Lucene search
K

691 matches found

RedhatCVE
RedhatCVE
added 2026/01/09 9:57 a.m.27 views

CVE-2020-12266

An issue was discovered where there are multiple externally accessible pages that do not require any sort of authentication, and store system information for internal usage. The devices automatically query these pages to update dashboards and other statistics, but the pages can be accessed...

7.5CVSS6.7AI score0.01722EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 9:4 a.m.10 views

CVE-2024-39278

Credentials to access device configuration information stored unencrypted in flash memory. These credentials would allow read-only access to network configuration information and terminal configuration data...

4.6CVSS6.5AI score0.00197EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/01/09 12:0 a.m.9 views

Zenitel ICX500和Zenitel ICX510 安全漏洞

The Zenitel ICX500 and Zenitel ICX510 are both communication and control platforms from Zenitel Norway. A security vulnerability exists in the Zenitel ICX500 and Zenitel ICX510 that originates from an authenticated attacker being able to execute commands via the device's NTP configuration...

8.8CVSS7.1AI score0.00319EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/07 9:53 a.m.6 views

CVE-2013-7395

ZOLL Defibrillator / Monitor X Series has a default 1 supervisor password and 2 service password, which allows physically proximate attackers to modify device configuration and cause a denial of service adverse human health effects...

4.9CVSS7AI score0.00355EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/12/24 12:0 a.m.4 views

PT-2025-53360

FLIR thermal traffic cameras contain an unauthenticated device manipulation vulnerability in their WebSocket implementation that allows attackers to bypass authentication and authorization controls. Attackers can directly modify device configurations, access system information, and potentially...

9.3CVSS7AI score0.00283EPSS
Exploits1References4
RedhatCVE
RedhatCVE
added 2025/12/23 3:35 p.m.4 views

CVE-2025-61740

Authentication issue that does not verify the source of a packet which could allow an attacker to create a denial-of-service condition or modify the configuration of the device...

7.2CVSS6.8AI score0.00123EPSS
Exploits0References1
EUVD
EUVD
added 2025/12/22 2:32 p.m.5 views

EUVD-2025-204712

Authentication issue that does not verify the source of a packet which could allow an attacker to create a denial-of-service condition or modify the configuration of the device...

7.2CVSS6.3AI score0.00123EPSS
Exploits0References3
CNNVD
CNNVD
added 2025/12/22 12:0 a.m.4 views

Johnson Controls IQ series和Johnson Controls PowerG 安全漏洞

The Johnson Controls IQ series and Johnson Controls PowerG are both products of Johnson Controls, Inc.The Johnson Controls IQ series is a series of intelligent security and automation control platforms.The Johnson Johnson Controls PowerG is a communications device. A security vulnerability exists...

7.2CVSS6.8AI score0.00123EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/12/19 2:9 p.m.4 views

CVE-2025-40898

A path traversal vulnerability was discovered in the Import Arc data archive functionality due to insufficient validation of the input file. An authenticated user with limited privileges, by uploading a specifically-crafted Arc data archive, can potentially write arbitrary files in arbitrary path...

8.1CVSS6.8AI score0.00338EPSS
Exploits0References1
OSV
OSV
added 2025/12/18 2:15 p.m.5 views

CVE-2025-40898

A path traversal vulnerability was discovered in the Import Arc data archive functionality due to insufficient validation of the input file. An authenticated user with limited privileges, by uploading a specifically-crafted Arc data archive, can potentially write arbitrary files in arbitrary path...

7.2CVSS5.9AI score0.00338EPSS
Exploits0References1
EUVD
EUVD
added 2025/12/18 1:19 p.m.5 views

EUVD-2025-204258

A path traversal vulnerability was discovered in the Import Arc data archive functionality due to insufficient validation of the input file. An authenticated user with limited privileges, by uploading a specifically-crafted Arc data archive, can potentially write arbitrary files in arbitrary path...

