Lucene search
K

7 matches found

ATTACKERKB
ATTACKERKB
added 2026/05/22 3:24 p.m.9 views

CVE-2026-9245

Improper input validation in the external authentication provider flow in Devolutions Server allows an unauthenticated remote attacker to redirect victims to an attacker-controlled domain via a crafted login link. This issue affects : Devolutions Server 2026.1.6.0 through 2026.1.16.0 Devolutions...

5CVSS5.8AI score0.00169EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2026/04/30 3:6 p.m.30 views

CVE-2026-4670

MOVEit Automation (Progress Software) is affected by two CVEs. CVE-2026-4670 is an authentication bypass due to a primary weakness impacting MOVEit Automation releases older than 2025.0.9, 2024.1.x, and 2024.0.x series; CVSSv3.1 is 9.8 (Network, required none, user interaction none, confidentiali...

9.8CVSS5.2AI score0.05633EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2026/04/30 3:6 p.m.8 views

CVE-2026-4670 Improper Authentication vulnerability in Progress MOVEit Automation

Authentication bypass by primary weakness vulnerability in Progress Software MOVEit Automation allows Authentication Bypass. This issue affects MOVEit Automation: from 2025.0.0 before 2025.0.9, from 2024.0.0 before 2024.1.8, versions prior to 2024.0.0...

9.8CVSS5.2AI score0.05633EPSS
Exploits0References1
OSV
OSV
added 2025/12/18 3:15 p.m.5 views

CVE-2025-64463

There is an out of bounds read vulnerability in NI LabVIEW in LVResource::DetachResource when parsing a corrupted VI file. This vulnerability may result in information disclosure or arbitrary code execution. Successful exploitation requires an attacker to get a user to open a specially crafted VI...

8.5CVSS6AI score0.00135EPSS
Exploits0References1
CVE
CVE
added 2025/12/18 2:21 p.m.24 views

CVE-2025-64461

NI LabVIEW is affected by an out-of-bounds write in mgocre_SH_25_3!RevBL() when opening a corrupted VI file, impacting 2025 Q3 (25.3) and earlier. Exploitation requires a user to open a crafted VI and can lead to information disclosure or arbitrary code execution. A patch/update to a version late...

8.5CVSS7AI score0.00135EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2025/10/29 12:0 a.m.3 views

PT-2025-44363

Name of the Vulnerable Software and Affected Versions versions prior to 2025-54548 Description Restricted users could view sensitive portions of the config database via a debug API. Specifically, user password hashes were exposed. The API endpoint used for this exposure is a debug API...

4.3CVSS6.4AI score0.00205EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2025/08/21 12:0 a.m.6 views

PT-2025-34298 · Liferay · Liferay Dxp

Name of the Vulnerable Software and Affected Versions: Liferay DXP versions 2025.Q2.0 through 2025.Q2.3 Description: A server-side request forgery SSRF vulnerability exists due to insecure domain validation on analytics.cloud.domain.allowed. This allows an attacker to perform requests by changing...

4.8CVSS6.5AI score0.00199EPSS
Exploits0References5
Rows per page
Query Builder