Lucene search
K

447 matches found

CVE
CVE
added 2024/11/06 4:30 p.m.80 views

CVE-2024-20529

Cisco Identity Services Engine (ISE) API vulnerability could allow an authenticated remote attacker with Super Admin credentials to read or delete arbitrary files due to insufficient validation of user-supplied API parameters. PT-2024-18676 notes affected software prior to 3.3.0 and recommends up...

5.5CVSS5.4AI score0.00526EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2024/11/06 4:30 p.m.11 views

CVE-2024-20527 Cisco Identity Services Engine Arbitrary File Read and Delete Vulnerability

A vulnerability in the API of Cisco ISE could allow an authenticated, remote attacker to read and delete arbitrary files on an affected device. To exploit this vulnerability, the attacker would need valid Super Admin credentials. This vulnerability is due to insufficient validation of user-suppli...

5.5CVSS7.1AI score0.00526EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2024/11/06 12:0 a.m.2 views

PT-2024-8314 · Cisco · Cisco Ise

Name of the Vulnerable Software and Affected Versions: Cisco ISE affected versions not specified Description: A vulnerability in the API of Cisco ISE could allow an authenticated, remote attacker to read and delete arbitrary files on an affected device. The attacker would need valid Super Admin...

7.5CVSS6.9AI score0.00545EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2024/11/06 12:0 a.m.4 views

PT-2024-18675 · Cisco · Cisco Ise

Name of the Vulnerable Software and Affected Versions: Cisco ISE affected versions not specified Description: A vulnerability in the API of Cisco ISE could allow an authenticated, remote attacker to upload files to arbitrary locations on the underlying operating system of an affected device. This...

7.2CVSS7.5AI score0.00601EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2024/11/06 12:0 a.m.6 views

PT-2024-18679 · Cisco · Cisco Ise

Name of the Vulnerable Software and Affected Versions: Cisco ISE affected versions not specified Description: A vulnerability in the API of Cisco ISE could allow an authenticated, remote attacker to read arbitrary files on the underlying operating system of an affected device and conduct a...

6.5CVSS7.1AI score0.00361EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2024/11/06 12:0 a.m.5 views

PT-2024-18676 · Cisco · Cisco Ise

Name of the Vulnerable Software and Affected Versions: Cisco ISE versions prior to 3.3.0 Description: A vulnerability in the API of Cisco ISE could allow an authenticated, remote attacker to read and delete arbitrary files on an affected device. This is due to insufficient validation of...

7.5CVSS7.2AI score0.00526EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2024/11/06 12:0 a.m.4 views

PT-2024-18674 · Cisco · Cisco Ise

Name of the Vulnerable Software and Affected Versions: Cisco ISE affected versions not specified Description: A vulnerability in the API of Cisco ISE could allow an authenticated, remote attacker to read and delete arbitrary files on an affected device. This issue is due to insufficient validatio...

7.5CVSS6.9AI score0.00526EPSS
Exploits0References6
The Hacker News
The Hacker News
added 2024/11/01 10:20 a.m.19 views

5 SaaS Misconfigurations Leading to Major Fu*%@ Ups

With so many SaaS applications, a range of configuration options, API capabilities, endless integrations, and app-to-app connections, the SaaS risk possibilities are endless. Critical organizational assets and data are at risk from malicious actors, data breaches, and insider threats, which pose...

7.9AI score
Exploits0
OSV
OSV
added 2024/08/27 3:15 p.m.5 views

CVE-2024-6632

A vulnerability exists in FileCatalyst Workflow whereby a field accessible to the super admin can be used to perform an SQL injection attack which can lead to a loss of confidentiality, integrity, and availability...

7.2CVSS6AI score0.00606EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/08/27 2:12 p.m.23 views

CVE-2024-6632 SQL Injection in FileCatalyst Workflow 5.1.6 Build 139 (and earlier)

A vulnerability exists in FileCatalyst Workflow whereby a field accessible to the super admin can be used to perform an SQL injection attack which can lead to a loss of confidentiality, integrity, and availability...

