Lucene search
K

98 matches found

EUVD
EUVD
added 2025/10/03 8:7 p.m.8 views

EUVD-2025-16399

Malicious code in bioql PyPI...

8.1CVSS6.5AI score0.00345EPSS
Exploits1References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.7 views

EUVD-2023-1780

Malicious code in bioql PyPI...

8.1CVSS6.2AI score0.00694EPSS
Exploits0References11
Microsoft CVE
Microsoft CVE
added 2025/10/01 11:10 p.m.6 views

AS/400 Telnet 5250 terminal emulation clients, as implemented by (1) IBM client access, (2) Bosanova, (3) PowerTerm, (4) Mochasoft, and possibly other emulations, allows malicious AS/400 servers to execute arbitrary commands via a STRPCO (Start PC Organizer) command followed by STRPCCMD (Start PC command), as demonstrated by creating a backdoor account using REXEC.

...

7.5CVSS7AI score0.01702EPSS
Exploits1
Positive Technologies
Positive Technologies
added 2025/09/08 12:0 a.m.4 views

PT-2025-36466

Name of the Vulnerable Software and Affected Versions: OPSI versions prior to 4.3 Description: OPSI allows any client to retrieve any ProductPropertyState, including those of other clients. This can lead to privilege escalation if any ProductPropertyState contains a secret intended to be accessib...

9.8CVSS6.5AI score0.00345EPSS
Exploits0References8
Vulnrichment
Vulnrichment
added 2025/09/08 12:0 a.m.3 views

CVE-2025-22956

OPSI before 4.3 allows any client to retrieve any ProductPropertyState, including those of other clients. This can lead to privilege escalation if any ProductPropertyState contains a secret only intended to be accessible by a subset of clients. One example of this is a domain join account passwor...

6.5AI score0.00345EPSS
Exploits0References1
CVE
CVE
added 2025/09/08 12:0 a.m.20 views

CVE-2025-22956

OPSI prior to version 4.3 is vulnerable: any client can retrieve any ProductPropertyState, including other clients’ data. This exposure could enable privilege escalation if a secret such as a domain-join password in windomain is stored in ProductPropertyState. Root cause is improper access contro...

9.8CVSS6.5AI score0.00345EPSS
Exploits0References1
NVD
NVD
added 2025/06/11 12:15 a.m.8 views

CVE-2024-7457

The ws.stash.app.mac.daemon.helper tool contains a vulnerability caused by an incorrect use of macOS’s authorization model. Instead of validating the client's authorization reference, the helper invokes AuthorizationCopyRights using its own privileged context root, effectively authorizing itself...

7.8CVSS0.00142EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/31 4:38 p.m.15 views

CVE-2025-48475

FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.180, the System does not provide a check on which "clients" of the System an authorized user can view and edit, and which ones they cannot. As a result, an authorized user who does not have access to any of the...

8.1CVSS6.8AI score0.00345EPSS
Exploits1References1
NVD
NVD
added 2025/05/29 5:15 p.m.17 views

CVE-2025-48475

FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.180, the System does not provide a check on which "clients" of the System an authorized user can view and edit, and which ones they cannot. As a result, an authorized user who does not have access to any of the...

8.1CVSS0.00345EPSS
Exploits1References2
OSV
OSV
added 2025/05/29 4:27 p.m.5 views

CVE-2025-48475 FreeScout Vulnerable to Insufficient Authorization

FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.180, the System does not provide a check on which "clients" of the System an authorized user can view and edit, and which ones they cannot. As a result, an authorized user who does not have access to any of the...

5.3CVSS6.7AI score0.00345EPSS
Exploits1References4
Vulnrichment
Vulnrichment
added 2025/05/29 4:27 p.m.11 views

CVE-2025-48475 FreeScout Vulnerable to Insufficient Authorization

FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.180, the System does not provide a check on which "clients" of the System an authorized user can view and edit, and which ones they cannot. As a result, an authorized user who does not have access to any of the...

