Lucene search
+L

272 matches found

RedhatCVE
RedhatCVE
added 2025/05/22 10:46 p.m.7 views

CVE-2022-29646

An access control issue in TOTOLINK A3100R V4.1.2cu.5050B20200504 and V4.1.2cu.5247B20211129 allows attackers to obtain sensitive information via a crafted web request...

5.3CVSS6.3AI score0.00801EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 10:45 p.m.11 views

CVE-2022-29337

C-DATA FD702XW-X-R430 v2.1.13X001 was discovered to contain a command injection vulnerability via the vacmd parameter in formlanipv6. This vulnerability allows attackers to execute arbitrary commands via a crafted HTTP request...

9.8CVSS8.6AI score0.35831EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 9:24 p.m.19 views

CVE-2021-29416

An issue was discovered in PortSwigger Burp Suite before 2021.2. During viewing of a malicious request, it can be manipulated into issuing a request that does not respect its upstream proxy configuration. This could leak NetNTLM hashes on Windows systems that fail to block outbound SMB...

6.5CVSS6.7AI score0.01149EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 7:57 p.m.8 views

CVE-2021-36184

A improper neutralization of Special Elements used in an SQL Command 'SQL Injection' in Fortinet FortiWLM version 8.6.1 and below allows attacker to disclosure device, users and database information via crafted HTTP requests...

8.8CVSS7.1AI score0.00967EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 7:12 p.m.9 views

CVE-2021-21934

A specially-crafted HTTP request can lead to SQL injection. An attacker can make authenticated HTTP requests to trigger this at ‘imeifilter’ parameter. This can be done as any authenticated user or through cross-site request forgery...

7.7CVSS7.3AI score0.01144EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 7:11 p.m.10 views

CVE-2021-21820

A hard-coded password vulnerability exists in the Libcli Test Environment functionality of D-LINK DIR-3040 1.13B03. A specially crafted network request can lead to code execution. An attacker can send a sequence of requests to trigger this vulnerability...

10CVSS7.2AI score0.02962EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 5:43 p.m.10 views

CVE-2020-14412

NeDi 1.9C is vulnerable to Remote Command Execution. System-Snapshot.php improperly escapes shell metacharacters from a POST request. An attacker can exploit this by crafting an arbitrary payload any system commands that contains shell metacharacters via a POST request with a psw parameter. This...

9CVSS7.1AI score0.03681EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/22 4:57 p.m.21 views

CVE-2020-22002

An Unauthenticated Server-Side Request Forgery SSRF vulnerability exists in Inim Electronics Smartliving SmartLAN/G/SI =6.x within the GetImage functionality. The application parses user supplied data in the GET parameter 'host' to construct an image request to the service through onvif.cgi. Sinc...

7.5CVSS7.1AI score0.01352EPSS
Exploits1
RedhatCVE
RedhatCVE
added 2025/05/22 3:27 p.m.6 views

CVE-2020-27226

An exploitable SQL injection vulnerability exists in ‘quickFile.jsp’ page of OpenClinic GA 5.173.3. A specially crafted HTTP request can lead to SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability...

8.8CVSS7.9AI score0.01037EPSS
Exploits1
RedhatCVE
RedhatCVE
added 2025/05/22 3:20 p.m.10 views

CVE-2020-23151

rConfig 3.9.5 allows command injection by sending a crafted GET request to lib/ajaxHandlers/ajaxArchiveFiles.php since the path parameter is passed directly to the exec function without being escaped...

9.8CVSS7.4AI score0.05718EPSS
Exploits1
RedhatCVE
RedhatCVE
added 2025/05/22 3:13 p.m.7 views

CVE-2020-14935

Buffer overflows were discovered in Contiki-NG 4.4 through 4.5, in the SNMP bulk get request response encoding function. The function parsing the received SNMP request does not verify the input message's requested variables against the capacity of the internal SNMP engine buffer. When a bulk get...

9.8CVSS7.9AI score0.02502EPSS
Exploits1
RedhatCVE
RedhatCVE
added 2025/05/22 3:11 p.m.7 views

CVE-2020-14505

Advantech iView, versions 5.6 and prior, has an improper neutralization of special elements used in a command “command injection” vulnerability. Successful exploitation of this vulnerability may allow an attacker to send a HTTP GET or POST request that creates a command string without any...

9.8CVSS9.5AI score0.07018EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/22 10:20 a.m.8 views

CVE-2019-15766

The KSLABS KSWEB aka ru.kslabs.ksweb application 3.93 for Android allows authenticated remote code execution via a POST request to the AJAX handler with the configFile parameter set to the arbitrary file to be written to and the configtext parameter set to the content of the file to be created...

8.8CVSS7.8AI score0.03126EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2025/05/20 12:0 a.m.6 views

PT-2025-22136 · Zalo · Zalo

Name of the Vulnerable Software and Affected Versions: Zalo version 23.09.01 Description: The issue allows attackers to obtain sensitive user information via a crafted GET request. Recommendations: For Zalo version 23.09.01, at the moment, there is no information about a newer version that contai...

7.5CVSS5.8AI score0.00401EPSS
Exploits1References5
CNVD
CNVD
added 2025/05/20 12:0 a.m.5 views

Mattermost Permission Issues Vulnerability

Mattermost is an open source collaboration platform from Mattermost, Inc. in the United States. Mattermost suffers from a privilege issue vulnerability that stems from insufficient privilege validation, which can be exploited by an attacker to view group information via an API request...

4.3CVSS6.4AI score0.00257EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/17 12:19 a.m.27 views

CVE-2025-46052

An error-based SQL Injection SQLi vulnerability in WebERP v4.15.2 allows attackers to execute arbitrary SQL command and extract sensitive data by injecting a crafted payload into the DEL form field in a POST request to /StockCounts.php...

9.8CVSS8.5AI score0.00438EPSS
Exploits1References1
CNVD
CNVD
added 2025/05/16 12:0 a.m.6 views

Ivanti Endpoint Manager Mobile Code Execution Vulnerability

Ivanti Endpoint Manager Mobile EPMM is an enterprise-grade mobile device management solution for centralized management and protection of mobile devices in the enterprise, supporting device enrollment, application distribution, security policy enforcement, and more. A code execution vulnerability...

8.8CVSS8.2AI score0.84796EPSS
Exploits10
Github Security Blog
Github Security Blog
added 2025/05/15 6:31 p.m.17 views

Mattermost Fails to Verify User's Permissions When Accessing Groups

Mattermost versions 10.5.x = 10.5.2, 9.11.x = 9.11.11 failed to properly verify a user's permissions when accessing groups, which allows an attacker to view group information via an API request...

4.3CVSS6.7AI score0.00257EPSS
Exploits0References3Affected Software1
The Hacker News
The Hacker News
added 2025/05/12 2:3 p.m.29 views

ASUS Patches DriverHub RCE Flaws Exploitable via HTTP and Crafted .ini Files

ASUS has released updates to address two security flaws impacting ASUS DriverHub that, if successfully exploited, could enable an attacker to leverage the software in order to achieve remote code execution. DriverHub is a tool that's designed to automatically detect the motherboard model of a...

9.4CVSS8.4AI score0.00815EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/09 6:8 p.m.6 views

CVE-2025-20196

A vulnerability in the Cisco IOx application hosting environment of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause the Cisco IOx application hosting environment to stop responding, resulting in a denial of service DoS condition. This...

5.3CVSS7.1AI score0.00359EPSS
Exploits0References1
Rows per page
Query Builder