Lucene search
K

542 matches found

Positive Technologies
Positive Technologies
added 2024/02/28 12:0 a.m.2 views

PT-2024-2053 · Ibm · Ibm Engineering Requirements Management Doors

Name of the Vulnerable Software and Affected Versions: IBM Engineering Requirements Management versions 9.7.2.7 Description: The issue exists due to insufficient protection of the web page structure, allowing a remote attacker to exploit it and potentially disclose protected information. This...

4.8CVSS7.9AI score0.00321EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2024/02/12 12:0 a.m.8 views

PT-2024-13730 · Ellucian · Ellucian Banner

Name of the Vulnerable Software and Affected Versions: Ellucian Banner version 9.17 Description: The issue allows Insecure Direct Object Reference IDOR via a modified bannerId to the "/StudentSelfService/ssb/studentCard/retrieveData" endpoint. This means an attacker could potentially access...

6.5CVSS6.4AI score0.00589EPSS
Exploits1References7
Positive Technologies
Positive Technologies
added 2024/02/07 12:0 a.m.5 views

PT-2024-20072 · Samsung · Samsung Magician

Name of the Vulnerable Software and Affected Versions: Samsung Magician PC Software version 8.0.0 Description: The issue is related to improper privilege control for a named pipe, allowing a local attacker to read privileged data. This could potentially lead to unauthorized access to sensitive...

7.3CVSS5.2AI score0.00221EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2024/01/26 12:0 a.m.5 views

PT-2024-1372 · Tenda · Tenda Ac10

Name of the Vulnerable Software and Affected Versions: Tenda AC10U versions 15.03.06.49 multi TDE01 Description: The issue is related to a buffer overflow vulnerability in the fromAddressNat function of the Tenda AC10U router's firmware. This vulnerability can be exploited remotely, potentially...

9.8CVSS5.3AI score0.00843EPSS
Exploits1References7
Positive Technologies
Positive Technologies
added 2024/01/25 12:0 a.m.3 views

PT-2024-1439 · Unknown · Systemk Nvr

Name of the Vulnerable Software and Affected Versions: SystemK NVR versions 2.3.5SK.30084998 and prior Description: The issue is related to a command injection vulnerability in the dynamic domain name system DDNS settings. This vulnerability could allow an attacker to execute arbitrary commands...

10CVSS9.6AI score0.01278EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2024/01/24 12:0 a.m.5 views

PT-2024-13165 · Line · Ailand Clinic Mini-App

Name of the Vulnerable Software and Affected Versions: Ailand clinic mini-app on Line version 13.6.1 Description: An issue in the Ailand clinic mini-app on Line allows attackers to send crafted malicious notifications via leakage of the channel access token. This leakage enables attackers to...

5.4CVSS5.4AI score0.00394EPSS
Exploits1References6
Positive Technologies
Positive Technologies
added 2024/01/19 12:0 a.m.5 views

PT-2024-14328 · Yonyou · Yonbip

Name of the Vulnerable Software and Affected Versions: YonBIP version 3 23.05 Description: A SQL injection issue was discovered in YonBIP via the runScript method of the com.yonyou.hrcloud.attend.web.AttendScriptController class. This allows for potential exploitation. Recommendations: For YonBIP...

9.8CVSS9.8AI score0.00637EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2024/01/16 12:0 a.m.5 views

PT-2024-1253 · Totolink · Totolink Lr1200Gb

Name of the Vulnerable Software and Affected Versions: Totolink LR1200GB version 9.1.0u.6619 B20230130 Description: A critical issue has been identified, affecting the setDiagnosisCfg function of the /cgi-bin/cstecgi.cgi file. The manipulation of the ip argument leads to a stack-based buffer...

10CVSS8.8AI score0.01066EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2024/01/11 12:0 a.m.5 views

PT-2024-11897 · Unknown · Qkmc-Rk Redbbs

Name of the Vulnerable Software and Affected Versions: qkmc-rk redbbs version 1.0 Description: A problematic issue was found in the Nickname Handler component, leading to cross-site scripting. The attack can be launched remotely. Recommendations: For qkmc-rk redbbs version 1.0, consider disabling...

6.1CVSS6.3AI score0.00441EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2023/12/24 12:0 a.m.6 views

PT-2023-13730 · Nokia · Nokia Nfm-T

Name of the Vulnerable Software and Affected Versions: NOKIA NFM-T version R19.9 Description: An OS Command Injection issue occurs in the /cgi-bin/R19.9/log.pl endpoint of the VM Manager WebUI via the cmd HTTP GET parameter. This allows authenticated users to execute commands with root privileges...

