Lucene search
K

184 matches found

CVE
CVE
added 2025/01/17 8:18 p.m.1201 views

CVE-2025-23202

The CVE-2025-23202 entry concerns the Bible Module for ROBLOX. The vulnerable components are the FetchVerse and FetchPassage functions, which lack input validation, enabling injection attacks that could manipulate API request URLs and potentially lead to unauthorized access or data tampering. The...

10CVSS7.2AI score0.00375EPSS
Exploits0References2
CVE
CVE
added 2025/01/14 2:21 p.m.54 views

CVE-2024-39273

CVE-2024-39273 affects the Wavlink AC3000 router (M33A8.V5030.210505). Talos reports a firmware-update vulnerability in the fw_check.sh script used to fetch updates from two HTTP URLs. The vulnerability arises from lack of authentication and the ability to fetch and validate firmware metadata ove...

9CVSS7AI score0.01046EPSS
Exploits1References2Affected Software1
Vulnrichment
Vulnrichment
added 2024/12/06 3:57 p.m.14 views

CVE-2024-30129 HCL Nomad server on Domino is affected by a host header injection vulnerability

The HTTP host header can be manipulated and cause the application to behave in unexpected ways. Any changes made to the header would cause the request to be sent to a completely different domain/IP address...

5.3CVSS6.8AI score0.00301EPSS
Exploits0References1
Debian
Debian
added 2024/11/28 3:34 p.m.16 views

[SECURITY] [DLA 3970-1] twisted security update

------------------------------------------------------------------------- Debian LTS Advisory DLA-3970-1 [email protected] https://www.debian.org/lts/security/ Sylvain Beucler November 28, 2024 https://wiki.debian.org/LTS -...

8.3CVSS6.8AI score0.01176EPSS
Exploits2
OSV
OSV
added 2024/10/11 2:55 p.m.7 views

CVE-2024-47830 Plane allows server side request forgery via /_next/image endpoint

Plane is an open-source project management tool. Plane uses the wildcard support to retrieve the image from any hostname as in /web/next.config.js. This may permit an attacker to induce the server side into performing requests to unintended locations. This vulnerability is fixed in 0.23.0...

9.3CVSS6.8AI score0.00553EPSS
Exploits1References4
BDU FSTEC
BDU FSTEC
added 2024/09/11 12:0 a.m.6 views

The vulnerability of the software platforms for developing and managing Magento Open Source and Adobe Commerce online stores relates to the possibility of manipulating cross-site requests. This allows attackers to bypass security restrictions and carry out CSRF attacks.

The vulnerability of the Magento Open Source and Adobe Commerce software platforms for developing and managing online stores is related to the manipulation of cross-site requests. Exploiting this vulnerability allows a malicious actor to bypass security restrictions and perform CSRF attacks...

4.3CVSS5.2AI score0.00449EPSS
Exploits0References2Affected Software2
NVD
NVD
added 2024/06/14 2:15 p.m.15 views

CVE-2024-5731

A vulnerability in the IPS Manager, Central Manager, and Local Manager communication workflow allows an attacker to control the destination of a request by manipulating the parameter, thereby leveraging sensitive information...

6.8CVSS0.00272EPSS
Exploits0References1
BDU FSTEC
BDU FSTEC
added 2024/06/04 12:0 a.m.6 views

The vulnerability of the WOPI protocol implementation in the MyOffice SDK software development kit allows a hacker to manipulate requests from the server.

The vulnerability of the WOPI protocol implementation in the MyOffice SDK software relates to insufficient validation of incoming requests. Exploiting this vulnerability allows a malicious actor to manipulate requests from the server remotely...

5.3CVSS5.4AI score0.00534EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2024/05/17 4:15 p.m.2 views

CVE-2024-5072

Improper input validation in PAM JIT elevation feature in Devolutions Server 2024.1.11.0 and earlier allows an authenticated user with access to the PAM JIT elevation feature to manipulate the LDAP filter query via a specially crafted request...

6.5CVSS5.8AI score0.00678EPSS
Exploits0References1
Veracode
Veracode
added 2024/05/15 8:57 a.m.13 views

URL Manipulation

oceanic.js is vulnerable to a URL Manipulation. The vulnerability is due to improper input handling in certain functions such as Client.rest.channels.removeBan, which allows an attacker to manipulate the request specially crafted input to be normalized into unintended URLs, potentially resulting ...

