Lucene search
K

56 matches found

RedhatCVE
RedhatCVE
added 2025/07/10 7:24 a.m.8 views

CVE-2025-25268

An unauthenticated adjacent attacker can modify configuration by sending specific requests to an API-endpoint resulting in read and write access due to missing authentication...

8.8CVSS7.2AI score0.00299EPSS
Exploits0References1
NVD
NVD
added 2025/05/08 10:15 a.m.21 views

CVE-2025-3759

Endpoint /cgi-bin-igd/netcoreset.cgi which is used for changing device configuration is accessible without authentication. This poses a significant security threat allowing for e.g: administrator account hijacking or AP password changing. The vendor was contacted early about this disclosure but d...

8.7CVSS0.00226EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/02/16 8:20 p.m.7 views

CVE-2025-25297

Label Studio is an open source data labeling tool. Prior to version 1.16.0, Label Studio's S3 storage integration feature contains a Server-Side Request Forgery SSRF vulnerability in its endpoint configuration. When creating an S3 storage connection, the application allows users to specify a cust...

8.6CVSS6.8AI score0.00617EPSS
Exploits1References1
OSV
OSV
added 2025/02/14 3:26 p.m.13 views

GHSA-M238-FMCW-WH58 Label Studio allows Server-Side Request Forgery in the S3 Storage Endpoint

Description Label Studio's S3 storage integration feature contains a Server-Side Request Forgery SSRF vulnerability in its endpoint configuration. When creating an S3 storage connection, the application allows users to specify a custom S3 endpoint URL via the s3endpoint parameter. This endpoint U...

8.6CVSS8.6AI score0.00617EPSS
Exploits1References4
Tenable Nessus
Tenable Nessus
added 2024/10/25 12:0 a.m.189 views

Microsoft Endpoint Configuration Manager RCE (KB29166583)

The Microsoft Endpoint Configuration Manager application installed on the remote host is missing a security hotfix documented in KB29166583. It is, therefore, affected by a remote code execution vulnerability. Note that Nessus has not tested for this issue but has instead relied only on the...

9.8CVSS9.3AI score0.60661EPSS
Exploits3References3
CNNVD
CNNVD
added 2024/09/05 12:0 a.m.7 views

Hughes WL3000 Fusion Software 安全漏洞

Hughes WL3000 Fusion Software is a hardware software system from Hughes Corporation, USA. A security vulnerability exists in Hughes WL3000 Fusion Software versions prior to 2.7.0.10 that originates from credentials used to access device configuration information stored unencrypted in flash memory...

4.6CVSS6.3AI score0.00197EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2024/09/04 8:45 p.m.18 views

CVE-2024-44960

In the Linux kernel, the following vulnerability has been resolved: usb: gadget: core: Check for unset descriptor Make sure the descriptor has been set before looking at maxpacket. This fixes a null pointer panic in this case. This may happen if the gadget doesn't properly set up the endpoint for...

5.5CVSS6.9AI score0.00232EPSS
Exploits0References4
OSV
OSV
added 2023/07/12 7:15 a.m.3 views

CVE-2023-37197

A CWE-89: Improper Neutralization of Special Elements vulnerability used in an SQL Command 'SQL Injection' vulnerability exists that could allow a user already authenticated on DCE to access unauthorized content, change, or delete content, or perform unauthorized actions when tampering with the...

8.8CVSS5.8AI score0.00496EPSS
Exploits0References1
CVE
CVE
added 2023/07/12 6:41 a.m.44 views

CVE-2023-37197

CVE-2023-37197 describes an SQL Injection in Schneider Electric StruxureWare/Data Center Expert (DCE). The vulnerability arises from improper neutralization of special elements in SQL commands, allowing an authenticated DCE user to access, modify, or delete content or perform unauthorized actions...

8.8CVSS8.6AI score0.00496EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2023/07/12 12:0 a.m.4 views

Schneider Electric StruxureWare Data Center Expert SQL注入漏洞

Schneider Electric StruxureWare Data Center Expert StruxureWare Data Center Management Expert is a monitoring software from the French company Schneider Electric Schneider Electric. Suitable for a variety of organizations to monitor their company-wide power, cooling, security, environment. A SQL...