8.8CVSS9AI score0.02237EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2023/12/14 12:0 a.m.4 views

PT-2023-30678 · Cybrosys Techno Solutions · Cybrosys Techno Solutions Website Blog Search

Name of the Vulnerable Software and Affected Versions: Cybrosys Techno Solutions Website Blog Search aka website search blog versions 13.0 through 13.0.1.0.1 Description: A SQL injection issue allows a remote attacker to execute arbitrary code and gain privileges via the name parameter in the...

9.8CVSS9.9AI score0.01005EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2023/12/07 12:0 a.m.3 views

PT-2023-31322 · Unknown · Speedycache

Name of the Vulnerable Software and Affected Versions: SpeedyCache – Cache, Optimization, Performance versions n/a through 1.1.2 Description: The issue is related to a Server-Side Request Forgery SSRF vulnerability. This type of vulnerability allows an attacker to trick the server into making...

4.9CVSS5.3AI score0.00324EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2023/12/05 12:0 a.m.4 views

PT-2023-31191 · Jfinalcms · Jfinalcms

Name of the Vulnerable Software and Affected Versions: JFinalCMS version 5.0.0 Description: A Cross-Site Request Forgery CSRF issue was discovered in JFinalCMS. The vulnerability can be exploited via the /admin/tag/update API endpoint. Recommendations: For JFinalCMS version 5.0.0, consider...

8.8CVSS8.6AI score0.00391EPSS
Exploits1References8
Positive Technologies
Positive Technologies
added 2023/12/01 12:0 a.m.5 views

PT-2023-30999 · Jupiter · Jupiterx

Name of the Vulnerable Software and Affected Versions: Jupiter version 1.3.1 Description: A deserialization vulnerability allows attackers to execute arbitrary commands via sending a crafted RPC request. Recommendations: For Jupiter version 1.3.1, consider disabling the deserialization...

9.8CVSS9.6AI score0.01552EPSS
Exploits1References8
Positive Technologies
Positive Technologies
added 2023/11/13 12:0 a.m.3 views

PT-2023-29038 · Emsigner · Emsigner

Name of the Vulnerable Software and Affected Versions: EMSigner version 2.8.7 Description: The issue is related to incorrect access control in the AdHoc User creation form, allowing unauthenticated attackers to modify usernames and privileges using the email address of a registered user...

5.9CVSS7.2AI score0.00464EPSS
Exploits1References6
Prion
Prion
added 2023/11/03 12:15 p.m.15 views

Input validation

The MStore API plugin for WordPress is vulnerable to Unauthorized Account Access and Privilege Escalation in versions up to, and including, 4.10.7 due to improper implementation of the Apple login feature. This allows unauthenticated attackers to log in as any user as long as they know the user's...

7.5CVSS8.7AI score0.02888EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2023/10/25 12:0 a.m.5 views

PT-2023-26629 · Unknown · Tire-Sales Line

Name of the Vulnerable Software and Affected Versions: tire-sales Line version 13.6.1 Description: An issue in the software allows a remote attacker to obtain sensitive information via a crafted GET request. Recommendations: For version 13.6.1, consider restricting access to sensitive information...

7.5CVSS6.8AI score0.00726EPSS
Exploits1References7
Positive Technologies
Positive Technologies
added 2023/10/16 12:0 a.m.4 views

PT-2023-25752 · Totolink · Totolink Cp300+

Name of the Vulnerable Software and Affected Versions: TOTOLINK CP300+ version 5.2cu.7594 B20200910 Description: A stack overflow issue was discovered via the pingIp parameter in the setDiagnosisCfg function. This allows for potential exploitation. Recommendations: For TOTOLINK CP300+ version...

9.8CVSS9.5AI score0.00701EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2023/10/02 12:0 a.m.4 views

PT-2023-29032 · Netis · Netis N3Mv2

Name of the Vulnerable Software and Affected Versions: Netis N3Mv2 version 1.0.1.865 Description: A command injection issue was discovered in the Wake-On-LAN WoL function via the wakeup mac parameter. This issue can be exploited using a crafted payload. Recommendations: For Netis N3Mv2 version...

9.8CVSS7.7AI score0.01894EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2023/09/27 12:0 a.m.5 views

PT-2023-28739 · Yzncms · Yzncms

Name of the Vulnerable Software and Affected Versions: YZNCMS version 1.3.0 Description: A stored cross-site scripting XSS issue in the cms/content/edit component allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the title parameter. This enables...

6.1CVSS6AI score0.00308EPSS
Exploits0References4
Rows per page
Query Builder