Lucene search
+L

431 matches found

Vulnrichment
Vulnrichment
added 2024/08/07 7:16 a.m.23 views

CVE-2024-42222 Apache CloudStack: Unauthorised Network List Access

In Apache CloudStack 4.19.1.0, a regression in the network listing API allows unauthorised list access of network details for domain admin and normal user accounts. This vulnerability compromises tenant isolation, potentially leading to unauthorised access to network details, configurations and...

6.8AI score0.00972EPSS
Exploits1References4
CVE
CVE
added 2024/08/07 7:16 a.m.81 views

CVE-2024-42222

CVE-2024-42222 affects Apache CloudStack 4.19.1.0, where a regression in the network listing API allows unauthorised listing of network details for domain admins and normal users, compromising tenant isolation and potentially exposing network configurations and data. The issue has been fixed in C...

4.3CVSS7AI score0.00972EPSS
Exploits1References5Affected Software1
Cvelist
Cvelist
added 2024/08/07 7:16 a.m.36 views

CVE-2024-42222 Apache CloudStack: Unauthorised Network List Access

In Apache CloudStack 4.19.1.0, a regression in the network listing API allows unauthorised list access of network details for domain admin and normal user accounts. This vulnerability compromises tenant isolation, potentially leading to unauthorised access to network details, configurations and...

0.00972EPSS
Exploits1References4
OSV
OSV
added 2024/08/07 7:16 a.m.13 views

CVE-2024-42222 Apache CloudStack: Unauthorised Network List Access

In Apache CloudStack 4.19.1.0, a regression in the network listing API allows unauthorised list access of network details for domain admin and normal user accounts. This vulnerability compromises tenant isolation, potentially leading to unauthorised access to network details, configurations and...

4.3CVSS7AI score0.00972EPSS
Exploits1References7
NVD
NVD
added 2024/07/30 12:15 p.m.26 views

CVE-2024-7127

Improper Neutralization of Input During Web Page Generation vulnerability in Stackposts Social Marketing Tool allows Cross-site Scripting XSS attack. By submitting the payload in the username during registration, it can be executed later in the application panel. This could lead to the unauthoris...

7.2CVSS0.00383EPSS
Exploits0References4
CVE
CVE
added 2024/07/30 11:21 a.m.45 views

CVE-2024-7127

CVE-2024-7127 describes an XSS flaw in Stackposts Social Marketing Tool caused by improper neutralization of input during web page generation. Submitting a payload in the username at registration can be executed later in the application panel, potentially leading to unauthorized disclosure of inf...

7.2CVSS5.6AI score0.00383EPSS
Exploits0References4Affected Software1
Vulnrichment
Vulnrichment
added 2024/07/30 11:21 a.m.18 views

CVE-2024-7127 XSS in Stackposts - Social Marketing Tool

Improper Neutralization of Input During Web Page Generation vulnerability in Stackposts Social Marketing Tool allows Cross-site Scripting XSS attack. By submitting the payload in the username during registration, it can be executed later in the application panel. This could lead to the unauthoris...

7.2CVSS5.8AI score0.00383EPSS
Exploits0References4
NVD
NVD
added 2024/06/28 12:15 p.m.43 views

CVE-2024-5735

Full Path Disclosure vulnerability in AdmirorFrames Joomla! extension in afHelper.php script allows an unauthorised attacker to retrieve location of web root folder. This issue affects AdmirorFrames: before 5.0...

7.5CVSS0.01515EPSS
Exploits2References5
Cvelist
Cvelist
added 2024/06/28 11:24 a.m.54 views

CVE-2024-5735 Full Path Disclosure in AdmirorFrames Joomla! Extension

Full Path Disclosure vulnerability in AdmirorFrames Joomla! extension in afHelper.php script allows an unauthorised attacker to retrieve location of web root folder. This issue affects AdmirorFrames: before 5.0...

6.3CVSS0.01515EPSS
Exploits2References5
OSSF Malicious Packages
OSSF Malicious Packages
added 2024/06/25 12:34 p.m.6 views

Malicious code in cue-vana-3-john-wick-4-iv-2023-ver-en-espanol-latino-descargar-la-pelicula-completa-esp127456 (npm)

--- -= Per source details. Do not edit below this line.=-...

7AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2024/05/17 12:0 a.m.31 views

GitLab < 13.11.6 (CVE-2021-22228)

The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - An issue has been discovered in GitLab affecting all versions before 13.11.6, all versions starting from 13.12 before 13.12.6, and all versions starting from 14.0 before 14.0.2. Improper access contro...

6.5CVSS6.4AI score0.0135EPSS
Exploits1References4
CVE
CVE
added 2024/05/13 9:17 a.m.50 views

CVE-2024-3263

CVE-2024-3263 affects YMS VIS Pro due to improper system-credentials generation and weak password policy, enabling brute-force login attempts. Public details identify affected versions as VIS Pro 3.3.0.7). There is no explicit exploitation details or public in-the-wild exploit information provide...

9.8CVSS7AI score0.00795EPSS
Exploits0References2
GithubExploit
GithubExploit
added 2024/04/22 10:14 p.m.347 views

Exploit for Path Traversal in Jetbrains Teamcity

RCity - CVE-2024-27198 RCE & Admin Account Creation & CVE-20...

9.8CVSS9.3AI score0.99991EPSS
Exploits25
Ubuntu
Ubuntu
added 2024/04/16 11:31 a.m.52 views

USN-6735-1: Node.js vulnerabilities

It was discovered that Node.js incorrectly handled the use of invalid public keys while creating an x509 certificate. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to cause a denial of service. This issue...

7.5CVSS6.9AI score0.03906EPSS
Exploits1
OSV
OSV
added 2024/03/06 11:20 a.m.27 views

BIT-GITLAB-2021-22188

An issue has been discovered in GitLab affecting all versions starting with 13.0. Confidential issue titles in Gitlab were readable by an unauthorised user via branch logs...

5.3CVSS4.9AI score0.01312EPSS
Exploits0References4
OSV
OSV
added 2024/03/06 11:15 a.m.29 views

BIT-GITLAB-2022-1545

It was possible to disclose details of confidential notes created via the API in Gitlab CE/EE affecting all versions from 13.2 prior to 14.8.6, 14.9 prior to 14.9.4, and 14.10 prior to 14.10.1 if an unauthorised project member was tagged in the note...

4.3CVSS4.7AI score0.00765EPSS
Exploits0References3
OSV
OSV
added 2024/03/06 11:14 a.m.21 views

BIT-GITLAB-2022-2907

An issue has been discovered in GitLab CE/EE affecting all versions starting from 12.9 before 15.1.6, all versions starting from 15.2 before 15.2.4, all versions starting from 15.3 before 15.3.2. It was possible to read repository content by an unauthorised user if a project member used a crafted...

6.5CVSS5.6AI score0.00941EPSS
Exploits0References4
NVD
NVD
added 2024/02/29 1:44 a.m.39 views

CVE-2024-25128

Flask-AppBuilder is an application development framework, built on top of Flask. When Flask-AppBuilder is set to AUTHTYPE AUTHOID, it allows an attacker to forge an HTTP request, that could deceive the backend into using any requested OpenID service. This vulnerability could grant an attacker...

9.1CVSS9.2AI score0.00857EPSS
Exploits0References2
OSV
OSV
added 2024/02/28 3:30 p.m.27 views

CVE-2024-25128 Flask-AppBuilder incorrect authentication when using auth type OpenID

Flask-AppBuilder is an application development framework, built on top of Flask. When Flask-AppBuilder is set to AUTHTYPE AUTHOID, it allows an attacker to forge an HTTP request, that could deceive the backend into using any requested OpenID service. This vulnerability could grant an attacker...

9.1CVSS8.9AI score0.00857EPSS
Exploits0References4
Debian CVE
Debian CVE
added 2024/02/28 3:30 p.m.34 views

CVE-2024-25128

Removed by vendor...

9.1CVSS9.2AI score0.00857EPSS
Exploits0
Rows per page
Query Builder