Lucene search
K

405 matches found

BDU FSTEC
BDU FSTEC
added 2025/01/13 12:0 a.m.22 views

The vulnerability of the Mozilla Firefox browser and the Thunderbird email client, related to authentication procedures that allow attackers to carry out spear-phishing attacks

The vulnerability of Mozilla Firefox browser and Thunderbird email client is related to deficiencies in authentication procedures, resulting from incorrect display of the domain name in the address bar. Exploiting this vulnerability allows attackers to perform spear-phishing attacks remotely...

5CVSS5.5AI score0.00401EPSS
Exploits0References15Affected Software4
BDU FSTEC
BDU FSTEC
added 2025/01/13 12:0 a.m.10 views

The vulnerability of the SSL VPN remote access technology implemented on SonicOS operating systems allows a perpetrator to gain unauthorized access to protected information.

The vulnerability of the SSL VPN remote access technology implemented on SonicOS systems is related to deficiencies in the authentication process. Exploiting this vulnerability could allow a malicious actor, operating remotely, to gain unauthorized access to protected information...

8.5CVSS8.1AI score0.95132EPSS
Exploits0References5Affected Software1
Positive Technologies
Positive Technologies
added 2025/01/10 12:0 a.m.7 views

PT-2025-4795 · Hewlett Packard · Hpe Aruba Networking Fabric Composer

Name of the Vulnerable Software and Affected Versions: HPE Aruba Networking Fabric Composer affected versions not specified Description: A privilege escalation issue exists in the web-based management interface of HPE Aruba Networking Fabric Composer. This could allow an authenticated low-privile...

6.8CVSS7.3AI score0.0036EPSS
Exploits0References7
BDU FSTEC
BDU FSTEC
added 2024/12/18 12:0 a.m.5 views

The vulnerability of the wpforms_is_admin_page() function in the WPForms plugin of the WordPress content management system allows a hacker to gain unauthorized access to read and modify data.

The vulnerability of the wpformsisadminpage function in the WPForms plugin related to deficiencies in the authentication process. Exploiting this vulnerability could allow an attacker to gain unauthorized access to read and modify data...

8.5CVSS8.1AI score0.00738EPSS
Exploits0References8Affected Software1
BDU FSTEC
BDU FSTEC
added 2024/12/12 12:0 a.m.7 views

The vulnerability of Active Directory Certificate Services on Windows operating systems allows attackers to increase their privileges.

The vulnerability of Active Directory Certificate Services on Windows operating systems is related to deficiencies in the authentication process. Exploiting this vulnerability can allow attackers to gain increased privileges...

7.8CVSS7.6AI score0.01965EPSS
Exploits1References4
BDU FSTEC
BDU FSTEC
added 2024/12/12 12:0 a.m.7 views

The vulnerability of the Drupal CMS system’s kernel allows attackers to enhance their privileges.

The vulnerability of the Drupal CMS system’s kernel is related to deficiencies in authentication procedures. Exploiting this vulnerability can allow attackers to enhance their privileges remotely...

8.5CVSS5.4AI score0.00408EPSS
Exploits0References7Affected Software1
CNNVD
CNNVD
added 2024/12/10 12:0 a.m.3 views

MSA Safety FieldServer 安全漏洞

MSA Safety FieldServer is a building automation solution from MSA Safety USA. A security vulnerability exists in MSA Safety FieldServer versions prior to 7.0.0 that stems from the FieldServer gateway's authentication on all devices being implemented with an insecure shared key that is static acro...

9.8CVSS6.9AI score0.00473EPSS
Exploits0References2
BDU FSTEC
BDU FSTEC
added 2024/12/05 12:0 a.m.10 views

The vulnerability of the authentication mechanism of the XRDP remote access tool, which allows a intruder to gain unauthorized access

The vulnerability of the XRDP remote access authentication mechanism is related to deficiencies in the retry limit for authentication attempts, which is controlled by the MaxLoginRetry parameter set in the configuration file /etc/xrdp/sesman.ini. Exploiting this vulnerability allows a malicious...

10CVSS7.1AI score0.00602EPSS
Exploits0References10Affected Software5
CNNVD
CNNVD
added 2024/12/02 12:0 a.m.5 views

Snap One OvrC 安全漏洞

Snap One OvrC is a free cloud-based remote management and monitoring platform from US-based Snap One. A security vulnerability exists in Snap One OvrC versions prior to 7.3 that stems from the use of a MAC address as an identifier to provide information upon request, which allows an attacker to...

8.7CVSS6.7AI score0.0048EPSS
Exploits0References1
BDU FSTEC
BDU FSTEC
added 2024/11/26 12:0 a.m.13 views

The vulnerability of the M-Files Server platform for automating document processing in Windows operating systems stems from deficiencies in the authentication process. This allows attackers to bypass the authentication process and gain increased privileges.

The vulnerability of the M-Files Server platform for automating document processing in Windows operating systems is related to deficiencies in the authentication process. Exploiting this vulnerability allows a malicious actor to bypass the authentication process and gain increased privileges...

10CVSS5.5AI score0.00597EPSS
Exploits0References4Affected Software1
BDU FSTEC
BDU FSTEC
added 2024/11/19 12:0 a.m.6 views

The vulnerability in the web interface of the Cisco Identity Services Engine (ISE) management platform allows a perpetrator to circumvent security restrictions and increase their privileges.

