Lucene search
K

174 matches found

Packet Storm News
Packet Storm News
added 2025/05/02 12:0 a.m.5 views

Fine-Grained Manipulation Attacks to Local Differential Privacy Protocols for Data Streams

Local Differential Privacy LDP enables massive data collection and analysis while protecting end users' privacy against untrusted aggregators. It has been applied to various data types e.g., categorical, numerical, and graph data and application settings e.g., static and streaming. Recent finding...

7.2AI score
Exploits0
RedhatCVE
RedhatCVE
added 2025/03/22 12:38 p.m.18 views

CVE-2024-7053

A vulnerability in open-webui/open-webui version 0.3.8 allows an attacker with a user-level account to perform a session fixation attack. The session cookie for all users is set with the default SameSite=Lax and does not have the Secure flag enabled, allowing the session cookie to be sent over HT...

9CVSS7.8AI score0.00659EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/02/06 3:18 a.m.9 views

CVE-2021-35112

A user with user level permission can access graphics protected region due to improper access control in register configuration in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music,...

8.4CVSS7AI score0.00139EPSS
Exploits0References1
GithubExploit
GithubExploit
added 2024/11/01 4:44 a.m.107 views

Exploit for CVE-2024-48217

CVE-2024-48217 Sismart Vulnerability ---------------------------...

8.8CVSS9.9AI score0.0068EPSS
Exploits1
OSV
OSV
added 2024/07/09 7:15 p.m.3 views

CVE-2024-40035

idccms v1.35 was discovered to contain a Cross-Site Request Forgery CSRF vulnerability via /admin/userLeveldeal.php?mudi=add...

5.9CVSS5.8AI score
Exploits0References1
OSV
OSV
added 2024/07/09 7:15 p.m.4 views

CVE-2024-40034

idccms v1.35 was discovered to contain a Cross-Site Request Forgery CSRF vulnerability via /admin/userLeveldeal.php?mudi=del...

8.8CVSS5.8AI score0.00295EPSS
Exploits1References1
CNNVD
CNNVD
added 2024/07/09 12:0 a.m.5 views

idcCMS Security Breach

Net Titanium Technology idcCMS Net Titanium IDC Cloud Management Agent System is a cloud management agent system by Net Titanium Technology China. A security vulnerability exists in idcCMS v1.35, which originates from a cross-site request forgery vulnerability in the...

8.8CVSS6.8AI score0.00295EPSS
Exploits1References2
Exploit DB
Exploit DB
added 2024/04/12 12:0 a.m.333 views

Ray OS v2.6.3 - Command Injection RCE(Unauthorized)

Exploit Title: Ray OS v2.6.3 - Command Injection RCEUnauthorized Description: The Ray Project dashboard contains a CPU profiling page, and the format parameter is not validated before being inserted into a system command executed in a shell, allowing for arbitrary command execution. If the system...

9.8CVSS8.7AI score0.7463EPSS
Exploits15
NVD
NVD
added 2024/03/06 6:15 p.m.45 views

CVE-2024-24767

CasaOS-UserService provides user management functionalities to CasaOS. Starting in version 0.4.4.3 and prior to version 0.4.7, CasaOS doesn't defend against password brute force attacks, which leads to having full access to the server. The web application lacks control over the login attempts. Th...

9.8CVSS9.3AI score0.00977EPSS
Exploits1References3
OSV
OSV
added 2024/03/06 6:6 p.m.37 views

CVE-2024-24767 CasaOS Improper Restriction of Excessive Authentication Attempts vulnerability

CasaOS-UserService provides user management functionalities to CasaOS. Starting in version 0.4.4.3 and prior to version 0.4.7, CasaOS doesn't defend against password brute force attacks, which leads to having full access to the server. The web application lacks control over the login attempts. Th...

9.1CVSS9AI score0.00977EPSS
Exploits1References5
Github Security Blog
Github Security Blog
added 2024/03/06 3:25 p.m.43 views

CasaOS Improper Restriction of Excessive Authentication Attempts vulnerability

Summary Here it is observed that the CasaOS doesn't defend against password brute force attacks, which leads to having full access to the server. Details The web application lacks control over the login attempts i.e. why attacker can use a password brute force attack to find and get full access...

