Lucene search
K

447 matches found

RedhatCVE
RedhatCVE
added 2025/02/05 11:50 a.m.12 views

CVE-2024-7297

Langflow versions prior to 1.0.13 suffer from a Privilege Escalation vulnerability, allowing a remote and low privileged attacker to gain super admin privileges by performing a mass assignment request on the '/api/v1/users' endpoint...

8.8CVSS7AI score0.21346EPSS
Exploits1References1
NCSC
NCSC
added 2025/01/28 10:42 a.m.6 views

Vulnerability fixed in FortiNet FortiOS and FortiProxy

FortiNet has fixed a vulnerability in FortiOS and FortiProxy. The vulnerability is in the node.js implementation of the management Web interface and allows a malicious person to bypass authentication to become super-admin on the vulnerable system without prior authentication or authorizations. Fo...

9.8CVSS6.9AI score0.98259EPSS
Exploits9References1
Information Security Automation
Information Security Automation
added 2025/01/27 8:34 p.m.24 views

About Authentication Bypass – FortiOS (CVE-2024-55591) vulnerability

About Authentication Bypass - FortiOS CVE-2024-55591 vulnerability. A critical flaw allows remote attackers to gain super-admin privileges via crafted requests to the Node.js websocket module. Affected systems include Fortinet devices running FortiOS e.g., FortiGate NGFW and FortiProxy. On Januar...

9.8CVSS7.6AI score0.98259EPSS
Exploits9
GithubExploit
GithubExploit
added 2025/01/24 8:29 p.m.394 views

Exploit for Authentication Bypass Using an Alternate Path or Channel in Fortinet Fortiproxy

CVE-2024-55591 PoC This repository contains an PoC Proof of...

9.8CVSS10AI score0.98259EPSS
Exploits9
OSV
OSV
added 2025/01/14 2:15 p.m.3 views

CVE-2024-55591

An Authentication Bypass Using an Alternate Path or Channel vulnerability CWE-288 affecting FortiOS version 7.0.0 through 7.0.16 and FortiProxy version 7.0.0 through 7.0.19 and 7.2.0 through 7.2.12 allows a remote attacker to gain super-admin privileges via crafted requests to Node.js websocket...

9.8CVSS5.8AI score0.98259EPSS
Exploits9References2
NVD
NVD
added 2025/01/14 2:15 p.m.36 views

CVE-2024-55591

An Authentication Bypass Using an Alternate Path or Channel vulnerability CWE-288 affecting FortiOS version 7.0.0 through 7.0.16 and FortiProxy version 7.0.0 through 7.0.19 and 7.2.0 through 7.2.12 allows a remote attacker to gain super-admin privileges via crafted requests to Node.js websocket...

9.8CVSS0.98259EPSS
Exploits9References2
CISA KEV Catalog
CISA KEV Catalog
added 2025/01/14 12:0 a.m.23 views

Fortinet FortiOS and FortiProxy Authentication Bypass Vulnerability

Fortinet FortiOS and FortiProxy contain an authentication bypass vulnerability that may allow an unauthenticated, remote attacker to gain super-admin privileges via crafted requests to Node.js websocket module...

9.8CVSS9.9AI score0.98259EPSS
In wildExploits9
Positive Technologies
Positive Technologies
added 2025/01/14 12:0 a.m.7 views

PT-2025-1051

Name of the Vulnerable Software and Affected Versions FortiOS versions 7.0.0 through 7.0.16 FortiProxy versions 7.0.0 through 7.0.19 FortiProxy versions 7.2.0 through 7.2.12 Description An authentication bypass issue exists in the Node.js websocket module of FortiOS and FortiProxy, where an...

10CVSS7.5AI score0.98259EPSS
Exploits9References391
Positive Technologies
Positive Technologies
added 2025/01/14 12:0 a.m.3 views

PT-2025-6278

Name of the Vulnerable Software and Affected Versions FortiOS versions 7.0.0 through 7.0.16 FortiProxy versions 7.0.0 through 7.0.19 FortiProxy versions 7.2.0 through 7.2.12 Description A critical authentication bypass issue exists in FortiOS and FortiProxy, potentially allowing a remote,...

9.8CVSS10AI score0.02988EPSS
Exploits0References112
ATTACKERKB
ATTACKERKB
added 2025/01/14 12:0 a.m.96 views

CVE-2024-55591

An Authentication Bypass Using an Alternate Path or Channel vulnerability CWE-288 affecting FortiOS version 7.0.0 through 7.0.16 and FortiProxy version 7.0.0 through 7.0.19 and 7.2.0 through 7.2.12 allows a remote attacker to gain super-admin privileges via crafted requests to Node.js websocket...

