Lucene search
K

276 matches found

CVE
CVE
added 2025/05/07 5:34 p.m.90 views

CVE-2025-20214

CVE-2025-20214 affects Cisco IOS XE Software NACM. A subtle change in inner API call behavior can cause NACM-filtered results to be returned, enabling an authenticated remote attacker to read configuration or operational data via NETCONF, RESTCONF, or gNMI. The attack requires the attacker to hol...

4.3CVSS4.5AI score0.00275EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2025/05/07 5:34 p.m.34 views

CVE-2025-20214

A vulnerability in the Network Configuration Access Control Module NACM of Cisco IOS XE Software could allow an authenticated, remote attacker to obtain unauthorized read access to configuration or operational data. This vulnerability exists because a subtle change in inner API call behavior caus...

4.3CVSS0.00275EPSS
Exploits0References1
Cisco
Cisco
added 2025/05/07 4:0 p.m.62 views

Cisco IOS XE Software Model-Driven Programmability Authorization Bypass Vulnerability

A vulnerability in the Network Configuration Access Control Module NACM of Cisco IOS XE Software could allow an authenticated, remote attacker to obtain unauthorized read access to configuration or operational data. This vulnerability exists because a subtle change in inner API call behavior caus...

4.3CVSS4.8AI score0.00275EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/05/07 12:0 a.m.6 views

PT-2025-20277 · Cisco · Cisco Ios Xe

Name of the Vulnerable Software and Affected Versions: Cisco IOS XE Software affected versions not specified Description: A vulnerability in the Network Configuration Access Control Module NACM could allow an authenticated, remote attacker to obtain unauthorized read access to configuration or...

4.3CVSS6.1AI score0.00275EPSS
Exploits0References6
BDU FSTEC
BDU FSTEC
added 2025/04/16 12:0 a.m.12 views

The vulnerability of Fortinet FortiOS operating systems stems from authentication mechanism flaws, which allow attackers to gain access to device configuration details and bypass existing security measures.

The vulnerability of Fortinet FortiOS operating systems is related to deficiencies in authentication mechanisms. Exploiting this vulnerability allows a malicious actor to gain access to device configuration information and bypass existing security measures...

10CVSS5.5AI score
Exploits0References1
Github Security Blog
Github Security Blog
added 2025/04/02 3:31 p.m.19 views

Jenkins Missing Permission Check

Jenkins 2.503 and earlier, LTS 2.492.2 and earlier does not perform a permission check in an HTTP endpoint. This allows attackers with Computer/Create permission but without Computer/Extended Read permission to copy an agent, gaining access to its configuration. Jenkins 2.504, LTS 2.492.3 require...

4.3CVSS6.8AI score0.0039EPSS
Exploits0References4Affected Software1
NVD
NVD
added 2025/04/02 3:15 p.m.14 views

CVE-2025-31720

A missing permission check in Jenkins 2.503 and earlier, LTS 2.492.2 and earlier allows attackers with Computer/Create permission but without Computer/Extended Read permission to copy an agent, gaining access to its configuration...

4.3CVSS0.0039EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/04/02 2:59 p.m.11 views

CVE-2025-31720

A missing permission check in Jenkins 2.503 and earlier, LTS 2.492.2 and earlier allows attackers with Computer/Create permission but without Computer/Extended Read permission to copy an agent, gaining access to its configuration...

6.9AI score0.0039EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/04/02 12:0 a.m.5 views

Jenkins 安全漏洞

Jenkins is a Jenkins open source application. An open source automation server Jenkins provides hundreds of plugins to support building, deploying and automating any project. A security vulnerability exists in Jenkins 2.503 and earlier and LTS 2.492.2 and earlier, which stems from a lack of...

4.3CVSS5.9AI score0.0039EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2025/04/02 12:0 a.m.11 views

Jenkins LTS < 2.492.3 / Jenkins weekly < 2.504 Multiple Vulnerabilities

According to its its self-reported version number, the version of Jenkins running on the remote web server is Jenkins LTS prior to 2.492.3 or Jenkins weekly prior to 2.504. It is, therefore, affected by multiple vulnerabilities: - A missing permission check in Jenkins 2.503 and earlier, LTS 2.492...

