Lucene search
K

69 matches found

CNNVD
CNNVD
added 2024/07/15 12:0 a.m.1 views

Mengshen Wireless Door Alarm M70 Security Breach

The Mengshen Wireless Door Alarm M70 is a wireless alarm from Mengshen. A security vulnerability exists in Mengshen Wireless Door Alarm M70 version 2024-05-24, which originates from the ability to bypass authentication via the capture replay method...

6.8CVSS7AI score0.00316EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2024/07/12 12:0 a.m.7 views

PT-2024-28906 · Unknown · My-Springsecurity-Plus

Name of the Vulnerable Software and Affected Versions: my-springsecurity-plus versions prior to v2024.07.03 Description: The issue is related to a SQL injection vulnerability. This vulnerability can be exploited via the dataScope parameter at the "/api/dept/build" API endpoint. Recommendations: F...

9.8CVSS7.7AI score0.00431EPSS
Exploits1References4
The Hacker News
The Hacker News
added 2024/06/19 7:36 a.m.106 views

Mailcow Mail Server Flaws Expose Servers to Remote Code Execution

Two security vulnerabilities have been disclosed in the Mailcow open-source mail server suite that could be exploited by malicious actors to achieve arbitrary code execution on susceptible instances. Both shortcomings impact all versions of the software prior to version 2024-04, which was release...

6.2CVSS6.9AI score0.27346EPSS
Exploits3
OpenVAS
OpenVAS
added 2024/06/13 12:0 a.m.17 views

Adobe Photoshop Arbitrary Code Execution Vulnerability (APSB24-27) - Mac OS X

Adobe Photoshop is prone to an arbitrary code execution vulnerability. SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

7.8CVSS7.9AI score0.00315EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/06/11 2:16 p.m.23 views

CVE-2024-37294 Aimeos denial of service vulnerability in SaaS and marketplace setups

Aimeos is an Open Source e-commerce framework for online shops. All SaaS and marketplace setups using Aimeos version from 2022/2023/2024 are affected by a potential denial of service attack. Users should upgrade to versions 2022.10.17, 2023.10.17, or 2024.04 of the aimeos/aimeos-core package to...

5.5CVSS0.00435EPSS
Exploits0References1
UbuntuCve
UbuntuCve
added 2024/06/06 7:15 p.m.20 views

CVE-2024-23793

The file upload feature in OTRS and OTRS Community Edition has a path traversal vulnerability. This issue permits authenticated agents or customer users to upload potentially harmful files to directories accessible by the web server, potentially leading to the execution of local code like Perl...

6.3CVSS6.1AI score0.00775EPSS
Exploits0References2
CNNVD
CNNVD
added 2024/06/06 12:0 a.m.4 views

Ariane Allegro Scenario Player Security Vulnerability

ArianeGroup Ariane Allegro Scenario Player is a simulation and training software tool for the aerospace and defense industry from Ariane ArianeGroup. A security vulnerability exists in Ariane Allegro Scenario Player version 2024-03-05 and earlier, which stems from a vulnerability that allows a...

6.8CVSS6.7AI score0.00256EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2024/06/05 12:0 a.m.3 views

PT-2024-6301 · Ivanti · Ivanti Epm

Name of the Vulnerable Software and Affected Versions: Ivanti EPM versions before 2022 SU6 Ivanti EPM versions before the 2024 September update Description: The issue is related to an unspecified SQL injection in Ivanti EPM, which allows a remote authenticated attacker with admin privileges to...

9.1CVSS9AI score0.0215EPSS
Exploits0References15
Tenable Nessus
Tenable Nessus
added 2024/06/04 12:0 a.m.41 views

Progress Telerik Report Server Authentication Bypass (CVE-2024-4358)

The version of Progress Telerik Report Server installed on the remote host is affected by an authentication bypass vulnerability, as follows: - In Progress Telerik Report Server, version 2024 Q1 10.0.24.305 or earlier, on IIS, an unauthenticated attacker can gain access to Telerik Report Server...

9.8CVSS8.7AI score0.97482EPSS
Exploits14References2
NVD
NVD
added 2024/05/29 3:16 p.m.27 views

CVE-2024-4358

In Progress Telerik Report Server, version 2024 Q1 10.0.24.305 or earlier, on IIS, an unauthenticated attacker can gain access to Telerik Report Server restricted functionality via an authentication bypass vulnerability...

