Lucene search
K

314 matches found

RedhatCVE
RedhatCVE
added 2025/05/22 3:42 p.m.7 views

CVE-2020-8142

A security restriction bypass vulnerability has been discovered in Revive Adserver version 5.0.5 by HackerOne user hoangn144. Revive Adserver, like many other applications, requires the logged in user to type the current password in order to change the e-mail address or the password. It was howev...

6.8CVSS6.8AI score0.00626EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 10:55 a.m.11 views

CVE-2017-18373

The Billion 5200W-T TCLinux Fw $7.3.8.0 v008 130603 router distributed by TrueOnline has three user accounts with default passwords, including two hardcoded service accounts: one with the username true and password true, and another with the username user3 and and a long password consisting of a...

9CVSS7AI score0.05384EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 8:19 a.m.10 views

CVE-2019-20033

On Aspire-derived NEC PBXes, including all versions of SV8100 devices, a set of documented, static login credentials may be used to access the DIM interface...

9.8CVSS6.9AI score0.01101EPSS
Exploits0References1
BDU FSTEC
BDU FSTEC
added 2025/05/21 12:0 a.m.6 views

The vulnerability of the HTTP server in the Mini_http integrated software for Netgear DGND3700 routers allows a hacker to bypass existing security restrictions and gain unauthorized access to the device’s web interface.

The vulnerability of the HTTP server in the Minihttp embedded software of Netgear DGND3700 routers is related to deficiencies in authentication procedures. Exploiting this vulnerability allows a malicious actor to bypass existing security restrictions and gain unauthorized access to the device’s...

10CVSS8AI score0.17581EPSS
Exploits1References2Affected Software1
NVD
NVD
added 2025/04/11 6:15 p.m.50 views

CVE-2025-0123

A vulnerability in the Palo Alto Networks PAN-OS® software enables unlicensed administrators to view clear-text data captured using the packet capture feature https://docs.paloaltonetworks.com/pan-os/11-0/pan-os-admin/monitoring/take-packet-captures/take-a-custom-packet-capture in decrypted HTTP/...

5.9CVSS0.00107EPSS
Exploits0References1
CVE
CVE
added 2025/04/11 5:43 p.m.97 views

CVE-2025-0123

Summary: CVE-2025-0123 affects Palo Alto Networks PAN-OS. Unlicensed administrators can view clear-text data captured via the packet-capture feature in decrypted HTTP/2 data streams on the firewall; HTTP/1.1 streams are not impacted. Exploitation requires access to the management interface and su...

5.9CVSS6.5AI score0.00107EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/04/03 12:0 a.m.12 views

PT-2025-14791 · Jhipster · Generator-Jhipster-Entity-Audit

Name of the Vulnerable Software and Affected Versions: generator-jhipster-entity-audit versions prior to 5.9.1 Description: The issue allows for unsafe reflection when Javers is selected as the Entity Audit Framework. If an attacker can place malicious classes into the classpath and access the RE...

7.6CVSS7.2AI score0.00491EPSS
Exploits0References9
CVE
CVE
added 2025/03/31 12:31 p.m.64 views

CVE-2025-2995

The CVE-2025-2995 issue affects Tenda FH1202, specifically the Web Management Interface’s /goform/SysToolChangePwd endpoint. PT-2025-13697 documents a critical problem in version 1.2.0.14(408) caused by improper access controls in that file, enabling a remote attacker to initiate exploitation. Pu...

6.9CVSS5.5AI score0.0076EPSS
Exploits1References6Affected Software1
CNNVD
CNNVD
added 2025/03/26 12:0 a.m.5 views

Directus 安全漏洞

Directus is a real-time Api and application dashboard open-sourced by Directus. It is used to manage Sql database content. A security vulnerability exists in Directus versions prior to 10.10.0 through 11.5.0, which stems from a lack of user state checking and could lead to improper API access...

4.3CVSS6.3AI score0.00337EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2025/03/20 12:0 a.m.5 views

PT-2025-13698 · Tenda · Tenda Fh1202

Name of the Vulnerable Software and Affected Versions: Tenda FH1202 version 1.2.0.14408 Description: A critical issue affects the Web Management Interface component, specifically the unknown processing of the file /goform/SysToolDDNS. This leads to improper access controls, allowing for remote...

