Lucene search
+L

283 matches found

RedhatCVE
RedhatCVE
added 2025/02/05 10:25 p.m.15 views

CVE-2022-45937

A vulnerability has been identified in APOGEE PXC Compact BACnet All versions V3.5.5, APOGEE PXC Compact P2 Ethernet All versions V2.8.20, APOGEE PXC Modular BACnet All versions V3.5.5, APOGEE PXC Modular P2 Ethernet All versions V2.8.20, TALON TC Compact BACnet All versions V3.5.5, TALON TC...

8.8CVSS6.1AI score0.00613EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/02/05 2:45 p.m.8 views

CVE-2020-6252

Under certain conditions SAP Adaptive Server Enterprise Cockpit, version 16.0, allows an attacker with access to local network, to get sensitive and confidential information, leading to Information Disclosure. It can be used to get user account credentials, tamper with system data and impact syst...

9CVSS6.5AI score0.0052EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/11/13 5:25 p.m.16 views

CVE-2024-43086

In validateAccountsInternal of AccountManagerService.java, there is a possible way to leak account credentials to a third party app due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for...

0.00094EPSS
Exploits0References2
OSV
OSV
added 2024/11/01 12:0 a.m.9 views

ASB-A-343440463

In validateAccountsInternal of AccountManagerService.java, there is a possible way to leak account credentials to a third party app due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for...

5.5CVSS6.4AI score0.00094EPSS
Exploits0References2
NVD
NVD
added 2024/10/29 1:15 p.m.25 views

CVE-2024-7962

An arbitrary file read vulnerability exists in gaizhenbiao/chuanhuchatgpt version 20240628 due to insufficient validation when loading prompt template files. An attacker can read any file that matches specific criteria using an absolute path. The file must not have a .json extension and, except f...

7.5CVSS0.00781EPSS
Exploits1References2
PyPA
PyPA
added 2024/10/29 1:15 p.m.8 views

PYSEC-2024-112

An arbitrary file read vulnerability exists in gaizhenbiao/chuanhuchatgpt version 20240628 due to insufficient validation when loading prompt template files. An attacker can read any file that matches specific criteria using an absolute path. The file must not have a .json extension and, except f...

7.5CVSS7AI score0.00781EPSS
Exploits1References3Affected Software1
CVE
CVE
added 2024/10/29 12:47 p.m.54 views

CVE-2024-7962

The CVE-2024-7962 issue affects gaizhenbiao/chuanhuchatgpt version 20240628, described as an arbitrary file read vulnerability caused by insufficient validation when loading prompt template files. An attacker can read files via an absolute path if the target file meets criteria (not ending in .js...

7.5CVSS7.4AI score0.00781EPSS
Exploits1References2Affected Software1
OSV
OSV
added 2024/10/29 12:47 p.m.13 views

CVE-2024-7962 Arbitrary File Read via Insufficient Validation in gaizhenbiao/chuanhuchatgpt

An arbitrary file read vulnerability exists in gaizhenbiao/chuanhuchatgpt version 20240628 due to insufficient validation when loading prompt template files. An attacker can read any file that matches specific criteria using an absolute path. The file must not have a .json extension and, except f...

7.5CVSS7.2AI score0.00781EPSS
Exploits1References4
IBM Security Bulletins
IBM Security Bulletins
added 2024/10/08 2:40 p.m.113 views

Security Bulletin: RC4 Bar Mitzvah Attack for SSL/TLS (CVE-2015-2808)

Summary The RC4 “Bar Mitzvah” Attack for SSL/TLS affects IBM. Vulnerability Details CVEID: CVE-2015-2808 DESCRIPTION: The RC4 algorithm, as used in the TLS protocol and SSL protocol, could allow a remote attacker to obtain sensitive information. An attacker could exploit this vulnerability to...

5CVSS6.4AI score0.73851EPSS
Exploits0Affected Software1
OSV
OSV
added 2024/09/07 5:15 p.m.4 views

CVE-2024-42024

A vulnerability that allows an attacker in possession of the Veeam ONE Agent service account credentials to perform remote code execution on the machine where the Veeam ONE Agent is installed...

