Lucene search
K

71 matches found

CVE
CVE
added 2023/10/26 4:17 p.m.56 views

CVE-2023-45317

CVE-2023-45317 concerns Sielco Radio Link and Analog FM Transmitters. The issue is a Cross-Site Request Forgery where HTTP requests may be accepted without proper validation, potentially allowing an authenticated user to perform administrative actions by visiting a malicious site. The affected pr...

8.8CVSS8.6AI score0.00239EPSS
Exploits2References2Affected Software1
The Hacker News
The Hacker News
added 2023/10/06 8:53 a.m.34 views

GitHub's Secret Scanning Feature Now Covers AWS, Microsoft, Google, and Slack

GitHub has announced an improvement to its secret scanning feature that extends validity checks to popular services such as Amazon Web Services AWS, Microsoft, Google, and Slack. Validity checks, introduced by the Microsoft subsidiary earlier this year, alert users whether exposed tokens found by...

7.6AI score
Exploits0
Veracode
Veracode
added 2023/05/17 3:58 a.m.11 views

Incorrect Key Verification

in-toto is vulnerable to Incorrect Key Verification. The vulnerability exists because GnuPG is not invoked during key verification when specifying the PGP key via its ID, which allows an attacker to bypass validity checks inside GnuPG. For example, because in-toto does not properly use GnuPG, a P...

6.8AI score
Exploits0
SUSE CVE
SUSE CVE
added 2023/02/15 4:37 a.m.3 views

SUSE CVE-2017-16852

shibsp/metadata/DynamicMetadataProvider.cpp in the Dynamic MetadataProvider plugin in Shibboleth Service Provider before 2.6.1 fails to properly configure itself with the MetadataFilter plugins and does not perform critical security checks such as signature verification, enforcement of validity...

7.4CVSS7AI score0.01105EPSS
Exploits0References5
SUSE CVE
SUSE CVE
added 2023/02/15 4:16 a.m.5 views

SUSE CVE-2019-6475

Mirror zones are a BIND feature allowing recursive servers to pre-cache zone data provided by other servers. A mirror zone is similar to a zone of type secondary, except that its data is subject to DNSSEC validation before being used in answers, as if it had been looked up via traditional...

5.9CVSS6.5AI score0.01262EPSS
Exploits0References4
Code423n4
Code423n4
added 2022/12/09 12:0 a.m.15 views

Oracle does not treat upward and downward price movement the same in validity checks, causing safety issues in oracle usage.

Lines of code Vulnerability details Description NFTFloorOracle retrieves ERC721 prices for ParaSpace. maxPriceDeviation is a configurable parameter, which limits the change percentage from current price to a new feed update. We can see how priceDeviation is calculated and compared to...

7AI score
Exploits0
CNVD
CNVD
added 2022/11/23 12:0 a.m.56 views

WordPress Welcart eCommerce directory traversal vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin. WordPress Welcart eCommerce 2.7.7 and earlier versions are vulnerable to a directory traversal vulnerability,...

1.8AI score0.05116EPSS
Exploits2Affected Software1
OSV
OSV
added 2022/09/17 1:12 a.m.9 views

GSD-2022-1006264 ext2: Add more validity checks for inode counts

ext2: Add more validity checks for inode counts This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v4.14.291 by commit...

7.2AI score
Exploits0
OSV
OSV
added 2022/09/17 12:37 a.m.9 views

GSD-2022-1005897 ext2: Add more validity checks for inode counts

ext2: Add more validity checks for inode counts This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.10.137 by commit...

7.2AI score
Exploits0
OSV
OSV
added 2022/09/17 12:16 a.m.10 views

GSD-2022-1005663 ext2: Add more validity checks for inode counts

ext2: Add more validity checks for inode counts This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.15.61 by commit...

7.2AI score
Exploits0
OSV
OSV
added 2022/09/16 11:49 p.m.12 views

GSD-2022-1005331 ext2: Add more validity checks for inode counts

ext2: Add more validity checks for inode counts This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.19.2 by commit...

