Lucene search
+L

400 matches found

RedhatCVE
RedhatCVE
added 2025/05/23 10:38 a.m.11 views

CVE-2024-25659

In Infinera TNMS Transcend Network Management System 19.10.3, an insecure default configuration of the internal SFTP server on Linux servers allows remote attacker to access files and directories outside the SFTP user home directory...

7.2CVSS7.1AI score0.00728EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 6:37 a.m.14 views

CVE-2024-34580

Apache XML Security for C++ through 2.0.4 implements the XML Signature Syntax and Processing XMLDsig specification without protection against an SSRF payload in a KeyInfo element. NOTE: the project disputes this CVE Record on the grounds that any vulnerabilities are the result of a failure to...

5.3CVSS7.2AI score0.00206EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 6:27 a.m.6 views

CVE-2024-10315

In Gliffy Online an insecure configuration was discovered in versions before 4.14.0-6. Reported by Alpha Inferno PVT LTD...

6.9CVSS7AI score0.00323EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 3:59 a.m.7 views

CVE-2023-35838

The WireGuard client 0.5.3 on Windows insecurely configures the operating system and firewall such that traffic to a local network that uses non-RFC1918 IP addresses is blocked. This allows an adversary to trick the victim into blocking IP traffic to selected IP addresses and services even while...

5.7CVSS6.6AI score0.00812EPSS
Exploits1
RedhatCVE
RedhatCVE
added 2025/05/23 12:48 a.m.13 views

CVE-2022-22409

IBM Aspera Faspex 5.0.5 could allow a remote attacker to gather sensitive information about the web application, caused by an insecure configuration. IBM X-Force ID: 222592...

5.3CVSS6.1AI score0.00819EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 7:36 p.m.7 views

CVE-2021-29480

Ratpack is a toolkit for creating web applications. In versions prior to 1.9.0, the client side session module uses the application startup time as the signing key by default. This means that if an attacker can determine this time, and if encryption is not also used which is recommended, but is n...

4.4CVSS6.7AI score0.00262EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 5:40 p.m.5 views

CVE-2020-1836

HUAWEI P30 with versions earlier than 10.1.0.160C00E160R2P11 and HUAWEI P30 Pro with versions earlier than 10.1.0.160C00E160R2P8 have an information disclosure vulnerability. Certain function's default configuration in the system seems insecure, an attacker should craft a WI-FI hotspot to launch...

5.3CVSS6.5AI score0.00278EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/22 5:10 p.m.7 views

CVE-2020-35454

The Taidii Diibear Android application 2.4.0 and all its derivatives allow attackers to obtain user credentials from an Android backup because of insecure application configuration...

6.8CVSS6.9AI score0.00235EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/22 4:55 p.m.10 views

CVE-2020-9761

An issue was discovered in UNCTAD ASYCUDA World 2001 through 2020. The Java RMI Server has an Insecure Default Configuration, leading to Java Code Execution from a remote URL because an RMI Distributed Garbage Collector method is called...

9.8CVSS7.4AI score0.02136EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 3:41 p.m.9 views

CVE-2020-6971

In Emerson ValveLink v12.0.264 to v13.4.118, a vulnerability in the ValveLink software may allow a local, unprivileged, trusted insider to escalate privileges due to insecure configuration parameters...

7.8CVSS7.1AI score0.00278EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 3:15 p.m.11 views

CVE-2020-15790

A vulnerability has been identified in Spectrum Power 4 All versions V4.70 SP8. If configured in an insecure manner, the web server might be susceptible to a directory listing attack...

5.3CVSS6.7AI score0.00901EPSS
Exploits0
BDU FSTEC
BDU FSTEC
added 2025/05/21 12:0 a.m.7 views

The vulnerability in the Zabbix UI of the IT infrastructure monitoring system allows a attacker to disclose protected information.

A vulnerability exists in the Zabbix UI of the IT infrastructure monitoring system, related to insecure configuration settings. Exploiting this vulnerability could allow a malicious actor to disclose sensitive information...

4.3CVSS5.4AI score
Exploits0Affected Software1
CNNVD
CNNVD
added 2025/04/01 12:0 a.m.4 views

Valmet DNA 安全漏洞

Valmet DNA is a platform for automation and information systems from the Finnish company Valmet. In this single platform, process control, machine control, quality control, drive control and equipment condition monitoring systems are covered. A security vulnerability exists in Valmet DNA versions...

8.9CVSS6.2AI score0.00186EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/03/21 12:19 a.m.19 views

CVE-2024-57061

An issue in Termius Version 9.9.0 through v.9.16.0 allows a physically proximate attacker to execute arbitrary code via the insecure Electron Fuses configuration...

9.8CVSS7.8AI score0.00657EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/03/05 12:0 a.m.4 views

Vasion Print 安全漏洞

Vasion Print is a SaaS-based, cloud-hosted application from Vasion for managing and deploying printers. Vasion Print has a security vulnerability that stems from an insecure logging permission configuration...

9.8CVSS6.8AI score0.00645EPSS
Exploits1References2
Github Security Blog
Github Security Blog
added 2025/01/20 3:31 p.m.19 views

Insecure default config access in WriteFreely

WriteFreely through 0.15.1, when MySQL is used, allows local users to discover credentials by reading config.ini...

8.4CVSS6.6AI score0.00203EPSS
Exploits0References5Affected Software1
RedhatCVE
RedhatCVE
added 2025/01/16 2:27 p.m.18 views

CVE-2025-23019

An insecure configuration flaw was found in the IPv4-in-IPv6 and IPv6-in-IPv6 protocols RFC4213. When configured to not require authentication or filtering, this issue could allow a remote unauthenticated attacker to spoof packets or bypass access controls. Mitigation See references section for...

5.4CVSS7.2AI score0.00945EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 2025/01/16 2:26 p.m.8 views

CVE-2025-23018

An insecure configuration flaw was found in the IPv4-in-IPv6 and IPv6-in-IPv6 protocols RFC2473. When configured to not require authentication or filtering, this issue could allow a remote unauthenticated attacker to spoof packets or bypass access controls. Mitigation See references section for...

5.4CVSS7.2AI score0.01027EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 2025/01/16 2:26 p.m.27 views

CVE-2024-7596

An insecure configuration flaw was found in the Generic UDP Encapsulation Protocol. When configured to not require authentication or filtering, this issue could allow a remote unauthenticated attacker to spoof packets or bypass access controls. Mitigation See references section for detailed...

5.4CVSS7.1AI score0.00845EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 2025/01/16 2:26 p.m.46 views

CVE-2024-7595

An insecure configuration flaw was found in the GRE and GRE6 Protocols. When configured to not require authentication or filtering, this issue could allow a remote unauthenticated attacker to spoof packets or bypass access controls. Mitigation See references section for detailed guidance...

5.4CVSS7.1AI score0.01552EPSS
Exploits0References6
Rows per page
Query Builder