Lucene search
+L

32 matches found

CVE
CVE
added yesterday8 views

CVE-2026-12694

CVE-2026-12694 concerns Vimesoft Inc.’s Enterprise Video Platform. Affected versions are 3.11.0.0 through 3.24.x (before 3.25.0). The issue is a Missing Authorization vulnerability that allows accessing functionality not properly constrained by ACLs. Practical impact described is high due to pote...

9.1CVSS5.3AI score
Exploits0References1
Cvelist
Cvelist
added yesterday14 views

CVE-2026-12692 Improper Authentication in Vimesoft's Enterprise Video Platform

Unverified password change vulnerability in Vimesoft Inc. Enterprise Video Platform allows Authentication Bypass. This issue affects Enterprise Video Platform: from 3.11.0.0 before 3.25.0...

9.8CVSS
Exploits0References1
EUVD
EUVD
added yesterday6 views

EUVD-2026-45220

Unverified password change vulnerability in Vimesoft Inc. Enterprise Video Platform allows Authentication Bypass. This issue affects Enterprise Video Platform: from 3.11.0.0 before 3.25.0...

9.8CVSS5.2AI score
Exploits0References1
CVE
CVE
added yesterday7 views

CVE-2026-12691

CVE-2026-12691 affects Vimesoft Inc. Enterprise Video Platform, vulnerable in versions before 3.25.0 (3.11.0.0 onwards up to but not including 3.25.0). The issue is a missing authentication for a critical function that enables an authentication bypass. Public references list this vulnerability wi...

7.5CVSS5.4AI score
Exploits0References1
Vulnrichment
Vulnrichment
added yesterday6 views

CVE-2026-12691 Authentication Bypass in Vimesoft's Enterprise Video Platform

Missing authentication for critical function vulnerability in Vimesoft Inc. Enterprise Video Platform allows Authentication Bypass. This issue affects Enterprise Video Platform: from 3.11.0.0 before 3.25.0...

7.5CVSS5.4AI score
Exploits0References1
EUVD
EUVD
added yesterday7 views

EUVD-2026-45219

Missing authentication for critical function vulnerability in Vimesoft Inc. Enterprise Video Platform allows Authentication Bypass. This issue affects Enterprise Video Platform: from 3.11.0.0 before 3.25.0...

7.5CVSS5.3AI score
Exploits0References1
Positive Technologies
Positive Technologies
added yesterday5 views

PT-2026-60796

Missing authentication for critical function vulnerability in Vimesoft Inc. Enterprise Video Platform allows Authentication Bypass. This issue affects Enterprise Video Platform: from 3.11.0.0 before 3.25.0...

7.5CVSS5.3AI score
Exploits0References1
Positive Technologies
Positive Technologies
added yesterday6 views

PT-2026-60797

Unverified password change vulnerability in Vimesoft Inc. Enterprise Video Platform allows Authentication Bypass. This issue affects Enterprise Video Platform: from 3.11.0.0 before 3.25.0...

9.8CVSS5.2AI score
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/04/25 12:0 a.m.8 views

Linux Distros Unpatched Vulnerability : CVE-2026-40254

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - FreeRDP is a free implementation of the Remote Desktop Protocol. Versions prior to 3.25.0 have an off-by- one in the path traversal filter in...

6.1CVSS5.6AI score0.002EPSS
Exploits1References4
Debian CVE
Debian CVE
added 2026/04/24 2:24 a.m.9 views

CVE-2026-40254

FreeRDP is a free implementation of the Remote Desktop Protocol. Versions prior to 3.25.0 have an off-by-one in the path traversal filter in channels/drive/client/drivefile.c. The containsdotdot function catches ../ and ..\ mid-path but misses .. when it's the last component with no trailing...

6.1CVSS5.5AI score0.002EPSS
Exploits1
CNNVD
CNNVD
added 2026/04/24 12:0 a.m.9 views

FreeRDP 安全漏洞

FreeRDP is an open-source implementation of the Remote Desktop Protocol RDP by the FreeRDP team. Versions prior to FreeRDP 3.25.0 contain security vulnerabilities. These vulnerabilities stem from a minor error in the path traversal filter, which could allow malicious RDP servers to read, list, or...

