Lucene search
K

545 matches found

Positive Technologies
Positive Technologies
added 2025/12/09 12:0 a.m.9 views

PT-2025-50242

Name of the Vulnerable Software and Affected Versions OpenBMCS version 2.4 Description An information disclosure issue exists in OpenBMCS version 2.4 that allows unauthenticated attackers to access sensitive files. This is possible through exploitation of directory listing functionality. Attacker...

8.7CVSS6.2AI score0.0046EPSS
Exploits2References8
Vulnrichment
Vulnrichment
added 2025/11/26 1:12 a.m.5 views

CVE-2025-66265 Insecure permissions in configuration directory (C:\\usr)

CMService.exe creates the C:\usr directory and subdirectories with insecure permissions, granting write access to all authenticated users. This allows attackers to replace configuration files such as snmp.conf or hijack DLLs to escalate privileges...

6.9CVSS6.7AI score0.00099EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2025/11/20 12:0 a.m.3 views

TencentOS Server 4: libeconf (TSSA-2025:0087)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2025:0087 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities:...

6.5CVSS6.4AI score0.00636EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/11/13 9:51 p.m.10 views

CVE-2025-33119

IBM QRadar SIEM 7.5 through 7.5.0 UP14 stores user credentials in configuration files in source control which can be read by an authenticated user...

6.5CVSS6.6AI score0.00208EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/11/07 1:46 p.m.4 views

CVE-2025-64318

Improper Neutralization of Input Used for LLM Prompting vulnerability in Salesforce Mulesoft Anypoint Code Builder allows Manipulating Writeable Configuration Files.This issue affects Mulesoft Anypoint Code Builder: before 1.12.1...

5.3CVSS7AI score0.00197EPSS
Exploits0References1
NVD
NVD
added 2025/11/04 7:17 p.m.5 views

CVE-2025-64319

Incorrect Permission Assignment for Critical Resource vulnerability in Salesforce Mulesoft Anypoint Code Builder allows Manipulating Writeable Configuration Files.This issue affects Mulesoft Anypoint Code Builder: before 1.12.1...

5.3CVSS0.00187EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/11/04 6:30 p.m.7 views

CVE-2025-64321

Improper Neutralization of Input Used for LLM Prompting vulnerability in Salesforce Agentforce Vibes Extension allows Manipulating Writeable Configuration Files.This issue affects Agentforce Vibes Extension: before 3.3.0...

0.00197EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/11/04 6:30 p.m.1 views

CVE-2025-64321

Improper Neutralization of Input Used for LLM Prompting vulnerability in Salesforce Agentforce Vibes Extension allows Manipulating Writeable Configuration Files.This issue affects Agentforce Vibes Extension: before 3.3.0...

6.5AI score0.00197EPSS
Exploits0References1
CVE
CVE
added 2025/11/04 6:22 p.m.16 views

CVE-2025-64319

CVE-2025-64319 affects Salesforce Mulesoft Anypoint Code Builder prior to 1.12.1. Root cause: Incorrect permission assignment for a critical resource that enables manipulation of writable configuration files. Impact: potential tampering with configuration files due to overly permissive access. Ex...

5.3CVSS6.7AI score0.00187EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2025/11/04 6:19 p.m.3 views

CVE-2025-64318

Improper Neutralization of Input Used for LLM Prompting vulnerability in Salesforce Mulesoft Anypoint Code Builder allows Manipulating Writeable Configuration Files.This issue affects Mulesoft Anypoint Code Builder: before 1.12.1...

6.6AI score0.00197EPSS
Exploits0References1
CVE
CVE
added 2025/10/30 7:39 a.m.18 views

CVE-2025-11906

CVE-2025-11906 affects Progress Flowmon versions prior to 12.5.6. The root cause is incorrect file permissions on system configuration files, allowing a user with access to the default Flowmon SSH account to potentially escalate privileges to root during service initialization. Impact is privileg...

6.7CVSS6.7AI score0.00126EPSS
Exploits0References1
OSV
OSV
added 2025/10/29 3:31 p.m.7 views

GHSA-4653-9Q2R-684Q Jenkins OpenShift Pipeline Plugin stores authorization tokens unencrypted in job config.xml files

Jenkins OpenShift Pipeline Plugin 1.0.57 and earlier stores authorization tokens unencrypted in job config.xml files on the Jenkins controller as part of its configuration. These token can be viewed by users with Item/Extended Read permission or access to the Jenkins controller file system. As of...

4.3CVSS6.8AI score0.00179EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/28 6:30 p.m.4 views

EUVD-2025-36541

Reolink Video Doorbell Wi-Fi DB566128M5MPW stores and transmits DDNS credentials in plaintext within its configuration and update scripts, allowing attackers to intercept or extract sensitive information...

6.4AI score0.00296EPSS
Exploits0References3
Cvelist
Cvelist
added 2025/10/28 12:0 a.m.9 views

CVE-2025-60858

Reolink Video Doorbell Wi-Fi DB566128M5MPW stores and transmits DDNS credentials in plaintext within its configuration and update scripts, allowing attackers to intercept or extract sensitive information...

0.00296EPSS
Exploits0References2
OSV
OSV
added 2025/10/27 3:15 a.m.2 views

CVE-2025-12204

A security vulnerability has been detected in Kamailio 5.5. Impacted is the function rvedestroy of the file src/core/rvalue.c of the component Configuration File Handler. The manipulation leads to heap-based buffer overflow. The attack must be carried out locally. The exploit has been disclosed...

7.8CVSS5.4AI score
Exploits0References8
OSV
OSV
added 2025/10/27 3:15 a.m.3 views

UBUNTU-CVE-2025-12204

A security vulnerability has been detected in Kamailio 5.5. Impacted is the function rvedestroy of the file src/core/rvalue.c of the component Configuration File Handler. The manipulation leads to heap-based buffer overflow. The attack must be carried out locally. The exploit has been disclosed...

7.8CVSS5.7AI score0.0028EPSS
Exploits1References6
Vulnrichment
Vulnrichment
added 2025/10/21 12:0 a.m.3 views

CVE-2025-56802

The Reolink desktop application uses a hard-coded and predictable AES encryption key to encrypt user configuration files allowing attackers with local access to decrypt sensitive application data stored in %APPDATA%. A different vulnerability than CVE-2025-56801. NOTE: the Supplier's position is...

6.1AI score0.00122EPSS
Exploits2References2
NVD
NVD
added 2025/10/14 6:15 p.m.4 views

CVE-2025-57618

A path traversal vulnerability in FastX3 thru 3.3.67 allows an unauthenticated attacker to read arbitrary files on the server. By leveraging this vulnerability, it is possible to access the application's configuration files, which contain the secret key used to sign JSON Web Tokens as well as...

7.3CVSS0.00653EPSS
Exploits0References3
Cvelist
Cvelist
added 2025/10/14 12:0 a.m.7 views

CVE-2025-57618

A path traversal vulnerability in FastX3 thru 3.3.67 allows an unauthenticated attacker to read arbitrary files on the server. By leveraging this vulnerability, it is possible to access the application's configuration files, which contain the secret key used to sign JSON Web Tokens as well as...

0.00653EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2025/10/14 12:0 a.m.2 views

CVE-2025-57618

A path traversal vulnerability in FastX3 thru 3.3.67 allows an unauthenticated attacker to read arbitrary files on the server. By leveraging this vulnerability, it is possible to access the application's configuration files, which contain the secret key used to sign JSON Web Tokens as well as...

7.8AI score0.00653EPSS
Exploits0References3
Rows per page
Query Builder