Lucene search
K

276 matches found

EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2021-29530

Malicious code in bioql PyPI...

8.1CVSS8.1AI score0.0119EPSS
Exploits2References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2022-3630

Malicious code in bioql PyPI...

8.1CVSS8.1AI score0.00837EPSS
Exploits0References2
Veracode
Veracode
added 2025/10/03 4:28 a.m.7 views

Improper Acess Control

mautic/core is vulnerable to improper access control. The vulnerability is due to insufficient restriction on configuration access, which allows an administrator to extract sensitive information such as database credentials...

5.5CVSS6.7AI score0.00225EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2025/10/02 10:15 a.m.5 views

DEBIAN-CVE-2025-54288

Information Spoofing in devLXD Server in Canonical LXD versions 4.0 and above on Linux container platforms allows attackers with root privileges within any container to impersonate other containers and obtain their metadata, configuration, and device information via spoofed process names in the...

6.8CVSS5.3AI score0.00326EPSS
Exploits1References1
OSV
OSV
added 2025/10/02 10:15 a.m.3 views

UBUNTU-CVE-2025-54288

Information Spoofing in devLXD Server in Canonical LXD versions 4.0 and above on Linux container platforms allows attackers with root privileges within any container to impersonate other containers and obtain their metadata, configuration, and device information via spoofed process names in the...

6.8CVSS5.8AI score0.00326EPSS
Exploits1References3
AlpineLinux
AlpineLinux
added 2025/10/02 9:20 a.m.6 views

CVE-2025-54288

Information Spoofing in devLXD Server in Canonical LXD versions 4.0 and above on Linux container platforms allows attackers with root privileges within any container to impersonate other containers and obtain their metadata, configuration, and device information via spoofed process names in the...

6.8CVSS6.5AI score0.00326EPSS
Exploits1
Positive Technologies
Positive Technologies
added 2025/10/02 12:0 a.m.7 views

PT-2025-40331

Name of the Vulnerable Software and Affected Versions Canonical LXD versions 4.0 and above Description An information spoofing issue exists in the devLXD server component of Canonical LXD. Attackers with root privileges within a container can impersonate other containers and access their metadata...

8.8CVSS6.5AI score0.00541EPSS
Exploits7References37
NVD
NVD
added 2025/09/03 9:15 p.m.28 views

CVE-2025-55747

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In versions 6.1-milestone-2 through 16.10.6, configuration files are accessible through the webjars API. This is fixed in version 16.10.7...

9.3CVSS0.01557EPSS
Exploits0References3
CVE
CVE
added 2025/09/03 8:19 p.m.43 views

CVE-2025-55748

Affected product : XWiki Platform. Vulnerability : path traversal through the jsx and sx endpoints that allows remote attackers to read configuration files. Root cause : improper access control enabling traversal to read files like WEB-INF/xwiki.cfg. Versions affected : 4.2-milestone-2 through 16...

9.3CVSS6.2AI score0.01639EPSS
In wildExploits0References3Affected Software1
Positive Technologies
Positive Technologies
added 2025/08/22 12:0 a.m.7 views

PT-2025-34459 · Reolink · Reolink Smart 2K+ Plug-In Wi-Fi Video Doorbell

Name of the Vulnerable Software and Affected Versions: Reolink Smart 2K+ Plug-in Wi-Fi Video Doorbell with Chime version 3.0.0.4662 2503122283 Description: The device suffers from insecure permissions that allow attackers to arbitrarily change other users' passwords. This is achieved through...

6.5CVSS7.3AI score0.002EPSS
Exploits0References4
GithubExploit
GithubExploit
added 2025/08/08 9:12 p.m.186 views

Exploit for CVE-2025-8730

CVE-2025-8730 – Authentication Bypass in Belkin F9K1009/F9K10...

10CVSS9.8AI score0.02992EPSS
Exploits2
Cvelist
Cvelist
added 2025/07/08 7:0 a.m.11 views

CVE-2025-25268 Unauthenticated Configuration Access via Exposed API Endpoint

An unauthenticated adjacent attacker can modify configuration by sending specific requests to an API-endpoint resulting in read and write access due to missing authentication...

8.8CVSS0.00299EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/07/03 12:0 a.m.4 views

PT-2025-27792 · Unknown · Flatboard Pro

Name of the Vulnerable Software and Affected Versions: Flatboard Pro versions prior to 3.2.2 Description: The issue is a Stored Cross-Site Scripting XSS vulnerability due to the lack of proper validation of user input. This occurs through the footer text and announcement parameters in config.php...

5.1CVSS5.3AI score0.00276EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2025/06/20 12:0 a.m.7 views

PT-2025-26315 · Coros · Coros Pace 3

Name of the Vulnerable Software and Affected Versions: COROS PACE 3 versions 3.0808.0 and earlier Description: An issue was discovered that allows an attacker to connect to the device via Bluetooth Low Energy BLE if no other device is connected. Once connected, the attacker can access the device'...

8.8CVSS6.6AI score0.00466EPSS
Exploits1References7
OSV
OSV
added 2025/06/17 8:39 p.m.5 views

CVE-2025-49843 conda-smithy Has Incorrect Default File Permissions

conda-smithy is a tool for combining a conda recipe with configurations to build using freely hosted CI services into a single repository. Prior to version 3.47.1, the travisheaders function in the conda-smithy repository creates files with permissions exceeding 0o600, allowing read and write...

6.9CVSS6.6AI score0.00525EPSS
Exploits0References5
Cvelist
Cvelist
added 2025/06/10 12:0 a.m.20 views

CVE-2025-44043

Keyoti SearchUnit prior to 9.0.0. is vulnerable to Server-Side Request Forgery SSRF in /KeyotiSearchEngineWebCommon/SearchService.svc/GetResults and /KeyotiSearchEngineWebCommon/SearchService.svc/GetLocationAndContentCategories. An attacker can specify their own SMB server as the indexDirectory...

0.00208EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/05/23 7:47 a.m.11 views

CVE-2024-46894

A vulnerability has been identified in SINEC INS All versions V1.0 SP2 Update 3. The affected application does not properly validate authorization of a user to query the "/api/sftp/users" endpoint. This could allow an authenticated remote attacker to gain knowledge about the list of configured...

6.3CVSS6.2AI score0.00262EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/23 7:11 a.m.5 views

CVE-2024-35277

A missing authentication for critical function in Fortinet FortiPortal version 6.0.0 through 6.0.15, FortiManager version 7.4.0 through 7.4.2, 7.2.0 through 7.2.5, 7.0.0 through 7.0.12, 6.4.0 through 6.4.14 allows attacker to access to the configuration of the managed devices by sending...

8.6CVSS7.2AI score0.00685EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 6:35 a.m.8 views

CVE-2024-46462

By default, dedicated folders of ZEDMAIL for Windows up to 2024.3 can be accessed by other users to misuse technical files and make them perform tasks with higher privileges. Configuration of ZEDMAIL has to be modified to prevent this vulnerability...

7.8CVSS6.9AI score0.00159EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 5:13 a.m.10 views

CVE-2023-41967

Sensitive information uncleared after debug/power state transition in the Controller 6000 could be abused by an attacker with knowledge of the Controller's default diagnostic password and physical access to the Controller to view its configuration through the diagnostic web pages. This issue...

4.6CVSS6.6AI score0.00311EPSS
Exploits0References1
Rows per page
Query Builder