Lucene search
K

327 matches found

EUVD
EUVD
added 2025/10/03 8:7 p.m.8 views

EUVD-2024-20299

Malicious code in bioql PyPI...

7.5CVSS7.7AI score0.00562EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2025-24270

Malicious code in bioql PyPI...

4.3CVSS6.3AI score0.00227EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2025/09/30 9:31 p.m.11 views

CVE-2025-54591

FreshRSS is a free, self-hostable RSS aggregator. Versions 1.26.3 and below expose information about feeds and tags of default admin users, due to lack of access checking in the FreshRSSAuth::hasAccess function used by some of the tag/feed related endpoints. FreshRSS controllers usually have a...

7.5CVSS6.6AI score0.00398EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/09/30 8:56 p.m.22 views

CVE-2025-34223

Vasion Print formerly PrinterLogic Virtual Appliance Host prior to version 22.0.1049 and Application prior to version 20.0.2786 VA/SaaS deployments contain a default admin account and an installation‑time endpoint at /admin/query/updatedatabase.php that can be accessed without authentication. An...

10CVSS7.2AI score0.01152EPSS
Exploits1References1
NVD
NVD
added 2025/09/29 9:15 p.m.6 views

CVE-2025-34223

Vasion Print formerly PrinterLogic Virtual Appliance Host prior to version 22.0.1049 and Application prior to version 20.0.2786 VA/SaaS deployments contain a default admin account and an installation‑time endpoint at /admin/query/updatedatabase.php that can be accessed without authentication. An...

10CVSS0.01152EPSS
Exploits1References4
OSV
OSV
added 2025/09/29 9:15 p.m.4 views

CVE-2025-34223

Vasion Print formerly PrinterLogic Virtual Appliance Host prior to version 22.0.1049 and Application prior to version 20.0.2786 VA/SaaS deployments contain a default admin account and an installation‑time endpoint at /admin/query/updatedatabase.php that can be accessed without authentication. An...

9.8CVSS5.9AI score0.01152EPSS
Exploits1References4
Cvelist
Cvelist
added 2025/09/29 9:0 p.m.8 views

CVE-2025-54591 FreshRSS: Unauthenticated users can view default user's information

FreshRSS is a free, self-hostable RSS aggregator. Versions 1.26.3 and below expose information about feeds and tags of default admin users, due to lack of access checking in the FreshRSSAuth::hasAccess function used by some of the tag/feed related endpoints. FreshRSS controllers usually have a...

7.5CVSS0.00398EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2025/09/29 9:0 p.m.3 views

CVE-2025-54591 FreshRSS: Unauthenticated users can view default user's information

FreshRSS is a free, self-hostable RSS aggregator. Versions 1.26.3 and below expose information about feeds and tags of default admin users, due to lack of access checking in the FreshRSSAuth::hasAccess function used by some of the tag/feed related endpoints. FreshRSS controllers usually have a...

7.5CVSS6.2AI score0.00398EPSS
Exploits1References3
OSV
OSV
added 2025/09/29 9:0 p.m.4 views

CVE-2025-54591 FreshRSS: Unauthenticated users can view default user's information

FreshRSS is a free, self-hostable RSS aggregator. Versions 1.26.3 and below expose information about feeds and tags of default admin users, due to lack of access checking in the FreshRSSAuth::hasAccess function used by some of the tag/feed related endpoints. FreshRSS controllers usually have a...

7.5CVSS6.6AI score0.00398EPSS
Exploits1References5
CVE
CVE
added 2025/09/29 9:0 p.m.17 views

CVE-2025-54591

Summary (CVE-2025-54591, FreshRSS) FreshRSS versions 1.26.3 and earlier expose information about feeds and tags belonging to default admin users due to insufficient access checks in the FreshRSS_Auth::hasAccess() function used by some tag/feed endpoints. Some controllers either lack a defined fir...

7.5CVSS6.2AI score0.00398EPSS
Exploits1References3Affected Software1
ATTACKERKB
ATTACKERKB
added 2025/09/29 8:38 p.m.7 views

CVE-2025-34223

Vasion Print formerly PrinterLogic Virtual Appliance Host prior to version 22.0.1049 and Application prior to version 20.0.2786 VA/SaaS deployments contain a default admin account and an installation‑time endpoint at /admin/query/updatedatabase.php that can be accessed without authentication. An...