8.8CVSS6.4AI score0.01254EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2024/08/17 12:0 a.m.5 views

PT-2024-41075 · Ооо 'Нпо Мир' · Конфигуратор Контроллеров Мир +2

Name of the Vulnerable Software and Affected Versions: The product name cannot be determined. Description: The issue is related to the storage of unencrypted account credentials. Exploitation of this issue could allow an attacker to disclose protected information. Recommendations: At the moment,...

7.1CVSS6.8AI score
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/06/28 6:32 p.m.24 views

CVE-2024-25031 IBM Storage Defender information disclosure

IBM Storage Defender - Resiliency Service 2.0.0 through 2.0.4 uses an inadequate account lockout setting that could allow an attacker on the network to brute force account credentials. IBM X-Force ID: 281678...

6.5CVSS6.5AI score0.00248EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2024/06/24 1:8 a.m.6 views

YAQL: OpenStack Murano Component Information Leakage

A flaw was found in the Murano component of OpenStack. This vulnerability allows ordinary users capable of importing and deploying app packages to access sensitive information within OpenStack services. Specifically, through this exploit, unauthorized users can obtain Murano service account...

6.5CVSS5.7AI score0.0074EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2024/06/10 8:56 p.m.22 views

CVE-2024-23251

An authentication issue was addressed with improved state management. This issue is fixed in iOS 16.7.8 and iPadOS 16.7.8, iOS 17.5 and iPadOS 17.5, macOS Sonoma 14.5, watchOS 10.5. An attacker with physical access may be able to leak Mail account credentials...

7.1AI score0.00377EPSS
Exploits0References4
NVD
NVD
added 2024/05/28 7:15 p.m.18 views

CVE-2023-43842

Incorrect access control in the account management function of web interface in Aten PE6208 2.3.228 and 2.4.232 allows remote authenticated users to alter user and administrator accounts credentials via HTTP POST request...

7.3CVSS6.4AI score0.00426EPSS
Exploits1References1
NVD
NVD
added 2024/04/17 8:15 p.m.26 views

CVE-2024-21990

ONTAP Select Deploy administration utility versions 9.12.1.x, 9.13.1.x and 9.14.1.x contain hard-coded credentials that could allow an attacker to view Deploy configuration information and modify the account credentials...

9.8CVSS5.3AI score0.00317EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/04/17 7:35 p.m.33 views

CVE-2024-21990 Default Privileged Account Credentials Vulnerability in ONTAP Select Deploy administration utility

ONTAP Select Deploy administration utility versions 9.12.1.x, 9.13.1.x and 9.14.1.x contain hard-coded credentials that could allow an attacker to view Deploy configuration information and modify the account credentials...

5.4CVSS5.6AI score0.00317EPSS
Exploits0References1
Veracode
Veracode
added 2024/04/04 6:31 a.m.16 views

Information Disclosure

yaql is vulnerable to Information Disclosure. The vulnerability is due to improper handling of attribute access in the YAQL library's 'format' function, allowing unauthorized users to access sensitive information, including service account credentials...

6.5CVSS6.6AI score0.0074EPSS
Exploits0References7Affected Software1
CNVD
CNVD
added 2024/02/05 12:0 a.m.30 views

IBM Cloud Pak System Information Disclosure Vulnerability (CNVD-2024-07607)

IBM Cloud Pak System is a full-stack, converged infrastructure with configurable, pre-integrated software from International Business Machines IBM. The product supports deploying, managing and moving application environments across hybrid clouds. An information disclosure vulnerability exists in...

7.5CVSS6.3AI score0.00674EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2024/01/29 12:0 a.m.14 views

WCMultiShipping < 2.3.8 - Subscriber+ Arbitrary Account Credentials Test

Description The plugin does not have proper capability check on its wmschronoposttestcredentialsajax function, allowing any authenticate duets, such as with subscriber, to test account credentials...

7AI score
Exploits0References1Affected Software1
Rows per page
Query Builder