Lucene search
+L

107 matches found

ptsecurity
ptsecurity
added 2025/12/24 12:0 a.m.8 views

PT-2025-53350

Name of the Vulnerable Software and Affected Versions SOCA Access Control System version 180612 Description The SOCA Access Control System has multiple insecure direct object reference issues. These allow attackers to access sensitive user credentials, including retrieving authenticated and...

7.5CVSS6.8AI score0.00308EPSS
Exploits1References5
osv
osv
added 2025/12/01 6:59 p.m.5 views

GHSA-53GX-J3P6-2RW9 XWiki Jetty Package (XJetty) allows accessing any application file through URL

Impact In an instance which is using the XWiki Jetty package XJetty, a context is exposed to statically access any file located in the webapp/ folder. It allows accessing files which might contains credentials, like http://myhots/webapps/xwiki/WEB-INF/xwiki.cfg,...

8.7CVSS6.9AI score0.01378EPSS
Exploits0References7
cvelist
cvelist
added 2025/11/26 10:13 p.m.12 views

CVE-2020-36873 Astak CM-818T3 Unauthenticated Configuration Disclosure

Astak CM-818T3 2.4GHz wireless security surveillance cameras contain an unauthenticated configuration disclosure vulnerability in the /web/cgi-bin/hi3510/backup.cgi endpoint. The endpoint permits remote download of a compressed configuration backup without requiring authentication or authorizatio...

8.7CVSS0.00554EPSS
Exploits0References2
redhatcve
redhatcve
added 2025/10/31 12:13 a.m.8 views

CVE-2025-61120

AG Life Logger Android App version v1.0.2.72 and before package name com.donki.healthy, developed by IO FIT, K.K., contains improper access control vulnerabilities. Exposed credentials in traffic may allow attackers to misuse cloud resources, and predictable verification codes make brute-force...

7.5CVSS7AI score0.0027EPSS
Exploits0References1
euvd
euvd
added 2025/10/30 6:31 p.m.5 views

EUVD-2025-37025

AG Life Logger Android App version v1.0.2.72 and before package name com.donki.healthy, developed by IO FIT, K.K., contains improper access control vulnerabilities. Exposed credentials in traffic may allow attackers to misuse cloud resources, and predictable verification codes make brute-force...

7.5CVSS6.5AI score0.0027EPSS
Exploits0References2
nvd
nvd
added 2025/10/30 5:15 p.m.7 views

CVE-2025-61120

AG Life Logger Android App version v1.0.2.72 and before package name com.donki.healthy, developed by IO FIT, K.K., contains improper access control vulnerabilities. Exposed credentials in traffic may allow attackers to misuse cloud resources, and predictable verification codes make brute-force...

7.5CVSS0.0027EPSS
Exploits0References1
cvelist
cvelist
added 2025/10/30 12:0 a.m.10 views

CVE-2025-61120

AG Life Logger Android App version v1.0.2.72 and before package name com.donki.healthy, developed by IO FIT, K.K., contains improper access control vulnerabilities. Exposed credentials in traffic may allow attackers to misuse cloud resources, and predictable verification codes make brute-force...

0.0027EPSS
Exploits0References1
cve
cve
added 2025/10/30 12:0 a.m.23 views

CVE-2025-61120

AG Life Logger Android App (v1.0.2.72 and earlier; package com.donki.healthy) by IO FIT, K.K. has an improper access control vulnerability. Traffic contains credentials exposed in transit, which may allow misuse of cloud resources. Additionally, a predictable verification code mechanism enables b...

7.5CVSS6.7AI score0.0027EPSS
Exploits0References1
ptsecurity
ptsecurity
added 2025/10/30 12:0 a.m.6 views

PT-2025-44430

Name of the Vulnerable Software and Affected Versions AG Life Logger versions prior to v1.0.2.72 Description The AG Life Logger Android App has issues with access control. Exposed credentials in network traffic could allow misuse of cloud resources. Predictable verification codes enable potential...

7.5CVSS6.7AI score0.0027EPSS
Exploits0References4
githubexploit
githubexploit
added 2025/10/27 3:14 p.m.137 views

RedTeam-Penetration-Test-UNF

UNF Penetration Testing Report – Red Team Engagement This rep...

8.8AI score
Exploits0
nvd
nvd
added 2025/10/10 11:15 a.m.5 views

CVE-2025-52625

A vulnerability Cacheable SSL Page Found vulnerability has been identified in HCL AION. Cached data may expose credentials, system identifiers, or internal file paths to attackers with access to the device or browser This issue affects AION: 2.0...

7.5CVSS0.00223EPSS
Exploits0References1
euvd
euvd
added 2025/10/07 12:30 a.m.4 views

EUVD-2019-13388

Malware in sbrugna...

7.2CVSS6.8AI score0.00649EPSS
Exploits0References2
euvd
euvd
added 2025/10/03 8:7 p.m.6 views

EUVD-2022-35621

Malicious code in bioql PyPI...

10CVSS9.2AI score0.01204EPSS
Exploits0References1
euvd
euvd
added 2025/10/03 8:7 p.m.7 views

EUVD-2021-30505

Malicious code in bioql PyPI...

6CVSS6.3AI score0.00149EPSS
Exploits0References1
euvd
euvd
added 2025/10/03 8:7 p.m.4 views

EUVD-2024-42891

Malicious code in bioql PyPI...

8.8CVSS8.6AI score0.00152EPSS
Exploits0References1
osv
osv
added 2025/07/28 8:28 p.m.7 views

CVE-2025-54428 RevelaCode exposes Sensitive MongoDB Atlas URI in .env (potential credential leak)

RevelaCode is an AI-powered faith-tech project that decodes biblical verses, prophecies and global events into accessible language. In versions below 1.0.1, a valid MongoDB Atlas URI with embedded username and password was accidentally committed to the public repository. This could allow...

9.8CVSS6.7AI score0.00464EPSS
Exploits0References4
nvd
nvd
added 2025/06/25 6:15 p.m.10 views

CVE-2025-5823

Autel MaxiCharger AC Wallbox Commercial Serial Number Exposed Dangerous Method Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Autel MaxiCharger AC Wallbox Commercial EV chargers. Authentication is...

6.5CVSS0.00453EPSS
Exploits0References1
malwarebytes
malwarebytes
added 2025/06/19 1:58 p.m.18 views

Billions of logins for Apple, Google, Facebook, Telegram, and more found exposed online

When organizations, good or bad, start hoarding collections of login credentials the numbers quickly add up. Take the 184 million logins for social media accounts we reported about recently. Now try to imagine 16 billion! Researchers at Cybernews have discovered 30 exposed datasets containing fro...

7AI score
Exploits0
ptsecurity
ptsecurity
added 2025/06/12 12:0 a.m.6 views

PT-2025-25306

Name of the Vulnerable Software and Affected Versions The product name cannot be determined. Description The issue allows an attacker to gain full access to the application due to login credentials for the admin user and the property configuration password being stored in files within the source...

9.8CVSS5.9AI score0.00466EPSS
Exploits0References12
redhatcve
redhatcve
added 2025/05/23 7:31 a.m.9 views

CVE-2024-40583

Pentaminds CuroVMS v2.0.1 was discovered to contain exposed credentials...

9.1CVSS7.4AI score0.00519EPSS
Exploits1References1
Rows per page
Query Builder