Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

566 matches found

VulnCheck KEV
VulnCheck KEVadded 2023/11/28 12:0 a.m.3 views

VulnCheck KEV: CVE-2023-6448

Unitronics Vision Series PLCs and HMIs ship with an insecure default password, which if left unchanged, can allow attackers to execute remote commands...

9.8CVSS7.4AI score0.02089EPSS
Exploits0References1
OSV
OSVadded 2023/10/30 6:15 p.m.2 views

CVE-2023-21397

In Setup Wizard, there is a possible way to save a WiFi network due to an insecure default value. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

7.8CVSS5.9AI score0.001EPSS
Exploits0References1
Prion
Prionadded 2023/10/30 6:15 p.m.17 views

Default configuration

In Setup Wizard, there is a possible way to save a WiFi network due to an insecure default value. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

4.3CVSS8.2AI score0.001EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologiesadded 2023/10/30 12:0 a.m.4 views

PT-2023-18172 · Unknown · Setupwizard

Name of the Vulnerable Software and Affected Versions: Setup Wizard affected versions not specified Description: The issue is related to an insecure default value in the Setup Wizard, which could allow saving a WiFi network. This could lead to local escalation of privilege with no additional...

7.8CVSS6.8AI score0.001EPSS
Exploits0References4
Positive Technologies
Positive Technologiesadded 2023/10/23 12:0 a.m.1 views

PT-2023-9359 · Edk2 +3 · Edk2 +3

Name of the Vulnerable Software and Affected Versions: EDK2 versions affected versions not specified Description: The issue is related to an insecure default configuration in EDK2 that allows the UEFI Shell to be enabled, potentially permitting an OS-resident attacker to bypass Secure Boot. This...

8.8CVSS6.6AI score0.02101EPSS
Exploits1References62
Talos
Talosadded 2023/10/12 12:0 a.m.33 views

SoftEther VPN CiRpcAccepted() authentication bypass vulnerability

Talos Vulnerability Report TALOS-2023-1754 SoftEther VPN CiRpcAccepted authentication bypass vulnerability October 12, 2023 CVE Number CVE-2023-27516 SUMMARY An authentication bypass vulnerability exists in the CiRpcAccepted functionality of SoftEther VPN 4.41-9782-beta and 5.01.9674. A specially...

7.8CVSS7.5AI score0.00525EPSS
Exploits1
NVD
NVDadded 2023/09/14 8:15 p.m.13 views

CVE-2023-37755

i-doit pro 25 and below and I-doit open 25 and below are configured with insecure default administrator credentials, and there is no warning or prompt to ask users to change the default password and account name. Unauthenticated attackers can exploit this vulnerability to obtain Administrator...

9.8CVSS9.5AI score0.01094EPSS
Exploits1References3
OSV
OSVadded 2023/09/14 8:15 p.m.5 views

CVE-2023-37755

i-doit pro 25 and below and I-doit open 25 and below are configured with insecure default administrator credentials, and there is no warning or prompt to ask users to change the default password and account name. Unauthenticated attackers can exploit this vulnerability to obtain Administrator...

9.8CVSS5.9AI score0.01094EPSS
Exploits1References3
Cvelist
Cvelistadded 2023/09/14 12:0 a.m.20 views

CVE-2023-37755

i-doit pro 25 and below and I-doit open 25 and below are configured with insecure default administrator credentials, and there is no warning or prompt to ask users to change the default password and account name. Unauthenticated attackers can exploit this vulnerability to obtain Administrator...

9.6AI score0.01094EPSS
Exploits1References3
OSV
OSVadded 2023/09/12 9:15 a.m.3 views

CVE-2023-37878

Insecure default permissions in Wing FTP Server Admin Web Client allows for privilege escalation.This issue affects Wing FTP Server: = 7.2.0...

8.8CVSS5.8AI score0.00432EPSS
Exploits0References1
Vulnrichment
Vulnrichmentadded 2023/09/12 8:16 a.m.18 views

CVE-2023-37878 Insecure Default Permissions in Wing FTP Server <= 7.2.0

Insecure default permissions in Wing FTP Server Admin Web Client allows for privilege escalation.This issue affects Wing FTP Server: = 7.2.0...

6.1CVSS7.1AI score0.00432EPSS
Exploits0References1
Prion
Prionadded 2023/09/06 1:15 p.m.19 views

Input validation

An improper default REST API permission for Gamma users in Apache Superset up to and including 2.1.0 allows for an authenticated Gamma user to test database connections...

5.5CVSS5.3AI score0.00839EPSS
Exploits0References2Affected Software1
OSV
OSVadded 2023/09/04 3:15 a.m.1 views

CVE-2023-32805

In power, there is a possible out of bounds write due to an insecure default value. This could lead to local escalation of privilege with System execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS08102892; Issue ID: ALPS08102892...

6.5CVSS5.9AI score
Exploits0References1
Prion
Prionadded 2023/09/04 3:15 a.m.13 views

Out-of-bounds

In power, there is a possible out of bounds write due to an insecure default value. This could lead to local escalation of privilege with System execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS08102892; Issue ID: ALPS08102892...

3.8CVSS6.7AI score0.00088EPSS
Exploits0References1Affected Software1
Cvelist
Cvelistadded 2023/09/04 2:28 a.m.20 views

CVE-2023-32805

In power, there is a possible out of bounds write due to an insecure default value. This could lead to local escalation of privilege with System execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS08102892; Issue ID: ALPS08102892...

6.9AI score0.00088EPSS
Exploits0References1
Vulnrichment
Vulnrichmentadded 2023/09/04 2:28 a.m.12 views

CVE-2023-32805

In power, there is a possible out of bounds write due to an insecure default value. This could lead to local escalation of privilege with System execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS08102892; Issue ID: ALPS08102892...

7.2AI score0.00088EPSS
Exploits0References1
CNNVD
CNNVDadded 2023/09/04 12:0 a.m.4 views

MediaTek Chip Buffer Error Vulnerability

MediaTek chips are a variety of MediaTek chips from MediaTek, a Chinese company. A security vulnerability exists in the MediaTek chips that stems from an insecure default value issue with power, which may result in out-of-bounds writes...

6.5CVSS6.8AI score0.00088EPSS
Exploits0References2
NVD
NVDadded 2023/08/15 7:15 p.m.26 views

CVE-2023-4338

Broadcom RAID Controller web interface is vulnerable due to insecure default of HTTP configuration that does not provide X-Content-Type-Options Headers...

9.8CVSS9.5AI score0.00588EPSS
Exploits0References2
NVD
NVDadded 2023/08/15 7:15 p.m.19 views

CVE-2023-4329

Broadcom RAID Controller web interface is vulnerable due to insecure default of HTTP configuration that does not safeguard SESSIONID cookie with SameSite attribute...

9.8CVSS9.5AI score0.00588EPSS
Exploits0References2
OSV
OSVadded 2023/08/14 10:15 p.m.2 views

CVE-2023-35689

In checkDebuggingDisallowed of DeviceVersionFragment.java, there is a possible way to access adb before SUW completion due to an insecure default value. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

7.8CVSS5.9AI score0.00088EPSS
Exploits0References1
Rows per page
Query Builder