A sql injection vulnerability exists in CyberPower PowerPanel Enterprise prior to v2.8.3. An unauthenticated remote attacker can leak sensitive information via the "query_ptask_verbose" function within MCUDBHelper.
Source: Tenable Network Security, Inc.
Max CVSS
7.5
EPSS Score
N/A
Published
2024-05-09
Updated
2024-05-14
A sql injection vulnerability exists in CyberPower PowerPanel Enterprise prior to v2.8.3. An unauthenticated remote attacker can leak sensitive information via the "query_ptask_lean" function within MCUDBHelper.
Source: Tenable Network Security, Inc.
Max CVSS
7.5
EPSS Score
N/A
Published
2024-05-09
Updated
2024-05-14
A sql injection vulnerability exists in CyberPower PowerPanel Enterprise prior to v2.8.3. An unauthenticated remote attacker can leak sensitive information via the "query_contract_result" function within MCUDBHelper.
Source: Tenable Network Security, Inc.
Max CVSS
7.5
EPSS Score
N/A
Published
2024-05-09
Updated
2024-05-14
A sql injection vulnerability exists in CyberPower PowerPanel Enterprise prior to v2.8.3. An unauthenticated remote attacker can leak sensitive information via the "query_utask_verbose" function within MCUDBHelper.
Source: Tenable Network Security, Inc.
Max CVSS
7.5
EPSS Score
N/A
Published
2024-05-09
Updated
2024-05-14
An issue regarding missing authentication for certain utilities exists in CyberPower PowerPanel Enterprise prior to v2.8.3. An unauthenticated remote attacker can access the PDNU REST APIs, which may result in compromise of the application.
Source: Tenable Network Security, Inc.
Max CVSS
9.8
EPSS Score
0.04%
Published
2024-05-09
Updated
2024-05-14
A path traversal vulnerability exists in the Java version of CData Sync < 23.4.8843 when running using the embedded Jetty server, which could allow an unauthenticated remote attacker to gain access to sensitive information and perform limited actions.
Source: Tenable Network Security, Inc.
Max CVSS
8.6
EPSS Score
0.05%
Published
2024-04-05
Updated
2024-04-08
A path traversal vulnerability exists in the Java version of CData Arc < 23.4.8839 when running using the embedded Jetty server, which could allow an unauthenticated remote attacker to gain access to sensitive information and perform limited actions.
Source: Tenable Network Security, Inc.
Max CVSS
8.6
EPSS Score
0.05%
Published
2024-04-05
Updated
2024-04-08
A path traversal vulnerability exists in the Java version of CData Connect < 23.4.8846 when running using the embedded Jetty server, which could allow an unauthenticated remote attacker to gain complete administrative access to the application.
Source: Tenable Network Security, Inc.
Max CVSS
9.8
EPSS Score
0.05%
Published
2024-04-05
Updated
2024-04-08
A path traversal vulnerability exists in the Java version of CData API Server < 23.4.8844 when running using the embedded Jetty server, which could allow an unauthenticated remote attacker to gain complete administrative access to the application.
Source: Tenable Network Security, Inc.
Max CVSS
9.8
EPSS Score
0.05%
Published
2024-04-05
Updated
2024-04-08
The 'WordPress RSS Aggregator' WordPress Plugin, versions < 4.23.9 are affected by a Cross-Site Scripting (XSS) vulnerability due to the lack of sanitization of the  'notice_id'  GET parameter.
Source: Tenable Network Security, Inc.
Max CVSS
5.4
EPSS Score
0.04%
Published
2024-05-14
Updated
2024-05-14
Solidus <= 4.3.4 is affected by a Stored Cross-Site Scripting vulnerability in the order tracking URL.
Source: Tenable Network Security, Inc.
Max CVSS
5.7
EPSS Score
0.04%
Published
2024-05-14
Updated
2024-05-14
A denial of service vulnerability exists in Delta Electronics DIAEnergie v1.10.1.8610 and prior. When processing an 'ICS Restart!' message, CEBC.exe restarts the system.
Source: Tenable Network Security, Inc.
Max CVSS
7.5
EPSS Score
0.04%
Published
2024-05-06
Updated
2024-05-06
An SQLi vulnerability exists in Delta Electronics DIAEnergie v1.10.1.8610 and prior when CEBC.exe processes a 'RecalculateHDMWYC' message, which is split into 4 fields using the '~' character as the separator. An unauthenticated remote attacker can perform SQLi via the fourth field.