9.8CVSS9.8AI score0.97482EPSS
Exploits14References2
CVE
CVE
added 2024/05/29 2:51 p.m.269 views

CVE-2024-4358

CVE-2024-4358 affects Progress Telerik Report Server (2024 Q1 10.0.24.305 and earlier) on IIS, allowing an unauthenticated attacker to bypass authentication and access restricted functionality. Public details come from multiple sources in the connected docs: Exploit-DB/Metasploit references descr...

9.8CVSS9.9AI score0.97482EPSS
In wildExploits14References2Affected Software1
GitLab Advisory Database
GitLab Advisory Database
added 2024/05/29 12:0 a.m.11 views

Aimeos denial of service vulnerability in SaaS and marketplace setups

All SaaS and marketplace setups using Aimeos version from 2022/2023/2024 are affected by a potential denial of service attack...

5.5CVSS7.1AI score0.00435EPSS
Exploits0References10Affected Software1
NVD
NVD
added 2024/05/15 5:15 p.m.13 views

CVE-2024-4837

In Progress Telerik Report Server, version 2024 Q1 10.0.24.305 or earlier, on IIS, an unauthenticated attacker can gain access to Telerik Report Server restricted functionality via a trust boundary violation vulnerability...

5.3CVSS5.4AI score0.00431EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/05/15 5:4 p.m.13 views

CVE-2024-4837 Trust Boundary Violation Vulnerability

In Progress Telerik Report Server, version 2024 Q1 10.0.24.305 or earlier, on IIS, an unauthenticated attacker can gain access to Telerik Report Server restricted functionality via a trust boundary violation vulnerability...

5.3CVSS7.1AI score0.00431EPSS
Exploits0References1
CVE
CVE
added 2024/05/15 4:58 p.m.32 views

CVE-2024-4357

Progress Telerik Report Server (versions 10.0.24.305 and earlier, i.e., 2024 Q1) suffers an XML External Entity Processing (XXE) information-disclosure vulnerability in the ValidateMetadaUri path. A low-privilege attacker could read system files; an authenticated context is required but may be by...

6.5CVSS6.1AI score0.007EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2024/05/15 12:0 a.m.1 views

Progress Software Telerik Report Server 安全漏洞

Progress Software Telerik Report Server is an enterprise-level report management and distribution solution from Progress Software. A security vulnerability exists in Progress Software Telerik Report Server version 2024 Q1 10.0.24.305 and prior versions. An attacker could exploit the vulnerability...

5.3CVSS6.8AI score0.00431EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2024/05/01 12:0 a.m.5 views

PT-2024-20354 · Vaales Technologies · V Qrs

Name of the Vulnerable Software and Affected Versions: Vaales Technologies V QRS version 2024-01-17 Description: The issue allows a remote attacker to obtain sensitive information via the Models/UserModel.php component. This is achieved through a SQL injection vulnerability. Recommendations: For...

7.5CVSS7.3AI score0.00545EPSS
Exploits0References4
CNNVD
CNNVD
added 2024/04/30 12:0 a.m.6 views

Foxit Reader 资源管理错误漏洞

Foxit Reader is a PDF document reader from the Chinese company Foxit. A resource management error vulnerability exists in Foxit Reader version 2024.1.0.23997, which stems from a post-release reuse vulnerability that could lead to memory corruption and arbitrary code execution...

8.8CVSS8.1AI score0.15639EPSS
Exploits1References3
OSV
OSV
added 2024/04/26 4:15 a.m.3 views

CVE-2024-32404

Server-Side Template Injection SSTI vulnerability in inducer relate before v.2024.1, allows remote attackers to execute arbitrary code via a crafted payload to the Markup Sandbox feature...

6CVSS6.1AI score0.00797EPSS
Exploits0References1
CVE
CVE
added 2024/04/04 8:27 p.m.91 views

CVE-2024-30270

The CVE-2024-30270 entry pertains to mailcow: dockerized prior to the 2024-04 release. A vulnerability combines path traversal and arbitrary code execution targeting the rspamd_maps() function, allowing an authenticated admin to overwrite any file writable by the www-data user due to improper pat...

6.2CVSS7.4AI score0.27346EPSS
Exploits2References4Affected Software1
Rows per page
Query Builder