Lucene search
K

34 matches found

ATTACKERKB
ATTACKERKB
added last week4 views

CVE-2026-48944

The K2 frontend article-save handler accepts an attachmentNexisting POST field that is concatenated with JPATHSITE/ and passed to JFile::copy. JPath::clean does NOT strip .., and there is no allow-list of source paths. An Author can therefore copy configuration.php or any other file readable by t...

6.5CVSS5.9AI score0.00295EPSS
Exploits0References2Affected Software1
RedhatCVE
RedhatCVE
added 2026/06/05 7:37 p.m.9 views

CVE-2026-41655

Admidio is an open-source user management solution. Prior to version 5.0.9, the ecardpreview.php endpoint does not validate that the ecardtemplate POST parameter is a safe filename before passing it to ECard::getEcardTemplate. An authenticated user can supply a path traversal payload e.g.,...

6.5CVSS5.5AI score0.00307EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/04/27 12:0 a.m.10 views

Moxa EDR-8010 Series和Moxa EDR-G9010 Series 安全漏洞

The Moxa EDR-8010 Series and Moxa EDR-G9010 Series are a series of security routers produced by Moxa Corporation from Taiwan, China. Both models have security vulnerabilities. These vulnerabilities stem from improper ownership management, allowing users with low privileges to access configuration...

6CVSS5.8AI score0.0024EPSS
Exploits0References1
OSV
OSV
added 2026/03/09 7:16 p.m.5 views

CVE-2026-30140

An incorrect access control vulnerability exists in Tenda W15E V02.03.01.26cn. An unauthenticated attacker can access the /cgi-bin/DownloadCfg/RouterCfm.jpg endpoint to download the configuration file containing plaintext administrator credentials, leading to sensitive information disclosure and...

7.5CVSS5.9AI score0.00327EPSS
Exploits0References1
NVD
NVD
added 2025/12/18 3:15 p.m.4 views

CVE-2025-65009

In WODESYS WD-R608U router also known as WDR122B V2.0 and WDR28 admin password is stored in configuration file as plaintext and can be obtained by unauthorized user by direct references to the resource in question. The vendor was notified early about this vulnerability, but didn't respond with th...

7.1CVSS0.00165EPSS
Exploits0References3
IBM Security Bulletins
IBM Security Bulletins
added 2025/11/12 12:15 p.m.4 views

Security Bulletin: IBM QRadar SIEM is affected by improper storage of credentials in configuration files

Summary IBM QRadar SIEM is affected by improper storage of credentials in configuration files in source control. IBM has addressed the issue in the latest update. Vulnerability Details CVEID:CVE-2025-33119 DESCRIPTION: IBM QRadar SIEM stores user credentials in configuration files in source contr...

6.5CVSS6.7AI score0.00213EPSS
Exploits0Affected Software1
OSV
OSV
added 2025/10/29 3:31 p.m.5 views

GHSA-2VMR-8C82-X8XQ Jenkins ByteGuard Build Actions Plugin stores API tokens unencrypted in job config.xml files

Jenkins ByteGuard Build Actions Plugin 1.0 and earlier stores API tokens unencrypted in job config.xml files on the Jenkins controller as part of its configuration. These tokens can be viewed by users with Item/Extended Read permission or access to the Jenkins controller file system. Additionally...

4.3CVSS6.8AI score0.00158EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2018-17477

Malware in sbrugna...

8CVSS7.8AI score0.0633EPSS
Exploits5References5
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2017-9470

Malware in sbrugna...

9.8CVSS9.5AI score0.02966EPSS
Exploits1References4
EUVD
EUVD
added 2025/10/07 12:30 a.m.3 views

EUVD-2019-5555

Malware in sbrugna...

5.5CVSS5.5AI score0.01266EPSS
Exploits3References5
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2018-13125

Malware in sbrugna...

7.5CVSS7.6AI score0.01368EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.8 views

EUVD-2009-0283

Malware in sbrugna...

5CVSS6.1AI score0.02238EPSS
Exploits1References8
EUVD
EUVD
added 2025/10/03 8:7 p.m.7 views

EUVD-2023-39166

Malicious code in bioql PyPI...

5.5CVSS5.6AI score0.00243EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2025/09/10 12:0 a.m.4 views

Linux Distros Unpatched Vulnerability : CVE-2019-9823

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In several JetBrains IntelliJ IDEA versions, creating remote run configurations of JavaEE application servers leads to saving a cleartext record of the server...

9.8CVSS7.2AI score0.01565EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/08/21 7:26 a.m.4 views

CVE-2025-8895 WP Webhooks <= 3.3.5 - Unauthenticated Arbitrary File Copy

The WP Webhooks plugin for WordPress is vulnerable to arbitrary file copy due to missing validation of user-supplied input in all versions up to, and including, 3.3.5. This makes it possible for unauthenticated attackers to copy arbitrary files on the affected site's server to arbitrary locations...

9.8CVSS7.1AI score0.00534EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2025/08/21 12:0 a.m.5 views

PT-2025-34199

Name of the Vulnerable Software and Affected Versions: WP Webhooks plugin for WordPress versions up to and including 3.3.5 Description: The WP Webhooks plugin for WordPress is susceptible to arbitrary file copy due to insufficient validation of user-supplied input. This allows unauthenticated...

9.8CVSS6AI score0.00534EPSS
Exploits0References8
NVD
NVD
added 2025/08/12 12:15 p.m.4 views

CVE-2025-40753

A vulnerability has been identified in POWER METER SICAM Q100 7KG9501-0AA01-0AA1 All versions = V2.60 = V2.60 = V2.60 = V2.60 = V2.70 V2.80. Affected devices export the password for the SMTP account as plain text in the Configuration File. This could allow an authenticated local attacker to extra...

6.8CVSS0.00086EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/08/12 11:17 a.m.3 views

CVE-2025-40753

A vulnerability has been identified in POWER METER SICAM Q100 7KG9501-0AA01-0AA1 All versions = V2.60 = V2.60 = V2.60 = V2.60 = V2.70 V2.80. Affected devices export the password for the SMTP account as plain text in the Configuration File. This could allow an authenticated local attacker to extra...

6.8CVSS7AI score0.00086EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 9:57 a.m.7 views

CVE-2024-42966

Incorrect access control in TOTOLINK N350RT V9.3.5u.6139B20201216 allows attackers to obtain the apmib configuration file, which contains the username and the password, via a crafted request to /cgi-bin/ExportSettings.sh...

9.8CVSS6.8AI score0.00609EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/23 2:49 a.m.7 views

CVE-2023-30367

Multi-Remote Next Generation Connection Manager mRemoteNG is free software that enables users to store and manage multi-protocol connection configurations to remotely connect to systems. mRemoteNG configuration files can be stored in an encrypted state on disk. mRemoteNG version = v1.76.20 and =...

7.5CVSS6.7AI score0.00431EPSS
Exploits4References1
Rows per page
Query Builder