Lucene search
K

106 matches found

CNNVD
CNNVD
added 2025/06/17 12:0 a.m.6 views

Trend Micro Endpoint Encryption PolicyServer 安全漏洞

Trend Micro Endpoint Encryption PolicyServer is a centralized management server from Trend Micro. A security vulnerability exists in Trend Micro Endpoint Encryption PolicyServer that stems from improper deserialization and could lead to pre-authenticated remote code execution...

9.8CVSS7.8AI score0.08324EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/05/23 9:39 a.m.32 views

CVE-2024-1775

The Nextend Social Login and Register plugin for WordPress is vulnerable to a self-based Reflected Cross-Site Scripting via the ‘errordescription’ parameter in all versions up to, and including, 3.1.12 due to insufficient input sanitization and output escaping. This makes it possible for...

5.4CVSS6.2AI score0.00373EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 7:41 a.m.12 views

CVE-2024-55555

Invoice Ninja before 5.10.43 allows remote code execution from a pre-authenticated route when an attacker knows the APPKEY. This is exacerbated by .env files, available from the product's repository, that have default APPKEY values. The route/hash route defined in the invoiceninja/routes/client.p...

8.8CVSS9AI score0.06611EPSS
Exploits5References1
RedhatCVE
RedhatCVE
added 2025/05/22 8:7 a.m.8 views

CVE-2019-14333

An issue was discovered on D-Link 6600-AP and DWL-3600AP Ax 4.2.0.14 21/03/2019 devices. There is a pre-authenticated denial of service attack against the access point via a long action parameter to admin.cgi...

5.5CVSS6.8AI score0.01097EPSS
Exploits3References1
The Hacker News
The Hacker News
added 2025/05/07 11:31 a.m.39 views

SysAid Patches 4 Critical Flaws Enabling Pre-Auth RCE in On-Premise Version

Cybersecurity researchers have disclosed multiple security flaws in the on-premise version of SysAid IT support software that could be exploited to achieve pre-authenticated remote code execution with elevated privileges. The vulnerabilities, tracked as CVE-2025-2775, CVE-2025-2776, and...

9.8CVSS10AI score0.98851EPSS
Exploits7
The Hacker News
The Hacker News
added 2025/04/24 10:0 a.m.30 views

Critical Commvault Command Center Flaw Enables Attackers to Execute Code Remotely

A critical security flaw has been disclosed in the Commvault Command Center that could allow arbitrary code execution on affected installations. The vulnerability, tracked as CVE-2025-34028 , carries a CVSS score of 9.0 out of a maximum of 10.0. "A critical security vulnerability has been...

10CVSS8.8AI score0.97157EPSS
Exploits5
NVD
NVD
added 2025/01/07 5:15 p.m.21 views

CVE-2024-55555

Invoice Ninja before 5.10.43 allows remote code execution from a pre-authenticated route when an attacker knows the APPKEY. This is exacerbated by .env files, available from the product's repository, that have default APPKEY values. The route/hash route defined in the invoiceninja/routes/client.p...

8.8CVSS0.06611EPSS
Exploits5References2
CVE
CVE
added 2025/01/07 12:0 a.m.182 views

CVE-2024-55555

Technical details (affected versions, vulnerable components, impact scope, and fixes) are not publicly provided in the supplied documents. Monitor for updates.

8.8CVSS8.2AI score0.06611EPSS
Exploits5References2
Cvelist
Cvelist
added 2025/01/07 12:0 a.m.23 views

CVE-2024-55555

Invoice Ninja before 5.10.43 allows remote code execution from a pre-authenticated route when an attacker knows the APPKEY. This is exacerbated by .env files, available from the product's repository, that have default APPKEY values. The route/hash route defined in the invoiceninja/routes/client.p...

0.06611EPSS
Exploits5References2
Vulnrichment
Vulnrichment
added 2025/01/07 12:0 a.m.19 views

CVE-2024-55555

Invoice Ninja before 5.10.43 allows remote code execution from a pre-authenticated route when an attacker knows the APPKEY. This is exacerbated by .env files, available from the product's repository, that have default APPKEY values. The route/hash route defined in the invoiceninja/routes/client.p...

