Lucene search
K

111 matches found

RedhatCVE
RedhatCVE
added 2025/05/23 3:46 a.m.7 views

CVE-2023-31414

Kibana versions 8.0.0 through 8.7.0 contain an arbitrary code execution flaw. An attacker with write access to Kibana yaml or env configuration could add a specific payload that will attempt to execute JavaScript code. This could lead to the attacker executing arbitrary commands on the host syste...

8.8CVSS7.9AI score0.00603EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 8:53 p.m.5 views

CVE-2021-37201

A vulnerability has been identified in SINEC NMS All versions V1.0 SP1. The web interface of affected devices is vulnerable to a Cross-Site Request Forgery CSRF attack. This could allow an attacker to manipulate the SINEC NMS configuration by tricking an unsuspecting user with administrative...

8.8CVSS7AI score0.00429EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/05/14 7:54 a.m.27 views

CVE-2025-0020

...

Exploits0
Positive Technologies
Positive Technologies
added 2025/05/14 12:0 a.m.7 views

PT-2025-21140 · Esri · Arcgis

Name of the Vulnerable Software and Affected Versions: ArcGIS affected versions not specified Description: The ArcGIS client credentials OAuth 2.0 API implementation does not adhere to the RFC/standards, allowing a requestor to request an undocumented, custom token expiration from ArcGIS. This...

7.9CVSS6.2AI score
Exploits0References10
CVE
CVE
added 2025/05/13 9:39 a.m.54 views

CVE-2025-40581

The CVE-2025-40581 affects Siemens SCALANCE LPE9403 devices when SINEMA Remote Connect Edge Client is installed. Affected component is the authentication mechanism, with the root cause described as an authentication bypass that permits a local, non-privileged attacker to bypass authentication and...

8.4CVSS7AI score0.0014EPSS
Exploits0References1Affected Software1
RedhatCVE
RedhatCVE
added 2025/02/05 2:3 p.m.6 views

CVE-2020-28398

A vulnerability has been identified in RUGGEDCOM ROX MX5000 All versions V2.16.0, RUGGEDCOM ROX MX5000RE All versions V2.16.0, RUGGEDCOM ROX RX1400 All versions V2.16.0, RUGGEDCOM ROX RX1500 All versions V2.16.0, RUGGEDCOM ROX RX1501 All versions V2.16.0, RUGGEDCOM ROX RX1510 All versions V2.16.0...

8.8CVSS6.2AI score0.00204EPSS
Exploits0
Zero Science Lab
Zero Science Lab
added 2024/12/12 12:0 a.m.329 views

ABB Cylon Aspect 3.07.00 (obtainPorts.php) Configuration Manipulation

Summary ASPECT is an award-winning scalable building energy management and control solution designed to allow users seamless access to their building data through standard building protocols including smart devices. Description The obtainPorts.php script is accessible without authentication,...

5.8AI score
Exploits0
NCSC
NCSC
added 2024/12/06 11:47 a.m.5 views

Vulnerabilities fixed in Veeam Backup & Replication

Veeam has fixed vulnerabilities in Veeam Backup & Replication. The vulnerabilities in Veeam Backup & Replication allow low-privileged users to remotely execute code, extract stored credentials in plain text, launch an agent in server mode, manipulate configurations within the virtual...

8.8CVSS7.2AI score0.14009EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2024/09/24 12:0 a.m.27 views

EulerOS 2.0 SP8 : unbound (EulerOS-SA-2024-2494)

According to the versions of the unbound packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : Certain DNSSEC aspects of the DNS protocol in RFC 4033, 4034, 4035, 6840, and related RFCs allow remote attackers to cause a denial of service CP...

8CVSS6.9AI score0.99995EPSS
Exploits1References4
Tenable Nessus
Tenable Nessus
added 2024/07/22 12:0 a.m.29 views

EulerOS 2.0 SP8 : unbound (EulerOS-SA-2024-2056)

According to the versions of the unbound packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : Certain DNSSEC aspects of the DNS protocol in RFC 4033, 4034, 4035, 6840, and related RFCs allow remote attackers to cause a denial of service CP...