4.3CVSS6.3AI score0.0039EPSS
Exploits0References3
Cvelist
Cvelist
added 2025/03/31 11:31 a.m.28 views

CVE-2025-2993 Tenda FH1202 default.cfg access control

A vulnerability, which was classified as critical, has been found in Tenda FH1202 1.2.0.14408. Affected by this issue is some unknown functionality of the file /default.cfg. The manipulation of the argument these leads to improper access controls. The attack may be launched remotely. The exploit...

6.9CVSS0.09936EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2025/03/27 12:0 a.m.8 views

PT-2025-13167

Name of the Vulnerable Software and Affected Versions Synology Mail Server versions prior to DSM 7.2/7.1 Description A vulnerability in Synology Mail Server allows authenticated users to tamper with system configurations, risking mail stability. The issue can be exploited by remote attackers,...

6.5CVSS6.5AI score0.00389EPSS
Exploits0References12
IBM Security Bulletins
IBM Security Bulletins
added 2025/03/24 10:20 a.m.22 views

Security Bulletin: Vulnerability in Apache Kafka Clients affects watsonx.data

Summary Files or Directories Accessible to External Parties, Improper Privilege Management vulnerability in Apache Kafka Clients.These could affect watsonx.data. Vulnerability Details CVEID:CVE-2024-31141 DESCRIPTION: Files or Directories Accessible to External Parties, Improper Privilege...

6.5CVSS6.7AI score0.01129EPSS
Exploits0Affected Software1
Tenable Nessus
Tenable Nessus
added 2025/03/11 12:0 a.m.8 views

Kibana 8.x < 8.7.1 Multiples Vulnerabilities

According to its self-reported version number, the Kibana application running on the remote host is 8.x prior to 8.7.1. It is, therefore, affected by multiple vulnerabilities. - An attacker with write access to Kibana yaml or env configuration could add a specific payload that will attempt to...

9.9CVSS7.7AI score0.00957EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2025/03/10 6:47 p.m.5 views

CVE-2025-27615 umatiGateway's UI publicly accessible in provided docker-compose file

umatiGateway is software for connecting OPC Unified Architecture servers with an MQTT broker utilizing JSON messages. The user interface may possibly be publicly accessible with umatiGateway's provided docker-compose file. With this access, the configuration can be viewed and altered. Commit...

8.2CVSS7.2AI score0.00486EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2025/03/06 12:31 a.m.14 views

Jenkins reveals encrypted values of secrets stored in agent configuration to users with Agent/Extended Read permission

Jenkins 2.499 and earlier, LTS 2.492.1 and earlier does not redact encrypted values of secrets when accessing config.xml of views via REST API or CLI. This allows attackers with View/Read permission to view encrypted values of secrets. Jenkins 2.500, LTS 2.492.2 redacts the encrypted values of...

4.3CVSS6.7AI score0.00317EPSS
Exploits0References4Affected Software1
Tenable Nessus
Tenable Nessus
added 2025/03/05 12:0 a.m.11 views

Linux Distros Unpatched Vulnerability : CVE-2022-24715

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Icinga Web 2 is an open source monitoring web interface, framework and command-line interface. Authenticated users, with access to the configuration, can create...

8.8CVSS8.2AI score0.1467EPSS
Exploits5References3
Vulnrichment
Vulnrichment
added 2025/02/28 3:26 p.m.10 views

CVE-2025-27400 Magento vulnerable to stored XSS in theme config fields

Magento Long Term Support LTS is an unofficial, community-driven project provides an alternative to the Magento Community Edition e-commerce platform with a high level of backward compatibility. Versions prior to 20.12.3 and 20.13.0 contain a vulnerability that allows script execution in the admi...

2.9CVSS3.4AI score0.00248EPSS
Exploits0References4
Cvelist
Cvelist
added 2025/02/28 3:26 p.m.18 views

CVE-2025-27400 Magento vulnerable to stored XSS in theme config fields

Magento Long Term Support LTS is an unofficial, community-driven project provides an alternative to the Magento Community Edition e-commerce platform with a high level of backward compatibility. Versions prior to 20.12.3 and 20.13.0 contain a vulnerability that allows script execution in the admi...

2.9CVSS0.00248EPSS
Exploits0References4
CVE
CVE
added 2025/02/07 12:0 a.m.53 views

CVE-2024-52884

AudioCodes Mediant Session Border Controller (SBC) before version 7.40A.501.841 is affected by CVE-2024-52884. The issue arises from weak password obfuscation/encryption, enabling an attacker with access to configuration exports (INI) to decrypt passwords. Impact is limited to confidentiality of ...

7.5CVSS7.2AI score0.00151EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder