Lucene search
K

1037 matches found

NVD
NVD
added 2024/07/12 3:15 p.m.39 views

CVE-2024-39903

Solara is a pure Python, React-style framework for scaling Jupyter and web apps. A Local File Inclusion LFI vulnerability was identified in widgetti/solara, in version 1.35.1, which was fixed in version 1.35.1. This vulnerability arises from the application's failure to properly validate URI...

8.6CVSS0.02884EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2024/07/12 2:28 p.m.16 views

CVE-2024-39903 Local File Inclusion in Solara

Solara is a pure Python, React-style framework for scaling Jupyter and web apps. A Local File Inclusion LFI vulnerability was identified in widgetti/solara, in version 1.35.1, which was fixed in version 1.35.1. This vulnerability arises from the application's failure to properly validate URI...

8.6CVSS6.6AI score0.02884EPSS
Exploits0References2
NVD
NVD
added 2024/06/24 11:15 p.m.42 views

CVE-2024-22168

A Cross-Site Scripting XSS vulnerability on the My Cloud, My Cloud Home, SanDisk ibi, and WD Cloud web apps was found which could allow an attacker to redirect the user to a crafted domain and reset their credentials, or to execute arbitrary client-side code in the user’s browser session to carry...

5.9CVSS0.00324EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/06/24 10:54 p.m.13 views

CVE-2024-22168 Cross-Site Scripting (XSS) vulnerability on Western Digital My Cloud and SanDisk ibi Web Apps

A Cross-Site Scripting XSS vulnerability on the My Cloud, My Cloud Home, SanDisk ibi, and WD Cloud web apps was found which could allow an attacker to redirect the user to a crafted domain and reset their credentials, or to execute arbitrary client-side code in the user’s browser session to carry...

5.9CVSS6.4AI score0.00324EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/06/24 10:54 p.m.22 views

CVE-2024-22168 Cross-Site Scripting (XSS) vulnerability on Western Digital My Cloud and SanDisk ibi Web Apps

A Cross-Site Scripting XSS vulnerability on the My Cloud, My Cloud Home, SanDisk ibi, and WD Cloud web apps was found which could allow an attacker to redirect the user to a crafted domain and reset their credentials, or to execute arbitrary client-side code in the user’s browser session to carry...

5.9CVSS0.00324EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/05/03 9:58 a.m.16 views

CVE-2024-32986 Arbitrary code execution due to improper sanitization of web app properties in PWAsForFirefox

PWAsForFirefox is a tool to install, manage and use Progressive Web Apps PWAs in Mozilla Firefox. Due to improper sanitization of web app properties such as name, description, shortcuts, web apps were able to inject additional lines into XDG Desktop Entries on Linux and AppInfo.ini on...

9.6CVSS7.2AI score0.00683EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2024/04/19 12:0 a.m.50 views

Oracle Application Testing Suite (April 2024 CPU)

The versions of Oracle Application Testing Suite installed on the remote host are affected by multiple vulnerabilities as referenced in the April 2024 CPU advisory: - Vulnerability in the Oracle Application Testing Suite product of Oracle Enterprise Manager component: Load Testing for Web Apps...

9.8CVSS6.7AI score0.02836EPSS
Exploits1References6
0day.today
0day.today
added 2024/02/17 12:0 a.m.374 views

SISQUALWFM 7.1.319.103 - Host Header Injection Vulnerability

Exploit Title: SISQUALWFM 7.1.319.103 Host Header Injection Discovered Date: 17/03/2023 Reported Date: 17/03/2023 Resolved Date: 13/10/2023 Exploit Author: Omer Shaik unknownexploit Vendor Homepage: https://www.sisqualwfm.com Version: 7.1.319.103 Tested on: SISQUAL WFM 7.1.319.103 Affected Versio...

6.1CVSS6.5AI score0.00507EPSS
Exploits5
0day.today
0day.today
added 2024/02/05 12:0 a.m.407 views

SISQUAL WFM 7.1.319.103 Host Header Injection Vulnerability

Exploit Title: SISQUAL WFM 7.1.319.103 Host Header Injection Exploit Author: Omer Shaik unknownexploit Vendor Homepage: https://www.sisqualwfm.com Version: 7.1.319.103 Tested on: SISQUAL WFM 7.1.319.103 Affected Version: sisqualWFM - 7.1.319.103 Fixed Version: sisqualWFM - 7.1.319.111 CVE :...

6.1CVSS7.4AI score0.00507EPSS
Exploits5
NVD
NVD
added 2024/01/31 11:15 p.m.20 views

CVE-2024-24573

facileManager is a modular suite of web apps built with the sysadmin in mind. In versions 4.5.0 and earlier, when a user updates their profile, a POST request containing user information is sent to the endpoint server/fm-modules/facileManager/ajax/processPost.php. It was found that non-admins can...

