Lucene search
K

11652 matches found

OSV
OSV
added 2024/10/08 4:15 a.m.7 views

CVE-2024-45282

Fields which are in 'read only' state in Bank Statement Draft in Manage Bank Statements application, could be modified by MERGE method. The property of an OData entity representing assumably immutable method is not protected against external modifications leading to integrity violations...

5.3CVSS5.8AI score0.00293EPSS
Exploits0References2
Zero Day Initiative
Zero Day Initiative
added 2024/10/08 12:0 a.m.11 views

Ivanti Avalanche SecureFilter allowPassThrough Authentication Bypass Vulnerability

This vulnerability allows remote attackers to partially bypass authentication on affected installations of Ivanti Avalanche. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of the allowPassThrough method. The issue results from...

7.3CVSS6.8AI score0.37965EPSS
Exploits0References1
CNNVD
CNNVD
added 2024/10/08 12:0 a.m.3 views

SAP S/4 HANA 安全漏洞

SAP S/4 HANA is an intelligent, integrated ERP software for large enterprises from SAP. A security vulnerability exists in SAP S/4 HANA, which stems from a field in the "read only" state that can be modified via the MERGE method...

5.3CVSS6.7AI score0.00293EPSS
Exploits0References4
Zero Day Initiative
Zero Day Initiative
added 2024/10/08 12:0 a.m.12 views

Ivanti Avalanche validateAMCWSConnection Server-Side Request Forgery Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Ivanti Avalanche. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of the validateAMCWSConnection method. The issue results fro...

7.5CVSS6AI score0.46591EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/10/07 12:0 a.m.19 views

CVE-2024-46446

Mecha CMS 3.0.0 is vulnerable to Directory Traversal. An attacker can construct cookies and URIs that bypass user identity checks. Parameters can then be passed through the POST method, resulting in the Deletion of Arbitrary Files or Website Takeover...

0.01396EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2024/10/07 12:0 a.m.8 views

PT-2024-7173 · Sap · Sap S/4Hana

Name of the Vulnerable Software and Affected Versions: SAP S/4HANA affected versions not specified Description: The issue is related to the Manage Bank Statement Handler component of the SAP S/4HANA platform. It is caused by the lack of a mechanism to prevent unintended changes to resources when...

5.3CVSS6.8AI score0.00293EPSS
Exploits0References9
Hacker One
Hacker One
added 2024/10/01 10:18 a.m.5 views

U.S. Dept Of Defense: Cross-Site Scripting (XSS) Vulnerability via parameter c0-id + Akamai Firewall Bypass

A Cross-Site Scripting XSS vulnerability was discovered on a specific website. The vulnerability was found in the POST method, allowing the injection of malicious scripts that could be executed. Exploitation of this vulnerability could have led to consequences such as cookie theft and session...

6.1AI score
Exploits0
Hacker One
Hacker One
added 2024/10/01 9:49 a.m.4 views

U.S. Dept Of Defense: Cross-Site Scripting (XSS) Vulnerability via POST Method + Akamai Firewall Bypass

A Cross-Site Scripting XSS vulnerability was discovered in the POST method on the target website. The vulnerability allowed the injection of malicious scripts that could be executed. A payload was provided to bypass the Akamai firewall. The vulnerability was reported and the affected products and...

6.3AI score
Exploits0
CNVD
CNVD
added 2024/09/30 12:0 a.m.3 views

Huawei HarmonyOS/EMUI Access Privilege Verification Vulnerability

Huawei HarmonyOS is an operating system from Huawei China. It provides a full-scene distributed operating system based on a microkernel. EMUI formerly known as Emotion UI is an emotional operating system developed by Huawei based on Android Android. Huawei HarmonyOS/EMUI suffers from an access...

7.5CVSS6.8AI score0.00212EPSS
Exploits0References1
OSV
OSV
added 2024/09/27 7:15 p.m.5 views

CVE-2024-33368

An issue in Plasmoapp RPShare Fabric mod v.1.0.0 allows a remote attacker to execute arbitrary code via the build method in DonwloadPromptScreen...