9.8CVSS9.4AI score0.00977EPSS
Exploits1References6Affected Software1
BDU FSTEC
BDU FSTEC
added 2023/07/18 12:0 a.m.7 views

The vulnerability of cloud-based software for creating and using Nextcloud storage solutions stems from improper handling of insufficient privileges. This allows attackers to gain access to the credentials of other users.

The vulnerability of cloud-based software for creating and using Nextcloud storage involves the use of an external storage at the user level, which can be utilized to collect user credentials of other users. Exploiting this vulnerability allows a malicious actor to gain access to another user’s...

8.4CVSS7.6AI score0.00981EPSS
Exploits0References5Affected Software3
NVD
NVD
added 2023/06/13 3:15 a.m.31 views

CVE-2023-33991

SAP UI5 Variant Management - versions SAPUI 750, SAPUI 754, SAPUI 755, SAPUI 756, SAPUI 757, UI700 200, does not sufficiently encode user-controlled inputs on reading data from the server, resulting in Stored Cross-Site Scripting Stored XSS vulnerability. After successful exploitation, an attacke...

8.2CVSS7.5AI score0.00481EPSS
Exploits0References2
NVD
NVD
added 2023/05/09 1:15 a.m.27 views

CVE-2023-29188

SAP CRM WebClient UI - versions SAPSCORE 129, S4FND 102, S4FND 103, S4FND 104, S4FND 105, S4FND 106, S4FND 107, WEBCUIF 701, WEBCUIF 731, WEBCUIF 746, WEBCUIF 747, WEBCUIF 748, WEBCUIF 800, WEBCUIF 801, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting XSS...

5.4CVSS5.3AI score0.00366EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2023/01/30 12:0 a.m.6 views

PT-2023-1475 · Nvidia · Nvidia Geforce Experience

Name of the Vulnerable Software and Affected Versions: NVIDIA GeForce Experience affected versions not specified Description: The issue is related to an uncontrolled search path vulnerability in the client installers of NVIDIA GeForce Experience. This vulnerability can be exploited by an attacker...

9CVSS7.2AI score0.00209EPSS
Exploits0References4
Prion
Prion
added 2022/12/16 3:15 p.m.17 views

Design/Logic Flaw

Password recovery vulnerability in SICK SIM2000ST Partnumber 2086502 with firmware version = 1.13.4 as soon as possible available in SICK Support Portal...

7.5CVSS9.5AI score0.00883EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2022/11/28 10:15 p.m.6 views

CVE-2022-3088

UC-8100A-ME-T System Image: Versions v1.0 to v1.6, UC-2100 System Image: Versions v1.0 to v1.12, UC-2100-W System Image: Versions v1.0 to v 1.12, UC-3100 System Image: Versions v1.0 to v1.6, UC-5100 System Image: Versions v1.0 to v1.4, UC-8100 System Image: Versions v3.0 to v3.5, UC-8100-ME-T...

7.8CVSS5.8AI score0.00188EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2022/11/22 12:0 a.m.11 views

CVE-2022-3088

UC-8100A-ME-T System Image: Versions v1.0 to v1.6, UC-2100 System Image: Versions v1.0 to v1.12, UC-2100-W System Image: Versions v1.0 to v 1.12, UC-3100 System Image: Versions v1.0 to v1.6, UC-5100 System Image: Versions v1.0 to v1.4, UC-8100 System Image: Versions v3.0 to v3.5, UC-8100-ME-T...

7.8CVSS7.9AI score0.00188EPSS
Exploits0References1
OSV
OSV
added 2022/11/01 9:15 p.m.6 views

CVE-2022-43990

Password recovery vulnerability in SICK SIM1012 Partnumber 1098146 with firmware version = 2.2.0 as soon as possible available in SICK Support Portal...

7.3CVSS5.8AI score0.00807EPSS
Exploits0References1
OSV
OSV
added 2022/11/01 9:15 p.m.4 views

CVE-2022-43989

Password recovery vulnerability in SICK SIM2x00 ARM Partnumber 1092673 and 1081902 with firmware version = 1.2.0 as soon as possible available in SICK Support Portal...

7.3CVSS5.8AI score0.00807EPSS
Exploits0References1
Rows per page
Query Builder