Lucene search
K

405 matches found

BDU FSTEC
BDU FSTEC
added 2025/06/02 12:0 a.m.5 views

The vulnerability of the Interaction Center web client component of the SAP CRM system, which is used for managing customer relationships, as well as the SAP S/4HANA software platform, allows a attacker to perform a SSRF attack.

The vulnerability of the Interaction Center web client component of the SAP CRM and SAP S/4HANA software system relates to insufficient validation of incoming requests. Exploiting this vulnerability could allow a malicious actor to execute an SSRF attack remotely...

3.5CVSS5.5AI score0.00231EPSS
Exploits0References2Affected Software2
RedhatCVE
RedhatCVE
added 2025/05/23 7:8 a.m.6 views

CVE-2024-56924

A Cross Site Request Forgery CSRF vulnerability in Code Astro Internet banking system 2.0.0 allows remote attackers to execute arbitrary JavaScript on the admin page pagesaccount, potentially leading to unauthorized actions such as changing account settings or stealing sensitive user information...

7.3CVSS7.8AI score0.00438EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2025/05/23 5:6 a.m.6 views

CVE-2023-5967

Mattermost fails to properly validate requests to the Calls plugin, allowing an attacker sending a request without a User Agent header to cause a panic and crash the Calls plugin...

4.3CVSS6.7AI score0.00508EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 4:10 a.m.10 views

CVE-2023-39286

A vulnerability in the Connect Mobility Router component of Mitel MiVoice Connect through 9.6.2304.102 could allow an unauthenticated attacker to perform a Cross Site Request Forgery CSRF attack due to insufficient request validation. A successful exploit could allow an attacker to provide a...

4.3CVSS7AI score0.00233EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/23 2:2 a.m.7 views

CVE-2023-33476

ReadyMedia MiniDLNA versions from 1.1.15 up to 1.3.2 is vulnerable to Buffer Overflow. The vulnerability is caused by incorrect validation logic when handling HTTP requests using chunked transport encoding. This results in other code later using attacker-controlled chunk values that exceed the...

9.8CVSS6.8AI score0.02061EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2025/05/22 9:21 p.m.12 views

CVE-2021-41554

ARCHIBUS Web Central 21.3.3.815 a version from 2014 does not properly validate requests for access to data and functionality in these affected endpoints: /archibus/schema/ab-edit-users.axvw, /archibus/schema/ab-data-dictionary-table.axvw, /archibus/schema/ab-schema-add-field.axvw,...

8.8CVSS6.6AI score0.00847EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/22 6:28 p.m.7 views

CVE-2021-28122

A request-validation issue was discovered in Open5GS 2.1.3 through 2.2.x before 2.2.1. The WebUI component allows an unauthenticated user to use a crafted HTTP API request to create, read, update, or delete entries in the subscriber database. For example, new administrative users can be added. Th...

9.8CVSS6.9AI score0.03962EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 10:27 a.m.9 views

CVE-2019-1234

A spoofing vulnerability exists when Azure Stack fails to validate certain requests, aka 'Azure Stack Spoofing Vulnerability'...

7.5CVSS6.8AI score0.57938EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 3:23 a.m.9 views

CVE-2011-4883

The web server in Certec atvise webMI2ADS aka webMI before 2.0.2 does not properly validate values in HTTP requests, which allows remote attackers to cause a denial of service resource consumption via a crafted request...

5CVSS6.9AI score0.03159EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/05/15 12:0 a.m.2 views

WordPress plugin WOOEXIM 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...

6.1CVSS6AI score0.00146EPSS
Exploits1References1
Veracode
Veracode
added 2025/05/14 3:15 a.m.18 views

Session Hijacking

code-server is vulnerable to session hijacking. The vulnerability is due to insufficient validation of proxy request URLs, specifically the failure to properly validate the port and domain in requests using the /proxy subpath, allows attackers to redirect traffic—including session cookies—to...

