Lucene search
K

119 matches found

Cvelist
Cvelist
โ€ขadded 2024/03/29 2:45 p.m.โ€ข24 views

CVE-2024-29024 JumpServer Direct Object Reference (IDOR) Vulnerability in File Manager Bulk Transfer Functionality

JumpServer is an open source bastion host and an operation and maintenance security audit system. An authenticated user can exploit the Insecure Direct Object Reference IDOR vulnerability in the file manager's bulk transfer by manipulating job IDs to upload malicious files, potentially compromisi...

4.6CVSS5AI score0.00235EPSS
Exploits0References1
Vulnrichment
Vulnrichment
โ€ขadded 2024/03/29 2:45 p.m.โ€ข20 views

CVE-2024-29024 JumpServer Direct Object Reference (IDOR) Vulnerability in File Manager Bulk Transfer Functionality

JumpServer is an open source bastion host and an operation and maintenance security audit system. An authenticated user can exploit the Insecure Direct Object Reference IDOR vulnerability in the file manager's bulk transfer by manipulating job IDs to upload malicious files, potentially compromisi...

4.6CVSS6.7AI score0.00235EPSS
Exploits0References1
OpenVAS
OpenVAS
โ€ขadded 2024/01/25 12:0 a.m.โ€ข10 views

Fedora: Security Advisory (FEDORA-2024-6d1d9f70d2)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5CVSS7.5AI score0.01228EPSS
Exploits1References4
GithubExploit
GithubExploit
โ€ขadded 2024/01/24 8:10 p.m.โ€ข565 views

Exploit for Forced Browsing in Fortra Goanywhere_Managed_File_Transfer

CVE-2024-0204: Fortra GoAnywhere MFT Authentication Bypass Dee...

9.8CVSS9.9AI score0.95086EPSS
Exploits8
CNVD
CNVD
โ€ขadded 2023/12/13 12:0 a.m.โ€ข19 views

Siemens SINEC INS Denial of Service Vulnerability (CNVD-2023-97252)

SINEC INS Infrastructure Network Services is a web-based application that combines various network services in one tool. This simplifies the installation and management of all network services associated with industrial networks. A denial of service vulnerability exists in Siemens SINEC INS due t...

9.8CVSS6.8AI score0.00616EPSS
Exploits0References1
Cvelist
Cvelist
โ€ขadded 2023/08/31 3:31 p.m.โ€ข36 views

CVE-2023-34391 Insecure Inherited Permissions

Insecure Inherited Permissions vulnerability in Schweitzer Engineering Laboratories SEL-5033 AcSELerator RTAC Software on Windows allows Leveraging/Manipulating Configuration File Search Paths. See Instruction Manual Appendix A Cybersecurity tag dated 20230522 for more details. This issue affects...

7.4CVSS7.7AI score0.00134EPSS
Exploits0References2
OSV
OSV
โ€ขadded 2023/07/12 12:31 p.m.โ€ข25 views

GHSA-5946-8P38-VFFP Apache Airflow Improper Input Validation vulnerability

Apache Airflow, versions before 2.6.3, is affected by a vulnerability that allows an attacker to cause a service disruption by manipulating the runid parameter. This vulnerability is considered low since it requires an authenticated user to exploit it. It is recommended to upgrade to a version th...

7.1CVSS6.1AI score0.01044EPSS
Exploits0References6
OSV
OSV
โ€ขadded 2023/07/12 10:15 a.m.โ€ข18 views

CVE-2023-22888

Apache Airflow, versions before 2.6.3, is affected by a vulnerability that allows an attacker to cause a service disruption by manipulating the runid parameter. This vulnerability is considered low since it requires an authenticated user to exploit it. It is recommended to upgrade to a version th...

6.5CVSS6.7AI score
Exploits0References2
OSV
OSV
โ€ขadded 2023/02/11 7:30 p.m.โ€ข11 views

MAL-2023-2320 Malicious code in tkcaleendar (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: checkmarx 8ab410b220be583d348a263f180ddcaa0b9794fc3995fdd3fb2ddf55b2235fa9 Attacker distributed 900+ malicious packages via PyPi, infecting local browsers with malicious extension to manipulate clipboard and replace crypto wallet...

6.9AI score
Exploits0References1
OSV
OSV
โ€ขadded 2023/02/11 7:27 p.m.โ€ข11 views

MAL-2023-2321 Malicious code in tkcalenadr (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: checkmarx b7cf03379278d5958cb3faa876beea8f932ec37224f21479165c81786494fec4 Attacker distributed 900+ malicious packages via PyPi, infecting local browsers with malicious extension to manipulate clipboard and replace crypto wallet...

6.9AI score
Exploits0References1
OSV
OSV
โ€ขadded 2023/02/11 11:33 a.m.โ€ข12 views

MAL-2023-1930 Malicious code in opepyxl (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: checkmarx 710fd696d07dc5bcc41cf801dcdaf3ef949e2c20e05e3e3f508b0a7bec644cc4 Attacker distributed 900+ malicious packages via PyPi, infecting local browsers with malicious extension to manipulate clipboard and replace crypto wallet...

6.9AI score
Exploits0References1
OSV
OSV
โ€ขadded 2023/02/09 7:0 p.m.โ€ข14 views

MAL-2023-2290 Malicious code in ssolana (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: checkmarx b4ea13928d62f924413b7a31047699e4fd799255f702cf6bd50c2701b2f31b1b Attacker distributed 900+ malicious packages via PyPi, infecting local browsers with malicious extension to manipulate clipboard and replace crypto wallet...

6.9AI score
Exploits0References1
OSV
OSV
โ€ขadded 2023/02/09 6:54 p.m.โ€ข9 views

MAL-2023-1660 Malicious code in bitcoinli (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: checkmarx 0e186eefad42a87c5451039d0b8f5c6552f86f3ef1707a6c88cde28b994ad26a Attacker distributed 900+ malicious packages via PyPi, infecting local browsers with malicious extension to manipulate clipboard and replace crypto wallet...

6.9AI score
Exploits0References1
OSV
OSV
โ€ขadded 2023/02/09 6:45 p.m.โ€ข9 views

MAL-2023-1699 Malicious code in crptofeed (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: checkmarx 793d4363e6ceb58df1dd2d6a6a3bc75200fffa52391745347aac316139cde11c Attacker distributed 900+ malicious packages via PyPi, infecting local browsers with malicious extension to manipulate clipboard and replace crypto wallet...

6.9AI score
Exploits0References1
Code423n4
Code423n4
โ€ขadded 2023/01/20 12:0 a.m.โ€ข14 views

Governance manipulation through signatures

Lines of code Vulnerability details Impact The impact is critical because it enables anyone to submit as many signatures as they want manipulating the governance. The probe relies that in the delegateBySig function, the nonce it is not checked upon msg.sender, it is checked upon the output for th...

7AI score
Exploits0
Code423n4
Code423n4
โ€ขadded 2022/12/19 12:0 a.m.โ€ข11 views

Stealing liquidity provider's fund by manipulating the reserve

Lines of code Vulnerability details Impact An attacker can steal liquidity provider's fund by manipulating the reserve. During adding a liquidity, the amount of lpToken to be minted will be calculated in the function addQuote. function addQuoteuint256 baseTokenAmount, uint256 fractionalTokenAmoun...

6.7AI score
Exploits0
Positive Technologies
Positive Technologies
โ€ขadded 2022/11/17 12:0 a.m.โ€ข5 views

PT-2022-25409 ยท Unknown ยท Hostel Searching Project

Name of the Vulnerable Software and Affected Versions: Hostel Searching Project affected versions not specified Description: A critical issue has been found in the Hostel Searching Project, affecting the file view-property.php. The manipulation of the property id argument leads to SQL injection...

9.8CVSS9.7AI score0.00556EPSS
Exploits1References4
OSV
OSV
โ€ขadded 2022/08/22 7:15 p.m.โ€ข17 views

CVE-2022-34652

A sql injection vulnerability exists in the ObjectYPT functionality of WWBN AVideo 11.6 and dev master commit 3f7c0364. A specially-crafted HTTP request can lead to a SQL injection. An attacker can send an HTTP request to trigger this vulnerability.This vulnerability exists in the Live Schedules...

8.8CVSS7.8AI score
Exploits0References2
Prion
Prion
โ€ขadded 2022/08/22 7:15 p.m.โ€ข17 views

Sql injection

A sql injection vulnerability exists in the ObjectYPT functionality of WWBN AVideo 11.6 and dev master commit 3f7c0364. A specially-crafted HTTP request can lead to a SQL injection. An attacker can send an HTTP request to trigger this vulnerability.This vulnerability exists in the Live Schedules...

6.5CVSS8.9AI score0.00912EPSS
Exploits0References2Affected Software1
NVD
NVD
โ€ขadded 2022/08/08 3:15 p.m.โ€ข26 views

CVE-2022-36264

In Airspan AirSpot 5410 version 0.3.4.1-4 and under there exists an Unauthenticated remote Arbitrary File Upload vulnerability which allows overwriting arbitrary files. A malicious actor can remotely upload a file of their choice and overwrite any file in the system by manipulating the filename a...

9.1CVSS0.01207EPSS
Exploits1References2
Rows per page
Query Builder