Lucene search
K

391 matches found

RedhatCVE
RedhatCVE
added 2025/05/23 4:6 a.m.6 views

CVE-2023-37057

An issue in JLINK Unionman Technology Co. Ltd Jlink AX1800 v.1.0 allows a remote attacker to execute arbitrary code via the router's authentication mechanism...

9.8CVSS8.2AI score0.00919EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/23 4:0 a.m.6 views

CVE-2023-36347

A broken authentication mechanism in the endpoint excel.php of POS Codekop v2.0 allows unauthenticated attackers to download selling data...

7.5CVSS7.2AI score0.34293EPSS
Exploits1
RedhatCVE
RedhatCVE
added 2025/05/23 1:56 a.m.8 views

CVE-2023-20154

A vulnerability in the external authentication mechanism of Cisco Modeling Labs could allow an unauthenticated, remote attacker to access the web interface with administrative privileges. This vulnerability is due to the improper handling of certain messages that are returned by the associated...

9.1CVSS7AI score0.00895EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 12:28 a.m.9 views

CVE-2022-48300

The WMS module lacks the authentication mechanism in some APIs. Successful exploitation of this vulnerability may affect data confidentiality...

7.5CVSS7.1AI score0.00417EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 12:28 a.m.10 views

CVE-2022-48299

The WMS module lacks the authentication mechanism in some APIs. Successful exploitation of this vulnerability may affect data confidentiality...

7.5CVSS7.1AI score0.00417EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 9:32 p.m.9 views

CVE-2021-21986

The vSphere Client HTML5 contains a vulnerability in a vSphere authentication mechanism for the Virtual SAN Health Check, Site Recovery, vSphere Lifecycle Manager, and VMware Cloud Director Availability plug-ins. A malicious actor with network access to port 443 on vCenter Server may perform...

10CVSS7.2AI score0.12918EPSS
Exploits0References1
CNVD
CNVD
added 2025/05/07 12:0 a.m.7 views

IBM Maximo Asset Management Server-Side Request Forgery Vulnerability

IBM Maximo Asset Management is a comprehensive asset lifecycle and maintenance management solution from International Business Machines IBM. The solution is capable of managing all types of assets, such as facilities, transportation, etc., on a single platform with a single point of control for...

5.4CVSS6.7AI score0.00194EPSS
Exploits0References1
CNVD
CNVD
added 2025/05/07 12:0 a.m.8 views

IBM WebSphere Application Server Server-Side Request Forgery Vulnerability

IBM WebSphere Application Server WAS is an application server product from International Business Machines IBM. The product is a platform for JavaEE and Web services applications and is the foundation of the IBM WebSphere software platform. A server-side request forgery vulnerability exists in IB...

4.1CVSS6.6AI score0.00306EPSS
Exploits0References1
NVD
NVD
added 2025/04/24 10:15 a.m.15 views

CVE-2021-47664

Due to improper authentication mechanism an unauthenticated remote attacker can enumerate valid usernames...

5.3CVSS0.00345EPSS
Exploits0References1
GithubExploit
GithubExploit
added 2025/04/11 10:54 a.m.353 views

Exploit for CVE-2025-2825

It is an exploit module/toolkit targeting CrushedFTP. The tool,...

9.8CVSS9.8AI score0.99947EPSS
Exploits22
OSV
OSV
added 2025/04/03 2:14 p.m.7 views

BIT-JOOMLA-2022-23795 [20220303] - Core - User row are not bound to a authentication mechanism

An issue was discovered in Joomla! 2.5.0 through 3.10.6 & 4.0.0 through 4.1.0. A user row was not bound to a specific authentication mechanism which could under very special circumstances allow an account takeover...

9.8CVSS9.4AI score0.01098EPSS
Exploits0References2
CNVD
CNVD
added 2025/03/27 12:0 a.m.8 views

SAP CRM and SAP S/4HANA server-side request forgery vulnerability (CNVD-2025-07595)

SAP CRM and SAP S/4HANA are both products of SAP, a customer relationship management system, and SAP S/4HANA, an enterprise resource management software based on the SAP HANA in-memory database system. SAP CRM and SAP S/4HANA suffer from a server-side request forgery vulnerability, which stems fr...