10CVSS6AI score0.01152EPSS
Exploits1References5
Cvelist
Cvelist
added 2025/09/29 8:38 p.m.9 views

CVE-2025-34223 Vasion Print (formerly PrinterLogic) Insecure Installation Credentials

Vasion Print formerly PrinterLogic Virtual Appliance Host prior to version 22.0.1049 and Application prior to version 20.0.2786 VA/SaaS deployments contain a default admin account and an installation‑time endpoint at /admin/query/updatedatabase.php that can be accessed without authentication. An...

10CVSS0.01152EPSS
Exploits1References4
Vulnrichment
Vulnrichment
added 2025/09/29 8:38 p.m.2 views

CVE-2025-34223 Vasion Print (formerly PrinterLogic) Insecure Installation Credentials

Vasion Print formerly PrinterLogic Virtual Appliance Host prior to version 22.0.1049 and Application prior to version 20.0.2786 VA/SaaS deployments contain a default admin account and an installation‑time endpoint at /admin/query/updatedatabase.php that can be accessed without authentication. An...

10CVSS6.9AI score0.01152EPSS
Exploits1References4
CVE
CVE
added 2025/09/29 8:38 p.m.24 views

CVE-2025-34223

CVE-2025-34223 affects Vasion Print Virtual Appliance Host (pre-22.0.1049) and Vasion Print Application (pre-20.0.2786). An unauthenticated attacker can reach an installation-time endpoint at /admin/query/update_database.php, submit arbitrary root_user/root_password values, and replace the defaul...

10CVSS6.9AI score0.01152EPSS
Exploits1References4Affected Software2
Positive Technologies
Positive Technologies
added 2025/09/29 12:0 a.m.3 views

PT-2025-39901

Name of the Vulnerable Software and Affected Versions FreshRSS versions 1.26.3 and below Description FreshRSS, a self-hostable RSS aggregator, discloses information about feeds and tags belonging to default admin users. This is due to missing access controls within the FreshRSS Auth::hasAccess...

7.5CVSS6.4AI score0.00398EPSS
Exploits1References8
Vulnrichment
Vulnrichment
added 2025/09/25 2:35 p.m.3 views

CVE-2025-10542 Insecure Default Admin Credentials Enable Full Administrative Access in iMonitor EAM

iMonitor EAM 9.6394 ships with default administrative credentials that are also displayed within the management client’s connection dialog. If the administrator does not change these defaults, a remote attacker can authenticate to the EAM server and gain full control over monitored agents and dat...

6.8AI score0.0067EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/09/25 12:0 a.m.3 views

iMonitor EAM 安全漏洞

iMonitor EAM is an employee computer network activity monitoring software from iMonitor USA. A security vulnerability exists in iMonitor EAM version 9.6394, which stems from the use of default administrative credentials without mandatory modifications, which could allow a remote attacker to take...

9.8CVSS6.8AI score0.0067EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/09/24 4:34 p.m.8 views

CVE-2025-35042

Airship AI Acropolis includes a default administrative account that uses the same credentials on every installation. Instances of Airship AI that do not change this account password are vulnerable to a remote attacker logging in and gaining the privileges of this account. Fixed in 10.2.35, 11.0.2...

9.8CVSS7.1AI score0.00403EPSS
Exploits0References1
NVD
NVD
added 2025/09/22 4:15 p.m.22 views

CVE-2025-35042

Airship AI Acropolis includes a default administrative account that uses the same credentials on every installation. Instances of Airship AI that do not change this account password are vulnerable to a remote attacker logging in and gaining the privileges of this account. Fixed in 10.2.35, 11.0.2...

9.8CVSS0.00403EPSS
Exploits0References2
OSV
OSV
added 2025/09/22 4:15 p.m.5 views

CVE-2025-35042

Airship AI Acropolis includes a default administrative account that uses the same credentials on every installation. Instances of Airship AI that do not change this account password are vulnerable to a remote attacker logging in and gaining the privileges of this account. Fixed in 10.2.35, 11.0.2...

9.3CVSS5.8AI score0.00403EPSS
Exploits0References2
Rows per page
Query Builder