Lucene search
K

61 matches found

NVD
NVD
added 2025/07/15 5:15 p.m.21 views

CVE-2025-53959

In JetBrains YouTrack before 2025.2.86069, 2024.3.85077, 2025.1.86199 email spoofing via an administrative API was possible...

7.6CVSS0.00264EPSS
Exploits0References1
OSV
OSV
added 2025/07/15 5:15 p.m.2 views

CVE-2025-53959

In JetBrains YouTrack before 2025.2.86069, 2024.3.85077, 2025.1.86199 email spoofing via an administrative API was possible...

7.6CVSS5.8AI score0.00264EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/07/15 4:26 p.m.8 views

CVE-2025-53959

In JetBrains YouTrack before 2025.2.86069, 2024.3.85077, 2025.1.86199 email spoofing via an administrative API was possible...

7.6CVSS7.2AI score0.00264EPSS
Exploits0References1
CVE
CVE
added 2025/07/15 4:26 p.m.27 views

CVE-2025-53959

JetBrains YouTrack is affected by an email spoofing vulnerability via the Administrative API in versions prior to 2025.2.86069, 2024.3.85077, and 2025.1.86199. The root cause is exposed to abuse through the administrative API, enabling spoofed emails under network conditions. Impact is described ...

7.6CVSS7.2AI score0.00264EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2025/07/15 4:26 p.m.21 views

CVE-2025-53959

In JetBrains YouTrack before 2025.2.86069, 2024.3.85077, 2025.1.86199 email spoofing via an administrative API was possible...

7.6CVSS0.00264EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2025/06/24 12:0 a.m.9 views

Sitecore XM/XP/XC Hardcoded Credentials

Sitecore XM, XP and XC version 9.x = 9.3 or version 10.x 10.4.1 rev. 011941 PRE contain a hardcoded user account. Unauthenticated and remote attackers can use this account to access administrative API over HTTP. No source data...

8.8CVSS7.4AI score0.39961EPSS
Exploits8References5
OSV
OSV
added 2025/06/17 7:15 p.m.2 views

CVE-2025-34509

Sitecore Experience Manager XM and Experience Platform XP versions 10.1 to 10.1.4 rev. 011974 PRE, all versions of 10.2, 10.3 to 10.3.3 rev. 011967 PRE, and 10.4 to 10.4.1 rev. 011941 PRE contain a hardcoded user account. Unauthenticated and remote attackers can use this account to access...

7.5CVSS5.8AI score0.39961EPSS
Exploits6References2
NVD
NVD
added 2025/06/17 7:15 p.m.11 views

CVE-2025-34509

Sitecore Experience Manager XM and Experience Platform XP versions 10.1 to 10.1.4 rev. 011974 PRE, all versions of 10.2, 10.3 to 10.3.3 rev. 011967 PRE, and 10.4 to 10.4.1 rev. 011941 PRE contain a hardcoded user account. Unauthenticated and remote attackers can use this account to access...

7.5CVSS0.39961EPSS
Exploits6References2
CVE
CVE
added 2025/06/17 6:20 p.m.96 views

CVE-2025-34509

Sitecore XM/XP affected: Sitecore Experience Manager (XM) and Experience Platform (XP) versions 10.1 to 10.1.4 rev. 011974 PRE, all 10.2, 10.3 to 10.3.3 rev. 011967 PRE, and 10.4 to 10.4.1 rev. 011941 PRE; root cause is a hardcoded user account that allows unauthenticated, remote access to the ad...

7.5CVSS8.2AI score0.39961EPSS
In wildExploits6References2Affected Software4
Vulnrichment
Vulnrichment
added 2025/06/17 6:20 p.m.9 views

CVE-2025-34509 Sitecore XM and XP Hardcoded Credentials

Sitecore Experience Manager XM and Experience Platform XP versions 10.1 to 10.1.4 rev. 011974 PRE, all versions of 10.2, 10.3 to 10.3.3 rev. 011967 PRE, and 10.4 to 10.4.1 rev. 011941 PRE contain a hardcoded user account. Unauthenticated and remote attackers can use this account to access...

