Lucene search
K

11240 matches found

NVD
NVD
added 2024/08/06 7:15 p.m.29 views

CVE-2024-42395

There is a vulnerability in the AP Certificate Management Service which could allow a threat actor to execute an unauthenticated RCE attack. Successful exploitation could allow an attacker to execute arbitrary commands on the underlying operating system leading to complete system compromise...

9.8CVSS0.00388EPSS
Exploits0References1
NVD
NVD
added 2024/08/06 7:15 p.m.24 views

CVE-2024-42394

There are vulnerabilities in the Soft AP Daemon Service which could allow a threat actor to execute an unauthenticated RCE attack. Successful exploitation could allow an attacker to execute arbitrary commands on the underlying operating system leading to complete system compromise...

9.8CVSS0.00599EPSS
Exploits0References1
NVD
NVD
added 2024/08/06 7:15 p.m.25 views

CVE-2024-42393

There are vulnerabilities in the Soft AP Daemon Service which could allow a threat actor to execute an unauthenticated RCE attack. Successful exploitation could allow an attacker to execute arbitrary commands on the underlying operating system leading to complete system compromise...

9.8CVSS0.0063EPSS
Exploits0References1
CVE
CVE
added 2024/08/06 6:58 p.m.54 views

CVE-2024-42393

Technical details for CVE-2024-42393 are not publicly available in the provided documents. Monitor for updates from NVD/CVE and vendor advisories.

9.8CVSS8AI score0.0063EPSS
Exploits0References1Affected Software2
CVE
CVE
added 2024/08/06 6:57 p.m.43 views

CVE-2024-42394

CVE-2024-42394 describes unauthenticated remote code execution via the Soft AP Daemon Service, accessed by the PAPI protocol. The vulnerability allows an attacker to execute arbitrary commands on the underlying OS, potentially leading to full system compromise. Documents consistently identify the...

9.8CVSS8AI score0.00599EPSS
Exploits0References1Affected Software2
Cvelist
Cvelist
added 2024/08/06 6:57 p.m.31 views

CVE-2024-42394 Unauthenticated Stack-Based Buffer Overflow Remote Command Execution (RCE) in the Soft AP Daemon Service Accessed by the PAPI Protocol

There are vulnerabilities in the Soft AP Daemon Service which could allow a threat actor to execute an unauthenticated RCE attack. Successful exploitation could allow an attacker to execute arbitrary commands on the underlying operating system leading to complete system compromise...

9.8CVSS0.00599EPSS
Exploits0References1
CVE
CVE
added 2024/08/06 6:56 p.m.55 views

CVE-2024-42395

CVE-2024-42395 describes an unauthenticated remote code execution in the AP Certificate Management Service . Exploitation could allow an attacker to run arbitrary commands on the underlying OS, potentially leading to complete system compromise. The CVSS metrics indicate a network-based , no-authe...

9.8CVSS7.8AI score0.00388EPSS
Exploits0References1Affected Software2
NVD
NVD
added 2024/08/06 4:15 p.m.43 views

CVE-2024-39225

GL-iNet products AR750/AR750S/AR300M/AR300M16/MT300N-V2/B1300/MT1300/SFT1200/X750 v4.3.11, MT3000/MT2500/AXT1800/AX1800/A1300/X300B v4.5.16, XE300 v4.3.16, E750 v4.3.12, AP1300/S1300 v4.3.13, and XE3000/X3000 v4.4 were discovered to contain a remote code execution RCE vulnerability...

9.8CVSS0.1453EPSS
Exploits1References1
Malwarebytes
Malwarebytes
added 2024/08/06 1:47 p.m.28 views

Android vulnerability used in targeted attacks patched by Google

Google has released patches for 46 vulnerabilities in Android, including a remote code execution RCE vulnerability that it says has been used in limited, targeted attacks. You can find your device’s Android version number, security update level, and Google Play system level in your Settings app...

7.8CVSS8.5AI score0.02701EPSS
Exploits1
CVE
CVE
added 2024/08/06 12:0 a.m.53 views

CVE-2024-39225

The CVE-2024-39225 entry concerns a remote code execution (RCE) vulnerability reported in GL.iNet products. Affected devices include AR750/AR750S/AR300M/AR300M16/MT300N-V2/B1300/MT1300/SFT1200/X750 v4.3.11, MT3000/MT2500/AXT1800/AX1800/A1300/X300B v4.5.16, XE300 v4.3.16, E750 v4.3.12, AP1300/S130...

