Lucene search
K

377 matches found

BDU FSTEC
BDU FSTEC
added 2024/12/18 12:0 a.m.5 views

The vulnerability of the Ruijie Reyee OS operating system’s proxy server allows a hacker to execute an SSRF attack.

The vulnerability of the Ruijie Reyee OS operating system’s proxy server is related to insufficient checking of requests on the server side. Exploiting this vulnerability allows a remote attacker to execute an SSRF attack...

10CVSS8.3AI score0.00605EPSS
Exploits0References3Affected Software1
BDU FSTEC
BDU FSTEC
added 2024/11/29 12:0 a.m.5 views

The vulnerability of the GNU Wget download manager, related to insufficient validation of requests on the server side, allows a perpetrator to execute SSRF attacks, spear-phishing attacks, or “man-in-the-middle” attacks.

The vulnerability of the GNU Wget download manager is related to insufficient validation of requests on the server side. Exploiting this vulnerability can allow a remote attacker to execute an SSRF attack, a man-in-the-middle attack, or another type of attack...

6.5CVSS7.4AI score0.0111EPSS
Exploits0References11Affected Software4
Vulnrichment
Vulnrichment
added 2024/11/26 6:52 p.m.23 views

CVE-2024-52008 Password Policy Bypass Vulnerability in Fides Webserver

Fides is an open-source privacy engineering platform. The user invite acceptance API endpoint lacks server-side password policy enforcement, allowing users to set arbitrarily weak passwords by bypassing client-side validation. While the UI enforces password complexity requirements, direct API cal...

2CVSS6.9AI score0.00536EPSS
Exploits0References1
OSV
OSV
added 2024/11/26 4:36 p.m.12 views

GHSA-V7VM-RHMG-8J2R Password Policy Bypass Vulnerability in Fides Webserver User Accept Invite API

Summary The user invite acceptance API endpoint lacks server-side password policy enforcement, allowing users to set arbitrarily weak passwords by bypassing client-side validation. While the UI enforces password complexity requirements, direct API calls can circumvent these checks, enabling the...

5.7CVSS6.3AI score0.00536EPSS
Exploits0References4
BDU FSTEC
BDU FSTEC
added 2024/11/22 12:0 a.m.6 views

The vulnerability of the Apache OFBiz resource planning software lies in the insufficient validation of requests on the server side, allowing attackers to execute SSRF attacks.

The vulnerability of Apache OFBiz’s resource planning software lies in insufficient validation of requests on the server side. Exploiting this vulnerability allows a malicious actor to execute an SSRF attack remotely...

10CVSS5.6AI score0.01609EPSS
Exploits0References5Affected Software1
BDU FSTEC
BDU FSTEC
added 2024/11/13 12:0 a.m.6 views

The vulnerability of the Git-based software platform for collaborative code development in GitLab Enterprise Edition lies in insufficient validation of requests on the server side, allowing attackers to execute SSRF attacks.

The vulnerability of the Git-based software platform for collaborative code development in GitLab Enterprise Edition is related to insufficient testing of requests on the server side. Exploiting this vulnerability allows a malicious actor to perform SSRF attacks using the user-defined URL address...

7.7CVSS5.6AI score0.00555EPSS
Exploits0References5Affected Software1
NVD
NVD
added 2024/11/06 5:15 p.m.20 views

CVE-2024-20476

A vulnerability in the web-based management interface of Cisco ISE could allow an authenticated, remote attacker to bypass the authorization mechanisms for specific file management functions. This vulnerability is due to lack of server-side validation of Administrator permissions. An attacker cou...

4.9CVSS0.00344EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/11/06 4:31 p.m.13 views

CVE-2024-20537 Cisco Identity Services Engine Authorization Bypass Vulnerability

A vulnerability in the web-based management interface of Cisco ISE could allow an authenticated, remote attacker to bypass the authorization mechanisms for specific administrative functions. This vulnerability is due to a lack of server-side validation of Administrator permissions. An attacker...

6.5CVSS0.00473EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/11/06 4:31 p.m.20 views

CVE-2024-20537 Cisco Identity Services Engine Authorization Bypass Vulnerability

A vulnerability in the web-based management interface of Cisco ISE could allow an authenticated, remote attacker to bypass the authorization mechanisms for specific administrative functions. This vulnerability is due to a lack of server-side validation of Administrator permissions. An attacker...

6.5CVSS7.2AI score0.00473EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/11/06 4:28 p.m.25 views

CVE-2024-20476 Cisco Identity Services Engine Authorization Bypass Vulnerability

A vulnerability in the web-based management interface of Cisco ISE could allow an authenticated, remote attacker to bypass the authorization mechanisms for specific file management functions. This vulnerability is due to lack of server-side validation of Administrator permissions. An attacker cou...