8.8CVSS8AI score0.00496EPSS
Exploits0References2
Kitploit
Kitploit
added 2023/01/03 11:30 a.m.80 views

PXEThief - Set Of Tooling That Can Extract Passwords From The Operating System Deployment Functionality In Microsoft Endpoint Configuration Manager

PXEThief is a set of tooling that implements attack paths discussed at the DEF CON 30 talk Pulling Passwords out of Configuration Manager https://forum.defcon.org/node/241925 against the Operating System Deployment functionality in Microsoft Endpoint Configuration Manager or ConfigMgr, still...

7.2AI score
Exploits0References2
The Hacker News
The Hacker News
added 2022/11/18 12:7 p.m.39 views

Threat hunting with MITRE ATT&CK and Wazuh

Threat hunting is the process of looking for malicious activity and its artifacts in a computer system or network. Threat hunting is carried out intermittently in an environment regardless of whether or not threats have been discovered by automated security solutions. Some threat actors may stay...

0.1AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2022/09/23 12:0 a.m.193 views

Microsoft Endpoint Configuration Manager Spoofing (KB15498768)

The Microsoft Endpoint Configuration Manager application installed on the remote host is missing a security hotfix documented in KB15498768. It is, therefore, affected by a spoofing vulnerability. Under some conditions, clients will fallback to NTLM authentication even if NTLM authentication is...

7.5CVSS7.4AI score0.01433EPSS
Exploits0References3
BDU FSTEC
BDU FSTEC
added 2022/09/23 12:0 a.m.7 views

The vulnerability of the Microsoft Endpoint Configuration Manager software for managing network devices allows a hacker to execute a spear-phishing attack and gain access to sensitive information, due to errors during the authentication process using Kerberos with NTLM.

The vulnerability of the Microsoft Endpoint Configuration Manager software for managing network devices is related to errors that occur during the authentication process using Kerberos and NTLM. Exploiting this vulnerability allows an attacker to execute a spear-phishing attack and gain access to...

7.8CVSS7.2AI score0.01433EPSS
Exploits0References2
CISA
CISA
added 2022/09/21 12:0 a.m.32 views

Microsoft Releases Out-of-Band Security Update for Microsoft Endpoint Configuration Manager

Microsoft has released a security update to address a vulnerability in Microsoft Endpoint Configuration Manager, versions 2103-2207. An attacker could exploit this vulnerability to obtain sensitive information. The Cybersecurity and Infrastructure Security Agency CISA encourages users and...

1.8AI score0.01433EPSS
Exploits0References1
OSV
OSV
added 2022/09/20 7:15 p.m.3 views

CVE-2022-37972

Microsoft Endpoint Configuration Manager Spoofing Vulnerability...

7.5CVSS5.8AI score0.01433EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2022/09/20 7:15 p.m.3 views

CVE-2022-37972

Microsoft Endpoint Configuration Manager Spoofing Vulnerability...

7.5CVSS7.1AI score0.01433EPSS
Exploits0References3Affected Software1
Microsoft CVE
Microsoft CVE
added 2022/09/20 7:0 a.m.76 views

Microsoft Endpoint Configuration Manager Spoofing Vulnerability

...

7.5CVSS7.5AI score0.01433EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2022/09/20 12:0 a.m.4 views

PT-2022-4838 · Microsoft · Endpoint Configuration Manager

Name of the Vulnerable Software and Affected Versions: Microsoft Endpoint Configuration Manager affected versions not specified Description: The issue is related to errors in the authentication process using Kerberos with NTLM. Exploitation of this issue may allow a remote attacker to conduct a...

7.8CVSS7.4AI score0.01433EPSS
Exploits0References10
CNNVD
CNNVD
added 2022/09/20 12:0 a.m.22 views

Microsoft Endpoint Configuration Manager 安全漏洞

Microsoft Endpoint Configuration Manager is a local management solution from Microsoft. It is used to manage networked or Internet-based desktops, servers, and laptops. A security vulnerability exists in Microsoft Endpoint Configuration Manager, which can be exploited by an attacker to gain acces...

7.5CVSS7.3AI score0.01433EPSS
Exploits0References5
Rows per page
Query Builder