Lucene search
K

154 matches found

EUVD
EUVD
added 2025/10/03 8:7 p.m.2 views

EUVD-2023-45870

Malicious code in bioql PyPI...

5.3CVSS5.6AI score0.00449EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2024-50423

Malicious code in bioql PyPI...

9.4CVSS9.3AI score0.00504EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.2 views

EUVD-2023-44757

Malicious code in bioql PyPI...

9.8CVSS9.2AI score0.0101EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2025-6853

Malicious code in bioql PyPI...

8.4CVSS8.4AI score0.00297EPSS
Exploits1References2
Gitee
Gitee
added 2025/09/06 5:53 a.m.191 views

Exploit for CVE-2015-4335

This is a PoC exploit for CVE-2015-4335, a Redis Lua sandbox escape and arbitrary code execution vulnerability. The tool, named redischeck, checks a Redis instance for security vulnerabilities. It performs three checks: 1 if the AUTH command is set, 2 if the CONFIG command has been renamed, and 3...

10CVSS8.4AI score0.09636EPSS
Exploits2
ATTACKERKB
ATTACKERKB
added 2025/07/08 10:33 a.m.2 views

CVE-2025-20983

Out-of-bounds write in checking auth secret in KnoxVault trustlet prior to SMR Jul-2025 Release 1 allows local privileged attackers to write out-of-bounds memory...

6.7CVSS5.8AI score0.00127EPSS
Exploits0References2
NVD
NVD
added 2025/05/28 2:15 a.m.13 views

CVE-2025-25026

IBM Security Guardium 12.0 could allow an authenticated user to obtain sensitive information due to an incorrect authentication check...

4.3CVSS0.00249EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/05/28 1:11 a.m.6 views

CVE-2025-25026 IBM Security Guardium information disclosure

IBM Security Guardium 12.0 could allow an authenticated user to obtain sensitive information due to an incorrect authentication check...

4.3CVSS6.2AI score0.00249EPSS
Exploits0References1
CVE
CVE
added 2025/05/28 1:11 a.m.66 views

CVE-2025-25026

CVE-2025-25026 affects IBM Guardium Data Protection (IBM Guardium Data Protection 12.0; also listed for 12.1 in the bulletin). Root cause: an incorrect authentication check allows an authenticated user to obtain sensitive information (information disclosure). CVSS: 4.3 (Med) with Network attack v...

4.3CVSS4.4AI score0.00249EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2025/05/27 12:0 a.m.6 views

PT-2025-23046 · Ibm · Ibm Security Guardium

Name of the Vulnerable Software and Affected Versions: IBM Security Guardium version 12.0 Description: The issue allows an authenticated user to obtain sensitive information due to an incorrect authentication check. Recommendations: For IBM Security Guardium version 12.0, consider restricting...

4.3CVSS5.8AI score0.00249EPSS
Exploits0References8
RedhatCVE
RedhatCVE
added 2025/05/22 7:50 a.m.6 views

CVE-2019-10668

An issue was discovered in LibreNMS through 1.47. A number of scripts import the Authentication libraries, but do not enforce an actual authentication check. Several of these scripts disclose information or expose functions that are of a sensitive nature and are not expected to be publicly...

9.1CVSS6.7AI score0.01603EPSS
Exploits1References1
OSV
OSV
added 2025/05/14 12:31 p.m.7 views

GHSA-RPG2-JVHP-H354 Yggdrasil Vulnerable to Local Privilege Escalation

A flaw was found in Yggdrasil, which acts as a system broker, allowing the processes to communicate to other children's "worker" processes through the DBus component. Yggdrasil creates a DBus method to dispatch messages to workers. However, it misses authentication and authorization checks,...

7.8CVSS6.6AI score0.00152EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2025/04/07 12:0 a.m.7 views

PT-2025-15232

Name of the Vulnerable Software and Affected Versions Langflow versions prior to 1.3.0 Description Langflow is susceptible to unauthenticated remote code execution RCE due to missing authentication in the /api/v1/validate/code endpoint. A remote attacker can send crafted HTTP requests containing...

10CVSS8.1AI score0.99972EPSS
Exploits33References425
Citrix
Citrix
added 2025/04/03 12:0 a.m.12 views

Citrix Application Probe fails with "Enumeration Failed"

ProbeAgent.txt on probe machine will show logging similar to the following: 2023-12-11 11:00:21,068 5 INFO - Starting probe job. DesktopId: Win10 Azure Desktop, Name: Win10 Desktop, Config Id: 1, Browser Name: Win10 Azure Desktop 2023-12-11 11:00:21,068 5 INFO - Running reachability check...

7.4AI score
Exploits0
CVE
CVE
added 2025/03/11 12:32 a.m.57 views

CVE-2025-23194

Summary (CVE-2025-23194) : SAP NetWeaver Enterprise Portal OBN has a missing authentication check for a specific configuration setting. This allows a non-authenticated user to alter the setting to an undesired value, resulting in a low integrity impact. No confidentiality or availability impact i...

5.3CVSS7.4AI score0.00281EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/03/11 12:32 a.m.6 views

CVE-2025-23194 Missing Authentication check in SAP NetWeaver Enterprise Portal (OBN component)

SAP NetWeaver Enterprise Portal OBN does not perform proper authentication check for a particular configuration setting. As result, a non-authenticated user can set it to an undesired value causing low impact on integrity. There is no impact on confidentiality or availability of the application...

5.3CVSS7.4AI score0.00281EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/02/05 2:45 p.m.10 views

CVE-2020-6287

SAP NetWeaver AS JAVA LM Configuration Wizard, versions - 7.30, 7.31, 7.40, 7.50, does not perform an authentication check which allows an attacker without prior authentication to execute configuration tasks to perform critical actions against the SAP Java system, including the ability to create ...

10CVSS7.7AI score0.94719EPSS
Exploits6References1
RedhatCVE
RedhatCVE
added 2025/02/05 1:39 p.m.23 views

CVE-2020-26829

SAP NetWeaver AS JAVA P2P Cluster Communication, versions - 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, allows arbitrary connections from processes because of missing authentication check, that are outside the cluster and even outside the network segment dedicated for the internal cluster communication. ...

10CVSS7.3AI score0.04708EPSS
Exploits1
RedhatCVE
RedhatCVE
added 2025/02/05 4:21 a.m.14 views

CVE-2024-9821

The Bot for Telegram on WooCommerce plugin for WordPress is vulnerable to sensitive information disclosure due to missing authorization checks on the 'stmwpcftogetsettings' AJAX action in all versions up to, and including, 1.2.7. This makes it possible for authenticated attackers, with...

8.8CVSS5.8AI score0.01159EPSS
Exploits1References1
Rapid7 Blog
Rapid7 Blog
added 2024/10/23 4:21 p.m.31 views

Fortinet FortiManager CVE-2024-47575 Exploited in Zero-Day Attacks

On Wednesday, October 23, 2024, security company Fortinet published an advisory on CVE-2024-47575, a critical zero-day vulnerability affecting their FortiManager network management solution. The vulnerability arises from a missing authentication for a critical function CWE-306 in the FortiManager...

9.8CVSS10AI score0.94761EPSS
Exploits7
Rows per page
Query Builder