Lucene search
+L

116 matches found

CNNVD
CNNVD
added 2024/04/12 12:0 a.m.8 views

Stable Diffusion web UI 安全漏洞

Stable Diffusion web UI is a web interface by the individual developer of AUTOMATIC1111. A security vulnerability exists in Stable Diffusion web UI version 1.7.0, which stems from the presence of a file write vulnerability. An attacker can exploit the vulnerability to write a json file anywhere t...

6.3CVSS6.7AI score0.0068EPSS
Exploits0References10
Positive Technologies
Positive Technologies
added 2023/11/30 12:0 a.m.7 views

PT-2023-7332 · Zyxel · Zyxel Nas326 +1

Name of the Vulnerable Software and Affected Versions: Zyxel NAS326 version V5.21AAZF.14C0 Zyxel NAS542 version V5.21ABAG.11C0 Description: A command injection issue exists in the web server of the Zyxel NAS326 and NAS542 firmware due to the lack of neutralization of special elements used in...

10CVSS9.9AI score0.41348EPSS
Exploits0References16
Prion
Prion
added 2023/11/09 8:15 p.m.26 views

Remote code execution

In a shared hosting environment that has been misconfigured to allow access to other users' content, a Moodle user who also has direct access to the web server outside of the Moodle webroot could utilise a local file include to achieve remote code execution...

7.5CVSS7.6AI score0.0137EPSS
Exploits0References3Affected Software3
CNNVD
CNNVD
added 2023/07/12 12:0 a.m.6 views

Syncfusion ej2-filemanager-node-filesystem 路径遍历漏洞

Syncfusion ej2-filemanager-node-filesystem is an application from Syncfusion, Inc. Syncfusion ej2-filemanager-node-filesystem has a security vulnerability that stems from filesystem-server.js being vulnerable to a directory traversal attack, which can be exploited by an attacker to list any file ...

9.8CVSS8.2AI score0.01886EPSS
Exploits1References4
CNNVD
CNNVD
added 2023/05/17 12:0 a.m.8 views

Snap One OvrC Pro 信任管理问题漏洞

Snap One OvrC is a free cloud-based remote management and monitoring platform from US-based Snap One. A trust management issue vulnerability exists in Snap One OvrC Pro prior to version 7.2 that stems from the use of hard-coded credentials, which can be exploited by an attacker to gain access to ...

9.8CVSS8.4AI score0.00539EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2023/01/10 12:0 a.m.8 views

PT-2023-1558 · Zyxel · Zyxel Nr7101

Name of the Vulnerable Software and Affected Versions: Zyxel NR7101 firmware versions prior to V1.15ACCC.3C0 Description: The issue is caused by a buffer overflow vulnerability in the library of the web server. This could allow an unauthenticated attacker to execute some OS commands or cause...

9.8CVSS9.7AI score0.00611EPSS
Exploits0References6
VulnCheck KEV
VulnCheck KEV
added 2022/12/29 12:0 a.m.5 views

VulnCheck KEV: CVE-2018-18809

TIBCO JasperReports Library contains a directory-traversal vulnerability that may allow web server users to access contents of the host system...

9.9CVSS7.1AI score0.79064EPSS
Exploits4References1
NVD
NVD
added 2022/06/24 3:15 p.m.26 views

CVE-2022-2105

Client-side JavaScript controls may be bypassed to change user credentials and permissions without authentication, including a “root” user level meant only for the vendor. Web server root level access allows for changing of safety critical parameters...

9.4CVSS0.01011EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2022/02/04 10:29 p.m.10 views

CVE-2022-22987 Advantech ADAM-3600

The affected product has a hardcoded private key available inside the project folder, which may allow an attacker to achieve Web Server login and perform further actions...

9.8CVSS9.4AI score0.01211EPSS
Exploits0References1
ICS
ICS
added 2022/01/06 12:0 a.m.49 views

IDEC PLCs

1. EXECUTIVE SUMMARY CVSS v3 7.6 ATTENTION: Exploitable remotely/low attack complexity Vendor: IDEC Equipment: PLCs Programmable Logic Controllers Vulnerabilities: Unprotected Transport of Credentials, Plaintext Storage of a Password 2. RISK EVALUATION Successful exploitation of these...

9.8CVSS9.2AI score0.0134EPSS
Exploits0References5
OSV
OSV
added 2021/12/24 7:15 a.m.6 views

CVE-2021-20826

Unprotected transport of credentials vulnerability in IDEC PLCs FC6A Series MICROSmart All-in-One CPU module v2.32 and earlier, FC6A Series MICROSmart Plus CPU module v1.91 and earlier, WindLDR v8.19.1 and earlier, WindEDIT Lite v1.3.1 and earlier, and Data File Manager v2.12.1 and earlier allows...

7.6CVSS5.7AI score0.0039EPSS
Exploits0References2
NVD
NVD
added 2021/12/24 7:15 a.m.16 views

CVE-2021-20826

Unprotected transport of credentials vulnerability in IDEC PLCs FC6A Series MICROSmart All-in-One CPU module v2.32 and earlier, FC6A Series MICROSmart Plus CPU module v1.91 and earlier, WindLDR v8.19.1 and earlier, WindEDIT Lite v1.3.1 and earlier, and Data File Manager v2.12.1 and earlier allows...

7.6CVSS0.0039EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2021/12/14 12:0 a.m.5 views

PT-2021-7786 · Schneider Electric · Evlink Parking Evf2 +4

Name of the Vulnerable Software and Affected Versions: EVlink City EVC1S22P4 / EVC1S7P4 versions prior to R8 V3.4.0.2 EVlink Parking EVW2 / EVF2 / EVP2PE versions prior to R8 V3.4.0.2 EVlink Smart Wallbox EVB1A versions prior to R8 V3.4.0.2 Description: A CWE-79 Improper Neutralization of Input...

9CVSS6.2AI score0.00562EPSS
Exploits0References5
NVD
NVD
added 2021/12/10 11:15 p.m.31 views

CVE-2021-41242

OpenOlat is a web-basedlearning management system. A path traversal vulnerability exists in OpenOlat prior to versions 15.5.12 and 16.0.5. By providing a filename that contains a relative path as a parameter in some REST methods, it is possible to create directory structures and write files...

8.1CVSS0.01441EPSS
Exploits0References4
OSV
OSV
added 2021/12/10 11:15 p.m.16 views

CVE-2021-41242

OpenOlat is a web-basedlearning management system. A path traversal vulnerability exists in OpenOlat prior to versions 15.5.12 and 16.0.5. By providing a filename that contains a relative path as a parameter in some REST methods, it is possible to create directory structures and write files...

8.1CVSS6.6AI score
Exploits0References4
Prion
Prion
added 2021/12/10 11:15 p.m.20 views

Path traversal

OpenOlat is a web-basedlearning management system. A path traversal vulnerability exists in OpenOlat prior to versions 15.5.12 and 16.0.5. By providing a filename that contains a relative path as a parameter in some REST methods, it is possible to create directory structures and write files...

7.9CVSS7.8AI score0.01441EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2021/12/10 10:25 p.m.36 views

CVE-2021-41242 Path Traversal in some REST methods leading to file upload to arbitrary places

OpenOlat is a web-basedlearning management system. A path traversal vulnerability exists in OpenOlat prior to versions 15.5.12 and 16.0.5. By providing a filename that contains a relative path as a parameter in some REST methods, it is possible to create directory structures and write files...

8.1CVSS8.1AI score0.01441EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2020/10/13 12:0 a.m.7 views

PT-2020-6346 · Schneider Electric · Communication Modules +3

Name of the Vulnerable Software and Affected Versions: Modicon M340 versions affected versions not specified Modicon Quantum versions affected versions not specified Modicon Premium Legacy versions affected versions not specified Communication Modules versions affected versions not specified...

10CVSS9.9AI score0.02301EPSS
Exploits0References7
CNVD
CNVD
added 2020/09/07 12:0 a.m.2 views

Command Execution Vulnerability in Extreme CMS of Langfang Extreme Network Technology Co.

Extreme CMS is an open source content management system. Ltd. Extreme CMS has a command execution vulnerability that can be exploited by an attacker to gain access to the web server...

7.4AI score
Exploits0
CNVD
CNVD
added 2020/08/11 12:0 a.m.3 views

Command Execution Vulnerability in Empire CMS v7.5 Backend

EmpireCMS Empire Content Management System is an open source content management system CMS. A command execution vulnerability exists in the Empire CMS v7.5 backend, which can be exploited by an attacker to gain access to the web server...

7.4AI score
Exploits0
Rows per page
Query Builder