Lucene search
K

569 matches found

Cvelist
Cvelist
added 2025/04/15 9:45 p.m.10 views

CVE-2025-30512 Growatt Cloud portal External Control of System or Configuration Setting

Unauthenticated attackers can send configuration settings to device and possible perform physical actions remotely e.g., on/off...

6.9CVSS0.00573EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/04/15 12:0 a.m.5 views

PT-2025-16500

Name of the Vulnerable Software and Affected Versions The product name cannot be determined. Description The issue allows unauthenticated attackers to send configuration settings to a device and possibly perform physical actions remotely, such as turning the device on or off. Recommendations At t...

6.9CVSS6.4AI score0.00573EPSS
Exploits0References6
NVD
NVD
added 2025/04/07 4:15 p.m.8 views

CVE-2025-28403

An issue in RUoYi v.4.8.0 allows a remote attacker to escalate privileges via the editSave method does not properly validate whether the requesting user has administrative privileges before allowing modifications to system configuration settings...

7.2CVSS0.00587EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2025/04/07 12:0 a.m.8 views

CVE-2025-28403

An issue in RUoYi v.4.8.0 allows a remote attacker to escalate privileges via the editSave method does not properly validate whether the requesting user has administrative privileges before allowing modifications to system configuration settings...

7.4AI score0.00587EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2025/04/02 12:0 a.m.7 views

Webmin < 2.100 Multiple Vulnerabilities

According to its self-reported version, the Webmin install hosted on the remote host is prior to 2.100. It is, therefore, affected by multiple vulnerabilities: - A Cross-Site Scripting XSS vulnerability exists in the Users Real name parameter. - A Cross-Site Scripting XSS vulnerability exists in...

6.1CVSS6AI score0.00708EPSS
Exploits9References11
RedhatCVE
RedhatCVE
added 2025/03/25 3:22 p.m.18 views

CVE-2025-2651

A vulnerability, which was classified as problematic, was found in SourceCodester Online Eyewear Shop 1.0. Affected is an unknown function of the file /oews/admin/. The manipulation leads to exposure of information through directory listing. It is possible to launch the attack remotely. The explo...

6.9CVSS7AI score0.00631EPSS
Exploits1References1
NVD
NVD
added 2025/03/23 3:15 p.m.19 views

CVE-2025-2651

A vulnerability, which was classified as problematic, was found in SourceCodester Online Eyewear Shop 1.0. Affected is an unknown function of the file /oews/admin/. The manipulation leads to exposure of information through directory listing. It is possible to launch the attack remotely. The explo...

6.9CVSS0.00631EPSS
Exploits1References5
CVE
CVE
added 2025/03/23 3:0 p.m.66 views

CVE-2025-2652

CVE-2025-2652 concerns SourceCodester’s Employee and Visitor Gate Pass Logging System 1.0 , where an unspecified functionality allows information exposure via directory listing. The vulnerability can be exploited remotely; multiple sub-directories are affected, and an exploit has been disclosed p...

7.5CVSS5.3AI score0.00649EPSS
Exploits1References5Affected Software1
Vulnrichment
Vulnrichment
added 2025/03/23 3:0 p.m.7 views

CVE-2025-2652 SourceCodester Employee and Visitor Gate Pass Logging System exposure of information through directory listing

A vulnerability has been found in SourceCodester Employee and Visitor Gate Pass Logging System 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality. The manipulation leads to exposure of information through directory listing. The attack can be launched...

6.9CVSS6.9AI score0.00649EPSS
Exploits1References5
Cvelist
Cvelist
added 2025/03/23 2:31 p.m.33 views

CVE-2025-2651 SourceCodester Online Eyewear Shop admin exposure of information through directory listing

A vulnerability, which was classified as problematic, was found in SourceCodester Online Eyewear Shop 1.0. Affected is an unknown function of the file /oews/admin/. The manipulation leads to exposure of information through directory listing. It is possible to launch the attack remotely. The explo...