8.1CVSS6.3AI score0.00338EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/12/18 12:0 a.m.6 views

PT-2025-52222

A path traversal vulnerability was discovered in the Import Arc data archive functionality due to insufficient validation of the input file. An authenticated user with limited privileges, by uploading a specifically-crafted Arc data archive, can potentially write arbitrary files in arbitrary path...

8.1CVSS6.8AI score0.00338EPSS
Exploits0References1
NOZOMI
NOZOMI
added 2025/12/18 12:0 a.m.5 views

Path traversal in Import Arc data archive functionality in Guardian/CMC before 25.5.0

Summary A path traversal vulnerability was discovered in the Import Arc data archive functionality due to insufficient validation of the input file. Impact An authenticated user with limited privileges, by uploading a specifically-crafted Arc data archive, can potentially write arbitrary files in...

8.1CVSS6.8AI score0.00338EPSS
Exploits0Affected Software2
RedhatCVE
RedhatCVE
added 2025/12/17 4:4 p.m.12 views

CVE-2025-14432

In limited scenarios, sensitive data might be written to the log file if an admin uses Microsoft Teams Admin Center TAC to make device configuration changes. The affected log file is visible only to users with admin credentials. This is limited to Microsoft TAC and does not affect configuration...

8.1CVSS6.7AI score0.00344EPSS
Exploits0References1
EUVD
EUVD
added 2025/12/16 6:31 p.m.4 views

EUVD-2025-203769

In limited scenarios, sensitive data might be written to the log file if an admin uses Microsoft Teams Admin Center TAC to make device configuration changes. The affected log file is visible only to users with admin credentials. This is limited to Microsoft TAC and does not affect configuration...

8.1CVSS6.2AI score0.00344EPSS
Exploits0References2
EUVD
EUVD
added 2025/12/16 5:6 p.m.5 views

EUVD-2023-60194

D-Link DAP-1325 firmware version 1.01 contains a broken access control vulnerability that allows unauthenticated attackers to download device configuration settings without authentication. Attackers can exploit the /cgi-bin/ExportSettings.sh endpoint to retrieve sensitive configuration informatio...

8.7CVSS6.2AI score0.0062EPSS
Exploits1References4
CVE
CVE
added 2025/12/16 5:6 p.m.11 views

CVE-2023-53896

CVE-2023-53896 affects D-Link DAP-1325 firmware 1.01. The Red Hat/NVD/CVE entries describe a broken access control that allows unauthenticated retrieval of device configuration settings via /cgi-bin/ExportSettings.sh, enabling disclosure of sensitive configuration data. The issue is rooted in acc...

8.7CVSS6.4AI score0.0062EPSS
Exploits1References3Affected Software1
OSV
OSV
added 2025/12/16 4:15 p.m.1 views

CVE-2025-14432

In limited scenarios, sensitive data might be written to the log file if an admin uses Microsoft Teams Admin Center TAC to make device configuration changes. The affected log file is visible only to users with admin credentials. This is limited to Microsoft TAC and does not affect configuration...

4.9CVSS5.8AI score
Exploits0References1
NVD
NVD
added 2025/12/16 4:15 p.m.6 views

CVE-2025-14432

In limited scenarios, sensitive data might be written to the log file if an admin uses Microsoft Teams Admin Center TAC to make device configuration changes. The affected log file is visible only to users with admin credentials. This is limited to Microsoft TAC and does not affect configuration...

8.1CVSS0.00344EPSS
Exploits0References1
CVE
CVE
added 2025/12/16 3:15 p.m.12 views

CVE-2025-14432

CVE-2025-14432 affects HP video conferencing products (HP TC8/TC10 noted in CNNVD) with a data-leakage issue where sensitive data could be written to log files when an admin uses Microsoft Teams Admin Center (TAC) to apply device configuration changes. The log file is restricted to admins but exp...

8.1CVSS6.3AI score0.00344EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder