users of that role can only perform permitted actions. Permissions for creating and deleting languages have already existed and could be configured, but were not enforced by Kirby's...

8.1CVSS0.00405EPSS
Exploits0References2
OSV
OSV
added 2024/08/19 5:26 p.m.78 views

GO-2024-3058 Gorush uses deprecated TLS versions in github.com/appleboy/gorush

An issue in the RunHTTPServer function in Gorush allows attackers to intercept and manipulate data due to the use of a deprecated TLS version...

9.1CVSS9.1AI score0.00308EPSS
Exploits0References4
Cvelist
Cvelist
added 2024/08/08 12:0 a.m.25 views

CVE-2023-24062

Diebold Nixdorf Vynamic Security Suite VSS before 3.3.0 SR12, 4.0.0 SR04, 4.1.0 SR02, and 4.2.0 SR01 fails to validate the directory structure of the root file system during the Pre-Boot Authorization PBA process. This can be exploited by a physical attacker who is able to manipulate the contents...

0.00409EPSS
Exploits1References2
RedhatCVE
RedhatCVE
added 2024/08/02 10:0 p.m.36 views

CVE-2021-3805

A flaw was found in the object-path nodejs library when the del function is called to validate object properties. An attacker can manipulate or alter the prototype of an object causing the modification of default properties on all objects. This could lead into a service disruption or a denial of...

7.5CVSS3.6AI score0.02097EPSS
Exploits1References3
NVD
NVD
added 2024/07/10 8:15 a.m.43 views

CVE-2024-6422

An unauthenticated remote attacker can manipulate the device via Telnet, stop processes, read, delete and change data...

9.8CVSS0.00581EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/07/01 12:0 a.m.17 views

CVE-2024-23737

Cross Site Request Forgery CSRF vulnerability in savignano S/Notify before 4.0.2 for Jira allows attackers to allows attackers to manipulate a user's S/MIME certificate of PGP key via malicious link or email...

7AI score0.00109EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/06/26 6:0 a.m.24 views

CVE-2024-5071 Bookster <= 1.1.0 - Unauthenticated Appointment Status Update

The Bookster WordPress plugin through 1.1.0 allows adding sensitive parameters when validating appointments allowing attackers to manipulate the data sent when booking an appointment the request body to change its status from pending to approved...

0.004EPSS
Exploits2References1
CVE
CVE
added 2024/06/14 1:57 p.m.54 views

CVE-2024-5731

CVE-2024-5731 affects Trellix IPS Manager, Central Manager, and Local Manager communications. The vulnerability arises from the request flow where an attacker can manipulate a parameter to change the destination of a request, exposing sensitive information. Current documents provide high-level im...

6.8CVSS6.8AI score0.00272EPSS
Exploits0References1
NVD
NVD
added 2024/06/11 3:15 a.m.30 views

CVE-2024-34683

An authenticated attacker can upload malicious file to SAP Document Builder service. When the victim accesses this file, the attacker is allowed to access, modify, or make the related information unavailable in the victim’s browser...

6.5CVSS0.00241EPSS
Exploits0References2
Fedora
Fedora
added 2024/06/02 3:39 a.m.12 views

[SECURITY] Fedora 39 Update: rust-jql-7.1.2-3.fc39

Jql - JSON Query Language - is a fast and simple command-line tool to manipulate JSON data...

7.3AI score
Exploits0
Fedora
Fedora
added 2024/05/26 1:29 a.m.14 views

[SECURITY] Fedora 40 Update: rust-jql-7.1.2-3.fc40

Jql - JSON Query Language - is a fast and simple command-line tool to manipulate JSON data...

7.3AI score
Exploits0
Veracode
Veracode
added 2024/05/20 8:11 a.m.9 views

Cookie Leakage

amphp/artax is vulnerable to Cookie Leakage. The vulnerability is due to cookies being leaked to unauthorized domains, which allows an attacker to manipulate cookies in such a way where cookies of foo.bar.example.com were leaked to foo.bar...

6.9AI score
Exploits0
WPVulnDB
WPVulnDB
added 2024/05/08 12:0 a.m.16 views

Site Reviews < 7.0.0 - IP Spoofing

Description The plugin retrieves client IP addresses from potentially untrusted headers, allowing an attacker to manipulate its value. This may be used to bypass IP-based blocking PoC Request sent to the server to add review: POST /wordpress/wp-admin/admin-ajax.php HTTP/1.1 Host: localhost:8888...

6.5AI score0.00565EPSS
Exploits2Affected Software1
Cvelist
Cvelist
added 2024/04/30 2:40 p.m.20 views

CVE-2023-38002 IBM Storage Scale session fixation

IBM Storage Scale 5.1.0.0 through 5.1.9.2 could allow an authenticated user to steal or manipulate an active session to gain access to the system. IBM X-Force ID: 260208...

5CVSS5.3AI score0.0037EPSS
Exploits0References2
Kitploit
Kitploit
added 2024/04/16 12:30 p.m.45 views

NoArgs - Tool Designed To Dynamically Spoof And Conceal Process Arguments While Staying Undetected

NoArgs is a tool designed to dynamically spoof and conceal process arguments while staying undetected. It achieves this by hooking into Windows APIs to dynamically manipulate the Windows internals on the go. This allows NoArgs to alter process arguments discreetly. Default Cmd: Windows Event Logs...

7.6AI score
Exploits0References3
Broadcom
Broadcom
added 2024/04/16 12:0 a.m.38 views

Missing character encoding in progress display allows for spoofing of scp client output (CVE-2019-6109)

An issue was discovered in OpenSSH 7.9. Due to missing character encoding in the progress display, a malicious server or Man-in-The-Middle attacker can employ crafted object names to manipulate the client output, e.g., by using ANSI control codes to hide additional files being transferred. This...

6.8CVSS6.9AI score0.03807EPSS
Exploits0
CVE
CVE
added 2024/04/10 12:0 a.m.70 views

CVE-2024-23735

CVE-2024-23735 describes a Cross Site Scripting (XSS) vulnerability in the S/MIME certificate upload feature on the Savignano S/Notify User Profile pages for Confluence. Affected: Savignano S/Notify versions prior to 4.0.0 (Confluence integration). Nature: XSS via specially crafted certificates i...

6.1CVSS5.9AI score0.00213EPSS
Exploits0References2Affected Software1
Veracode
Veracode
added 2024/03/29 9:17 a.m.13 views

Prototype Pollution

web3-utils is vulnerable to Prototype Pollution. The vulnerability is due to insecure recursive merge via the utility functions format and mergeDeep, allowing an attacker to manipulate an object's prototype by passing specially crafted input to these functions...

7.5CVSS6.7AI score0.00712EPSS
Exploits0References3Affected Software1
Veracode
Veracode
added 2024/03/27 2:26 p.m.15 views

Cache Poisoning

Translate is vulnerable to Cache Poisoning. This vulnerability is due to a lack of proper access controls within the translate function index.js, which allows attackers to manipulate cache keys and subsequently choose responses for subsequent users of the system...

5.3CVSS6.8AI score0.0065EPSS
Exploits1References3Affected Software1
Rows per page
Query Builder