6.5CVSS6.9AI score0.00551EPSS
Exploits0References2Affected Software1
Amazon
Amazon
added 2024/05/15 12:0 a.m.46 views

Medium: cni-plugins

Issue Overview: A malicious HTTP sender can use chunk extensions to cause a receiver reading from a request or response body to read many more bytes from the network than are in the body. A malicious HTTP client can further exploit this to cause a server to automatically read a large amount of da...

5.3CVSS7.2AI score0.01208EPSS
Exploits0
Cvelist
Cvelist
added 2024/05/13 5:29 p.m.29 views

CVE-2024-34223

Insecure permission vulnerability in /hrm/leaverequest.php in SourceCodester Human Resource Management System 1.0 allow attackers to approve or reject leave ticket...

6.8AI score0.00477EPSS
Exploits1References1
OSV
OSV
added 2024/04/29 5:15 p.m.12 views

CVE-2024-32493

An issue was discovered in Znuny LTS 6.5.1 through 6.5.7 and Znuny 7.0.1 through 7.0.16 where a logged-in agent is able to inject SQL in the draft form ID parameter of an AJAX request...

8.8CVSS7.3AI score
Exploits0References2
BDU FSTEC
BDU FSTEC
added 2024/03/13 12:0 a.m.5 views

The vulnerability of the IBM Engineering Requirements Management DOORS application, related to the manipulation of inter-site requests, allows a perpetrator to execute arbitrary commands.

The vulnerability of the IBM Engineering Requirements Management DOORS application relates to the manipulation of inter-site requests. Exploiting this vulnerability allows a malicious actor to execute arbitrary commands remotely...

7.8CVSS7.2AI score0.00247EPSS
Exploits0References3Affected Software1
Positive Technologies
Positive Technologies
added 2024/02/12 12:0 a.m.7 views

PT-2024-3864 · Sap · Sap Fiori App

Name of the Vulnerable Software and Affected Versions: SAP Fiori app My Overtime Request version 605 Description: The issue is related to the absence of necessary authorization checks for authenticated users, which may lead to an escalation of privileges. It is possible to manipulate the URLs of...

4.3CVSS7.3AI score0.00319EPSS
Exploits0References8
CVE
CVE
added 2024/01/10 1:4 p.m.51 views

CVE-2023-48256

The CVE-2023-48256 entry concerns Bosch Nexo Cordless Nutrunner and related components. The root cause is insufficient handling of CRLF sequences in HTTP headers, which allows a remote attacker to inject arbitrary HTTP response headers or manipulate the HTTP response body within a victim’s sessio...

6.3CVSS6.2AI score0.00302EPSS
Exploits0References1Affected Software1
GithubExploit
GithubExploit
added 2024/01/04 2:46 p.m.969 views

Exploit for Server-Side Request Forgery in Rbaskets Request_Baskets

CVE-2023-27163 !WARNING This is an educational projec...

6.5CVSS6.3AI score0.06976EPSS
Exploits29
CVE
CVE
added 2023/11/30 4:49 a.m.50 views

CVE-2023-49094

Symbolicator (the symbolication service) is affected by a Server-Side Request Forgery (SSRF) where a specially crafted HTTP endpoint can trigger the service to send arbitrary GET requests to internal IPs. The attacker could have the response reflected back if they have an account on the Sentry in...

4.3CVSS4.7AI score0.00705EPSS
Exploits0References4Affected Software1
CVE
CVE
added 2023/10/26 12:0 a.m.68 views

CVE-2023-45868

CVE-2023-45868 concerns the Learning Module in ILIAS 7.25 (2023-09-12 release). The vulnerability allows a high-impact Directory Traversal leading to confidentiality and availability loss. An attacker with basic user privileges can exploit the issue by manipulating a POST request during exercise ...

8.1CVSS7.9AI score0.01116EPSS
Exploits1References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2023/10/04 12:15 p.m.1 views

CVE-2023-22618

If Security Hardening guide rules are not followed, then Nokia WaveLite products allow a local user to create new users with administrative privileges by manipulating a web request. This affects for example WaveLite Metro 200 and Fan, WaveLite Metro 200 OPS and Fans, WaveLite Metro 200 and F2B...

8.1CVSS7.1AI score0.00151EPSS
Exploits0References3
Rows per page
Query Builder