Lucene search
K

11648 matches found

CVE
CVE
added 2024/11/20 9:36 a.m.57 views

CVE-2024-11494

CVE-2024-11494 affects Zyxel P-6101C ADSL modem, specifically firmware version P-6101CSA6AP_20140331. The vulnerability is described as improper authentication that could allow an unauthenticated attacker to read certain device information via a crafted HTTP HEAD request. The CVSS 3.1 vector is N...

7.5CVSS6.9AI score0.00667EPSS
Exploits1References1Affected Software1
Vulnrichment
Vulnrichment
added 2024/11/20 12:0 a.m.11 views

CVE-2024-52677

HkCms = v2.3.2.240702 is vulnerable to file upload in the getFileName method in /app/common/library/Upload.php...

6.9AI score0.00618EPSS
Exploits0References2
CNNVD
CNNVD
added 2024/11/20 12:0 a.m.5 views

HkCms 代码问题漏洞

HkCms is a free open-source content management system of Guangzhou Hengqi Education Technology Co. Ltd. HkCms file upload vulnerability, the vulnerability stems from a file upload vulnerability in the getFileName method in /app/common/library/Upload.php. The vulnerability can be exploited by an...

9.8CVSS7.1AI score0.00618EPSS
Exploits0References3
CNNVD
CNNVD
added 2024/11/20 12:0 a.m.2 views

Zyxel P-6101C 授权问题漏洞

The Zyxel P-6101C is a wireless router from China's Hopkins Zyxel. The Zyxel P-6101C suffers from an authorization issue vulnerability that stems from improper authentication. An attacker can exploit the vulnerability to read certain device information via a specially crafted HTTP HEAD method...

7.5CVSS6.5AI score0.00667EPSS
Exploits1References1
Cvelist
Cvelist
added 2024/11/20 12:0 a.m.26 views

CVE-2024-52677

HkCms = v2.3.2.240702 is vulnerable to file upload in the getFileName method in /app/common/library/Upload.php...

0.00618EPSS
Exploits0References2
Zero Day Initiative
Zero Day Initiative
added 2024/11/20 12:0 a.m.10 views

Microsoft SharePoint Server FindSpecific Unsafe Reflection Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft SharePoint Server. Authentication is required to exploit this vulnerability. The specific flaw exists within the implementation of the FindSpecific method. The process does not properly...

7.2CVSS7.1AI score0.45495EPSS
Exploits1References1
OSV
OSV
added 2024/11/18 9:2 p.m.1 views

GHSA-27MF-GHQM-J3J8 aiohttp has a memory leak when middleware is enabled when requesting a resource with a non-allowed method

Summary A memory leak can occur when a request produces a MatchInfoError. This was caused by adding an entry to a cache on each request, due to the building of each MatchInfoError producing a unique cache entry. Impact If the user is making use of any middlewares with aiohttp.web then it is...

7.5CVSS7.1AI score0.00563EPSS
Exploits0References4
Snyk
Snyk
added 2024/11/18 9:2 p.m.2 views

Missing Release of Resource after Effective Lifetime

Overview Affected versions of this package are vulnerable to Missing Release of Resource after Effective Lifetime by creating a unique cache entry for each MatchInfoError when a request method is not allowed. This can lead to unbounded cache growth, resulting in a memory leak. Remediation Upgrade...

8.7CVSS6.8AI score0.00563EPSS
Exploits0References2
OSV
OSV
added 2024/11/18 7:52 p.m.5 views

CVE-2024-51499 MarkUs Arbitrary File Write leading up to remote code execution (student accounts)

MarkUs is a web application for the submission and grading of student assignments. In versions prior to 2.4.8, an arbitrary file write vulnerability accessible via the updatefiles method of the SubmissionsController allows authenticated users e.g. students to write arbitrary files to any location...

7.1CVSS8AI score0.00696EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2024/11/18 8:45 a.m.12 views

CVE-2024-45791 Apache HertzBeat: Exposure sensitive token via http GET method with query string

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache HertzBeat. This issue affects Apache HertzBeat: before 1.6.1. Users are recommended to upgrade to version 1.6.1, which fixes the issue...

