CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

TL;DR Nginx container on Milesight DeviceHub includes MQTT private key store Can download MQTT private keys across network Milesight eventually responded and issued a firmware update Unauthenticated local file disclosure on Milesight DeviceHub CVSS: 6.5 Medium CVSS:3.1:...

7.3AI score

Exploits0

OSV•added 2024/06/02 2:15 p.m.•1 views

CVE-2024-36392

MileSight DeviceHub - CWE-79: Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting'...

6.1CVSS5.8AI score

Exploits0References1

NVD•added 2024/06/02 2:15 p.m.•9 views

CVE-2024-36390

MileSight DeviceHub - CWE-20 Improper Input Validation may allow Denial of Service...

7.5CVSS7.6AI score0.00115EPSS

Exploits0References1

OSV•added 2024/06/02 2:15 p.m.•0 views

CVE-2024-36390

MileSight DeviceHub - CWE-20 Improper Input Validation may allow Denial of Service...

7.5CVSS5.8AI score0.00115EPSS

Exploits0References1

NVD•added 2024/06/02 2:15 p.m.•14 views

CVE-2024-36391

MileSight DeviceHub - CWE-320: Key Management Errors may allow Authentication Bypass and Man-In-The-Middle Traffic...

9.1CVSS9.4AI score0.00045EPSS

Exploits0References1

NVD•added 2024/06/02 2:15 p.m.•11 views

CVE-2024-36392

MileSight DeviceHub - CWE-79: Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting'...

6.1CVSS6.3AI score0.00212EPSS

Exploits0References1

OSV•added 2024/06/02 2:15 p.m.•0 views

CVE-2024-36391

MileSight DeviceHub - CWE-320: Key Management Errors may allow Authentication Bypass and Man-In-The-Middle Traffic...

7.4CVSS5.8AI score

Exploits0References1

OSV•added 2024/06/02 2:15 p.m.•0 views

CVE-2024-36389

MileSight DeviceHub - CWE-330 Use of Insufficiently Random Values may allow Authentication Bypass...

9.8CVSS5.8AI score0.00073EPSS

Exploits0References1

NVD•added 2024/06/02 2:15 p.m.•11 views

CVE-2024-36389

MileSight DeviceHub - CWE-330 Use of Insufficiently Random Values may allow Authentication Bypass...

9.8CVSS9.7AI score0.00073EPSS

Exploits0References1

NVD•added 2024/06/02 2:15 p.m.•12 views

CVE-2024-36388

MileSight DeviceHub - CWE-305 Missing Authentication for Critical Function...

10CVSS9.7AI score0.00201EPSS

Exploits0References1

OSV•added 2024/06/02 2:15 p.m.•1 views

CVE-2024-36388

MileSight DeviceHub - CWE-305 Missing Authentication for Critical Function...

9.8CVSS5.8AI score

Exploits0References1

Vulnrichment•added 2024/06/02 1:24 p.m.•19 views

CVE-2024-36392 MileSight DeviceHub - CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

MileSight DeviceHub - CWE-79: Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting'...

6.1CVSS7AI score0.00212EPSS

Exploits0References1

Cvelist•added 2024/06/02 1:24 p.m.•22 views

CVE-2024-36392 MileSight DeviceHub - CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

MileSight DeviceHub - CWE-79: Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting'...

6.1CVSS6.3AI score0.00212EPSS

Exploits0References1

Vulnrichment•added 2024/06/02 1:23 p.m.•23 views

CVE-2024-36391 MileSight DeviceHub - CWE-320: Key Management Errors

MileSight DeviceHub - CWE-320: Key Management Errors may allow Authentication Bypass and Man-In-The-Middle Traffic...

9.1CVSS7AI score0.00045EPSS

Exploits0References1

Cvelist•added 2024/06/02 1:23 p.m.•19 views

CVE-2024-36391 MileSight DeviceHub - CWE-320: Key Management Errors

MileSight DeviceHub - CWE-320: Key Management Errors may allow Authentication Bypass and Man-In-The-Middle Traffic...

9.1CVSS9.4AI score0.00045EPSS

Exploits0References1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by