Lucene search
K

323 matches found

Vulnrichment
Vulnrichment
added 2024/11/22 8:5 p.m.12 views

CVE-2023-52334 Allegra downloadAttachmentGlobal Directory Traversal Information Disclosure Vulnerability

Allegra downloadAttachmentGlobal Directory Traversal Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Allegra. Although authentication is required to exploit this vulnerability, product implements a...

7.5CVSS7.3AI score0.01904EPSS
Exploits0References2
Cvelist
Cvelist
added 2024/11/22 8:5 p.m.25 views

CVE-2023-51648 Allegra getFileContentAsString Directory Traversal Information Disclosure Vulnerability

Allegra getFileContentAsString Directory Traversal Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Allegra. Although authentication is required to exploit this vulnerability, the product implements a...

7.5CVSS0.01904EPSS
Exploits0References2
CVE
CVE
added 2024/11/22 8:5 p.m.48 views

CVE-2023-51648

CVE-2023-51648 affects Allegra, via the getFileContentAsString method which is vulnerable to directory traversal information disclosure. The root cause is improper validation of a user-supplied path used in file operations, enabling disclosure of sensitive data including stored credentials. Some ...

7.5CVSS7.3AI score0.01904EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2024/11/22 8:5 p.m.9 views

CVE-2023-51648 Allegra getFileContentAsString Directory Traversal Information Disclosure Vulnerability

Allegra getFileContentAsString Directory Traversal Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Allegra. Although authentication is required to exploit this vulnerability, the product implements a...

7.5CVSS7.3AI score0.01904EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2024/11/22 8:5 p.m.12 views

CVE-2023-51642 Allegra loadFieldMatch Deserialization of Untrusted Data Remote Code Execution Vulnerability

Allegra loadFieldMatch Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Allegra. Although authentication is required to exploit this vulnerability, product implements a...

9.8CVSS9.9AI score0.01259EPSS
Exploits0References2
Cvelist
Cvelist
added 2024/11/22 8:5 p.m.20 views

CVE-2023-51642 Allegra loadFieldMatch Deserialization of Untrusted Data Remote Code Execution Vulnerability

Allegra loadFieldMatch Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Allegra. Although authentication is required to exploit this vulnerability, product implements a...

9.8CVSS0.01259EPSS
Exploits0References2
CVE
CVE
added 2024/11/22 8:5 p.m.50 views

CVE-2023-51642

CVE-2023-51642 involves Allegra’s loadFieldMatch deserialization, where untrusted data is deserialized due to improper input validation. This leads to remote code execution in the LOCAL SERVICE context. Attack requires authentication, but Allegra’s registration mechanism can create a user with su...

9.8CVSS9.9AI score0.01259EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2024/11/22 8:5 p.m.20 views

CVE-2023-51641 Allegra renderFieldMatch Deserialization of Unstrusted Data Remote Code Execution Vulnerability

Allegra renderFieldMatch Deserialization of Unstrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Allegra. Although authentication is required to exploit this vulnerability, product implements a...

9.8CVSS0.01259EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2024/11/22 8:5 p.m.15 views

CVE-2023-51641 Allegra renderFieldMatch Deserialization of Unstrusted Data Remote Code Execution Vulnerability

Allegra renderFieldMatch Deserialization of Unstrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Allegra. Although authentication is required to exploit this vulnerability, product implements a...

9.8CVSS9.9AI score0.01259EPSS
Exploits0References2
CVE
CVE
added 2024/11/22 8:5 p.m.42 views

CVE-2023-51641

CVE-2023-51641 affects Allegra’s renderFieldMatch, where deserialization of untrusted data can allow remote code execution. The flaw arises from insufficient validation of user-supplied data, enabling code execution in the context of LOCAL SERVICE. Authentication is required, but Allegra’s regist...

9.8CVSS9.9AI score0.01259EPSS
Exploits0References2Affected Software1
NVD
NVD
added 2024/11/15 4:15 p.m.23 views

CVE-2022-20655

A vulnerability in the implementation of the CLI on a device that is running ConfD could allow an authenticated, local attacker to perform a command injection attack. The vulnerability is due to insufficient validation of a process argument on an affected device. An attacker could exploit this...

8.8CVSS0.00832EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2024/11/15 3:56 p.m.15 views

CVE-2022-20655

A vulnerability in the implementation of the CLI on a device that is running ConfD could allow an authenticated, local attacker to perform a command injection attack. The vulnerability is due to insufficient validation of a process argument on an affected device. An attacker could exploit this...

8.8CVSS7.8AI score0.00832EPSS
Exploits0References2
Huntr
Huntr
added 2024/10/23 8:14 a.m.5 views

Missing access control on endpoint to list all evaluations in lunary-ai/lunary

Description The /v1/evaluators/ route allows users to fetch all evaluators of a project by sending a GET request. However, the route lacks proper access control, such as middleware to ensure that only users with appropriate roles can access evaluator data. The current implementation: Does not...

6.5CVSS6.6AI score0.00487EPSS
Exploits1
OSV
OSV
added 2024/09/04 11:15 p.m.7 views

CVE-2024-45429

Cross-site scripting vulnerability exists in Advanced Custom Fields versions 6.3.5 and earlier and Advanced Custom Fields Pro versions 6.3.5 and earlier. If an attacker with the 'capability' setting privilege which is set in the product settings stores an arbitrary script in the field label, the...

6.1CVSS5.8AI score0.00395EPSS
Exploits0References4
Packet Storm
Packet Storm
added 2024/08/31 12:0 a.m.359 views

ScadaBR Credentials Dumper

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'ScadaBR Credentials Dumper', 'Description' = %q This module retrieves credentials from ScadaBR, including service credentials and unsalted SHA1...

7.4AI score
Exploits0
CNNVD
CNNVD
added 2024/08/29 12:0 a.m.3 views

Dell PowerEdge Platform 安全漏洞

Dell PowerEdge Platform is a server platform from Dell USA. A security vulnerability exists in Dell PowerEdge Platform that originates from a contained end-of-buffer access to memory location vulnerability, which could be exploited by a low-privileged attacker with local access rights to cause an...

6.5CVSS6.1AI score0.00149EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2024/04/30 4:54 p.m.3 views

mysql: Server: DML unspecified vulnerability (CPU Jan 2024)

Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash complete DOS of MySQL Server...

4.9CVSS5.8AI score0.00926EPSS
Exploits0References5
NVD
NVD
added 2024/04/26 3:15 p.m.25 views

CVE-2024-32764

A missing authentication for critical function vulnerability has been reported to affect myQNAPcloud Link. If exploited, the vulnerability could allow users with the privilege level of some functionality via a network. We have already fixed the vulnerability in the following version: myQNAPcloud...

9.9CVSS9.6AI score0.00419EPSS
Exploits0References1
CVE
CVE
added 2024/04/26 3:0 p.m.61 views

CVE-2024-32764

Summary: CVE-2024-32764 affects QNAP’s myQNAPcloud Link. The issue is a missing authentication for a critical function accessible over the network, potentially allowing a user with existing functional privileges to exploit it. Affected product/version: myQNAPcloud Link prior to 2.4.51 (vulnerable...

9.9CVSS9.3AI score0.00419EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2024/04/26 3:0 p.m.25 views

CVE-2024-32764 myQNAPcloud Link

A missing authentication for critical function vulnerability has been reported to affect myQNAPcloud Link. If exploited, the vulnerability could allow users with the privilege level of some functionality via a network. We have already fixed the vulnerability in the following version: myQNAPcloud...

9.9CVSS9.7AI score0.00419EPSS
Exploits0References1
Rows per page
Query Builder