400 matches found
CVE-2024-25659
In Infinera TNMS Transcend Network Management System 19.10.3, an insecure default configuration of the internal SFTP server on Linux servers allows remote attacker to access files and directories outside the SFTP user home directory...
CVE-2024-34580
Apache XML Security for C++ through 2.0.4 implements the XML Signature Syntax and Processing XMLDsig specification without protection against an SSRF payload in a KeyInfo element. NOTE: the project disputes this CVE Record on the grounds that any vulnerabilities are the result of a failure to...
CVE-2024-10315
In Gliffy Online an insecure configuration was discovered in versions before 4.14.0-6. Reported by Alpha Inferno PVT LTD...
CVE-2023-35838
The WireGuard client 0.5.3 on Windows insecurely configures the operating system and firewall such that traffic to a local network that uses non-RFC1918 IP addresses is blocked. This allows an adversary to trick the victim into blocking IP traffic to selected IP addresses and services even while...
CVE-2022-22409
IBM Aspera Faspex 5.0.5 could allow a remote attacker to gather sensitive information about the web application, caused by an insecure configuration. IBM X-Force ID: 222592...
CVE-2021-29480
Ratpack is a toolkit for creating web applications. In versions prior to 1.9.0, the client side session module uses the application startup time as the signing key by default. This means that if an attacker can determine this time, and if encryption is not also used which is recommended, but is n...
CVE-2020-1836
HUAWEI P30 with versions earlier than 10.1.0.160C00E160R2P11 and HUAWEI P30 Pro with versions earlier than 10.1.0.160C00E160R2P8 have an information disclosure vulnerability. Certain function's default configuration in the system seems insecure, an attacker should craft a WI-FI hotspot to launch...
CVE-2020-35454
The Taidii Diibear Android application 2.4.0 and all its derivatives allow attackers to obtain user credentials from an Android backup because of insecure application configuration...
CVE-2020-9761
An issue was discovered in UNCTAD ASYCUDA World 2001 through 2020. The Java RMI Server has an Insecure Default Configuration, leading to Java Code Execution from a remote URL because an RMI Distributed Garbage Collector method is called...
CVE-2020-6971
In Emerson ValveLink v12.0.264 to v13.4.118, a vulnerability in the ValveLink software may allow a local, unprivileged, trusted insider to escalate privileges due to insecure configuration parameters...
CVE-2020-15790
A vulnerability has been identified in Spectrum Power 4 All versions V4.70 SP8. If configured in an insecure manner, the web server might be susceptible to a directory listing attack...
The vulnerability in the Zabbix UI of the IT infrastructure monitoring system allows a attacker to disclose protected information.
A vulnerability exists in the Zabbix UI of the IT infrastructure monitoring system, related to insecure configuration settings. Exploiting this vulnerability could allow a malicious actor to disclose sensitive information...
Valmet DNA 安全漏洞
Valmet DNA is a platform for automation and information systems from the Finnish company Valmet. In this single platform, process control, machine control, quality control, drive control and equipment condition monitoring systems are covered. A security vulnerability exists in Valmet DNA versions...
CVE-2024-57061
An issue in Termius Version 9.9.0 through v.9.16.0 allows a physically proximate attacker to execute arbitrary code via the insecure Electron Fuses configuration...
Vasion Print 安全漏洞
Vasion Print is a SaaS-based, cloud-hosted application from Vasion for managing and deploying printers. Vasion Print has a security vulnerability that stems from an insecure logging permission configuration...
Insecure default config access in WriteFreely
WriteFreely through 0.15.1, when MySQL is used, allows local users to discover credentials by reading config.ini...
CVE-2025-23019
An insecure configuration flaw was found in the IPv4-in-IPv6 and IPv6-in-IPv6 protocols RFC4213. When configured to not require authentication or filtering, this issue could allow a remote unauthenticated attacker to spoof packets or bypass access controls. Mitigation See references section for...
CVE-2025-23018
An insecure configuration flaw was found in the IPv4-in-IPv6 and IPv6-in-IPv6 protocols RFC2473. When configured to not require authentication or filtering, this issue could allow a remote unauthenticated attacker to spoof packets or bypass access controls. Mitigation See references section for...
CVE-2024-7596
An insecure configuration flaw was found in the Generic UDP Encapsulation Protocol. When configured to not require authentication or filtering, this issue could allow a remote unauthenticated attacker to spoof packets or bypass access controls. Mitigation See references section for detailed...
CVE-2024-7595
An insecure configuration flaw was found in the GRE and GRE6 Protocols. When configured to not require authentication or filtering, this issue could allow a remote unauthenticated attacker to spoof packets or bypass access controls. Mitigation See references section for detailed guidance...