9.8CVSS10AI score0.98259EPSS
In wildExploits9References2
Tenable Nessus
Tenable Nessus
added 2025/01/14 12:0 a.m.32 views

Fortinet Fortigate Authentication bypass in Node.js websocket module and CSF requests (FG-IR-24-535)

The version of Fortigate installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the FG-IR-24-535 advisory. - An Authentication Bypass Using an Alternate Path or Channel vulnerability CWE-288 affecting FortiOS 7.0.0 through...

9.8CVSS8.7AI score0.98259EPSS
Exploits9References3
Positive Technologies
Positive Technologies
added 2024/11/12 12:0 a.m.4 views

PT-2024-34521 · Snipe-It · Snipe-It

Name of the Vulnerable Software and Affected Versions: Snipe-IT version 7.0.13 Description: A Stored Cross-Site Scripting XSS issue allows an attacker to upload a malicious XML file containing JavaScript code, potentially leading to privilege escalation when the payload is executed. This could...

8.7CVSS6.6AI score0.00402EPSS
Exploits0References7
OSV
OSV
added 2024/11/06 5:15 p.m.1 views

CVE-2024-20531

A vulnerability in the API of Cisco ISE could allow an authenticated, remote attacker to read arbitrary files on the underlying operating system of an affected device and conduct a server-side request forgery SSRF attack through an affected device. To exploit this vulnerability, the attacker woul...

6.5CVSS5.9AI score0.00361EPSS
Exploits0References1
OSV
OSV
added 2024/11/06 5:15 p.m.1 views

CVE-2024-20529

A vulnerability in the API of Cisco ISE could allow an authenticated, remote attacker to read and delete arbitrary files on an affected device. To exploit this vulnerability, the attacker would need valid Super Admin credentials. This vulnerability is due to insufficient validation of user-suppli...

5.5CVSS5.9AI score0.00526EPSS
Exploits0References1
OSV
OSV
added 2024/11/06 5:15 p.m.2 views

CVE-2024-20527

A vulnerability in the API of Cisco ISE could allow an authenticated, remote attacker to read and delete arbitrary files on an affected device. To exploit this vulnerability, the attacker would need valid Super Admin credentials. This vulnerability is due to insufficient validation of user-suppli...

5.5CVSS5.9AI score0.00526EPSS
Exploits0References1
OSV
OSV
added 2024/11/06 5:15 p.m.1 views

CVE-2024-20528

A vulnerability in the API of Cisco ISE could allow an authenticated, remote attacker to upload files to arbitrary locations on the underlying operating system of an affected device. To exploit this vulnerability, an attacker would need valid Super Admin credentials. This vulnerability is due to...

7.2CVSS6AI score0.00601EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/11/06 4:31 p.m.16 views

CVE-2024-20532 Cisco Identity Services Engine Arbitrary File Read and Delete Vulnerability

A vulnerability in the API of Cisco ISE could allow an authenticated, remote attacker to read and delete arbitrary files on an affected device. To exploit this vulnerability, the attacker would need valid Super Admin credentials. This vulnerability is due to insufficient validation of user-suppli...

5.5CVSS0.00545EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/11/06 4:31 p.m.12 views

CVE-2024-20532 Cisco Identity Services Engine Arbitrary File Read and Delete Vulnerability

A vulnerability in the API of Cisco ISE could allow an authenticated, remote attacker to read and delete arbitrary files on an affected device. To exploit this vulnerability, the attacker would need valid Super Admin credentials. This vulnerability is due to insufficient validation of user-suppli...

5.5CVSS7.1AI score0.00545EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/11/06 4:31 p.m.13 views

CVE-2024-20531 Cisco Identity Services Engine XML External Entity Injection Vulnerability

A vulnerability in the API of Cisco ISE could allow an authenticated, remote attacker to read arbitrary files on the underlying operating system of an affected device and conduct a server-side request forgery SSRF attack through an affected device. To exploit this vulnerability, the attacker woul...

5.5CVSS7.2AI score0.00361EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/11/06 4:30 p.m.15 views

CVE-2024-20529 Cisco Identity Services Engine Arbitrary File Read and Delete Vulnerability

A vulnerability in the API of Cisco ISE could allow an authenticated, remote attacker to read and delete arbitrary files on an affected device. To exploit this vulnerability, the attacker would need valid Super Admin credentials. This vulnerability is due to insufficient validation of user-suppli...

5.5CVSS0.00526EPSS
Exploits0References1
Rows per page
Query Builder