7.5CVSS7.3AI score0.39961EPSS
Exploits6References2
Cvelist
Cvelist
added 2025/06/17 6:20 p.m.34 views

CVE-2025-34509 Sitecore XM and XP Hardcoded Credentials

Sitecore Experience Manager XM and Experience Platform XP versions 10.1 to 10.1.4 rev. 011974 PRE, all versions of 10.2, 10.3 to 10.3.3 rev. 011967 PRE, and 10.4 to 10.4.1 rev. 011941 PRE contain a hardcoded user account. Unauthenticated and remote attackers can use this account to access...

7.5CVSS0.39961EPSS
Exploits6References2
Positive Technologies
Positive Technologies
added 2025/06/17 12:0 a.m.6 views

PT-2025-25745

Name of the Vulnerable Software and Affected Versions Sitecore Experience Manager XM and Experience Platform XP versions 10.1 through 10.1.4 rev. 011974 PRE Sitecore Experience Manager XM and Experience Platform XP versions 10.2 Sitecore Experience Manager XM and Experience Platform XP versions...

7.5CVSS10AI score0.39961EPSS
Exploits6References18
RedhatCVE
RedhatCVE
added 2025/06/09 12:1 a.m.16 views

CVE-2024-55585

In the moPS App through 1.8.618, all users can access administrative API endpoints without additional authentication, resulting in unrestricted read and write access, as demonstrated by /api/v1/users/resetpassword...

9CVSS7.2AI score0.00352EPSS
Exploits0References1
NVD
NVD
added 2025/06/07 7:15 p.m.21 views

CVE-2024-55585

In the moPS App through 1.8.618, all users can access administrative API endpoints without additional authentication, resulting in unrestricted read and write access, as demonstrated by /api/v1/users/resetpassword...

9CVSS0.00352EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2025/06/07 12:0 a.m.4 views

PT-2025-24348 · Mops App +1 · Mops App +1

Name of the Vulnerable Software and Affected Versions: moPS App versions 1.8.618 and earlier moPS App Engine version 1.8.618 Description: The issue allows all users to access administrative API endpoints, such as "/api/admin", without requiring additional authentication. This results in...

9CVSS6.3AI score0.00352EPSS
Exploits0References12
Veracode
Veracode
added 2024/05/15 7:54 a.m.17 views

Inproper Authorization

Ant Media Server Community Edition is vulnerable to Improper Authorization. The vulnerability is due to improper HTTP header based authorization which allows unauthorized users to potentially access non-administrative API calls reserved for authorized users...

5.4CVSS7AI score0.00479EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2024/05/13 8:19 a.m.32 views

CVE-2024-3462 Authorization bypass in Ant Media Server

Ant Media Server Community Edition in a default configuration is vulnerable to an improper HTTP header based authorization, leading to a possible use of non-administrative API calls reserved only for authorized users. All versions up to 2.9.0 tested and possibly newer ones are believed to be...

6.8AI score0.00479EPSS
Exploits0References3
CVE
CVE
added 2024/05/13 8:19 a.m.81 views

CVE-2024-3462

Ant Media Server Community Edition is vulnerable to improper HTTP header based authorization, allowing unauthorized users to access non-administrative API calls reserved for authorized users. Affected versions are prior to 2.9.0 (tested); vendor status on a patch is not confirmed. Multiple source...

5.4CVSS6.7AI score0.00479EPSS
Exploits0References3
NVD
NVD
added 2024/03/29 4:15 p.m.9 views

CVE-2023-49231

An authentication bypass vulnerability was found in Stilog Visual Planning 8. It allows an unauthenticated attacker to receive an administrative API token...

9.8CVSS6.9AI score0.42898EPSS
Exploits1References4
Cvelist
Cvelist
added 2024/03/29 12:0 a.m.18 views

CVE-2023-49231

An authentication bypass vulnerability was found in Stilog Visual Planning 8. It allows an unauthenticated attacker to receive an administrative API token...

7.2AI score0.42898EPSS
Exploits1References4
Rows per page
Query Builder