8AI score0.06611EPSS
Exploits5References2
OSV
OSV
added 2025/01/07 12:0 a.m.25 views

CVE-2024-55555

Invoice Ninja before 5.10.43 allows remote code execution from a pre-authenticated route when an attacker knows the APPKEY. This is exacerbated by .env files, available from the product's repository, that have default APPKEY values. The route/hash route defined in the invoiceninja/routes/client.p...

8.8CVSS7.9AI score0.06611EPSS
Exploits5References4
Positive Technologies
Positive Technologies
added 2024/12/13 12:0 a.m.7 views

PT-2024-36551 · Unknown · Invoice Ninja

Name of the Vulnerable Software and Affected Versions: Invoice Ninja versions prior to 5.10.43 Description: The issue allows remote code execution from a pre-authenticated route when an attacker knows the APP KEY. This is exacerbated by .env files that have default APP KEY values. The route...

8.8CVSS10AI score0.06611EPSS
Exploits5References8
Packet Storm
Packet Storm
added 2024/08/31 12:0 a.m.250 views

ManageEngine Multiple Products Arbitrary File Download

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'ManageEngine Multiple Products Arbitrary File Download', 'Description' = %q This module exploits an arbitrary file download vulnerability in the...

7.5CVSS7AI score0.83399EPSS
Exploits11
Packet Storm
Packet Storm
added 2024/08/31 12:0 a.m.257 views

ManageEngine Multiple Products Arbitrary Directory Listing

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'ManageEngine Multiple Products Arbitrary Directory Listing', 'Description' = %q This module exploits a directory listing information disclosure...

7.5CVSS7AI score0.83399EPSS
Exploits11
Cvelist
Cvelist
added 2024/06/14 2:31 a.m.27 views

CVE-2024-27144 Pre-authenticated Remote Code Execution

The Toshiba printers provide several ways to upload files using the web interface without authentication. An attacker can overwrite any insecure files. And the Toshiba printers are vulnerable to a Local Privilege Escalation vulnerability. An attacker can remotely compromise any Toshiba printer. T...

9.8CVSS0.01247EPSS
Exploits1References4
Vulnrichment
Vulnrichment
added 2024/06/14 2:31 a.m.27 views

CVE-2024-27144 Pre-authenticated Remote Code Execution

The Toshiba printers provide several ways to upload files using the web interface without authentication. An attacker can overwrite any insecure files. And the Toshiba printers are vulnerable to a Local Privilege Escalation vulnerability. An attacker can remotely compromise any Toshiba printer. T...

9.8CVSS7.3AI score0.01247EPSS
Exploits1References4
Vulnrichment
Vulnrichment
added 2024/06/14 2:21 a.m.19 views

CVE-2024-27141 Pre-authenticated Time-Based Blind XXE injection

Toshiba printers use XML communication for the API endpoint provided by the printer. For the endpoint, XML parsing library is used and it is vulnerable to a time-based blind XML External Entity XXE vulnerability. An attacker can DoS the printers by sending a HTTP request without authentication. A...

5.9CVSS6.9AI score0.01115EPSS
Exploits1References4
GithubExploit
GithubExploit
added 2024/06/04 4:7 p.m.479 views

Exploit for Authentication Bypass by Spoofing in Telerik Report_Server_2024

CVE-2024-4358 / CVE-2024-1800 Telerik Report Server deserializ...

9.9CVSS10AI score0.97482EPSS
Exploits14
Cvelist
Cvelist
added 2024/02/21 5:39 p.m.38 views

CVE-2024-1212 LoadMaster Pre-Authenticated OS Command Injection

Unauthenticated remote attackers can access the system through the LoadMaster management interface, enabling arbitrary system command execution...

10CVSS9.8AI score0.95388EPSS
Exploits9References4
hivepro
hivepro
added 2024/01/08 9:7 a.m.51 views

Ivanti Addresses Critical Vulnerability in Endpoint Manager

Summary: Ivanti addressed a critical vulnerability CVE-2023-39336 in its Endpoint Management software, ensuring secure usage for its 40,000 worldwide customers. The flaw, resolved in version 2022 Service Update 5, posed a risk of pre-authenticated sql injection and possibly Remote Code Injection ...

5.8CVSS8.2AI score0.0997EPSS
Exploits0
Rows per page
Query Builder