8.8CVSS6.1AI score0.0065EPSS
Exploits0References2
OSV
OSV
added 2024/09/27 11:15 a.m.4 views

CVE-2024-47294

Access permission verification vulnerability in the input method framework module Impact: Successful exploitation of this vulnerability may affect availability...

7.5CVSS5.8AI score0.00212EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/09/27 10:23 a.m.27 views

CVE-2024-47294

Access permission verification vulnerability in the input method framework module Impact: Successful exploitation of this vulnerability may affect availability...

4.4CVSS0.00212EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/09/27 10:23 a.m.13 views

CVE-2024-47294

Access permission verification vulnerability in the input method framework module Impact: Successful exploitation of this vulnerability may affect availability...

4.4CVSS6.9AI score0.00212EPSS
Exploits0References1
CVE
CVE
added 2024/09/27 10:23 a.m.52 views

CVE-2024-47294

CVE-2024-47294 affects Huawei HarmonyOS/EMUI via an access rights/permission verification vulnerability in the Input Method Framework module. The primary impact stated is availability disruption on exploitation, with CVSS v3.1 base metrics indicating high availability impact (NVD: AV:N/AC:L/PR:N/...

7.5CVSS6.9AI score0.00212EPSS
Exploits0References1Affected Software2
CNNVD
CNNVD
added 2024/09/27 12:0 a.m.4 views

Plasmo RPShare 安全漏洞

RPShare is a client-side Fabric mod and server-side Paper plugin open-sourced by Plasmo. It allows players to quickly share resource packs. A security vulnerability exists in Plasmo RPShare version v.1.0.0, which stems from a vulnerability that allows remote attackers to execute arbitrary code vi...

8.8CVSS7.8AI score0.0065EPSS
Exploits0References3
CNNVD
CNNVD
added 2024/09/27 12:0 a.m.4 views

Huawei HarmonyOS 安全漏洞

Huawei HarmonyOS is an operating system from Huawei China. It provides a full-scene distributed operating system based on a microkernel. EMUI formerly known as Emotion UI is an emotional operating system developed by Huawei based on Android Android. Huawei HarmonyOS/EMUI suffers from an access...

7.5CVSS6.7AI score0.00212EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2024/09/27 12:0 a.m.5 views

PT-2024-25216 · Unknown · Plasmoapp Rpshare Fabric Mod

Name of the Vulnerable Software and Affected Versions: Plasmoapp RPShare Fabric mod version 1.0.0 Description: The issue allows a remote attacker to execute arbitrary code via the build method in DonwloadPromptScreen. Recommendations: For Plasmoapp RPShare Fabric mod version 1.0.0, consider...

8.8CVSS8.1AI score0.0065EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2024/09/27 12:0 a.m.5 views

PT-2024-32505 · Huawei · Emui +1

Name of the Vulnerable Software and Affected Versions: Input method framework module affected versions not specified Description: The issue is related to an access permission verification vulnerability in the input method framework module. Successful exploitation of this vulnerability may affect...

7.5CVSS6.9AI score0.00212EPSS
Exploits0References6
CNNVD
CNNVD
added 2024/09/27 12:0 a.m.26 views

Dozzle 安全漏洞

Dozzle is a small, lightweight application by the individual developer Amir Raminfar. A security vulnerability exists in Dozzle versions prior to 8.5.3 that stems from the use of sha-256 as a password hash, which makes it vulnerable to rainbow table attacks...

7.5CVSS7.8AI score0.00205EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2024/09/26 5:49 p.m.18 views

Ory Kratos's setting required_aal `highest_available` does not properly respect code + mfa credentials

Preconditions - The code login method is enabled with the passwordlessenabled flag set to true . - A 2FA method such as totp is enabled. - requiredaal of the whomai check or the settings flow is set to highestavailable. AAL stands for Authenticator Assurance Levels and can range from 0 no factor ...

4.4CVSS6.7AI score0.00323EPSS
Exploits0References3Affected Software1
Rows per page
Query Builder