Lucene search
K

272 matches found

RedhatCVE
RedhatCVE
added 2025/05/23 10:36 a.m.14 views

CVE-2024-20508

A vulnerability in Cisco Unified Threat Defense UTD Snort Intrusion Prevention System IPS Engine for Cisco IOS XE Software could allow an unauthenticated, remote attacker to bypass configured security policies or cause a denial of service DoS condition on an affected device. This vulnerability is...

6.5CVSS7.3AI score0.00417EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 10:29 a.m.9 views

CVE-2024-0456

An authorization vulnerability exists in GitLab versions 14.0 prior to 16.6.6, 16.7 prior to 16.7.4, and 16.8 prior to 16.8.1. An unauthorized attacker is able to assign arbitrary users to MRs that they created within the project...

4.3CVSS6.4AI score0.00488EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 7:56 a.m.9 views

CVE-2024-12028

The Friends plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on several REST API endpoints in all versions up to, and including, 3.2.1. This makes it possible for unauthenticated attackers to send arbitrary friend requests on behalf of another website,...

5.3CVSS6.8AI score0.00425EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 7:49 a.m.20 views

CVE-2024-20516

A vulnerability in the web-based management interface of Cisco Small Business RV042, RV042G, RV320, and RV325 Routers could allow an authenticated, Administrator-level, remote attacker to cause an unexpected reload of an affected device, resulting in a denial of service DoS condition. To exploit...

6.8CVSS6.9AI score0.00443EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 7:37 a.m.9 views

CVE-2024-4841

A Path Traversal vulnerability exists in the parisneo/lollms-webui, specifically within the 'addreferencetolocalmode' function due to the lack of input sanitization. This vulnerability affects versions v9.6 to the latest. By exploiting this vulnerability, an attacker can predict the folders,...

4CVSS4.3AI score0.00674EPSS
Exploits1
RedhatCVE
RedhatCVE
added 2025/05/23 4:44 a.m.8 views

CVE-2023-41580

Phpipam before v1.5.2 was discovered to contain a LDAP injection vulnerability via the dname parameter at /users/ad-search-result.php. This vulnerability allows attackers to enumerate arbitrary fields in the LDAP server and access sensitive data via a crafted POST request...

7.5CVSS7.5AI score0.0071EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/23 4:42 a.m.9 views

CVE-2023-48730

A cross-site scripting xss vulnerability exists in the navbarMenuAndLogo.php user name functionality of WWBN AVideo dev master commit 15fed957fb. A specially crafted HTTP request can lead to arbitrary Javascript execution. An attacker can get a user to visit a webpage to trigger this vulnerabilit...

8.5CVSS6.3AI score0.00581EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/23 4:30 a.m.9 views

CVE-2023-50766

A cross-site request forgery CSRF vulnerability in Jenkins Nexus Platform Plugin 3.18.0-03 and earlier allows attackers to send an HTTP request to an attacker-specified URL and parse the response as XML...

8.8CVSS6.7AI score0.00447EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/23 4:25 a.m.7 views

CVE-2023-43890

Netis N3Mv2-V1.0.1.865 was discovered to contain a command injection vulnerability in the diagnostic tools page. This vulnerability is exploited via a crafted HTTP request...

8.8CVSS7.8AI score0.02521EPSS
Exploits1
RedhatCVE
RedhatCVE
added 2025/05/23 3:56 a.m.9 views

CVE-2023-34842

Remote Code Execution vulnerability in DedeCMS through 5.7.109 allows remote attackers to run arbitrary code via crafted POST request to /dede/tpl.php...

9.8CVSS8.2AI score0.00948EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/23 3:56 a.m.11 views

CVE-2023-34426

A stack-based buffer overflow vulnerability exists in the httpd managerequest functionality of Yifan YF325 v1.020221108. A specially crafted network request can lead to stack-based buffer overflow. An attacker can send a network request to trigger this vulnerability...

9.8CVSS7.2AI score0.00773EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 3:24 a.m.10 views

CVE-2023-25108

Multiple buffer overflow vulnerabilities exist in the vtyshubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to arbitrary code execution. An attacker with high privileges can send HTTP requests to trigger these...

7.2CVSS8AI score0.0146EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/23 3:24 a.m.8 views

CVE-2023-25100

Multiple buffer overflow vulnerabilities exist in the vtyshubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to arbitrary code execution. An attacker with high privileges can send HTTP requests to trigger these...

7.2CVSS8AI score0.0146EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/23 3:24 a.m.15 views

CVE-2023-25101

Multiple buffer overflow vulnerabilities exist in the vtyshubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to arbitrary code execution. An attacker with high privileges can send HTTP requests to trigger these...

7.2CVSS8AI score0.0146EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/23 2:16 a.m.13 views

CVE-2023-42785

A null pointer dereference in FortiOS versions 7.4.0 through 7.4.1, 7.2.0 through 7.2.5, 7.0 all versions, 6.4 all versions , 6.2 all versions and 6.0 all versions allows attacker to trigger a denial of service via a crafted http request...

6.5CVSS6.6AI score0.00687EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 2:14 a.m.5 views

CVE-2023-25081

Multiple buffer overflow vulnerabilities exist in the vtyshubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to arbitrary code execution. An attacker with high privileges can send HTTP requests to trigger these...

7.2CVSS8.1AI score0.01503EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/23 1:59 a.m.9 views

CVE-2023-42791

A relative path traversal in Fortinet FortiManager version 7.4.0 and 7.2.0 through 7.2.3 and 7.0.0 through 7.0.8 and 6.4.0 through 6.4.12 and 6.2.0 through 6.2.11 allows attacker to execute unauthorized code or commands via crafted HTTP requests...

8.8CVSS7.5AI score0.04184EPSS
Exploits1
RedhatCVE
RedhatCVE
added 2025/05/23 1:56 a.m.19 views

CVE-2023-25105

Multiple buffer overflow vulnerabilities exist in the vtyshubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to arbitrary code execution. An attacker with high privileges can send HTTP requests to trigger these...

7.2CVSS8.1AI score0.0146EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/23 12:44 a.m.5 views

CVE-2022-41489

WAYOS LQ09 22.03.17V was discovered to contain a Cross-Site Request Forgery CSRF which allows attackers to send crafted requests to the server from the affected device. This vulnerability is exploitable due to a lack of authentication in the component Usbupload.htm...

8.1CVSS7.7AI score0.004EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/23 12:6 a.m.4 views

CVE-2022-25568

MotionEye v0.42.1 and below allows attackers to access sensitive information via a GET request to /config/list. To exploit this vulnerability, a regular user password must be unconfigured...

7.5CVSS6.5AI score0.06829EPSS
Exploits1References1
Rows per page
Query Builder