Lucene search
K

7 matches found

RedhatCVE
RedhatCVE
added 2026/01/07 9:30 a.m.14 views

CVE-2019-16667

diagcommand.php in pfSense 2.4.4-p3 allows CSRF via the txtCommand or txtRecallBuffer field, as demonstrated by executing OS commands. This occurs because csrfcallback produces a "CSRF token expired" error and a Try Again button when a CSRF token is missing...

8.8CVSS6.9AI score0.54541EPSS
Exploits4References1
CNNVD
CNNVD
added 2023/06/15 12:0 a.m.5 views

Adobe Commerce 输入验证错误漏洞

Adobe Commerce is a leading global digital commerce solution for merchants and brands from Adobe. An input validation error vulnerability exists in Adobe Commerce that stems from the presence of incorrect input validation, resulting in security features being bypassed. Affected products and...

2.7CVSS4.8AI score0.00914EPSS
Exploits0References3
Snyk
Snyk
added 2023/03/27 9:30 p.m.3 views

Incorrect Authorization

Overview magento/community-edition is a modern cloud eCommerce platform. Affected versions of this package are vulnerable to Incorrect Authorization due to improper security checks during the authorization process. A low-privileged authenticated attacker can achieve minor information disclosure b...

4.3CVSS6.3AI score0.00563EPSS
Exploits0References2
Snyk
Snyk
added 2023/03/27 9:30 p.m.4 views

XML Injection

Overview magento/community-edition is a modern cloud eCommerce platform. Affected versions of this package are vulnerable to XML Injection via the processing of specially crafted XML content. An attacker can read arbitrary files on the system by injecting malicious XML entities. Remediation Upgra...

8.7CVSS7.2AI score0.00928EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2021/02/11 12:0 a.m.42 views

pfSense < 2.4.4-p3 Multiple Vulnerabilities

According to its self-reported version number, the remote pfSense install is a version prior to 2.4.4-p3. It is, therefore, affected by multiple vulnerabilities, including the following: - In pfSense 2.4.41, blocking of source IP addresses on the basis of failed HTTPS authentication is inconsiste...

7.5CVSS7.5AI score0.0159EPSS
Exploits2References11
CNVD
CNVD
added 2019/09/27 12:0 a.m.3 views

pfSense cross-site scripting vulnerability (CNVD-2019-43357)

pfsense is an open source routing and firewall software , based on freebsd system customization and development . A cross-site scripting vulnerability exists in pfSense 2.4.4-p3 and earlier versions. The vulnerability stems from the unverified display of the username and delmac parameters in...

6.1CVSS6.2AI score0.02004EPSS
Exploits0References1
CNVD
CNVD
added 2019/09/24 12:0 a.m.3 views

pfSense Operating System Command Injection Vulnerability

pfSense is a set of network firewalls based on FreeBSD Linux. An operating system command injection vulnerability exists in pfsense version 2.3.4 and 2.4.4-p3, which can be exploited by an attacker to execute operating system commands...

9CVSS7.8AI score0.19614EPSS
Exploits4References1
Rows per page
Query Builder