6.9CVSS0.00631EPSS
Exploits1References5
CVE
CVE
added 2025/03/23 2:31 p.m.53 views

CVE-2025-2651

CVE-2025-2651 affects SourceCodester Online Eyewear Shop 1.0, with exposure of information via directory listing in an unknown function under /oews/admin/. The attack is described as remotely executable and affects multiple sub-directories. Connected sources consistently state a directory listing...

6.9CVSS5.4AI score0.00631EPSS
Exploits1References5Affected Software1
OSV
OSV
added 2025/03/19 11:44 p.m.22 views

MGASA-2025-0105 Updated tomcat packages fix security vulnerabilities

Time-of-check Time-of-use TOCTOU Race Condition vulnerability in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.1, from 10.1.0-M1 through 10.1.33, from 9.0.0.M1 through 9.0.97. The mitigation for CVE-2024-50379 was incomplete. Users running Tomcat on a case insensiti...

10CVSS6.9AI score0.99945EPSS
Exploits47References3
RedhatCVE
RedhatCVE
added 2025/02/17 12:25 a.m.11 views

CVE-2024-5462

If Brocade Fabric OS before Fabric OS 9.2.0 configuration settings are not set to encrypt SNMP passwords, then the SNMP privsecret / authsecret fields can be exposed in plaintext. The plaintext passwords can be exposed in a configupload capture or a supportsave capture if encryption of passwords ...

5.3CVSS6.8AI score0.00152EPSS
Exploits0References1
NVD
NVD
added 2025/02/16 2:15 p.m.40 views

CVE-2025-1341

A vulnerability, which was classified as problematic, was found in PMWeb 7.2.0. This affects an unknown part of the component Setting Handler. The manipulation leads to weak password requirements. It is possible to initiate the attack remotely. The complexity of an attack is rather high. The...

8.1CVSS0.01078EPSS
Exploits1References4
Cvelist
Cvelist
added 2025/02/14 11:48 p.m.15 views

CVE-2024-5462 Brocade Fabric OS may capture SNMP Passwords in clear text

If Brocade Fabric OS before Fabric OS 9.2.0 configuration settings are not set to encrypt SNMP passwords, then the SNMP privsecret / authsecret fields can be exposed in plaintext. The plaintext passwords can be exposed in a configupload capture or a supportsave capture if encryption of passwords ...

5.3CVSS0.00152EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/02/05 10:19 a.m.6 views

CVE-2024-12535

The Host PHP Info plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check when including the 'phpinfo' function in all versions up to, and including, 1.0.4. This makes it possible for unauthenticated attackers to read configuration settings and predefin...

8.6CVSS6.6AI score0.00576EPSS
Exploits0References1
OSV
OSV
added 2025/02/05 7:26 a.m.6 views

BIT-SUPERSET-2023-49657 Apache Superset: Stored XSS in Dashboard Title and Chart Title

A stored cross-site scripting XSS vulnerability exists in Apache Superset before 3.0.3. An authenticated attacker with create/update permissions on charts or dashboards could store a script or add a specific HTML snippet that would act as a stored XSS. For 2.X versions, users should change their...

9.6CVSS6.2AI score0.0083EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/02/05 6:28 a.m.6 views

CVE-2024-5732

A vulnerability was found in Clash up to 0.20.1 on Windows. It has been declared as critical. This vulnerability affects unknown code of the component Proxy Port. The manipulation leads to improper authentication. The attack can be initiated remotely. The exploit has been disclosed to the public...

9.8CVSS7.1AI score0.00891EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/02/05 2:31 a.m.9 views

CVE-2024-42456

A vulnerability in Veeam Backup & Replication platform allows a low-privileged user with a specific role to exploit a method that updates critical configuration settings, such as modifying the trusted client certificate used for authentication on a specific port. This can result in unauthorized...

8.8CVSS6.8AI score0.0038EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/02/05 1:47 a.m.4 views

CVE-2024-11630

A vulnerability has been found in E-Lins H685, H685f, H700, H720, H750, H820, H820Q, H820Q0 and H900 up to 3.2 and classified as critical. This vulnerability affects unknown code of the component OEM Backend. The manipulation leads to hard-coded credentials. The attack can be initiated remotely...

7.5CVSS6.9AI score0.00613EPSS
Exploits0References1
Rows per page
Query Builder