Lucene search
K

70 matches found

Cvelist
Cvelist
added 2026/02/03 12:0 a.m.35 views

CVE-2025-69970

FUXA v1.2.7 contains an insecure default configuration vulnerability in server/settings.default.js. The 'secureEnabled' flag is commented out by default, causing the application to initialize with authentication disabled. This allows unauthenticated remote attackers to access sensitive API...

0.00463EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/02/03 12:0 a.m.7 views

CVE-2025-69970

FUXA v1.2.7 contains an insecure default configuration vulnerability in server/settings.default.js. The 'secureEnabled' flag is commented out by default, causing the application to initialize with authentication disabled. This allows unauthenticated remote attackers to access sensitive API...

5.5AI score0.00463EPSS
Exploits0References2
NCSC
NCSC
added 2025/11/28 9:53 a.m.39 views

Vulnerabilities fixed in Mattermost

Mattermost has fixed vulnerabilities in versions 11.0.x through 11.0.3, 10.12.x through 10.12.1, 10.11.x through 10.11.4 and 10.5.x through 10.5.12. The vulnerabilities allow an authenticated attacker to take over an account via a carefully crafted email address during the authentication process...

9.9CVSS7AI score0.0031EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2018-2702

Malware in sbrugna...

10CVSS9.5AI score0.10912EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2019-7945

Malware in sbrugna...

8.8CVSS8.8AI score0.00811EPSS
Exploits1References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2025-11854

Malicious code in bioql PyPI...

9.8CVSS6.6AI score0.00714EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2025-27765

Malicious code in bioql PyPI...

9.4CVSS6.2AI score0.00249EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/09/18 11:38 a.m.10 views

CVE-2024-25011 Ericsson Catalog Manager and Ericsson Order Care - Exposure of Sensitive Information Vulnerability

Ericsson Catalog Manager and Ericsson Order Care APIs do not have authentication enabled by default. Authentication checks can be configured to remediate the information disclosure issue...

5.3CVSS0.00258EPSS
Exploits0References1
CVE
CVE
added 2025/07/03 7:47 p.m.50 views

CVE-2025-34089

Remote for Mac (Aexol Studio) is affected by an unauthenticated RCE in versions up to 2025.7 when authentication is disabled. The /api/executeScript endpoint is exposed without access control, allowing an unauthenticated attacker to inject AppleScript payloads via the X-Script header and trigger ...

9.3CVSS8.1AI score0.01389EPSS
Exploits1References5
RedhatCVE
RedhatCVE
added 2025/05/22 10:2 a.m.10 views

CVE-2019-17633

For Eclipse Che versions 6.16 to 7.3.0, with both authentication and TLS disabled, visiting a malicious web site could trigger the start of an arbitrary Che workspace. Che with no authentication and no TLS is not usually deployed on a public network but is often used for local installations e.g. ...

8.8CVSS6.8AI score0.00811EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/04/25 4:58 p.m.19 views

CVE-2025-1863

Insecure default settings have been found in recorder products provided by Yokogawa Electric Corporation. The default setting of the authentication function is disabled on the affected products. Therefore, when connected to a network with default settings, anyone can access all functions related ...

9.8CVSS7.5AI score0.00714EPSS
Exploits0References3
CVE
CVE
added 2025/04/18 5:55 a.m.94 views

CVE-2025-1863

CVE-2025-1863 affects Yokogawa recorder products with insecure default authentication settings. The default authentication is disabled, enabling network-accessible access to all settings/operations and allowing manipulation of measured values and configurations. Affected products and versions inc...

9.8CVSS9.8AI score0.00714EPSS
Exploits0References1
CNNVD
CNNVD
added 2024/06/14 12:0 a.m.5 views

Toshiba e-STUDIO Security Vulnerability

Toshiba e-STUDIO is a series of high-end office multifunction printers from Toshiba Japan. A security vulnerability exists in Toshiba e-STUDIO that originates from an administrator authentication process that can be bypassed to access multifunction device system information and web pages for...

8.8CVSS6.7AI score0.00705EPSS
Exploits0References4
CNNVD
CNNVD
added 2024/06/14 12:0 a.m.4 views

Toshiba e-STUDIO Security Vulnerability

Toshiba e-STUDIO is a series of high-end office multifunction printers MFPs from Toshiba, Japan. A security vulnerability exists in Toshiba e-STUDIO, which originates from the fact that if user authentication is disabled, a malicious file can be executed by enabling the service from the MFP's web...

7.8CVSS6.9AI score0.00322EPSS
Exploits0References4
CNNVD
CNNVD
added 2024/06/14 12:0 a.m.23 views

Toshiba e-STUDIO Security Vulnerability

Toshiba e-STUDIO is a series of high-end office multifunction printers from Toshiba, Japan. A security vulnerability exists in Toshiba e-STUDIO that originates from a directory traversal vulnerability that could overwrite or place new files on the multifunction device if the multifunction device...

8.8CVSS7AI score0.0074EPSS
Exploits0References4
OSV
OSV
added 2024/04/22 3:51 p.m.31 views

GHSA-QWHW-HH9J-54F5 Ant Media Server vulnerable to a local privilege escalation

Impact We have identified a local privilege escalation vulnerability in Ant Media Server which allows any unprivileged operating system user account to escalate privileges to the root user account on the system. This vulnerability arises from Ant Media Server running with Java Management Extensio...

7.8CVSS8.2AI score0.00244EPSS
Exploits0References4
OSV
OSV
added 2023/11/21 12:15 a.m.3 views

CVE-2023-40151

When user authentication is not enabled the shell can execute commands with the highest privileges. Red Lion SixTRAK and VersaTRAK Series RTUs with authenticated users enabled UDR-A any Sixnet UDR message will meet an authentication challenge over UDP/IP. When the same message comes over TCP/IP t...

9.8CVSS5.8AI score0.01149EPSS
Exploits0References2
OSV
OSV
added 2023/08/23 10:15 p.m.4 views

CVE-2023-3453

ETIC Telecom RAS versions 4.7.0 and prior the web management portal authentication disabled by default. This could allow an attacker with adjacent network access to alter the configuration of the device or cause a denial-of-service condition...

8.1CVSS5.8AI score0.0029EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2023/08/23 12:0 a.m.12 views

PT-2023-24911 · Etic Telecom · Etic Telecom Ras

Name of the Vulnerable Software and Affected Versions: ETIC Telecom RAS versions 4.7.0 and prior Description: The web management portal authentication is disabled by default in the affected versions. This could allow an attacker with adjacent network access to alter the configuration of the devic...

8.1CVSS8AI score0.0029EPSS
Exploits0References4
Veracode
Veracode
added 2022/09/02 5:44 a.m.7 views

Remote Code Execution (RCE)

Apache Spark 'master' host is vulnerable to remote code execution. The vulnerability exists due to a lack of sanitization of user request to the authentication-disabled 'master' host allowing an attacker to execute code via a maliciously crafted request...

9.8CVSS7.5AI score0.08721EPSS
Exploits0References10Affected Software2
Rows per page
Query Builder