CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

48 matches found

Positive Technologies•added 2024/11/07 12:0 a.m.•2 views

PT-2024-33292 · Logpoint · Logpoint

Name of the Vulnerable Software and Affected Versions: Logpoint versions prior to 7.5.0 Description: An issue was discovered in Logpoint where an endpoint used by Distributed Logpoint Setup was exposed. This exposure allows unauthenticated attackers to bypass CSRF protections and authentication...

7.5CVSS7.4AI score0.00161EPSS

Exploits0References7

Positive Technologies•added 2024/09/27 12:0 a.m.•2 views

PT-2024-20926 · Flatpress · Flatpress

Name of the Vulnerable Software and Affected Versions: Flatpress version 1.3 Description: A cross-site scripting XSS issue allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the username parameter in the "setup.php" endpoint. Recommendations: For Flatpre...

6.1CVSS6.2AI score0.19678EPSS

Exploits1References8

Positive Technologies•added 2024/05/24 12:0 a.m.•2 views

PT-2024-13754 · Unknown · Vx Search Enterprise

Name of the Vulnerable Software and Affected Versions: VX Search Enterprise version 10.2.14 Description: A vulnerability has been discovered that could allow an attacker to execute persistent XSS through the "/setup smtp" API endpoint in the smtp server, smtp user, smtp password, and smtp email...

7.1CVSS6.3AI score0.0011EPSS

Exploits0References4

OSV•added 2023/11/16 5:15 p.m.•1 views

CVE-2023-6038

A Local File Inclusion LFI vulnerability exists in the h2o-3 REST API, allowing unauthenticated remote attackers to read arbitrary files on the server with the permissions of the user running the h2o-3 instance. This issue affects the default installation and does not require user interaction. Th...

7.5CVSS6AI score0.63282EPSS

Exploits1References1

Positive Technologies•added 2023/11/16 12:0 a.m.•2 views

PT-2023-32489 · H2O-3 · H2O-3

Name of the Vulnerable Software and Affected Versions: h2o-3 version 3.40.0.4 Description: A Local File Inclusion LFI issue exists in the h2o-3 REST API, allowing unauthenticated remote attackers to read arbitrary files on the server with the permissions of the user running the h2o-3 instance. Th...

9.3CVSS7.3AI score0.63282EPSS

Exploits1References6

Positive Technologies•added 2023/07/11 12:0 a.m.•1 views

PT-2023-25880 · Pimcore · Pimcore Admin Classic Bundle

Name of the Vulnerable Software and Affected Versions: Pimcore Admin Classic Bundle versions prior to 1.0.3 Description: The issue allows for unauthenticated HTML injection or cross-site scripting XSS, affecting admins who have not set up two-factor authentication. This can cause the application ...

6.1CVSS6.3AI score0.00018EPSS

Exploits0References8

Positive Technologies•added 2021/06/24 12:0 a.m.•3 views

PT-2021-10662 · Phpcms · Phpcms

Name of the Vulnerable Software and Affected Versions: phpwcms version 1.9.13 Description: The issue allows for Code Injection via the "/phpwcms/setup/setup.php" API endpoint. Recommendations: For phpwcms version 1.9.13, at the moment, there is no information about a newer version that contains a...

9.8CVSS9.6AI score0.00592EPSS

Exploits1References5

OSV•added 2016/09/19 1:59 a.m.•1 views

CVE-2016-6536

The /setup URI on AVer Information EH6108H+ devices with firmware X9.03.24.00.07l allows remote attackers to bypass intended page-access restrictions or modify passwords by leveraging knowledge of a handle parameter value...

9.8CVSS5.8AI score

Exploits0References2

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by