Lucene search
K

198 matches found

attackerkb
attackerkb
added 2026/02/14 3:9 p.m.3 views

CVE-2026-23129

In the Linux kernel, the following vulnerability has been resolved: dpll: Prevent duplicate registrations Modify the internal registration helpers dpllxarefdpll,pinadd to reject duplicate registration attempts. Previously, if a caller attempted to register the same pin multiple times with the sam...

5.2AI score0.00115EPSS
Exploits0References4Affected Software1
osv
osv
added 2026/02/10 6:16 p.m.6 views

CVE-2026-0651

On TP-Link Tapo C260 v1 and D235 v1, path traversal is possible due to improper handling of specific GET request paths via https, allowing local unauthenticated probing of filesystem paths. An attacker on the local network can determine whether certain files exists on the device, with no read,...

7.8CVSS6.2AI score0.00303EPSS
Exploits2References4
cvelist
cvelist
added 2026/02/10 5:27 p.m.71 views

CVE-2026-0651 Path Traversal on TP-Link Tapo D235 and C260 via Local https

A path traversal vulnerability was identified TP-Link Tapo C260 v1, D235 v1 and C520WS v2.6 within the HTTP server’s handling of GET requests. The server performs path normalization before fully decoding URL encoded input and falls back to using the raw path when normalization fails. An attacker...

6.9CVSS0.00303EPSS
Exploits2References6
susecve
susecve
added 2026/01/26 12:24 a.m.21 views

SUSE CVE-2026-23009

In the Linux kernel, the following vulnerability has been resolved: xhci: sideband: don't dereference freed ring when removing sideband endpoint xhcisidebandremoveendpoint incorrecly assumes that the endpoint is running and has a valid transfer ring. Lianqin reported a crash during suspend/wake-u...

5.5CVSS5.2AI score0.00135EPSS
Exploits0References3
nessus
nessus
added 2026/01/20 12:0 a.m.5 views

MiracleLinux 8 : 389-ds:1.4 bug fix and enhancement update (AXSA:2021-2281:02)

The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2021-2281:02 advisory. An update for the 389-ds:1.4 module is now available. CVE-2020-35518 When binding against a DN during authentication, the reply from 389-ds-base will be...

5.3CVSS5.7AI score0.01538EPSS
Exploits0References2
redhatcve
redhatcve
added 2026/01/18 12:16 a.m.21 views

CVE-2026-21875

ClipBucket v5 is an open source video sharing platform. Versions 5.5.2-187 and below allow an attacker to perform Blind SQL Injection through the add comment section within a channel. When adding a comment within a channel, there is a POST request to the /actions/ajax.php endpoint. The objid...

9.8CVSS7.9AI score0.00342EPSS
Exploits1References1
cve
cve
added 2025/12/24 10:55 a.m.15 views

CVE-2023-53867

CVE-2023-53867 affects the Linux kernel ceph subsystem. A potential use-after-free occurs when trimming caps in ceph_iterate_session_caps(): after releasing session->s_cap_lock, a cap could be removed by another thread and then the stale cap memory is used in callbacks. The fix adds a check fo...

6.2AI score0.00168EPSS
Exploits0References4
vulnrichment
vulnrichment
added 2025/12/18 8:34 p.m.2 views

CVE-2025-14848 Advantech WebAccess/SCADA Absolute Path Traversal

Advantech WebAccess/SCADA is vulnerable to absolute directory traversal, which may allow an attacker to determine the existence of arbitrary files...

5.3CVSS6.6AI score0.00558EPSS
Exploits0References3
cnnvd
cnnvd
added 2025/12/18 12:0 a.m.5 views

Advantech WebAccess/SCADA 路径遍历漏洞

Advantech WebAccess/SCADA is a set of SCADA software based on browser architecture from Advantech, China. The software supports dynamic graphical display and real-time data control, and provides remote control and management of automation equipment. Advantech WebAccess/SCADA suffers from a...

7.5CVSS6AI score0.00609EPSS
Exploits0References3
zdi
zdi
added 2025/12/17 12:0 a.m.8 views

AzeoTech DAQFactory CTL File Parsing Use-After-Free Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of AzeoTech DAQFactory. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of...

7.8CVSS7AI score0.00201EPSS
Exploits0References1
redhatcve
redhatcve
added 2025/12/12 8:15 p.m.4 views

CVE-2025-67500

Mastodon is a free, open-source social network server based on ActivityPub. Versions 4.2.27 and prior, 4.3.0-beta.1 through 4.3.14, 4.4.0-beta.1 through 4.4.9, 4.5.0-beta.1 through 4.5.2 have discrepancies in error handling which allow checking whether a given status exists by sending a request...