8CVSS6.9AI score0.99995EPSS
Exploits1References4
Tenable Nessus
Tenable Nessus
added 2024/07/18 12:0 a.m.30 views

EulerOS Virtualization 2.10.0 : unbound (EulerOS-SA-2024-1994)

According to the versions of the unbound packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : The Closest Encloser Proof aspect of the DNS protocol in RFC 5155 when RFC 9276 guidance is skipped allows remote attackers to cau...

8CVSS6.8AI score0.99995EPSS
Exploits1References4
OSV
OSV
added 2024/07/10 4:15 p.m.3 views

CVE-2024-20456

A vulnerability in the boot process of Cisco IOS XR Software could allow an authenticated, local attacker with high privileges to bypass the Cisco Secure Boot functionality and load unverified software on an affected device. To exploit this successfully, the attacker must have root-system...

6.7CVSS5.8AI score0.00191EPSS
Exploits0References1
OpenVAS
OpenVAS
added 2024/07/01 12:0 a.m.20 views

Huawei EulerOS: Security Advisory for unbound (EulerOS-SA-2024-1863)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

8CVSS7.5AI score0.99995EPSS
Exploits1References2
OSV
OSV
added 2024/06/25 6:31 p.m.19 views

GHSA-XFHP-JF8P-MH5W HashiCorp go-getter Vulnerable to Code Execution On Git Update Via Git Config Manipulation

HashiCorp’s go-getter library can be coerced into executing Git update on an existing maliciously modified Git Configuration, potentially leading to arbitrary code execution. When go-getter is performing a Git operation, go-getter will try to clone the given repository in a specified destination...

8.4CVSS8AI score0.00973EPSS
Exploits0References5
NVD
NVD
added 2024/05/31 6:15 p.m.11 views

CVE-2024-1275

Use of Default Cryptographic Key vulnerability in Baxter Welch Allyn Connex Spot Monitor may allow Configuration/Environment Manipulation.This issue affects Welch Allyn Connex Spot Monitor in all versions prior to 1.52...

9.1CVSS6.6AI score0.00392EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/05/31 5:23 p.m.26 views

CVE-2024-1275 Vulnerability in Baxter Welch Allyn Connex Spot Monitor

Use of Default Cryptographic Key vulnerability in Baxter Welch Allyn Connex Spot Monitor may allow Configuration/Environment Manipulation.This issue affects Welch Allyn Connex Spot Monitor in all versions prior to 1.52...

9.1CVSS6.6AI score0.00392EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/05/31 5:23 p.m.11 views

CVE-2024-1275 Vulnerability in Baxter Welch Allyn Connex Spot Monitor

Use of Default Cryptographic Key vulnerability in Baxter Welch Allyn Connex Spot Monitor may allow Configuration/Environment Manipulation.This issue affects Welch Allyn Connex Spot Monitor in all versions prior to 1.52...

9.1CVSS6.9AI score0.00392EPSS
Exploits0References1
NVD
NVD
added 2024/05/16 9:15 a.m.23 views

CVE-2024-3435

A path traversal vulnerability exists in the 'savesettings' endpoint of the parisneo/lollms-webui application, affecting versions up to the latest release before 9.5. The vulnerability arises due to insufficient sanitization of the 'config' parameter in the 'applysettings' function, allowing an...

8.4CVSS8.7AI score0.00825EPSS
Exploits1References2
OSV
OSV
added 2024/05/16 9:3 a.m.14 views

CVE-2024-3435 Path Traversal in parisneo/lollms-webui

A path traversal vulnerability exists in the 'savesettings' endpoint of the parisneo/lollms-webui application, affecting versions up to the latest release before 9.5. The vulnerability arises due to insufficient sanitization of the 'config' parameter in the 'applysettings' function, allowing an...

8.4CVSS7.8AI score0.00825EPSS
Exploits1References4
OpenVAS
OpenVAS
added 2024/05/10 12:0 a.m.30 views

Huawei EulerOS: Security Advisory for unbound (EulerOS-SA-2024-1603)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

8CVSS7.5AI score0.99995EPSS
Exploits1References2
Rows per page
Query Builder