5.3CVSS6.4AI score0.00345EPSS
Exploits1References2
RedhatCVE
RedhatCVE
added 2025/05/22 7:6 p.m.5 views

CVE-2021-20152

Trendnet AC2600 TEW-827DRU version 2.08B01 lacks proper authentication to the bittorrent functionality. If enabled, anyone is able to visit and modify settings and files via the Bittorent web client by visiting: http://192.168.10.1:9091/transmission/web/...

6.5CVSS7.2AI score0.00823EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/05/13 12:0 a.m.6 views

PT-2025-23179 · Freescout · Freescout

Name of the Vulnerable Software and Affected Versions: FreeScout versions prior to 1.8.180 Description: The system does not provide a check on which clients an authorized user can view and edit. As a result, an authorized user without access to existing mailboxes or conversations can view and edi...

8.1CVSS6.3AI score0.00345EPSS
Exploits1References9
Positive Technologies
Positive Technologies
added 2025/05/13 12:0 a.m.10 views

PT-2025-20878 · Siemens · Sinema Remote Connect Client +1

Name of the Vulnerable Software and Affected Versions: SCALANCE LPE9403 versions with SINEMA Remote Connect Edge Client installed Description: A vulnerability has been identified in SCALANCE LPE9403, where affected devices transmit sensitive information in cleartext. This could allow a privileged...

6.7CVSS5.8AI score0.00098EPSS
Exploits0References7
OSV
OSV
added 2025/04/25 7:14 a.m.11 views

BIT-KEYDB-2025-21605 Redis DoS Vulnerability due to unlimited growth of output buffers abused by unauthenticated client

Redis is an open source, in-memory database that persists on disk. In versions starting at 2.6 and prior to 7.4.3, An unauthenticated client can cause unlimited growth of output buffers, until the server runs out of memory or is killed. By default, the Redis configuration does not limit the outpu...

7.5CVSS7.9AI score0.00824EPSS
Exploits0References7
CNNVD
CNNVD
added 2025/04/11 12:0 a.m.4 views

W. W. Norton InQuizitive 安全漏洞

W. W. Norton InQuizitive is an online adaptive learning tool from W. W. Norton Company with an eTextbook and interactive videos designed to help students complete courses. A security vulnerability exists in W. W. Norton InQuizitive version 2025-04-08 and earlier, which stems from the presence of...

7.7CVSS6.8AI score0.00346EPSS
Exploits1References3
Tenable Nessus
Tenable Nessus
added 2025/03/04 12:0 a.m.7 views

Linux Distros Unpatched Vulnerability : CVE-2017-2619

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Samba before versions 4.6.1, 4.5.7 and 4.4.11 are vulnerable to a malicious client using a symlink race to allow access to areas of the server file system not...

7.5CVSS7.2AI score0.11091EPSS
Exploits3References2
RedhatCVE
RedhatCVE
added 2025/02/05 12:46 p.m.12 views

CVE-2024-43064

Uncontrolled resource consumption when a driver, an application or a SMMU client tries to access the global registers through SMMU...

7.5CVSS6.8AI score0.00084EPSS
Exploits0
Github Security Blog
Github Security Blog
added 2024/12/09 10:43 p.m.18 views

lxd has a restricted TLS certificate privilege escalation when in PKI mode

Summary If a server.ca file is present in LXDDIR at LXD start up, LXD is in "PKI mode". In this mode, all clients must have certificates that have been signed by the CA. The LXD configuration option core.trustcacertificates defaults to false. This means that although the client certificate has be...

3.8CVSS4.1AI score0.00156EPSS
Exploits1References7Affected Software1
Vulnrichment
Vulnrichment
added 2024/09/10 3:13 p.m.20 views

CVE-2024-45407 Sunshine has incorrect state management during pairing process may lead to incorrectly authorized client

Sunshine is a self-hosted game stream host for Moonlight. Clients that experience a MITM attack during the pairing process may inadvertantly allow access to an unintended client rather than failing authentication due to a PIN validation error. The pairing attempt fails due to the incorrect PIN, b...

6.5CVSS7.3AI score0.00325EPSS
Exploits1References3
Rows per page
Query Builder