Source: Tenable Network Security, Inc.
Max CVSS
9.8
EPSS Score
0.04%
Published
2024-05-06
Updated
2024-05-06
A SQLi vulnerability exists in Delta Electronics DIAEnergie v1.10.1.8610 and prior when CEBC.exe processes a 'RecalculateScript' message, which is splitted into 4 fields using the '~' character as the separator. An unauthenticated remote attacker can perform SQLi via the fourth field
Source: Tenable Network Security, Inc.
Max CVSS
9.8
EPSS Score
0.04%
Published
2024-05-06
Updated
2024-05-06
A memory corruption vulnerability in Fluent Bit versions 2.0.7 thru 3.0.3. This issue lies in the embedded http server’s parsing of trace requests and may result in denial of service conditions, information disclosure, or remote code execution.
Source: Tenable Network Security, Inc.
Max CVSS
9.8
EPSS Score
0.04%
Published
2024-05-20
Updated
2024-05-20
A race condition vulnerability exists where an authenticated, local attacker on a Windows Nessus Agent host could modify installation parameters at installation time, which could lead to the execution of arbitrary code on the Nessus host. - CVE-2024-3292
Source: Tenable Network Security, Inc.
Max CVSS
8.2
EPSS Score
0.04%
Published
2024-05-17
Updated
2024-05-17
When installing Nessus Agent to a directory outside of the default location on a Windows host, Nessus Agent versions prior to 10.6.4 did not enforce secure permissions for sub-directories. This could allow for local privilege escalation if users had not secured the directories in the non-default installation location.
Source: Tenable Network Security, Inc.
Max CVSS
7.8
EPSS Score
0.04%
Published
2024-05-17
Updated
2024-05-17
A race condition vulnerability exists where an authenticated, local attacker on a Windows Nessus host could modify installation parameters at installation time, which could lead to the execution of arbitrary code on the Nessus host
Source: Tenable Network Security, Inc.
Max CVSS
8.2
EPSS Score
0.04%
Published
2024-05-17
Updated
2024-05-17
When installing Nessus to a directory outside of the default location on a Windows host, Nessus versions prior to 10.7.3 did not enforce secure permissions for sub-directories. This could allow for local privilege escalation if users had not secured the directories in the non-default installation location.
Source: Tenable Network Security, Inc.
Max CVSS
7.8
EPSS Score
0.04%
Published
2024-05-17
Updated
2024-05-17
As a part of Tenable’s vulnerability disclosure program, a vulnerability in a Nessus plugin was identified and reported. This vulnerability could allow a malicious actor with sufficient permissions on a scan target to place a binary in a specific filesystem location, and abuse the impacted plugin in order to escalate privileges.
Source: Tenable Network Security, Inc.
Max CVSS
7.8
EPSS Score
0.04%
Published
2024-03-18
Updated
2024-03-18
An issue in the anchors subparser of Showdownjs versions <= 2.1.0 could allow a remote attacker to cause denial of service conditions.
Source: Tenable Network Security, Inc.
Max CVSS
5.3
EPSS Score
0.04%
Published
2024-02-26
Updated
2024-02-26
A DLL injection vulnerability exists where an authenticated, low-privileged local attacker could modify application files on the TIE Secure Relay host, which could allow for overriding of the configuration and running of new Secure Relay services.
Source: Tenable Network Security, Inc.
Max CVSS
7.3
EPSS Score
0.04%
Published
2024-02-23
Updated
2024-02-23
An HTML injection vulnerability exists where an authenticated, remote attacker with administrator privileges on the Security Center application could modify Repository parameters, which could lead to HTML redirection attacks.
Source: Tenable Network Security, Inc.
Max CVSS
5.9
EPSS Score
0.04%
Published
2024-02-14
Updated
2024-02-15
A command injection vulnerability exists where an authenticated, remote attacker with administrator privileges on the Security Center application could modify Logging parameters, which could lead to the execution of arbitrary code on the Security Center host.
Source: Tenable Network Security, Inc.
Max CVSS
7.2
EPSS Score
0.04%
Published
2024-02-14
Updated
2024-02-15
Appwrite <= v1.4.13 is affected by a Server-Side Request Forgery (SSRF) via the '/v1/avatars/favicon' endpoint due to an incomplete fix of CVE-2023-27159.
Source: Tenable Network Security, Inc.
Max CVSS
7.5
EPSS Score
0.09%
Published
2024-01-30
Updated
2024-02-05
486 vulnerabilities found
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!