8.8CVSS8.6AI score0.00817EPSS
Exploits1References2
Prion
Prion
added 2024/01/31 11:15 p.m.22 views

Design/Logic Flaw

facileManager is a modular suite of web apps built with the sysadmin in mind. In versions 4.5.0 and earlier, when a user updates their profile, a POST request containing user information is sent to the endpoint server/fm-modules/facileManager/ajax/processPost.php. It was found that non-admins can...

6.5CVSS6.8AI score0.00817EPSS
Exploits1References2Affected Software1
Prion
Prion
added 2024/01/31 11:15 p.m.24 views

Sql injection

facileManager is a modular suite of web apps built with the sysadmin in mind. In versions 4.5.0 and earlier, the $REQUEST global array was unsafely called inside an extract function in admin-logs.php. The PHP file fm-init.php prevents arbitrary manipulation of $SESSION via the GET/POST parameters...

4.7CVSS7.6AI score0.00641EPSS
Exploits1References2Affected Software1
Prion
Prion
added 2024/01/31 11:15 p.m.17 views

Input validation

facileManager is a modular suite of web apps built with the sysadmin in mind. For the facileManager web application versions 4.5.0 and earlier, we have found that XSS was present in almost all of the input fields as there is insufficient input validation...

4.9CVSS6.2AI score0.00424EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2024/01/31 10:33 p.m.24 views

CVE-2024-24573 facileManager Privilege Escalation via Mass Assignment

facileManager is a modular suite of web apps built with the sysadmin in mind. In versions 4.5.0 and earlier, when a user updates their profile, a POST request containing user information is sent to the endpoint server/fm-modules/facileManager/ajax/processPost.php. It was found that non-admins can...

8.8CVSS8.8AI score0.00817EPSS
Exploits1References2
CVE
CVE
added 2024/01/31 10:33 p.m.55 views

CVE-2024-24572

facileManager is a modular web app. In versions ≤4.5.0, admin-logs.php calls extract() on $_REQUEST, allowing an authenticated user (with site-log viewing privileges) to append GET parameter search_sql and bypass injection protections, enabling SQL injection from manipulated search_sql.

6.5CVSS6.7AI score0.00641EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2024/01/31 10:33 p.m.64 views

CVE-2024-24572 facileManager Authenticated Variable Manipulation leading to SQL Injection

facileManager is a modular suite of web apps built with the sysadmin in mind. In versions 4.5.0 and earlier, the $REQUEST global array was unsafely called inside an extract function in admin-logs.php. The PHP file fm-init.php prevents arbitrary manipulation of $SESSION via the GET/POST parameters...

6.5CVSS7AI score0.00641EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2024/01/31 10:33 p.m.19 views

CVE-2024-24572 facileManager Authenticated Variable Manipulation leading to SQL Injection

facileManager is a modular suite of web apps built with the sysadmin in mind. In versions 4.5.0 and earlier, the $REQUEST global array was unsafely called inside an extract function in admin-logs.php. The PHP file fm-init.php prevents arbitrary manipulation of $SESSION via the GET/POST parameters...

6.5CVSS7.3AI score0.00641EPSS
Exploits1References2
OSV
OSV
added 2024/01/31 10:33 p.m.41 views

CVE-2024-24572 facileManager Authenticated Variable Manipulation leading to SQL Injection

facileManager is a modular suite of web apps built with the sysadmin in mind. In versions 4.5.0 and earlier, the $REQUEST global array was unsafely called inside an extract function in admin-logs.php. The PHP file fm-init.php prevents arbitrary manipulation of $SESSION via the GET/POST parameters...

6.5CVSS6.6AI score0.00641EPSS
Exploits1References4
WPVulnDB
WPVulnDB
added 2023/11/29 12:0 a.m.18 views

Super Progressive Web Apps < 2.2.22 - Missing Authorization

Description The Super Progressive Web Apps plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the superpwanewslettersubmit function hooked via a nopriv AJAX action in versions up to, and including, 2.2.21. This makes it possible for...

9.2AI score0.00584EPSS
Exploits0References1Affected Software1
Tenable Nessus
Tenable Nessus
added 2023/10/26 12:0 a.m.40 views

Oracle Application Testing Suite DoS (October 2023 CPU)

The version of Oracle Application Testing Suite installed on the remote host is affected by a denial of service vulnerability as referenced in the October 2023 CPU advisory: - Vulnerability in the Oracle Application Testing Suite product of Oracle Enterprise Manager component: Load Testing for We...

7.7CVSS7.9AI score0.1158EPSS
Exploits0References3
Rows per page
Query Builder