Lucene search
K

42 matches found

Cvelist
Cvelist
added 2025/09/09 3:49 p.m.8 views

CVE-2025-55142

Missing authorization in Ivanti Connect Secure before 22.7R2.9 or 22.8R2, Ivanti Policy Secure before 22.7R1.6, Ivanti ZTA Gateway before 2.8R2.3-723 and Ivanti Neurons for Secure Access before 22.8R1.4 Fix deployed on 02-Aug-2025 allows a remote authenticated attacker with read-only admin...

8.8CVSS0.00855EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/09/09 3:49 p.m.3 views

CVE-2025-55142

Missing authorization in Ivanti Connect Secure before 22.7R2.9 or 22.8R2, Ivanti Policy Secure before 22.7R1.6, Ivanti ZTA Gateway before 2.8R2.3-723 and Ivanti Neurons for Secure Access before 22.8R1.4 Fix deployed on 02-Aug-2025 allows a remote authenticated attacker with read-only admin...

8.8CVSS6.5AI score0.00855EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/09/09 3:45 p.m.2 views

CVE-2025-55141

Missing authorization in Ivanti Connect Secure before 22.7R2.9 or 22.8R2, Ivanti Policy Secure before 22.7R1.6, Ivanti ZTA Gateway before 2.8R2.3-723 and Ivanti Neurons for Secure Access before 22.8R1.4 Fix deployed on 02-Aug-2025 allows a remote authenticated attacker with read-only admin...

8.8CVSS6.5AI score0.00855EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/09/09 3:45 p.m.9 views

CVE-2025-55141

Missing authorization in Ivanti Connect Secure before 22.7R2.9 or 22.8R2, Ivanti Policy Secure before 22.7R1.6, Ivanti ZTA Gateway before 2.8R2.3-723 and Ivanti Neurons for Secure Access before 22.8R1.4 Fix deployed on 02-Aug-2025 allows a remote authenticated attacker with read-only admin...

8.8CVSS0.00855EPSS
Exploits0References1
CVE
CVE
added 2025/09/09 3:45 p.m.21 views

CVE-2025-55141

The CVE-2025-55141 issue affects Ivanti Connect Secure (before 22.7R2.9 or 22.8R2), Ivanti Policy Secure (before 22.7R1.6), Ivanti ZTA Gateway (before 2.8R2.3-723), and Ivanti Neurons for Secure Access (before 22.8R1.4). Root cause: missing authorization that allows a remote authenticated attacke...

8.8CVSS6.5AI score0.00855EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2025/09/09 12:0 a.m.4 views

Ivanti多款产品 安全漏洞

Ivanti Connect Secure ICS and others are products of Ivanti Corporation, U.S.A. Ivanti Connect Secure is a secure remote network connection tool.Ivanti Policy Secure IPS is a network access control NAC solution.Ivanti Neurons is Ivanti Neurons is a groundbreaking platform that simplifies and...

8.8CVSS6.4AI score0.00855EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/09/09 12:0 a.m.8 views

PT-2025-36747

Name of the Vulnerable Software and Affected Versions: Ivanti Connect Secure versions prior to 22.7R2.9 Ivanti Policy Secure versions prior to 22.7R1.6 Ivanti ZTA Gateway versions prior to 2.8R2.3-723 Ivanti Neurons for Secure Access versions prior to 22.8R1.4 Description: A missing authorization...

8.8CVSS6.4AI score0.00855EPSS
Exploits0References6
Vulnrichment
Vulnrichment
added 2025/04/16 12:44 p.m.13 views

CVE-2025-39545 WordPress WordPress REST API Authentication <= 3.6.3 - Settings Change Vulnerability

Missing Authorization vulnerability in miniOrange WordPress REST API Authentication allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WordPress REST API Authentication: from n/a through 3.6.3...

5.4CVSS7.2AI score0.0047EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2024/09/03 9:23 a.m.9 views

golang: crypto/x509: Verify panics on certificates with an unknown public key algorithm

A flaw was found in Go's crypto/x509 standard library package. Verifying a certificate chain that contains a certificate with an unknown public key algorithm will cause a Certificate.Verify to panic. This issue affects all crypto/tls clients and servers that set Config.ClientAuth to...

5.9CVSS7.3AI score0.00667EPSS
Exploits0References11
RedHat Linux
RedHat Linux
added 2024/05/22 11:47 a.m.7 views

golang: crypto/x509: Verify panics on certificates with an unknown public key algorithm

A flaw was found in Go's crypto/x509 standard library package. Verifying a certificate chain that contains a certificate with an unknown public key algorithm will cause a Certificate.Verify to panic. This issue affects all crypto/tls clients and servers that set Config.ClientAuth to...