The vulnerability of the Cisco Identity Services Engine ISE’s web management interface is related to deficiencies in the authentication process. Exploiting this vulnerability allows a malicious actor to bypass security restrictions and enhance their privileges by sending specially crafted HTTP...

6.8CVSS5.5AI score0.00473EPSS
Exploits0References2Affected Software1
BDU FSTEC
BDU FSTEC
added 2024/10/28 12:0 a.m.7 views

The vulnerability of the User Interface component of the application for interacting with customers in Oracle Quoting, a system for automating business operations in the Oracle E-Business Suite. This vulnerability allows an attacker to gain unauthorized access to read, add, modify, or delete data.

The vulnerability of the User Interface component of the application for interacting with customers in Oracle Quoting, a system for automating business operations in the Oracle E-Business Suite, is related to deficiencies in the authentication mechanism. Exploiting this vulnerability could allow ...

8.5CVSS7.6AI score0.00422EPSS
Exploits0References3Affected Software2
BDU FSTEC
BDU FSTEC
added 2024/10/28 12:0 a.m.5 views

The vulnerability of the Reports component of the Oracle Banking Liquidity Management platform allows a hacker to gain full control over the application.

The vulnerability of the Reports component of the Oracle Banking Liquidity Management management platform is related to deficiencies in the authentication mechanism. Exploiting this vulnerability could allow a malicious actor, operating remotely, to gain full control over the application using th...

7.1CVSS7.6AI score0.00325EPSS
Exploits0References3Affected Software1
BDU FSTEC
BDU FSTEC
added 2024/10/21 12:0 a.m.7 views

The vulnerability of the Item Catalog component of the Oracle Product Hub data management software in the Oracle E-Business Suite system, which allows a malicious individual to access, modify, add, or delete data.

The vulnerability of the Item Catalog component in the Oracle Data Management Software, part of the Oracle Product Hub system, which is used in the Oracle E-Business Suite for enterprise automation, is related to deficiencies in the authentication process. Exploiting this vulnerability could allo...

8.5CVSS7.6AI score0.00422EPSS
Exploits0References3Affected Software2
BDU FSTEC
BDU FSTEC
added 2024/10/08 12:0 a.m.6 views

The vulnerability of the ColdFusion software platform, related to deficiencies in the authentication process, allows attackers to escalate their privileges.

The vulnerability of the ColdFusion software platform is related to deficiencies in the authentication process. Exploiting this vulnerability allows a malicious actor to enhance their privileges remotely...

7.8CVSS5.4AI score0.00601EPSS
Exploits0References2
BDU FSTEC
BDU FSTEC
added 2024/10/07 12:0 a.m.6 views

The vulnerability in the web interface for managing microprogrammed software routers of Cisco Small Business RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers allows a hacker to enhance their privileges.

The vulnerability of the web-based management interface for Cisco Small Business RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN routers is related to deficiencies in authentication procedures. Exploiting this vulnerability allows a malicious actor to elevate their privileges from “guest” t...

9CVSS5.5AI score0.00585EPSS
Exploits0References2
BDU FSTEC
BDU FSTEC
added 2024/10/04 12:0 a.m.7 views

The vulnerability of the JetBrains YouTrack project management and task management software, related to deficiencies in the authentication mechanism, allows attackers to escalate their privileges and execute arbitrary commands.

The vulnerability of the JetBrains YouTrack project management and task management software is related to deficiencies in the authentication mechanism. Exploiting this vulnerability allows a malicious actor to gain elevated privileges and execute arbitrary commands...

5.3CVSS5.8AI score0.00371EPSS
Exploits0References2Affected Software1
BDU FSTEC
BDU FSTEC
added 2024/09/23 12:0 a.m.7 views

The vulnerability of the Ceph storage system, related to deficiencies in authentication procedures, allows attackers to gain access to confidential data and compromise its integrity.

The vulnerability of the Ceph storage system is related to deficiencies in authentication procedures. Exploiting this vulnerability allows a malicious actor, operating remotely, to gain access to confidential data and compromise its integrity...

6.5CVSS6.8AI score0.00436EPSS
Exploits0References11Affected Software4
OSV
OSV
added 2024/09/20 2:51 p.m.16 views

GHSA-58VJ-CV5W-V4V6 Navidrome has Multiple SQL Injections and ORM Leak

Security Advisory: Multiple Vulnerabilities in Navidrome Summary Navidrome automatically adds parameters in the URL to SQL queries. This can be exploited to access information by adding parameters like password=... in the URL ORM Leak. Furthermore, the names of the parameters are not properly...

9.4CVSS6.8AI score0.04457EPSS
Exploits2References4
BDU FSTEC
BDU FSTEC
added 2024/09/18 12:0 a.m.5 views

The vulnerability of the Forklift Controller component of the Red Hat Migration Toolkit for Virtualization allows a attacker to exploit the protected information.

The vulnerability of the Forklift Controller component in the Red Hat Migration Toolkit for Virtualization stems from deficiencies in the authentication process. Exploiting this vulnerability can allow an attacker, operating remotely, to compromise protected information...

7.8CVSS7.3AI score0.00586EPSS
Exploits0References5Affected Software1
Rows per page
Query Builder