6.9CVSS5.2AI score0.00741EPSS
Exploits1References10
CVE
CVE
added 2025/03/10 6:47 p.m.68 views

CVE-2025-27615

CVE-2025-27615 affects umatiGateway. The Red Hat entry describes that the user interface may be publicly accessible when using the provided docker-compose file, allowing configuration to be viewed and altered. The root cause appears to be UI exposure beyond localhost, with a patch in commit 5d81a...

8.2CVSS7.2AI score0.00486EPSS
Exploits0References4
OSV
OSV
added 2025/03/10 6:47 p.m.4 views

CVE-2025-27615 umatiGateway's UI publicly accessible in provided docker-compose file

umatiGateway is software for connecting OPC Unified Architecture servers with an MQTT broker utilizing JSON messages. The user interface may possibly be publicly accessible with umatiGateway's provided docker-compose file. With this access, the configuration can be viewed and altered. Commit...

8.2CVSS6.8AI score0.00486EPSS
Exploits0References6
NCSC
NCSC
added 2025/02/21 8:8 a.m.8 views

Vulnerabilities fixed in Palo Alto Networks PAN OS

Palo Alto Networks has fixed vulnerabilities in PAN-OS. The vulnerabilities include an authentication bypass that allows unauthenticated malicious actors to invoke specific PHP scripts through the management Web interface, an unauthenticated file deletion that allows malicious actors to delete...

9.1CVSS8.7AI score0.98338EPSS
Exploits8References4
NVD
NVD
added 2025/02/14 5:15 p.m.12 views

CVE-2024-8893

Use of Hard-coded Credentials vulnerability in GoodWe Technologies Co., Ltd. GW1500‑XS allows anyone in physical proximity to the device to fully access the web interface of the inverter via Wi‑Fi.This issue affects GW1500‑XS: 1.1.2.1...

7.3CVSS0.00272EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/02/14 5:42 a.m.16 views

CVE-2024-36787

An issue in Netgear WNR614 JNR1010V2 N300-V1.1.0.541.0.1 allows attackers to bypass authentication and access the administrative interface via unspecified vectors...

8.8CVSS7.2AI score0.00571EPSS
Exploits1References3
CNNVD
CNNVD
added 2025/02/14 12:0 a.m.4 views

IXON IXrouter IX2400 安全漏洞

The IXON IXrouter IX2400 is an industrial router from the Dutch company IXON. A security vulnerability exists in the IXON IXrouter IX2400 version v3.0, which stems from the inclusion of hard-coded root credentials that allow a physically proximate attacker to gain root access via UART or SSH...

5.4CVSS6.9AI score0.0017EPSS
Exploits0References1
NVD
NVD
added 2025/02/13 11:15 p.m.11 views

CVE-2024-37601

An issue was discovered in Mercedes Benz NTG New Telematics Generation 6. A possible heap buffer overflow exists in the user data import/export function of NTG 6 head units. To perform this attack, local access to the USB interface of the car is needed. With prepared data, an attacker can cause t...

4.6CVSS0.0033EPSS
Exploits0References1
OSV
OSV
added 2025/02/13 11:15 p.m.6 views

CVE-2023-34406

An issue was discovered on Mercedes Benz NTG 6. A possible integer overflow exists in the user data import/export function of NTG New Telematics Generation 6 head units. To perform this attack, local access to USB interface of the car is needed. With prepared data, an attacker can cause the...

3.3CVSS7.2AI score0.00208EPSS
Exploits0References1
Packet Storm
Packet Storm
added 2025/02/13 12:0 a.m.631 views

Wattsense Bridge 6.x Remote Root / Information Disclosure

Wattsense Bridge suffers a multitude of security issues. The JTAG interface can be accessed with physical access to the PCB. After connecting to the interface, full access to the device is possible. A serial interface can be accessed with physical access to the PCB. After connecting to the...

9.8CVSS7.3AI score0.00663EPSS
Exploits1
Vulnrichment
Vulnrichment
added 2025/02/11 9:14 a.m.10 views

CVE-2025-26408 Unprotected JTAG Interface

The JTAG interface of Wattsense Bridge devices can be accessed with physical access to the PCB. After connecting to the interface, full access to the device is possible. This enables an attacker to extract information, modify and debug the device's firmware. All known versions are affected...

6.3AI score0.00276EPSS
Exploits1References2
Rows per page
Query Builder