3.7CVSS7AI score0.00196EPSS
Exploits0References1
osv
osv
added 2025/12/11 11:41 a.m.5 views

BIT-MASTODON-2025-67500 Mastodon Error Handling Discrepancy Enables Private Status Existence Enumeration

Mastodon is a free, open-source social network server based on ActivityPub. Versions 4.2.27 and prior, 4.3.0 through 4.3.14, 4.4.0 through 4.4.9, 4.5.0 through 4.5.2 have discrepancies in error handling which allow checking whether a given status exists by sending a request with a non-English...

3.7CVSS5.8AI score0.00196EPSS
Exploits0References3
redhatcve
redhatcve
added 2025/12/03 2:2 p.m.4 views

CVE-2025-41012

Unauthorized access vulnerability in TCMAN GIM v11 version 20250304. This vulnerability allows an unauthenticated attacker to determine whether a user exists on the system by using the 'pda:userId' and 'pda:newPassword' parameters with 'soapaction UnlockUser’ in '/WS/PDAWebService.asmx'...

8.7CVSS6.9AI score0.00218EPSS
Exploits0References1
euvd
euvd
added 2025/12/02 3:30 p.m.6 views

EUVD-2025-200225

Unauthorized access vulnerability in TCMAN GIM v11 version 20250304. This vulnerability allows an unauthenticated attacker to determine whether a user exists on the system by using the 'pda:userId' and 'pda:newPassword' parameters with 'soapaction UnlockUser’ in '/WS/PDAWebService.asmx'...

8.7CVSS6.4AI score0.00218EPSS
Exploits0References2
osv
osv
added 2025/12/02 2:16 p.m.6 views

CVE-2025-41015

User Enumeration Vulnerability in TCMAN GIM v11 version 20250304. This vulnerability allows an unauthenticated attacker to determine whether a user exists on the system. The vulnerability is exploitable through the 'pda:username' parameter with 'soapaction GetUserQuestionAndAnswer' in...

7.5CVSS5.8AI score0.00266EPSS
Exploits0References1
osv
osv
added 2025/12/02 1:15 p.m.6 views

CVE-2025-41012

Unauthorized access vulnerability in TCMAN GIM v11 version 20250304. This vulnerability allows an unauthenticated attacker to determine whether a user exists on the system by using the 'pda:userId' and 'pda:newPassword' parameters with 'soapaction UnlockUser’ in '/WS/PDAWebService.asmx'...

5.3CVSS5.8AI score0.00218EPSS
Exploits0References1
nvd
nvd
added 2025/12/02 1:15 p.m.5 views

CVE-2025-41012

Unauthorized access vulnerability in TCMAN GIM v11 version 20250304. This vulnerability allows an unauthenticated attacker to determine whether a user exists on the system by using the 'pda:userId' and 'pda:newPassword' parameters with 'soapaction UnlockUser’ in '/WS/PDAWebService.asmx'...

8.7CVSS0.00218EPSS
Exploits0References1
cvelist
cvelist
added 2025/12/02 1:12 p.m.9 views

CVE-2025-41012 Unauthorized access vulnerability in TCMAN GIM

Unauthorized access vulnerability in TCMAN GIM v11 version 20250304. This vulnerability allows an unauthenticated attacker to determine whether a user exists on the system by using the 'pda:userId' and 'pda:newPassword' parameters with 'soapaction UnlockUser’ in '/WS/PDAWebService.asmx'...

8.7CVSS0.00218EPSS
Exploits0References1
vulnrichment
vulnrichment
added 2025/12/02 1:12 p.m.2 views

CVE-2025-41012 Unauthorized access vulnerability in TCMAN GIM

Unauthorized access vulnerability in TCMAN GIM v11 version 20250304. This vulnerability allows an unauthenticated attacker to determine whether a user exists on the system by using the 'pda:userId' and 'pda:newPassword' parameters with 'soapaction UnlockUser’ in '/WS/PDAWebService.asmx'...

8.7CVSS6.5AI score0.00218EPSS
Exploits0References1
cve
cve
added 2025/12/02 1:12 p.m.16 views

CVE-2025-41012

The CVE-2025-41012 entry describes an unauthorized-access vulnerability in TCMAN GIM v11 (build 20250304) where an unauthenticated attacker can determine if a user exists on the system by sending requests to the PDAWebService ( /WS/PDAWebService.asmx ) using the parameters pda:userId and pda:newP...

8.7CVSS6.5AI score0.00218EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder