Lucene search
K

13 matches found

Github Security Blog
Github Security Blog
added 2025/11/27 3:30 a.m.32 views

Ray's New Token Authentication is Disabled By Default

Anyscale Ray 2.52.0 contains an insecure default configuration in which token-based authentication for Ray management interfaces including the dashboard and Jobs API is disabled unless explicitly enabled by setting RAYAUTHMODE=token. In the default unauthenticated state, a remote attacker with...

8.2AI score0.00474EPSS
Exploits5References10Affected Software1
Cvelist
Cvelist
added 2025/04/11 9:38 a.m.14 views

CVE-2025-31932

Deserialization of untrusted data issue exists in BizRobo! all versions. If this vulnerability is exploited, an arbitrary code is executed on the Management Console. The vendor provides the workaround information and recommends to apply it to the deployment environment...

8.8CVSS0.00608EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2024/06/16 12:0 a.m.14 views

CVE-2024-34451

Ghost through 5.85.1 allows remote attackers to bypass an authentication rate-limit protection mechanism by using many X-Forwarded-For headers with different values. NOTE: the vendor's position is that Ghost should be installed with a reverse proxy that allows only trusted X-Forwarded-For headers...

7.3AI score0.00766EPSS
Exploits1References3
Packet Storm
Packet Storm
added 2022/12/09 12:0 a.m.282 views

ILIAS eLearning 7.15 Command Injection / XSS / LFI / Open Redirect

SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Multiple critical vulnerabilities product: ILIAS eLearning platform vulnerable version: = 7.15 fixed version: 7.16 CVE number: CVE-2022-45915, CVE-2022-45916,...

8.8CVSS0.6AI score0.04657EPSS
Exploits6
CISA KEV Catalog
CISA KEV Catalog
added 2021/11/03 12:0 a.m.25 views

ForgeRock Access Management (AM) Core Server Remote Code Execution Vulnerability

ForgeRock Access Management AM Core Server allows an attacker who sends a specially crafted HTTP request to one of three endpoints /ccversion/Version, /ccversion/Masthead, or /ccversion/ButtonFrame to execute code in the context of the current user unless ForgeRock AM is running as root user, whi...

10CVSS9AI score0.99999EPSS
In wildExploits8
OSV
OSV
added 2019/12/05 5:15 p.m.0 views

CVE-2019-7192

This improper access control vulnerability allows remote attackers to gain unauthorized access to the system. To fix these vulnerabilities, QNAP recommend updating Photo Station to their latest versions...

9.8CVSS7.4AI score0.88213EPSS
Exploits9References3
ICS
ICS
added 2017/10/12 12:0 a.m.74 views

WECON Technology Co., Ltd. LeviStudio HMI Editor

CVSS v3 7.5 ATTENTION: Remotely exploitable/low skill level to exploit. Vendor: WECON Technology Co., Ltd. WECON Equipment: LeviStudio HMI Editor Vulnerabilities: Stack-based Buffer Overflow AFFECTED PRODUCTS The following versions of LEVI Studio HMI Editor, an HMI programming software product, a...

9.8CVSS10AI score0.02772EPSS
Exploits0References3
ICS
ICS
added 2017/03/02 12:0 a.m.42 views

Siemens SINUMERIK Integrate and SINUMERIK Operate

CVSS v3 7.4 ATTENTION: Remotely exploitable. Vendor: Siemens Equipment: SINUMERIK Integrate, SINUMERIK Operate Vulnerability: Man-in-the-Middle AFFECTED PRODUCTS Siemens reports that the vulnerability affects the following SINUMERIK Integrate and Operate product suite versions: SINUMERIK Integrat...

7.4CVSS7.5AI score0.00971EPSS
Exploits0References3
seebug.org
seebug.org
added 2009/04/22 12:0 a.m.25 views

HP Storage Essentials Secure NaviCLI未明远程特权提升漏洞

BUGTRAQ ID: 34613 CVE ID:CVE-2009-0715 CNCVE ID:CNCVE-20090715 HP Storage Essentials是一款基础设施管理解决方案,消除服务器和存储管理的复杂性。 HP Storage Essentials运行Secure NaviCLI存在安全漏洞,远程攻击者可以利用漏洞获得未授权访问或获得更高的特权。 目前没有详细漏洞细节提供。 HP Storage Essentials SRM Standard 6.0.4 HP Storage Essentials SRM Standard 6.0.3 HP Storage...

6.5CVSS6.4AI score0.01345EPSS
Exploits1
securityvulns
securityvulns
added 2009/01/25 12:0 a.m.43 views

Secunia Research: AXIS Camera Control "image_pan_tilt" Property Buffer Overflow

====================================================================== Secunia Research 23/01/2009 - AXIS Camera Control "imagepantilt" Property Buffer Overflow - ====================================================================== Table of Contents Affected...

9.3CVSS0.8AI score0.05767EPSS
Exploits0
seebug.org
seebug.org
added 2007/12/09 12:0 a.m.37 views

Opera Web浏览器位图文件RLE远程拒绝服务漏洞

BUGTRAQ ID: 26721 Opera是一款流行的WEB浏览器,支持多种平台。 Opera在处理畸形的BMP文件时存在漏洞,可能导致系统一定时间的性能大幅下降。 BMP文件允许游程长度编码4位和8位的位图。BMP格式中所使用的RLE有一些额外的功能,如移动到其他行和列的写指针(00 02 XX YY)。Opera实现00 02 XX YY功能的算法过于缓慢,正常解压算法是将XX和YY width添加到写指针,而Opera的实现要执行XX + YY width递增,每次递增都要执行自己的检查和其他计算。 攻击者可以创建最大宽度(约32000像素)的BMP文件,用00 02 FF F...

6.9AI score
Exploits0
securityvulns
securityvulns
added 2005/06/30 12:0 a.m.28 views

[SA14457] Adobe Reader for Linux Insecure Temporary File Creation

---------------------------------------------------------------------- Bist Du interessiert an einem neuen Job in IT-Sicherheit? Secunia hat zwei freie Stellen als Junior und Senior Spezialist in IT- Sicherheit: http://secunia.com/secuniavacancies/...

0.5AI score
Exploits0
CERT
CERT
added 2002/11/13 12:0 a.m.57 views

Overly large OPT record assertion

Overview A remotely exploitable denial-of-service vulnerability exists in BIND. Based on recent reports, we believe this vulnerability is being actively exploited. Description A remotely exploitable denial-of-service vulnerability exists in BIND 8.3.0 - 8.3.3. ISC's description of this...

5CVSS7.6AI score0.096EPSS
Exploits0References3
Rows per page
Query Builder