Lucene search
K

67 matches found

CVE
CVE
added 2026/03/06 8:24 a.m.337 views

CVE-2026-23925

The CVE-2026-23925 issue affects Zabbix where an authenticated User with template/host write perms can misuse configuration.import to create unauthorized objects, leading to confidentiality loss (e.g., unauthorized hosts). Public sources corroborate an authorization bypass in Zabbix frontend/API ...

8.1CVSS5.8AI score0.00255EPSS
Exploits0References1Affected Software1
Debian CVE
Debian CVE
added 2026/03/06 8:24 a.m.7 views

CVE-2026-23925

An authenticated Zabbix user User role with template/host write permissions is able to create objects via the configuration.import API. This can lead to confidentiality loss by creating unauthorized hosts. Note that the User role is normally not sufficient to create and edit templates/hosts even...

8.1CVSS5.3AI score0.00255EPSS
Exploits0
CNNVD
CNNVD
added 2026/03/03 12:0 a.m.6 views

Nokia IMPACT 安全漏洞

Nokia IMPACT is a set of IoT intelligent management platforms developed by Finnish company Nokia. Versions of Nokia IMPACT such as 19.11.2.10 and earlier contain security vulnerabilities. These vulnerabilities stem from the lack of CSRF token verification, which could allow remote attackers to...

8.1CVSS5.8AI score0.00187EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/01/09 12:31 p.m.6 views

CVE-2023-4465

A vulnerability, which was classified as problematic, was found in Poly Trio 8300, Trio 8500, Trio 8800, Trio C60, CCX 350, CCX 400, CCX 500, CCX 505, CCX 600, CCX 700, EDGE E100, EDGE E220, EDGE E300, EDGE E320, EDGE E350, EDGE E400, EDGE E450, EDGE E500, EDGE E550, VVX 101, VVX 150, VVX 201, VV...

6.5CVSS7.1AI score0.00463EPSS
Exploits1References1
EUVD
EUVD
added 2025/10/07 12:30 a.m.3 views

EUVD-2017-1608

Malware in sbrugna...

8.8CVSS8.8AI score0.01737EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2021-29732

Malicious code in bioql PyPI...

7.7CVSS7.6AI score0.00773EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2022-53455

Malicious code in bioql PyPI...

7.5CVSS7.5AI score0.00828EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.13 views

EUVD-2022-42727

Malicious code in bioql PyPI...

7.2CVSS7.1AI score0.00536EPSS
Exploits0References1
CVE
CVE
added 2025/07/28 11:25 p.m.33 views

CVE-2025-54765

CVE-2025-54765 concerns XorMon-NG from Xorux. Affected: version 1.8 and earlier. An API endpoint that should be restricted to web app administrators is accessible to lower-level read-only users, enabling import of appliance configuration and potentially granting administrative privileges. The vul...

5.3CVSS6.4AI score0.06894EPSS
Exploits2References3Affected Software1
RedhatCVE
RedhatCVE
added 2025/05/22 10:54 p.m.9 views

CVE-2022-32258

A vulnerability has been identified in SINEMA Remote Connect Server All versions V3.1. The affected application contains an older feature that allows to import device configurations via a specific endpoint. An attacker could use this vulnerability for information disclosure...

7.5CVSS6.3AI score0.00828EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 6:49 p.m.7 views

CVE-2021-42776

CloverDX Server before 5.11.2 and and 5.12.x before 5.12.1 allows XXE during configuration import...

7.7CVSS7AI score0.00773EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/22 3:33 p.m.4 views

CVE-2020-35708

phpList 3.5.9 allows SQL injection by admins who provide a crafted fourth line of a file to the "Config - Import Administrators" page...

7.2CVSS7.8AI score0.01481EPSS
Exploits1
RedhatCVE
RedhatCVE
added 2025/05/22 9:15 a.m.18 views

CVE-2019-1003017

A data modification vulnerability exists in Jenkins Job Import Plugin 3.0 and earlier in JobImportAction.java that allows attackers to copy jobs from a preconfigured other Jenkins instance, potentially installing additional plugins necessary to load the imported job's configuration...

5.3CVSS6.5AI score0.00524EPSS
Exploits0References1
BDU FSTEC
BDU FSTEC
added 2023/09/19 12:0 a.m.6 views

The vulnerability of the configuration import function of the AcSELerator QuickSet SEL-5030 device management tool allows a perpetrator to execute arbitrary code.

The vulnerability of the configuration import function of the AcSELerator QuickSet SEL-5030 device management tool relates to the lack of measures taken to protect the SQL query structure during the processing of DMX format files. Exploiting this vulnerability allows a perpetrator to execute...

5.9CVSS7.5AI score0.00341EPSS
Exploits0References3Affected Software1
CNNVD
CNNVD
added 2022/11/04 12:0 a.m.22 views

Trellix IPS Manager 代码问题漏洞

Trellix IPS Manager is a next-generation IPS for local and virtual networks from American FireEye Trellix. A security vulnerability exists in Trellix IPS Manager versions prior to 10.1 M8, which stems from the ability to import a saved XML configuration file through an external entity attack by a...

7.2CVSS7.1AI score0.00536EPSS
Exploits0References2
OSV
OSV
added 2022/06/14 10:15 a.m.5 views

CVE-2022-32258

A vulnerability has been identified in SINEMA Remote Connect Server All versions V3.1. The affected application contains an older feature that allows to import device configurations via a specific endpoint. An attacker could use this vulnerability for information disclosure...

7.5CVSS7AI score0.00828EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2022/06/14 12:0 a.m.8 views

PT-2022-21183 · Siemens · Sinema Remote Connect Server

Name of the Vulnerable Software and Affected Versions: SINEMA Remote Connect Server versions prior to V3.1 Description: A vulnerability has been identified in the affected application, which contains an older feature that allows importing device configurations via a specific endpoint. An attacker...

7.5CVSS6.6AI score0.00828EPSS
Exploits0References4
OSV
OSV
added 2022/05/12 5:15 p.m.3 views

CVE-2022-21182

A privilege escalation vulnerability exists in the router configuration import functionality of InHand Networks InRouter302 V3.5.4. A specially-crafted HTTP request can lead to increased privileges. An attacker can send an HTTP request to trigger this vulnerability...

8.8CVSS7.1AI score0.01885EPSS
Exploits1References2
OSV
OSV
added 2022/04/14 9:15 p.m.5 views

CVE-2020-16238

A vulnerability in the configuration import mechanism of the B. Braun Melsungen AG SpaceCom Version L81/U61 and earlier, and the Data module compactplus Versions A10 and A11 allows attackers with command line access to the underlying Linux system to escalate privileges to the root user...

6.7CVSS6.7AI score0.0024EPSS
Exploits0References2
Prion
Prion
added 2022/04/14 9:15 p.m.19 views

Design/Logic Flaw

A vulnerability in the configuration import mechanism of the B. Braun Melsungen AG SpaceCom Version L81/U61 and earlier, and the Data module compactplus Versions A10 and A11 allows attackers with command line access to the underlying Linux system to escalate privileges to the root user...

7.2CVSS7.2AI score0.0024EPSS
Exploits0References2Affected Software2
Rows per page
Query Builder