7.2AI score
Exploits0
CNVD
CNVD
added 2022/05/19 12:0 a.m.26 views

D-LINK DIR-825 AC1200 R2 Directory Traversal Vulnerability

The D-LINK DIR-825 AC1200 R2 is a router from China-based AUO D-LINK. The D-LINK DIR-825 AC1200 R2 suffers from a directory traversal vulnerability that stems from a lack of validity checking of paths when processing directory requests, which can be exploited by an attacker to access the entire...

6.5CVSS7AI score0.01389EPSS
Exploits1References1
CNVD
CNVD
added 2022/05/11 12:0 a.m.13 views

RARLAB UnRAR Directory Traversal Vulnerability

UnRAR is a command that decompresses files with an rar suffix.RARLAB A directory traversal vulnerability exists in versions of UnRAR prior to 6.12. The vulnerability stems from a lack of validity checks on paths when processing directory requests, and can be exploited by attackers to write files...

7.5CVSS4AI score0.98975EPSS
Exploits12References1
OSV
OSV
added 2021/05/03 2:15 p.m.5 views

CVE-2021-29239

CODESYS Development System 3 before 3.5.17.0 displays or executes malicious documents or files embedded in libraries without first checking their validity...

7.8CVSS7.1AI score0.00179EPSS
Exploits0References3
Exploit DB
Exploit DB
added 2021/02/01 12:0 a.m.341 views

bloofoxCMS 0.5.2.1 - CSRF (Add user)

Title: bloofoxCMS 0.5.2.1 - CSRF Add user Exploit Author: LiPeiYi Date: 2020-12-18 Vendor Homepage: https://www.bloofox.com/ Software Link: https://github.com/alexlang24/bloofoxCMS/releases/tag/0.5.2.1 Version: 0.5.1.0 -.5.2.1 Tested on: windows 10 Desc: The application interface allows users to...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2021/01/27 12:0 a.m.408 views

STVS ProVision 5.9.10 - Cross-Site Request Forgery (Add Admin)

Exploit Title: STVS ProVision 5.9.10 - Cross-Site Request Forgery Add Admin Date: 19.01.2021 Exploit Author: LiquidWorm Vendor Homepage: http://www.stvs.ch STVS ProVision 5.9.10 Cross-Site Request Forgery Add Admin Vendor: STVS SA Product web page: http://www.stvs.ch Platform: Ruby Affected...

7.4AI score
Exploits0
exploitpack
exploitpack
added 2019/12/02 12:0 a.m.48 views

SmartHouse Webapp 6.5.33 - Cross-Site Request Forgery

SmartHouse Webapp 6.5.33 - Cross-Site Request Forgery Exploit Title: SmartHouse Webapp 6.5.33 - Cross-Site Request Forgery Discovery by: LiquidWorm Date: 2019-12-02 Vendor Homepage: Tested Version: 6.5.33.17072501 CVE: N/A Advisory ID: ZSL-2019-5543 Advisory URL:...

0.3AI score
Exploits0
exploitpack
exploitpack
added 2019/07/24 12:0 a.m.49 views

Cisco Wireless Controller 3.6.10E - Cross-Site Request Forgery

Cisco Wireless Controller 3.6.10E - Cross-Site Request Forgery Product : Cisco Wireless Controller Version : 3.6.10E last version Date: 23.07.2019 Vendor Homepage: https://www.cisco.com Exploit Author: Mehmet Önder Key Website: htts://cloudvist.com CVE: CVE-2019-12624 Description : The applicatio...

6.8CVSS0.6AI score0.18706EPSS
Exploits2
0day.today
0day.today
added 2019/02/05 12:0 a.m.74 views

BEWARD N100 H.264 VGA IP Camera M2.1.6 - CSRF (Add Admin) Vulnerability

Exploit for hardware platform in category web applications BEWARD N100 H.264 VGA IP Camera M2.1.6 CSRF Add Admin Exploit Vendor: Beward R&D Co., Ltd Product web page: https://www.beward.net Affected version: M2.1.6.04C014 Summary: The N100 compact color IP camera with support for a more efficient...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2018/05/22 12:0 a.m.37 views

Teradek Slice 7.3.15 Change Password Cross Site Request Forgery

...

0.2AI score
Exploits0
Rows per page
Query Builder