5.9CVSS7.3AI score0.00667EPSS
Exploits0References11
BDU FSTEC
BDU FSTEC
added 2024/04/03 12:0 a.m.7 views

The vulnerability of cloud software for creating and using Nextcloud Server’s data storage solution is related to improper access control, allowing attackers to circumvent existing access restrictions policies.

The vulnerability of cloud-based software for creating and using Nextcloud Server storage involves changes made by administrators to the authentication settings of external storage configured by users. Exploiting this vulnerability allows a malicious actor to circumvent existing access control...

3.3CVSS5.3AI score0.00671EPSS
Exploits0References4Affected Software2
Cvelist
Cvelist
added 2023/05/21 12:0 a.m.22 views

CVE-2023-33254

There is an LDAP bind credentials exposure on KACE Systems Deployment and Remote Site appliances 9.0.146. The captured credentials may provide a higher privilege level on the Active Directory domain. To exploit this, an authenticated attacker edits the user-authentication settings to specify an...

6.7AI score0.03211EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2023/01/20 12:0 a.m.4 views

PT-2023-9106 · D Link · D-Link Dap-2622

Name of the Vulnerable Software and Affected Versions: D-Link DAP-2622 affected versions not specified Description: The issue is related to the lack of authentication for a critical function in the DDP service of the D-Link DAP-2622 wireless access point's firmware. This allows a remote attacker ...

5.4CVSS7AI score0.00335EPSS
Exploits0References5
OSV
OSV
added 2022/09/06 6:15 p.m.7 views

CVE-2022-31790

WatchGuard Firebox and XTM appliances allow an unauthenticated remote attacker to retrieve sensitive authentication server settings by sending a malicious request to exposed authentication endpoints. This is fixed in Fireware OS 12.8.1, 12.5.10, and 12.1.4...

7.5CVSS5.8AI score0.01533EPSS
Exploits1References3
ATTACKERKB
ATTACKERKB
added 2022/09/06 6:15 p.m.5 views

CVE-2022-31790

WatchGuard Firebox and XTM appliances allow an unauthenticated remote attacker to retrieve sensitive authentication server settings by sending a malicious request to exposed authentication endpoints. This is fixed in Fireware OS 12.8.1, 12.5.10, and 12.1.4...

7.5CVSS5.5AI score0.01533EPSS
Exploits1References4
CNNVD
CNNVD
added 2022/02/22 12:0 a.m.4 views

Envoy 信任管理问题漏洞

Envoy is an open source distributed proxy server. Envoy is vulnerable to a trust management issue, which stems from the fact that Envoy's tls allows certain certificate authentication settings to be reused after they have been changed from their default configuration. No detailed vulnerability...

9.8CVSS5.6AI score0.01061EPSS
Exploits0References7
Akamai Blog
Akamai Blog
added 2021/06/21 2:0 p.m.54 views

New Admin Portal for Akamai Enterprise Application Access

The definition of a user has evolved to comprise much more than an employee, making secure access to the right application, for the right user, at the right time difficult and complex. Akamai Enterprise Application Access EAA is a unique cloud architecture that closes all inbound firewall ports,...

0.1AI score
Exploits0
BDU FSTEC
BDU FSTEC
added 2020/02/27 12:0 a.m.7 views

The vulnerability of the Dovecot mail server, related to errors in SASL authentication settings, allows attackers to cause service interruptions.

The vulnerability of the Dovecot mail server is related to errors in setting up SASL authentication. Exploiting this vulnerability can allow a malicious actor to cause service interruptions...

7.8CVSS6.6AI score0.0312EPSS
Exploits0References7Affected Software3
NVD
NVD
added 2020/01/06 8:15 a.m.25 views

CVE-2019-15999

A vulnerability in the application environment of Cisco Data Center Network Manager DCNM could allow an authenticated, remote attacker to gain unauthorized access to the JBoss Enterprise Application Platform JBoss EAP on an affected device. The vulnerability is due to an incorrect configuration o...

6.3CVSS6.4AI score0.03647EPSS
Exploits4References2
Vulnrichment
Vulnrichment
added 2020/01/06 7:45 a.m.10 views

CVE-2019-15999 Cisco Data Center Network Manager JBoss EAP Unauthorized Access Vulnerability

A vulnerability in the application environment of Cisco Data Center Network Manager DCNM could allow an authenticated, remote attacker to gain unauthorized access to the JBoss Enterprise Application Platform JBoss EAP on an affected device. The vulnerability is due to an incorrect configuration o...

5.4CVSS7.1AI score0.03647EPSS
Exploits4References2
Rows per page
Query Builder