6.1CVSS5.8AI score0.002EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2026/04/24 12:0 a.m.10 views

PT-2026-34838

Name of the Vulnerable Software and Affected Versions FreeRDP versions prior to 3.25.0 Description An off-by-one error exists in the path traversal filter within channels/drive/client/drive file.c. The contains dotdot function fails to detect .. when it is the final component of a path without a...

6.1CVSS5.8AI score0.002EPSS
Exploits1References36
Tenable Nessus
Tenable Nessus
added 2026/01/15 12:0 a.m.3 views

Linux Distros Unpatched Vulnerability : CVE-2026-22791

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - openCryptoki is a PKCS11 library and tools for Linux and AIX. In 3.25.0 and 3.26.0, there is a heap buffer overflow vulnerability in the CKMECDHAESKEYWRAP...

6.6CVSS5.7AI score0.00237EPSS
Exploits1References3
CVE
CVE
added 2026/01/13 7:6 p.m.21 views

CVE-2026-22791

CVE-2026-22791 affects the openCryptoki PKCS#11 library for Linux/AIX. The vulnerability is a heap buffer overflow in the CKM_ECDH_AES_KEY_WRAP implementation triggered by supplying a compressed EC public key and calling C_WrapKey, allowing a local attacker to cause out-of-bounds writes in the ho...

6.6CVSS6.6AI score0.00237EPSS
Exploits1References3Affected Software1
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2025-6822

Malicious code in bioql PyPI...

7.5CVSS7.5AI score0.0059EPSS
Exploits1References3
Snyk
Snyk
added 2025/08/26 4:19 p.m.5 views

Insertion of Sensitive Information into Log File

Overview Affected versions of this package are vulnerable to Insertion of Sensitive Information into Log File via the process of logging error details during SQL query execution. An attacker can obtain sensitive information by intentionally causing SQL errors and subsequently accessing the log...

7.4CVSS7.2AI score0.00388EPSS
Exploits0References2
NVD
NVD
added 2025/08/26 4:15 p.m.57 views

CVE-2025-57813

traQ is a messenger application built for Digital Creators Club traP. Prior to version 3.25.0, a vulnerability exists where sensitive information, such as OAuth tokens, are recorded in log files when an error occurs during the execution of an SQL query. An attacker could intentionally trigger an...

5.9CVSS0.00388EPSS
Exploits0References3
CVE
CVE
added 2025/08/26 4:6 p.m.30 views

CVE-2025-57813

CVE-2025-57813 affects the traQ messenger (github.com/traPtitech/traQ). Before version 3.25.0, error handling during SQL queries can write sensitive data (e.g., OAuth tokens) to log files. An attacker with log access could trigger SQL errors to illicitly read recorded secrets. The issue is fixed ...

5.9CVSS7.5AI score0.00388EPSS
Exploits0References3
Cvelist
Cvelist
added 2025/08/26 4:6 p.m.53 views

CVE-2025-57813 Insertion of Sensitive Information into Log File in github.com/traPtitech/traQ

traQ is a messenger application built for Digital Creators Club traP. Prior to version 3.25.0, a vulnerability exists where sensitive information, such as OAuth tokens, are recorded in log files when an error occurs during the execution of an SQL query. An attacker could intentionally trigger an...

5.9CVSS0.00388EPSS
Exploits0References3
CNNVD
CNNVD
added 2025/08/26 12:0 a.m.5 views

traQ 日志信息泄露漏洞

traq is a PHP-based project management and issue tracking system by Jack Polgar, a personal developer. A log information disclosure vulnerability exists in versions of traQ prior to 3.25.0, which stems from recording sensitive information in SQL error logs, which could lead to information...

5.9CVSS6.3AI score0.00388EPSS
Exploits0References4
Rows per page
Query Builder