7.1AI score0.00791EPSS
Exploits0References2
Cvelist
Cvelist
added 2024/11/18 8:45 a.m.25 views

CVE-2024-45791 Apache HertzBeat: Exposure sensitive token via http GET method with query string

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache HertzBeat. This issue affects Apache HertzBeat: before 1.6.1. Users are recommended to upgrade to version 1.6.1, which fixes the issue...

0.00791EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2024/11/18 3:45 a.m.22 views

CVE-2024-38828 CVE-2024-38828: DoS via Spring MVC controller method with byte[] parameter

Spring MVC controller methods with an @RequestBody byte method parameter are vulnerable to a DoS attack...

5.3CVSS7.1AI score0.00729EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/11/18 3:45 a.m.51 views

CVE-2024-38828 CVE-2024-38828: DoS via Spring MVC controller method with byte[] parameter

Spring MVC controller methods with an @RequestBody byte method parameter are vulnerable to a DoS attack...

5.3CVSS0.00729EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
added 2024/11/18 12:0 a.m.13 views

Progress Software WhatsUp Gold getReport Missing Authentication Authentication Bypass Vulnerability

This vulnerability allows remote attackers to bypass authentication on affected installations of Progress Software WhatsUp Gold. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of getReport method. The issue results from the lack of...

9.8CVSS6.6AI score0.00621EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2024/11/18 12:0 a.m.8 views

PT-2024-34663 · Markus · Markus

Name of the Vulnerable Software and Affected Versions: MarkUs versions prior to 2.4.8 Description: MarkUs is a web application for the submission and grading of student assignments. An arbitrary file write vulnerability accessible via the update files method of the SubmissionsController allows...

7.1CVSS7.7AI score0.00696EPSS
Exploits0References6
CNNVD
CNNVD
added 2024/11/18 12:0 a.m.3 views

VMware Spring Framework 安全漏洞

VMware Spring Framework is a set of open source Java, JavaEE application frameworks from VMware. The framework helps developers build high-quality applications. A security vulnerability exists in VMware Spring Framework that stems from the use of the RequestBody byte method parameter in the...

5.3CVSS6.2AI score0.00729EPSS
Exploits0References5
NVD
NVD
added 2024/11/15 11:15 p.m.23 views

CVE-2024-11263

When the Global Pointer GP relative addressing is enabled CONFIGRISCVGP=y, the gp reg points at 0x800 bytes past the start of the .sdata section which is then used by the linker to relax accesses to global symbols...

9.3CVSS0.00164EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2024/11/15 12:0 a.m.10 views

Fedora 39 : krb5 (2024-862f5c4156)

The remote Fedora 39 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2024-862f5c4156 advisory. Security: CVE-2024-3596: Fix for BlastRADIUS vulnerability in libkrad support for Message-Authenticator attribute Marvin attack: Removal of the RSA method fo...

9CVSS8AI score0.14859EPSS
Exploits2References2
Tenable Nessus
Tenable Nessus
added 2024/11/15 12:0 a.m.9 views

Fedora 40 : krb5 (2024-29a74ac2b0)

The remote Fedora 40 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2024-29a74ac2b0 advisory. Security: CVE-2024-3596: Fix for BlastRADIUS vulnerability in libkrad support for Message-Authenticator attribute Marvin attack: Removal of the RSA method fo...

9CVSS8AI score0.14859EPSS
Exploits2References2
CVE
CVE
added 2024/11/14 5:32 p.m.59 views

CVE-2024-4343

The CVE-2024-4343 entry describes a Python command injection in the imartinez/privategpt project. Affected component: SagemakerLLM.complete() in ./private_gpt/components/llm/custom/sagemaker.py, with versions up to and including 0.3.0. Root cause: unsafe parsing of a remote SageMaker LLM endpoint...

9.8CVSS9.8AI score0.0261EPSS
Exploits1References2Affected Software1
Rows per page
Query Builder