Lucene search
K

213 matches found

RedhatCVE
RedhatCVE
added 2025/05/23 4:55 a.m.11 views

CVE-2023-24527

SAP NetWeaver AS Java for Deploy Service - version 7.5, does not perform any access control checks for functionalities that require user identity enabling an unauthenticated attacker to attach to an open interface and make use of an open naming and directory API to access a service which will...

5.3CVSS7AI score0.00452EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 1:10 a.m.11 views

CVE-2022-42160

D-Link COVR 1200,1202,1203 v1.08 was discovered to contain a command injection vulnerability via the systemtimetimezone parameter at function SetNTPServerSettings...

8.8CVSS8AI score0.02729EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/23 1:6 a.m.11 views

CVE-2022-28076

Seacms v11.6 was discovered to contain a remote command execution RCE vulnerability via the Mail Server Settings...

7.2CVSS7.7AI score0.02091EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/23 12:19 a.m.6 views

CVE-2022-45897

On Xerox WorkCentre 3550 25.003.03.000 devices, an authenticated attacker can view the SMB server settings and can obtain the stored cleartext credentials associated with those settings...

6.5CVSS6.5AI score0.00389EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 10:43 p.m.10 views

CVE-2022-45039

An arbitrary file upload vulnerability in the Server Settings module of WBCE CMS v1.5.4 allows attackers to execute arbitrary code via a crafted PHP file...

7.2CVSS7.8AI score0.01034EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 9:23 p.m.8 views

CVE-2021-29004

rConfig 3.9.6 is affected by SQL Injection. A user must be authenticated to exploit the vulnerability. If --secure-file-priv in MySQL server is not set and the Mysql server is the same as rConfig, an attacker may successfully upload a webshell to the server and access it remotely...

8.8CVSS7.2AI score0.02017EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 8:49 p.m.6 views

CVE-2021-4375

The Welcart e-Commerce plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the uscesdownloadsysteminformation function in versions up to, and including, 2.2.7. This makes it possible for authenticated attackers to download information including WordPres...

4.3CVSS5.9AI score0.0061EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 6:47 p.m.6 views

CVE-2021-41590

In Gradle Enterprise through 2021.3, probing of the server-side network environment can occur via an SMTP configuration test. The installation configuration user interface available to administrators allows testing the configured SMTP server settings. This test function can be used to identify th...

5.3CVSS6.6AI score0.00775EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/22 3:7 p.m.14 views

CVE-2020-10541

Zoho ManageEngine OpManager before 12.4.179 allows remote code execution via a specially crafted Mail Server Settings v1 API request. This was fixed in 12.5.108...

9.8CVSS7.9AI score0.10099EPSS
Exploits0References1
BDU FSTEC
BDU FSTEC
added 2025/05/12 12:0 a.m.8 views

The vulnerability of the SetVirtualServerSettings module in D-Link DIR-853 A1 router microprogramming software allows a hacker to execute arbitrary commands.

The vulnerability of the SetVirtualServerSettings module in D-Link DIR-853 A1 router microprogramming software is related to the lack of measures taken to clean data at the management level. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands...

9CVSS7AI score0.01671EPSS
Exploits1References4Affected Software1
Positive Technologies
Positive Technologies
added 2025/05/08 12:0 a.m.9 views

PT-2025-20402

Name of the Vulnerable Software and Affected Versions Eclipse Jetty versions 12.0.0 through 12.0.16 Description The issue arises when an HTTP/2 client specifies a very large value for the HTTP/2 settings parameter SETTINGS MAX HEADER LIST SIZE. The Jetty HTTP/2 server fails to validate this setti...

7.5CVSS7.2AI score0.00625EPSS
Exploits0References21
OSV
OSV
added 2025/02/12 5:15 p.m.2 views

CVE-2025-25743

D-Link DIR-853 A1 FW1.20B07 was discovered to contain a command injection vulnerability in the SetVirtualServerSettings module...

7.2CVSS5.8AI score
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/02/07 12:0 a.m.6 views

PT-2025-7101 · D Link · D-Link Dir-853

Name of the Vulnerable Software and Affected Versions: D-Link DIR-853 A1 version FW1.20B07 Description: A command injection issue was discovered in the SetVirtualServerSettings module. This allows for potential exploitation. Recommendations: For D-Link DIR-853 A1 version FW1.20B07, consider...

9CVSS7.8AI score0.01671EPSS
Exploits1References7
CNNVD
CNNVD
added 2024/12/12 12:0 a.m.8 views

Open Design Alliance CDE inWEB SDK 安全漏洞

Open Design Alliance CDE inWEB SDK is an application organized by the Open Design Alliance ODA. Web application for editing, creating and viewing DWGs. A security vulnerability exists in versions of the Open Design Alliance CDE inWEB SDK prior to 2025.3, which arises from the installation of CDE...

6.9CVSS6.5AI score0.00647EPSS
Exploits0References1
CVE
CVE
added 2024/11/04 12:0 a.m.68 views

CVE-2024-34885

The CVE-2024-34885 entry concerns Bitrix24 (1C-Bitrix Bitrix24) version 23.300.100, where credentials in SMTP server settings are insufficiently protected. The underlying issue allows remote administrators to read SMTP account passwords via an HTTP GET request. The vulnerability impacts confident...

6.8CVSS6.6AI score0.00424EPSS
Exploits1References1Affected Software1
Snyk
Snyk
added 2024/10/28 12:23 p.m.6 views

Command Injection

Overview pyload-ng is a The free and open-source Download Manager written in pure Python Affected versions of this package are vulnerable to Command Injection via the flashgot API and the download process. An attacker can execute arbitrary code by manipulating the download path to target the...

9.2CVSS8AI score0.00679EPSS
Exploits1References2
OSV
OSV
added 2024/10/25 11:15 p.m.7 views

PYSEC-2024-302

pyLoad is a free and open-source Download Manager. The folder /.pyload/scripts has scripts which are run when certain actions are completed, for e.g. a download is finished. By downloading a executable file to a folder in /scripts and performing the respective action, remote code execution can be...

2.3CVSS6.7AI score0.00679EPSS
Exploits1References1
OSV
OSV
added 2024/10/17 6:15 p.m.6 views

CVE-2024-48633

D-Link DIR882FW130B06 and DIR878 DIR878FW130B08 were discovered to contain multiple command injection vulnerabilities via the ExternalPort, InternalPort, ProtocolNumber, and LocalIPAddress parameters in the SetVirtualServerSettings function. This vulnerability allows attackers to execute arbitrar...

8CVSS6AI score0.02049EPSS
Exploits0References2
OSV
OSV
added 2024/10/08 4:15 p.m.1 views

CVE-2024-47951

In JetBrains TeamCity before 2024.07.3 stored XSS was possible via server global settings...

5.4CVSS5.8AI score
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/08/22 6:29 a.m.10 views

CVE-2024-32939 Email addresses of remote users visible in props regardless of server settings

Mattermost versions 9.9.x = 9.9.1, 9.5.x = 9.5.7, 9.10.x = 9.10.0, 9.8.x = 9.8.2, when shared channels are enabled, fail to redact remote users' original email addresses stored in user props when email addresses are otherwise configured not to be visible in the local server."...

4.3CVSS6.6AI score0.0022EPSS
Exploits0References1
Rows per page
Query Builder