Skip to main content

CWE-1125

Excessive Attack Surface

5 CVEs Avg CVSS 8.9 MITRE
2
CRITICAL
3
HIGH
0
MEDIUM
0
LOW
4
POC
0
KEV

Monthly

CVE-2024-5386 HIGH POC This Week

In lunary-ai/lunary version 1.2.2, an account hijacking vulnerability exists due to a password reset token leak. A user with a 'viewer' role can exploit this vulnerability to hijack another user's account by obtaining the password reset token. [CVSS 8.8 HIGH]

Information Disclosure AI / ML Lunary
NVD GitHub
CVSS 3.1
8.8
EPSS
0.1%
CVE-2023-49722 HIGH This Week

Network port 8899 open in WiFi firmware of BCC101/BCC102/BCC50 products, that allows an attacker to connect to the device via same WiFi network. Rated high severity (CVSS 8.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Bcc101 Firmware Bcc102 Firmware Bcc50 Firmware
NVD
CVSS 3.1
8.3
EPSS
0.1%
CVE-2023-0435 PyPI CRITICAL POC PATCH Act Now

Excessive Attack Surface in GitHub repository pyload/pyload prior to 0.5.0b3.dev41. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Pyload
NVD GitHub
CVSS 3.1
9.8
EPSS
0.7%
CVE-2022-2037 HIGH POC PATCH This Week

Excessive Attack Surface in GitHub repository tooljet/tooljet prior to v1.16.0. Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Information Disclosure Tooljet
NVD GitHub
CVSS 3.1
8.0
EPSS
1.1%
CVE-2022-1715 PHP CRITICAL POC PATCH Act Now

Account Takeover in GitHub repository neorazorx/facturascripts prior to 2022.07. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Facturascripts
NVD GitHub
CVSS 3.1
9.8
EPSS
1.4%
EPSS 0% CVSS 8.8
HIGH POC This Week

In lunary-ai/lunary version 1.2.2, an account hijacking vulnerability exists due to a password reset token leak. A user with a 'viewer' role can exploit this vulnerability to hijack another user's account by obtaining the password reset token. [CVSS 8.8 HIGH]

Information Disclosure AI / ML Lunary
NVD GitHub
EPSS 0% CVSS 8.3
HIGH This Week

Network port 8899 open in WiFi firmware of BCC101/BCC102/BCC50 products, that allows an attacker to connect to the device via same WiFi network. Rated high severity (CVSS 8.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Bcc101 Firmware Bcc102 Firmware +1
NVD
EPSS 1% CVSS 9.8
CRITICAL POC PATCH Act Now

Excessive Attack Surface in GitHub repository pyload/pyload prior to 0.5.0b3.dev41. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Pyload
NVD GitHub
EPSS 1% CVSS 8.0
HIGH POC PATCH This Week

Excessive Attack Surface in GitHub repository tooljet/tooljet prior to v1.16.0. Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Information Disclosure Tooljet
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL POC PATCH Act Now

Account Takeover in GitHub repository neorazorx/facturascripts prior to 2022.07. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Facturascripts
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy