Lucene search
K

8 matches found

Positive Technologies
Positive Technologies
added 2024/10/14 12:0 a.m.9 views

PT-2024-7164

Name of the Vulnerable Software and Affected Versions Splunk Enterprise versions prior to 9.3.1 Splunk Enterprise versions prior to 9.2.3 Splunk Enterprise versions prior to 9.1.6 Description The software potentially exposes sensitive HTTP parameters to the internal index if the REST Calls log...

6.8CVSS5.9AI score0.00488EPSS
Exploits0References10
Positive Technologies
Positive Technologies
added 2023/12/25 12:0 a.m.8 views

PT-2023-30874 · Unknown · Concrete Cms

Name of the Vulnerable Software and Affected Versions: Concrete CMS versions prior to 8.5.14 Concrete CMS versions 9 prior to 9.2.3 Description: The issue allows Cross Site Request Forgery CSRF via the "ccm/calendar/dialogs/event/delete/submit" API endpoint. An attacker can force an admin to dele...

4.3CVSS6.9AI score0.00276EPSS
Exploits0References10
Microsoft CVE
Microsoft CVE
added 2023/11/06 8:0 a.m.3 views

NATS nats-server before 2.9.23 and 2.10.x before 2.10.2 has an authentication bypass. An implicit $G user in an authorization block can sometimes be used for unauthenticated access even when the intention of the configuration was for each user to have an account. The earliest affected version is 2.2.0.

...

6.5CVSS6.7AI score0.00662EPSS
Exploits0
OSV
OSV
added 2023/10/17 7:15 a.m.2 views

DEBIAN-CVE-2023-39456

Improper Input Validation vulnerability in Apache Traffic Server with malformed HTTP/2 frames.This issue affects Apache Traffic Server: from 9.0.0 through 9.2.2. Users are recommended to upgrade to version 9.2.3, which fixes the issue...

7.5CVSS7.2AI score0.53477EPSS
Exploits0References1
NCSC
NCSC
added 2023/07/27 12:0 a.m.4 views

Vulnerability fixed in Atlassian Bamboo

Atlassian has fixed a vulnerability in Bamboo Server and Bamboo Data Center. An authenticated malicious person can exploit the exploit the vulnerability to use command-injection to execute arbitrary execute arbitrary code with application privileges and thus potentially gain access to sensitive...

8.8CVSS7.4AI score0.01805EPSS
Exploits0
Circl
Circl
added 2023/02/24 6:19 p.m.7 views

CVE-2022-43923

creationtimestamp| type| source ---|---|--- 2023-02-24 18:19:27+00:00| seen| https://t.me/cibsecurity/58880...

6.2CVSS5.5AI score0.00189EPSS
Exploits0References1
Grafana
Grafana
added 2022/11/08 12:0 a.m.11 views

Race condition allowing privilege escalation

Grafana is an open-source platform for monitoring and observability. Versions starting with 9.2.0 and less than 9.2.4 contain a race condition in the authentication middlewares logic which may allow an unauthenticated user to query an administration endpoint under heavy load. This issue is patche...

9.8CVSS7.2AI score0.00922EPSS
Exploits0
Circl
Circl
added 2009/06/30 12:0 a.m.7 views

CVE-2009-2307

creationtimestamp| type| source ---|---|--- 2009-06-30 00:00:00+00:00| confirmed| https://www.exploit-db.com/exploits/9056...

7.5CVSS5.8AI score0.00928EPSS
Exploits0References1
Rows per page
Query Builder