9.8CVSS8.6AI score0.1453EPSS
Exploits1References1Affected Software1
Vulnrichment
Vulnrichment
added 2024/08/06 12:0 a.m.13 views

CVE-2024-39225

GL-iNet products AR750/AR750S/AR300M/AR300M16/MT300N-V2/B1300/MT1300/SFT1200/X750 v4.3.11, MT3000/MT2500/AXT1800/AX1800/A1300/X300B v4.5.16, XE300 v4.3.16, E750 v4.3.12, AP1300/S1300 v4.3.13, and XE3000/X3000 v4.4 were discovered to contain a remote code execution RCE vulnerability...

8.4AI score0.1453EPSS
Exploits1References1
NVD
NVD
added 2024/08/05 9:15 p.m.36 views

CVE-2024-23657

Nuxt is a free and open-source framework to create full-stack web applications and websites with Vue.js. Nuxt Devtools is missing authentication on the getTextAssetContent RPC function which is vulnerable to path traversal. Combined with a lack of Origin checks on the WebSocket handler, an attack...

8.8CVSS0.01143EPSS
Exploits2References6
Cvelist
Cvelist
added 2024/08/05 8:27 p.m.42 views

CVE-2024-23657 Path Traversal: '../filedir' in Nuxt Devtools

Nuxt is a free and open-source framework to create full-stack web applications and websites with Vue.js. Nuxt Devtools is missing authentication on the getTextAssetContent RPC function which is vulnerable to path traversal. Combined with a lack of Origin checks on the WebSocket handler, an attack...

8.8CVSS0.01143EPSS
Exploits2References6
Vulnrichment
Vulnrichment
added 2024/08/05 8:27 p.m.30 views

CVE-2024-23657 Path Traversal: '../filedir' in Nuxt Devtools

Nuxt is a free and open-source framework to create full-stack web applications and websites with Vue.js. Nuxt Devtools is missing authentication on the getTextAssetContent RPC function which is vulnerable to path traversal. Combined with a lack of Origin checks on the WebSocket handler, an attack...

8.8CVSS8.8AI score0.01143EPSS
Exploits2References6
CVE
CVE
added 2024/08/05 8:27 p.m.118 views

CVE-2024-23657

CVE-2024-23657 — Nuxt Devtools: The issue is a path traversal vulnerability in Nuxt Devtools via getTextAssetContent, combined with lack of Origin checks on the WebSocket, enabling an attacker to read arbitrary files from the devtools host and, in some configurations, leak the devtools authentica...

8.8CVSS8.8AI score0.01143EPSS
Exploits2References6Affected Software1
GithubExploit
GithubExploit
added 2024/08/03 7:26 p.m.613 views

Exploit for CVE-2024-31211

It is an exploit module/toolkit targeting unspecified products/s...

5.5CVSS6.7AI score0.0274EPSS
Exploits1
GithubExploit
GithubExploit
added 2024/08/03 4:8 p.m.1538 views

Exploit for Server-Side Request Forgery in Apache Http_Server

It is an offensive tool for web applications. The repository app...

7.5CVSS6.9AI score0.6795EPSS
Exploits1
GithubExploit
GithubExploit
added 2024/08/02 8:17 p.m.270 views

Exploit for Command Injection in Nikhil-Bhalerao Poultry_Farm_Management_System

PoC exploit for CVE-2024-40110, an arbitrary file upload vulnera...

9.8CVSS7.3AI score0.01909EPSS
Exploits3
Pen Test Partners Blog
Pen Test Partners Blog
added 2024/08/02 5:30 a.m.42 views

KnowBe4 RCE and LPE

Introduction Our latest investigation has uncovered significant security flaws in three KnowBe4 applications- Phish Alert Button, PasswordIQ, and Second Chance. These applications, commonly used in security awareness and training, were found to have vulnerabilities allowing remote command executi...

6CVSS8.6AI score0.00374EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2024/08/02 12:0 a.m.34 views

OSGeo GeoTools RCE (CVE-2024-36404)

The version of OSGeo GeoTools installed on the remote host is affected by a remote code execution vulnerability, as follows: - Remote Code Execution is possible if an application uses certain GeoTools functionality to evaluate XPath expressions supplied by user input. Note that Nessus has not...

9.8CVSS7AI score0.74908EPSS
Exploits0References2
Rows per page
Query Builder