Lucene search
K

41 matches found

Snyk
Snyk
added 2026/03/25 5:3 p.m.3 views

Command Injection

Overview modoboa is a Mail hosting made simple Affected versions of this package are vulnerable to Command Injection via the execcmd function. An attacker who has Reseller or SuperAdmin privileges can execute arbitrary operating system commands by supplying specially crafted input, such as domain...

8.6CVSS6.1AI score0.00566EPSS
Exploits1References2
Cvelist
Cvelist
added 2026/03/11 6:13 p.m.28 views

CVE-2026-31874 Taskosaur Improper Role Assignment via Parameter Manipulation in User Registration

Taskosaur is an open source project management platform with conversational AI for task execution in-app. In 1.0.0, the application does not properly validate or restrict the role parameter during the user registration process. An attacker can manually modify the request payload and assign...

9.8CVSS0.00638EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2026/03/11 12:0 a.m.7 views

PT-2026-24782

Taskosaur is an open source project management platform with conversational AI for task execution in-app. In 1.0.0, the application does not properly validate or restrict the role parameter during the user registration process. An attacker can manually modify the request payload and assign...

9.8CVSS5.9AI score0.00638EPSS
Exploits1References7
Cvelist
Cvelist
added 2026/03/10 4:44 p.m.27 views

CVE-2026-25836

An improper neutralization of special elements used in an os command 'os command injection' vulnerability in Fortinet FortiSandbox Cloud 5.0.4, FortiSandbox PaaS 5.0.4 may allow a privileged attacker with super-admin profile and CLI access to execute unauthorized code or commands via crafted HTTP...

7.2CVSS0.0176EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 8:58 a.m.8 views

CVE-2023-45581

An improper privilege management vulnerability CWE-269 in Fortinet FortiClientEMS version 7.2.0 through 7.2.2 and before 7.0.10 allows an Site administrator with Super Admin privileges to perform global administrative operations affecting other sites via crafted HTTP or HTTPS requests...

8.8CVSS7AI score0.00823EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2017-15801

Malware in sbrugna...

9.8CVSS9.5AI score0.05476EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2023-49873

Malicious code in bioql PyPI...

8.8CVSS7.4AI score0.00823EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.3 views

EUVD-2025-3725

Malicious code in bioql PyPI...

8.1CVSS9.7AI score0.02988EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.7 views

EUVD-2022-39502

Malicious code in bioql PyPI...

4.9CVSS5.4AI score0.00826EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2025/04/17 12:0 a.m.6 views

FortiOS 7.0.x < 7.0.16 Authentication Bypass

FortiOS version 7.0.x prior to 7.0.16 and FortiProxy version 7.0.x prior to 7.0.19 or 7.2.x prior to 7.2.12 are affected by a vulnerability allowing allows a remote attacker to gain super-admin privileges via a specific crafted requests. No source data...

9.8CVSS7.5AI score0.07243EPSS
Exploits1References2
CISA KEV Catalog
CISA KEV Catalog
added 2025/03/18 12:0 a.m.27 views

Fortinet FortiOS and FortiProxy Authentication Bypass Vulnerability

Fortinet FortiOS and FortiProxy contain an authentication bypass vulnerability that allows a remote attacker to gain super-admin privileges via crafted CSF proxy requests...

8.1CVSS7.8AI score0.02988EPSS
In wildExploits0
NVD
NVD
added 2025/02/11 5:15 p.m.19 views

CVE-2025-24472

An Authentication Bypass Using an Alternate Path or Channel vulnerability CWE-288 affecting FortiOS 7.0.0 through 7.0.16 and FortiProxy 7.2.0 through 7.2.12, 7.0.0 through 7.0.19 may allow a remote unauthenticated attacker with prior knowledge of upstream and downstream devices serial numbers to...

8.1CVSS0.02988EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/02/11 4:50 p.m.18 views

CVE-2025-24472

An Authentication Bypass Using an Alternate Path or Channel vulnerability CWE-288 affecting FortiOS 7.0.0 through 7.0.16 and FortiProxy 7.2.0 through 7.2.12, 7.0.0 through 7.0.19 may allow a remote unauthenticated attacker with prior knowledge of upstream and downstream devices serial numbers to...

8.1CVSS9.8AI score0.02988EPSS
Exploits0References1
CVE
CVE
added 2025/02/11 4:50 p.m.324 views

CVE-2025-24472

CVE-2025-24472 affects Fortinet FortiOS (7.0.0–7.0.16) and FortiProxy (7.2.0–7.2.12, also 7.0.0–7.0.19 in some sources) with an authentication bypass (CWE-288) that can grant super-admin privileges on downstream devices when Security Fabric is enabled. exploitation requires crafting CSF proxy req...

8.1CVSS9.8AI score0.02988EPSS
In wildExploits0References2Affected Software2
ATTACKERKB
ATTACKERKB
added 2025/02/11 12:0 a.m.13 views

CVE-2025-24472

An Authentication Bypass Using an Alternate Path or Channel vulnerability CWE-288 affecting FortiOS 7.0.0 through 7.0.16 and FortiProxy 7.2.0 through 7.2.12, 7.0.0 through 7.0.19 may allow a remote unauthenticated attacker with prior knowledge of upstream and downstream devices serial numbers to...

8.1CVSS9.8AI score0.02988EPSS
In wildExploits0References2
RedhatCVE
RedhatCVE
added 2025/02/05 11:50 a.m.13 views

CVE-2024-7297

Langflow versions prior to 1.0.13 suffer from a Privilege Escalation vulnerability, allowing a remote and low privileged attacker to gain super admin privileges by performing a mass assignment request on the '/api/v1/users' endpoint...

8.8CVSS7AI score0.21346EPSS
Exploits1References1
Information Security Automation
Information Security Automation
added 2025/01/27 8:34 p.m.24 views

About Authentication Bypass – FortiOS (CVE-2024-55591) vulnerability

About Authentication Bypass - FortiOS CVE-2024-55591 vulnerability. A critical flaw allows remote attackers to gain super-admin privileges via crafted requests to the Node.js websocket module. Affected systems include Fortinet devices running FortiOS e.g., FortiGate NGFW and FortiProxy. On Januar...

9.8CVSS7.6AI score0.98259EPSS
Exploits9
GithubExploit
GithubExploit
added 2025/01/24 8:29 p.m.395 views

Exploit for Authentication Bypass Using an Alternate Path or Channel in Fortinet Fortiproxy

CVE-2024-55591 PoC This repository contains an PoC Proof of...

9.8CVSS10AI score0.98259EPSS
Exploits9
NVD
NVD
added 2025/01/14 2:15 p.m.36 views

CVE-2024-55591

An Authentication Bypass Using an Alternate Path or Channel vulnerability CWE-288 affecting FortiOS version 7.0.0 through 7.0.16 and FortiProxy version 7.0.0 through 7.0.19 and 7.2.0 through 7.2.12 allows a remote attacker to gain super-admin privileges via crafted requests to Node.js websocket...

9.8CVSS0.98259EPSS
Exploits9References2
Positive Technologies
Positive Technologies
added 2025/01/14 12:0 a.m.4 views

PT-2025-6278

Name of the Vulnerable Software and Affected Versions FortiOS versions 7.0.0 through 7.0.16 FortiProxy versions 7.0.0 through 7.0.19 FortiProxy versions 7.2.0 through 7.2.12 Description A critical authentication bypass issue exists in FortiOS and FortiProxy, potentially allowing a remote,...

9.8CVSS10AI score0.02988EPSS
Exploits0References112
Rows per page
Query Builder