8.3CVSS6.8AI score0.34266EPSS
Exploits0References4Affected Software1
Veracode
Veracode
added 2025/05/05 12:22 p.m.9 views

Insufficient Verification Of Data Authenticity

react-router is vulnerable to data spoofing. The vulnerability is due to improper request validation allows the ability to manipulate pre-rendered data via custom headers, allowing full modification of the data object embedded in HTML...

8.2CVSS6.6AI score0.00737EPSS
Exploits0References4Affected Software1
Positive Technologies
Positive Technologies
added 2025/04/17 12:0 a.m.4 views

PT-2025-16993 · Unknown · Illow – Cookies Consent

Name of the Vulnerable Software and Affected Versions: illow – Cookies Consent versions 0.2.0 and earlier Description: The issue is a Cross-Site Request Forgery CSRF vulnerability, which allows Cross Site Request Forgery. This means an attacker can trick a user into performing unintended actions ...

4.3CVSS5.4AI score0.0014EPSS
Exploits0References3
Redos
Redos
added 2025/04/17 12:0 a.m.10 views

ROS-20250417-06

Vulnerability in moodle virtual learning environment is related to insufficient validation of HTTP request source in the confirmedsesskey. Exploitation of the vulnerability could allow an attacker acting remotely to perform Cross-site request forgery attacks...

8.8CVSS6.8AI score0.00455EPSS
Exploits0
CNNVD
CNNVD
added 2025/04/15 12:0 a.m.2 views

Ash Authentication 访问控制错误漏洞

Ash Authentication is an Ash authentication framework open-sourced by Alembic. An access control error vulnerability exists in Ash Authentication versions prior to 4.7.0 that originates in the GET request validation process and could lead to automatic account validation...

5.3CVSS6.6AI score0.00271EPSS
Exploits0References2
Wallarm Lab
Wallarm Lab
added 2025/04/10 3:16 p.m.15 views

Meeting NIST API Security Guidelines with Wallarm

On March 25, 2025, NIST released the initial public draft of NIST SP 800-228, "Guidelines for API Protection for Cloud-Native Systems." The document provides a comprehensive framework for securing APIs in cloud-enabled environments. However, for organizations looking to align with these objective...

7.6AI score
Exploits0
Positive Technologies
Positive Technologies
added 2025/04/09 12:0 a.m.3 views

PT-2025-15779 · Unknown · Sudavar Codescar Radio Widget

Name of the Vulnerable Software and Affected Versions: Sudavar Codescar Radio Widget versions 0.4.2 and earlier Description: The issue is a Cross-Site Request Forgery CSRF vulnerability that allows Stored XSS. This means an attacker can trick a user into performing unintended actions on a web...

7.1CVSS7.5AI score0.00173EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2025/04/07 11:15 a.m.3 views

CVE-2024-45557

Memory corruption can occur when TME processes addresses from TZ and MPSS requests without proper validation...

7.8CVSS5.8AI score0.00093EPSS
Exploits0References2
BDU FSTEC
BDU FSTEC
added 2025/04/04 12:0 a.m.6 views

The vulnerability of the modOSCE component of the Trend Micro Apex Central security monitoring and management tool allows a malicious actor to gain unauthorized access to protected information.

The vulnerability of the modOSCE component of the Trend Micro Apex Central security monitoring and management tool is related to insufficient checking of incoming requests. Exploiting this vulnerability could allow an attacker operating remotely to gain unauthorized access to protected informatio...

7.8CVSS6.5AI score0.00299EPSS
Exploits0References2
BDU FSTEC
BDU FSTEC
added 2025/03/24 12:0 a.m.6 views

The vulnerability of the VMware Aria Automation (formerly vRealize Automation) automation software and the VMware Cloud Foundation virtualization platform, related to insufficient validation of incoming requests, allows a attacker to perform an SSRF attack.

The vulnerability of the VMware Aria Automation formerly vRealize Automation and VMware Cloud Foundation virtualization platform lies in the insufficient verification of incoming requests. Exploiting this vulnerability allows a malicious actor to execute an SSRF attack by sending a specially...

4.3CVSS5.5AI score0.00247EPSS
Exploits0References3
Rows per page
Query Builder