Lucene search
K

545 matches found

EUVD
EUVD
added 2026/03/20 10:40 p.m.4 views

EUVD-2026-13865

Halloy is an IRC application written in Rust. In versions on \nix and macOS prior to commit f180e41061db393acf65bc99f5c5e7397586d9cb, halloy creates its config directory and files using default umask permissions, which typically results in 0644 on files and 0755 on directories. This allows any...

4.8CVSS5.8AI score0.00175EPSS
Exploits1References2
OSV
OSV
added 2026/03/20 10:40 p.m.2 views

CVE-2026-32810 Halloy has insecure file permissions on credential files

Halloy is an IRC application written in Rust. In versions on \nix and macOS prior to commit f180e41061db393acf65bc99f5c5e7397586d9cb, halloy creates its config directory and files using default umask permissions, which typically results in 0644 on files and 0755 on directories. This allows any...

4.8CVSS5.9AI score0.00175EPSS
Exploits1References4
ATTACKERKB
ATTACKERKB
added 2026/03/17 5:20 p.m.3 views

CVE-2026-32297

The Angeet ES3 KVM allows a remote, unauthenticated attacker to write arbitrary files, including configuration files or system binaries. Modified configuration files or system binaries could allow an attacker to take complete control of a vulnerable system...

9.3CVSS5.9AI score0.00527EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/03/12 12:0 a.m.5 views

DataEase 路径遍历漏洞

DataEase is an open-source data visualization and analysis tool developed by DataEase. It helps users quickly analyze data and gain insights into business trends, thereby enabling improvements and optimizations in operations. Versions of DataEase prior to 2.10.20 contained a path traversal...

9.3CVSS6.1AI score0.00691EPSS
Exploits1References1
OSV
OSV
added 2026/03/11 4:0 p.m.5 views

GO-2026-4651 Netmaker: Service User with Network Access Can Access config files with WireGuard Private Keys in github.com/gravitl/netmaker

Netmaker: Service User with Network Access Can Access config files with WireGuard Private Keys in github.com/gravitl/netmaker...

8.7CVSS5.8AI score0.00252EPSS
Exploits0References3
OSV
OSV
added 2026/03/09 5:27 p.m.3 views

GHSA-4HGG-C4RR-6H7F Netmaker: Service User with Network Access Can Access config files with WireGuard Private Keys

A user assigned the platform-user role can retrieve WireGuard private keys of all wireguard configs in a network by calling GET /api/extclients/network or GET /api/nodes/network. While the Netmaker UI restricts visibility, the API endpoints return full records, including private keys, without...

8.7CVSS5.8AI score0.00252EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/03/09 12:0 a.m.5 views

Tenda W15E 安全漏洞

The Tenda W15E is a wireless router produced by the Chinese company Tenda. The Tenda W15E V02.03.01.26cn version contains a security vulnerability. This vulnerability stems from improper access control, which may allow unverified attackers to download configuration files containing plaintext...

7.5CVSS5.8AI score0.00327EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/03/06 7:52 a.m.4 views

CVE-2026-29128

IDC SFX2100 Satellite Receiver firmware ships with multiple daemon configuration files for routing components e.g., zebra, bgpd, ospfd, and ripd that are owned by root but world-readable. The configuration files e.g., zebra.conf, bgpd.conf, ospfd.conf, ripd.conf contain hardcoded or otherwise...

10CVSS5.9AI score0.00277EPSS
Exploits1References1
GithubExploit
GithubExploit
added 2026/02/28 8:59 p.m.382 views

Exploit for OS Command Injection in Motioneye_Project Motioneye

CVE-2025-60787 Detection Rules Detection content for CVE-20...

7.2CVSS6.7AI score0.2442EPSS
Exploits16
OSV
OSV
added 2026/02/26 9:10 a.m.2 views

SUSE-SU-2026:20590-1 Security update for autogen

This update for autogen fixes the following issues: - CVE-2025-8746: Fixed improper input validation and memory bounds checking when processing certain malformed configuration files bsc1247921...

5.5CVSS5.8AI score0.00195EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2026/02/25 9:26 p.m.3 views

CVE-2026-26985 LORIS vulnerable to path traversal in electrophysiology_browser

LORIS Longitudinal Online Research and Imaging System is a self-hosted web application that provides data- and project-management for neuroimaging research. Starting in version 24.0.0 and prior to versions 26.0.5, 27.0.2, and 28.0.0, an authenticated user with the appropriate authorization can re...

8.1CVSS5.8AI score0.00334EPSS
Exploits0References3
OSV
OSV
added 2026/02/25 9:26 p.m.5 views

CVE-2026-26985 LORIS vulnerable to path traversal in electrophysiology_browser

LORIS Longitudinal Online Research and Imaging System is a self-hosted web application that provides data- and project-management for neuroimaging research. Starting in version 24.0.0 and prior to versions 26.0.5, 27.0.2, and 28.0.0, an authenticated user with the appropriate authorization can re...

8.1CVSS6AI score0.00334EPSS
Exploits0References5
EUVD
EUVD
added 2026/02/24 2:13 p.m.5 views

EUVD-2025-208086

The CPSD CryptoPro Secure Disk application boots a small Linux operating system to perform user authentication before using BitLocker to decrypt the Windows partition. The system is located on a separate unencrypted partition which can be reached by anyone with access to the hard disk. Multiple...

6.8CVSS6.1AI score0.00254EPSS
Exploits0References1
NVD
NVD
added 2026/02/10 6:16 p.m.9 views

CVE-2026-25992

SiYuan is a personal knowledge management system. Prior to 3.5.5, the /api/file/getFile endpoint uses case-sensitive string equality checks to block access to sensitive files. On case-insensitive file systems such as Windows, attackers can bypass restrictions using mixed-case paths and read...

7.5CVSS0.00505EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2026/02/10 12:0 a.m.9 views

PT-2026-7476

Name of the Vulnerable Software and Affected Versions JUNG Smart Panel KNX firmware versions prior to L1.12.22 Description The JUNG Smart Panel KNX firmware does not properly validate file path input in its embedded web interface. This allows remote, unauthenticated attackers to access arbitrary...

6.9CVSS5.6AI score0.00703EPSS
Exploits2References7
RedhatCVE
RedhatCVE
added 2026/02/07 1:23 a.m.7 views

CVE-2026-25815

Fortinet FortiOS through 7.6.6 allows attackers to decrypt LDAP credentials stored in device configuration files, as exploited in the wild from 2025-12-16 through 2026 by default, the encryption key is the same across all customers' installations. NOTE: the Supplier's position is that the instanc...

3.2CVSS5.4AI score0.00106EPSS
Exploits0References1
NVD
NVD
added 2026/02/05 10:15 p.m.9 views

CVE-2026-25815

Fortinet FortiOS through 7.6.6 allows attackers to decrypt LDAP credentials stored in device configuration files, as exploited in the wild from 2025-12-16 through 2026 by default, the encryption key is the same across all customers' installations. NOTE: the Supplier's position is that the instanc...

3.2CVSS0.00106EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/02/05 9:14 p.m.7 views

CVE-2026-25815

Fortinet FortiOS through 7.6.6 allows attackers to decrypt LDAP credentials stored in device configuration files, as exploited in the wild from 2025-12-16 through 2026 by default, the encryption key is the same across all customers' installations. NOTE: the Supplier's position is that the instanc...

3.2CVSS5.4AI score0.00106EPSS
Exploits0References3
CVE
CVE
added 2026/02/05 9:14 p.m.43 views

CVE-2026-25815

CVE-2026-25815 affects Fortinet FortiOS up to and including 7.6.6. The issue stems from an encryption weakness where the default LDAP encryption key is the same across all installations, enabling attackers to decrypt LDAP credentials stored in device configuration files. Exploitation was observed...

3.2CVSS5.4AI score0.00106EPSS
In wildExploits0References2
Packet Storm
Packet Storm
added 2026/02/02 12:0 a.m.123 views

📄 glFusion 1.3.0 Blind SQL Injection

A critical blind SQL Injection vulnerability exists in glFusion CMS version 1.3.0, affecting the Media Gallery search functionality. The vulnerability allows unauthenticated remote attackers to execute arbitrary SQL commands and potentially compromise the entire database. This is older research...

5CVSS6.3AI score0.2226EPSS
Exploits6
Rows per page
Query Builder