7.2CVSS7.8AI score0.00606EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2024/08/27 12:0 a.m.8 views

PT-2024-37761 · Unknown · Filecatalyst Workflow

Name of the Vulnerable Software and Affected Versions: FileCatalyst Workflow versions 5.1.6 and earlier Description: A vulnerability exists in FileCatalyst Workflow whereby a field accessible to the super admin can be used to perform an SQL injection attack, which can lead to a loss of...

7.2CVSS7.9AI score0.00606EPSS
Exploits0References18
Veracode
Veracode
added 2024/08/01 5:57 a.m.12 views

Privilege Escalation

langflow is vulnerable to Privilege Escalation. The vulnerability is due to improper validation in the '/api/v1/users' endpoint, allowing a remote and low privileged attacker to gain super admin privileges by performing a mass assignment request...

8.8CVSS7AI score0.21346EPSS
Exploits1References4Affected Software1
ATTACKERKB
ATTACKERKB
added 2024/07/30 5:15 p.m.6 views

CVE-2024-7297

Langflow versions prior to 1.0.13 suffer from a Privilege Escalation vulnerability, allowing a remote and low privileged attacker to gain super admin privileges by performing a mass assignment request on the '/api/v1/users' endpoint...

8.8CVSS5.9AI score0.21346EPSS
Exploits1References2
Cvelist
Cvelist
added 2024/07/30 4:13 p.m.25 views

CVE-2024-7297 Langflow Privilege Escalation

Langflow versions prior to 1.0.13 suffer from a Privilege Escalation vulnerability, allowing a remote and low privileged attacker to gain super admin privileges by performing a mass assignment request on the '/api/v1/users' endpoint...

8.8CVSS0.21346EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2024/07/30 12:0 a.m.6 views

PT-2024-38245 · Langflow · Langflow

Name of the Vulnerable Software and Affected Versions: Langflow versions prior to 1.0.13 Description: The issue allows a remote and low privileged attacker to gain super admin privileges by performing a mass assignment request on the "/api/v1/users" endpoint. Recommendations: For Langflow version...

8.8CVSS6.6AI score0.21346EPSS
Exploits1References7
Cvelist
Cvelist
added 2024/06/12 2:46 p.m.41 views

CVE-2024-29181 @strapi/plugin-content-manager leaks data via relations via the Admin Panel

Strapi is an open-source content management system. Prior to version 4.19.1, a super admin can create a collection where an item in the collection has an association to another collection. When this happens, another user with Author Role can see the list of associated items they did not create...

2.3CVSS0.00385EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2024/06/12 2:46 p.m.16 views

CVE-2024-29181 @strapi/plugin-content-manager leaks data via relations via the Admin Panel

Strapi is an open-source content management system. Prior to version 4.19.1, a super admin can create a collection where an item in the collection has an association to another collection. When this happens, another user with Author Role can see the list of associated items they did not create...

2.3CVSS7AI score0.00385EPSS
Exploits1References2
OSV
OSV
added 2024/06/12 2:46 p.m.26 views

CVE-2024-29181 @strapi/plugin-content-manager leaks data via relations via the Admin Panel

Strapi is an open-source content management system. Prior to version 4.19.1, a super admin can create a collection where an item in the collection has an association to another collection. When this happens, another user with Author Role can see the list of associated items they did not create...

2.3CVSS4.8AI score0.00385EPSS
Exploits1References4
NVD
NVD
added 2024/06/11 3:16 p.m.23 views

CVE-2024-23111

An improper neutralization of input during web page Generation 'Cross-site Scripting' vulnerability CWE-79 in FortiOS version 7.4.3 and below, 7.2 all versions, 7.0 all versions and FortiProxy version 7.4.2 and below, 7.2 all versions, 7.0 all versions reboot page may allow a remote privileged...

6.8CVSS0.01042EPSS
Exploits0References1
OSV
OSV
added 2024/06/11 3:16 p.m.4 views

CVE-2024-23111

An improper neutralization of input during web page Generation 'Cross-site Scripting' vulnerability CWE-79 in FortiOS version 7.4.3 and below, 7.2 all versions, 7.0 all versions and FortiProxy version 7.4.2 and below, 7.2 all versions, 7.0 all versions reboot page may allow a remote privileged...

4.8CVSS7.3AI score0.01042EPSS
Exploits0References1
Rows per page
Query Builder