Lucene search
K

766 matches found

Cvelist
Cvelist
added 2023/10/26 8:2 p.m.31 views

CVE-2023-46663 Improper Access Control in Sielco PolyEco1000

Sielco PolyEco1000 is vulnerable to an attacker bypassing authorization and accessing resources behind protected pages. The application interface allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests...

7.5CVSS8.2AI score0.00442EPSS
Exploits1References1
NVD
NVD
added 2023/10/26 5:15 p.m.19 views

CVE-2023-45317

The application interface allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests. This can be exploited to perform certain actions with administrative privileges if a logged-in user visits a malicious web site...

8.8CVSS8.7AI score0.00239EPSS
Exploits2References2
Prion
Prion
added 2023/10/26 5:15 p.m.23 views

Code injection

The application interface allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests. This can be exploited to perform certain actions with administrative privileges if a logged-in user visits a malicious web site...

6.8CVSS8.6AI score0.00239EPSS
Exploits2References2
CVE
CVE
added 2023/10/26 4:17 p.m.50 views

CVE-2023-45317

CVE-2023-45317 concerns Sielco Radio Link and Analog FM Transmitters. The issue is a Cross-Site Request Forgery where HTTP requests may be accepted without proper validation, potentially allowing an authenticated user to perform administrative actions by visiting a malicious site. The affected pr...

8.8CVSS8.6AI score0.00239EPSS
Exploits2References2Affected Software1
Code423n4
Code423n4
added 2023/10/20 12:0 a.m.4 views

The _validateExecutionRequest() function does not include a check for expiration signatures.

Lines of code Vulnerability details Impact To maintain validity, user signatures must have an expiration or timestamp deadline. Otherwise, the signature grants the message a "lifetime license." The validateExecutionRequest function needs to include a check for expiration signatures. Otherwise,...

7.3AI score
Exploits0
CNNVD
CNNVD
added 2023/10/10 12:0 a.m.6 views

PHPJabbers Appointment Scheduler Security Vulnerability

PHPJabbers Appointment Scheduler is a Php-based appointment scheduler plugin for planning time and booking meeting schedules from PHPJabbers Serbia. A security vulnerability exists in PHPJabbers Appointment Scheduler version v3.0, which stems from a discrepancy in messages that could allow an...

7.5CVSS6.7AI score0.00593EPSS
Exploits0References2
CNNVD
CNNVD
added 2023/10/10 12:0 a.m.6 views

Siemens Mendix 安全漏洞

The Mendix Forgot Password module allows your users to register your application or reset their own passwords without administrator involvement. A vulnerability exists in the Siemens Mendix Forgot Password module that can be exploited by an attacker to determine if a user is valid, allowing a bru...

5.3CVSS6.7AI score0.00508EPSS
Exploits0References3
The Hacker News
The Hacker News
added 2023/10/06 8:53 a.m.34 views

GitHub's Secret Scanning Feature Now Covers AWS, Microsoft, Google, and Slack

GitHub has announced an improvement to its secret scanning feature that extends validity checks to popular services such as Amazon Web Services AWS, Microsoft, Google, and Slack. Validity checks, introduced by the Microsoft subsidiary earlier this year, alert users whether exposed tokens found by...

7.6AI score
Exploits0
Prion
Prion
added 2023/09/28 4:15 a.m.15 views

Code injection

The commit 3730880 April 2023 and v.0.9-beta1 of gugoan Economizzer has a user enumeration vulnerability in the login and forgot password functionalities. The app reacts differently when a user or email address is valid, and when it's not. This may allow an attacker to determine whether a user or...

5CVSS5.3AI score0.00636EPSS
Exploits1References3Affected Software1
BDU FSTEC
BDU FSTEC
added 2023/09/21 12:0 a.m.5 views

The vulnerability of the MODULYS GP (MOD3GP-SY-120K) module-based power supply management web application allows a attacker to perform arbitrary actions.

The vulnerability of the MODULYS GP MOD3GP-SY-120K web-based management application relates to its dependence on cookie files without any checks for their validity and integrity. Exploiting this vulnerability could allow an attacker to perform arbitrary actions remotely...

10CVSS7.8AI score0.00579EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2023/09/07 3:15 a.m.4 views

CVE-2023-34357

Soar Cloud Ltd. HR Portal has a weak Password Recovery Mechanism for Forgotten Password. The reset password link sent out through e-mail, and the link will remain valid after the password has been reset and after the expected expiration date. An attacker with access to the browser history or has...

7.8CVSS5.7AI score0.00169EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2023/09/07 12:0 a.m.40 views

Oracle Linux 5 : openssh (ELSA-2007-0540)

The remote Oracle Linux 5 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2007-0540 advisory. - fixed audit log injection problem CVE-2007-3102 248059 - fix an information leak in Kerberos password authentication CVE-2006-5052 234638 Tenable has...

5CVSS6.7AI score0.02801EPSS
Exploits0References3
BDU FSTEC
BDU FSTEC
added 2023/09/05 12:0 a.m.6 views

The vulnerability of the Validity_check() function in the microprogramming software for TOTOLINK N200RE V5 allows a perpetrator to execute arbitrary commands.

The vulnerability of the Validitycheck function in the TOTOLINK N200RE V5 router software lies in the use of uncontrolled format strings when processing the % symbol. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands...

9CVSS8AI score0.03153EPSS
Exploits1References3Affected Software1
Cvelist
Cvelist
added 2023/09/04 12:0 a.m.28 views

CVE-2023-4746 TOTOLINK N200RE V5 Validity_check format string

A vulnerability classified as critical has been found in TOTOLINK N200RE V5 9.3.5u.6437B20230519. This affects the function Validitycheck. The manipulation leads to format string. It is possible to initiate the attack remotely. The root-cause of the vulnerability is a format string issue. But the...

9CVSS9.3AI score0.03153EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2023/08/28 12:0 a.m.6 views

PT-2023-27622 · Phpjabbers · Phpjabbers Food Delivery Script

Name of the Vulnerable Software and Affected Versions: PHPJabbers Food Delivery Script version 3.1 Description: The issue occurs during password recovery, where a difference in messages could allow an attacker to determine if the user is valid or not, enabling a brute force attack with valid user...

9.8CVSS9.3AI score0.00746EPSS
Exploits0References8
Amazon
Amazon
added 2023/08/25 12:0 a.m.16 views

Important: ecs-service-connect-agent

Issue Overview: Envoy is an open source edge and service proxy designed for cloud-native applications. Prior to versions 1.27.0, 1.26.4, 1.25.9, 1.24.10, and 1.23.12, a malicious client is able to construct credentials with permanent validity in some specific scenarios. This is caused by the some...

9.8CVSS6.9AI score0.01106EPSS
Exploits3
OSV
OSV
added 2023/08/24 10:22 p.m.25 views

GHSA-GCQ9-QQWX-RGJ3 libp2p nodes vulnerable to OOM attack

Summary In go-libp2p, by using signed peer records a malicious actor can store an arbitrary amount of data in a remote node’s memory. This memory does not get garbage collected and so the victim can run out of memory and crash. It is feasible to do this at scale. An attacker would have to transfe...

7.5CVSS7.4AI score0.00772EPSS
Exploits0References6
Vulnrichment
Vulnrichment
added 2023/08/23 8:15 p.m.8 views

CVE-2023-40178 @node-saml/node-saml's validatePostRequestAsync does not include checkTimestampsValidityError

Node-SAML is a SAML library not dependent on any frameworks that runs in Node. The lack of checking of current timestamp allows a LogoutRequest XML to be reused multiple times even when the current time is past the NotOnOrAfter. This could impact the user where they would be logged out from an...

5.3CVSS5.2AI score0.00398EPSS
Exploits0References3
CNNVD
CNNVD
added 2023/08/03 12:0 a.m.6 views

Class Scheduling System Security Vulnerability

Class Scheduling System is a class scheduling system by jkev Personal Developer. A security vulnerability exists in Class Scheduling System version 1.0. The vulnerability originates in the password recovery function, where a message difference can be used to determine whether a user is valid or...

7.5CVSS6.8AI score0.00473EPSS
Exploits0References4
Code423n4
Code423n4
added 2023/07/31 12:0 a.m.8 views

Potential Stale Data Due to Inadequate Round Validation

Lines of code Vulnerability details Impact Even tough the dev is checking if the data is stale or not some valid prices could still be considered as invalid because of this line: answeredInRound == roundId, sometimes the answeredInRound might be greater than roundId and would still be valid but i...

6.9AI score
Exploits0
Rows per page
Query Builder