861 matches found
CVE-2025-48610
In pkvmguestrelinquishtohost of memprotect.c, there is a possible configuration data leak due to a logic error in the code. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation...
CVE-2025-48610
In pkvmguestrelinquishtohost of memprotect.c, there is a possible configuration data leak due to a logic error in the code. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation...
Google Android 安全漏洞
Google Android is a Linux-based open source operating system from Google, an American company. Google Android suffers from a security vulnerability that stems from a logic error that could lead to the disclosure of configuration data...
EUVD-2025-201431
Advantech WISE-DeviceOn Server versions prior to 5.4 contain a stored cross-site scripting XSS vulnerability in the /rmm/v1/plugin-config/dashboards/menus endpoint. When an authenticated user adds or edits a dashboard entry, the label and path values are stored in plugin configuration data and...
CVE-2025-66573
Solstice Pod API exposure: Versions 5.5 and 6.2 include an unauthenticated /api/config endpoint that can disclose sensitive live-session data (session key, server version, product details, display name) to any user. This information exposure is documented across multiple sources (NVD/Red Hat/CVE ...
CVE-2025-11379 WebP Express <= 0.25.9 - Unauthenticated Information Exposure
The WebP Express plugin for WordPress is vulnerable to information exposure via config files in all versions up to, and including, 0.25.9. This is due to the plugin not properly randomizing the name of the config file to prevent direct access on NGINX. This makes it possible for unauthenticated...
EUVD-2025-201141
The WebP Express plugin for WordPress is vulnerable to information exposure via config files in all versions up to, and including, 0.25.9. This is due to the plugin not properly randomizing the name of the config file to prevent direct access on NGINX. This makes it possible for unauthenticated...
PT-2025-49003
The WebP Express plugin for WordPress is vulnerable to information exposure via config files in all versions up to, and including, 0.25.9. This is due to the plugin not properly randomizing the name of the config file to prevent direct access on NGINX. This makes it possible for unauthenticated...
ASB-A-432439762
In pkvmguestrelinquishtohost of memprotect.c, there is a possible configuration data leak due to a logic error in the code. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation...
CVE-2020-36873
Astak CM-818T3 2.4GHz wireless security surveillance cameras contain an unauthenticated configuration disclosure vulnerability in the /web/cgi-bin/hi3510/backup.cgi endpoint. The endpoint permits remote download of a compressed configuration backup without requiring authentication or authorizatio...
CVE-2020-36874
ACE SECURITY WIP-90113 HD cameras contain an unauthenticated configuration disclosure vulnerability in the /web/cgi-bin/hi3510/backup.cgi endpoint. The endpoint permits remote download of a compressed configuration backup without requiring authentication or authorization. The exposed backup may...
CVE-2020-36871 ESCAM QD-900 Unauthenticated Configuration Disclosure
ESCAM QD-900 WIFI HD cameras contain an unauthenticated configuration disclosure vulnerability in the /web/cgi-bin/hi3510/backup.cgi endpoint. The endpoint allows remote download of a compressed configuration backup without requiring authentication or authorization. The exposed backup can include...
CVE-2025-37159
A vulnerability in the web management interface of the AOS-CX OS user authentication service could allow an authenticated remote attacker to hijack an active user session. Successful exploitation may enable the attacker to maintain unauthorized access to the session, potentially leading to the vi...
CVE-2025-37159
A vulnerability in the web management interface of the AOS-CX OS user authentication service could allow an authenticated remote attacker to hijack an active user session. Successful exploitation may enable the attacker to maintain unauthorized access to the session, potentially leading to the vi...
CVE-2025-37159
A vulnerability in the web management interface of the AOS-CX OS user authentication service could allow an authenticated remote attacker to hijack an active user session. Successful exploitation may enable the attacker to maintain unauthorized access to the session, potentially leading to the vi...
CVE-2025-37159 Authenticated Session Hijacking Allows Unauthorized Access in Network Switching Software
A vulnerability in the web management interface of the AOS-CX OS user authentication service could allow an authenticated remote attacker to hijack an active user session. Successful exploitation may enable the attacker to maintain unauthorized access to the session, potentially leading to the vi...
CVE-2025-37159 Authenticated Session Hijacking Allows Unauthorized Access in Network Switching Software
A vulnerability in the web management interface of the AOS-CX OS user authentication service could allow an authenticated remote attacker to hijack an active user session. Successful exploitation may enable the attacker to maintain unauthorized access to the session, potentially leading to the vi...
CVE-2025-37159
Summary: CVE-2025-37159 affects the web management interface of the AOS-CX OS user authentication service. An authenticated remote attacker could hijack an active user session, potentially maintaining unauthorized access to that session and viewing or modifying sensitive configuration data. What’...
PT-2025-47389
Name of the Vulnerable Software and Affected Versions AOS-CX OS affected versions not specified Description A flaw exists in the web management interface of the AOS-CX OS user authentication service. An authenticated remote attacker may be able to hijack an active user session. Successful...
CVE-2025-64309
Brightpick Mission Control discloses device telemetry, configuration, and credential information via WebSocket traffic to unauthenticated users when they connect to a specific URL. The unauthenticated URL can be discovered through basic network scanning techniques...