4.3CVSS6.9AI score0.00344EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/11/06 4:28 p.m.19 views

CVE-2024-20476 Cisco Identity Services Engine Authorization Bypass Vulnerability

A vulnerability in the web-based management interface of Cisco ISE could allow an authenticated, remote attacker to bypass the authorization mechanisms for specific file management functions. This vulnerability is due to lack of server-side validation of Administrator permissions. An attacker cou...

4.3CVSS0.00344EPSS
Exploits0References1
CVE
CVE
added 2024/11/06 4:28 p.m.55 views

CVE-2024-20476

CVE-2024-20476 affects Cisco Identity Services Engine (ISE) in its web-based management interface. The issue stems from lack of server-side validation of Administrator permissions, allowing an authenticated, remote attacker to bypass file-management authorization. An attacker could exploit this b...

4.9CVSS4.6AI score0.00344EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2024/11/06 12:0 a.m.3 views

Cisco Identity Services Engine 安全漏洞

Cisco Identity Services Engine Cisco ISE is an environment-aware platform ISE Identity Services Engine from Cisco USA. The platform regulates the network by collecting real-time information from the network, users, and devices, and formulating and enforcing policies accordingly. The Cisco Identit...

6.5CVSS5.7AI score0.00473EPSS
Exploits0References2
OSV
OSV
added 2024/11/01 12:15 p.m.19 views

CVE-2024-7456

A SQL injection vulnerability exists in the /api/v1/external-users route of lunary-ai/lunary version v1.4.2. The order by clause of the SQL query uses sql.unsafe without prior sanitization, allowing for SQL injection. The orderByClause variable is constructed without server-side validation or...

9.8CVSS8.6AI score0.01359EPSS
Exploits1References2
Github Security Blog
Github Security Blog
added 2024/10/22 6:12 p.m.27 views

Umbraco has a Potential Code Execution Risk When Viewing SVG Files in Full Screen in Backoffice

Impact There is a potential risk of code execution for Backoffice users when they “preview” SVG files in full screen mode. Workarounds Server-side file validation is available to strip script tags from file's content during the file upload process...

4.6CVSS7.3AI score0.00428EPSS
Exploits0References3Affected Software2
Positive Technologies
Positive Technologies
added 2024/10/22 12:0 a.m.17 views

PT-2024-33275 · Umbraco · Umbraco

Name of the Vulnerable Software and Affected Versions: Umbraco versions 13.x prior to 13.5.2 Umbraco versions 10.x prior to 10.8.7 Umbraco versions 8.x prior to 8.18.15 Description: There is a potential risk of code execution for Backoffice users when they “preview” SVG files in full screen mode...

4.6CVSS8.1AI score0.00428EPSS
Exploits0References9
Veracode
Veracode
added 2024/10/16 8:28 a.m.13 views

Cross-site Scripting (XSS)

gradio is vulnerable to Cross-site Scripting XSS. The vulnerability is due to inadequate file type restrictions or server-side validation for the upload of HTML, JS, or SVG files. An attacker can execute unauthorized actions or steal sensitive information by uploading malicious scripts that execu...

6.9CVSS6.2AI score0.00252EPSS
Exploits0References3Affected Software1
PyPA
PyPA
added 2024/10/10 11:15 p.m.5 views

PYSEC-2024-220

Gradio is an open-source Python package designed for quick prototyping. This vulnerability involves Cross-Site Scripting XSS on any Gradio server that allows file uploads. Authenticated users can upload files such as HTML, JavaScript, or SVG files containing malicious scripts. When other users...

6.9CVSS6.5AI score0.00252EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2024/10/10 11:15 p.m.9 views

PYSEC-2024-220

Gradio is an open-source Python package designed for quick prototyping. This vulnerability involves Cross-Site Scripting XSS on any Gradio server that allows file uploads. Authenticated users can upload files such as HTML, JavaScript, or SVG files containing malicious scripts. When other users...

5.4CVSS5.4AI score0.00252EPSS
Exploits0References1
NVD
NVD
added 2024/10/10 11:15 p.m.21 views

CVE-2024-47872

Gradio is an open-source Python package designed for quick prototyping. This vulnerability involves Cross-Site Scripting XSS on any Gradio server that allows file uploads. Authenticated users can upload files such as HTML, JavaScript, or SVG files containing malicious scripts. When other users...

6.9CVSS0.00252EPSS
Exploits0References1
Rows per page
Query Builder