3.5CVSS7AI score0.00231EPSS
Exploits0References1
CNVD
CNVD
added 2025/03/19 12:0 a.m.3 views

Dell SmartFabric OS10 Server-Side Request Forgery Vulnerability

Dell SmartFabric OS10 is a Linux-based network switch operating system from Dell Dell. Dell SmartFabric OS10 suffers from a server-side request forgery vulnerability, which stems from the server not implementing an adequate authentication mechanism to confirm the origin of the request, and can be...

6.8CVSS6.5AI score0.00414EPSS
Exploits0References1
CNVD
CNVD
added 2025/02/18 12:0 a.m.9 views

IBM Aspera Shares Server-Side Request Forgery Vulnerability

IBM Aspera Shares is a Web application from International Business Machines IBM. IBM Aspera Shares suffers from a server-side request forgery vulnerability that stems from the server not implementing an adequate authentication mechanism to confirm the origin of a request, which could be exploited...

5.4CVSS6.6AI score0.00207EPSS
Exploits0References1
BDU FSTEC
BDU FSTEC
added 2025/02/10 12:0 a.m.5 views

The vulnerability of the Core component in Oracle VM VirtualBox allows a hacker to gain privileged access to the infrastructure.

The vulnerability of the Core component in Oracle VM VirtualBox is related to deficiencies in the authentication mechanism. Exploiting this vulnerability can allow an attacker to gain privileged access to the infrastructure...

5.5CVSS7.7AI score0.00292EPSS
Exploits0References6Affected Software3
Debian
Debian
added 2025/02/09 11:55 a.m.83 views

[SECURITY] [DLA 4047-1] sssd security update

Debian LTS Advisory DLA-4047-1 [email protected] https://www.debian.org/lts/security/ Guilhem Moulin February 09, 2025 https://wiki.debian.org/LTS Package : sssd Version : 2.4.1-2+deb11u1 CVE ID : CVE-2021-3621 CVE-2023-3758 Debian Bug : 992710 1070369 Vulnerabilities were found in sssd...

9.3CVSS6.7AI score0.02524EPSS
Exploits1
RedhatCVE
RedhatCVE
added 2025/02/05 10:1 a.m.8 views

CVE-2024-3263

YMS VIS Pro is an information system for veterinary and food administration, veterinarians and farm. Due to a combination of improper method for system credentials generation and weak password policy, passwords can be easily guessed and enumerated through brute force attacks. Successful attacks c...

9.8CVSS7.1AI score0.00795EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/02/04 10:33 p.m.5 views

CVE-2024-8901

The AWS ALB Route Directive Adapter For Istio repo https://github.com/awslabs/aws-alb-route-directive-adapter-for-istio/tree/master provides an OIDC authentication mechanism that was integrated into the open source Kubeflow project. The adapter uses JWT for authentication, but lacks proper signer...

7.5CVSS7.8AI score0.00358EPSS
Exploits0References1
Rosalinux
Rosalinux
added 2025/01/27 10:49 a.m.33 views

Advisory ROSA-SA-2025-2584

software: xrdp 0.10.1 OS: ROSA-CHROME packageevrstring: xrdp-0.10.1-2 CVE-ID: CVE-2024-39917 BDU-ID: 2024-10780 CVE-Crit: CRITICAL. CVE-DESC.: A vulnerability in the authentication mechanism of the XRDP remote access tool is related to a flaw in the limitation of authentication attempts governed ...

9.8CVSS9.6AI score0.00602EPSS
Exploits0
NVD
NVD
added 2025/01/17 8:15 p.m.17 views

CVE-2024-13026

A vulnerability exists in Algo Edge up to 2.1.1 - a previously used legacy component of navify® Algorithm Suite. The vulnerability impacts the authentication mechanism of this component and could allow an attacker with adjacent access to the laboratory network and the Algo Edge system to craft...

6.1CVSS0.00124EPSS
Exploits0References1
Rows per page
Query Builder