Lucene search
K

314 matches found

ATTACKERKB
ATTACKERKB
added 2026/03/12 8:6 p.m.4 views

CVE-2026-3611

The Honeywell IQ4x building management controller, exposes its full web-based HMI without authentication in its factory-default configuration. With no user module configured, security is disabled by design and the system operates under a System Guest level 100 context, granting read/write...

10CVSS5.8AI score0.05585EPSS
Exploits1References4Affected Software7
EUVD
EUVD
added 2026/03/11 6:30 p.m.5 views

EUVD-2026-11230

In Splunk Enterprise versions below 10.2.0, 10.0.3, 9.4.9, and 9.3.10, and Splunk Cloud Platform versions below 10.2.2510.5, 10.1.2507.16, 10.0.2503.11, and 9.3.2411.123, a low-privileged user that does not hold the "admin" or "power" Splunk roles could access the...

6.5CVSS5.8AI score0.00228EPSS
Exploits0References2
EUVD
EUVD
added 2026/03/09 5:27 p.m.9 views

EUVD-2026-10161

Netmaker: Service User with Network Access Can Access config files with WireGuard Private Keys...

8.7CVSS5.8AI score0.00252EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/03/04 12:0 a.m.5 views

Hitachi Energy RTU500 Product Improper Handling of Insufficient Permissions or Privileges (CVE-2026-1772)

RTU500 web interface: An unprivileged user can read user management information. The information cannot be accessed via the RTU500 web user interface but requires further tools like browser development utilities to access them without required privileges. This plugin only works with Tenable.ot...

5.3CVSS5.2AI score0.0026EPSS
Exploits0References3
OSV
OSV
added 2026/02/25 5:25 p.m.3 views

CVE-2026-20133

A vulnerability in Cisco Catalyst SD-WAN Manager could allow an unauthenticated, remote attacker to view sensitive information on an affected system. This vulnerability is due to insufficient file system access restrictions. An attacker could exploit this vulnerability by accessing the API of an...

7.5CVSS5.8AI score0.10245EPSS
Exploits0References1
OSV
OSV
added 2026/02/17 6:9 p.m.5 views

GO-2026-4462 Mattermost Server server restarts may provide attackers with API access in github.com/mattermost/mattermost-server

Mattermost Server server restarts may provide attackers with API access in github.com/mattermost/mattermost-server. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is causing false-positive repor...

9.8CVSS5.5AI score0.01184EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/02/17 12:0 a.m.9 views

PT-2026-20331

Name of the Vulnerable Software and Affected Versions Pterodactyl Panel versions prior to 1.12.1 Description A missing authorization check allows any user with access to a node secret token to fetch information about any server on a Pterodactyl instance, even if that server is associated with a...

9.2CVSS5.5AI score0.00316EPSS
Exploits0References10
Vulnrichment
Vulnrichment
added 2026/02/12 4:22 p.m.8 views

CVE-2025-55210 FreePBX API has a Privilege Escalation Error in GraphQL Allowing Authenticated Users to Access Additional Scopes

FreePBX is an open-source web-based graphical user interface GUI that manages Asterisk. Prior to 17.0.5 and 16.0.17, FreePBX module api PBX API is vulnerable to privilege escalation by authenticated users with REST/GraphQL API access. This vulnerability allows an attacker to forge a valid JWT wit...

2CVSS5.6AI score0.00296EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/01/27 3:23 p.m.5 views

CVE-2016-15057

UNSUPPORTED WHEN ASSIGNED Improper Neutralization of Special Elements used in a Command 'Command Injection' vulnerability in Apache Continuum. This issue affects Apache Continuum: all versions. Attackers with access to the installations REST API can use this to invoke arbitrary commands on the...

9.9CVSS5.9AI score0.03732EPSS
Exploits0References1
CVE
CVE
added 2026/01/26 10:5 a.m.13 views

CVE-2025-59101

CVE-2025-59101 affects the dormakaba access manager web interface. The authentication model relies on per-request IP verification after a successful login, with no traditional session state stored. This enables an attacker to spoof a logged-in user’s IP to gain access, as there is no persistent s...

7.7CVSS5.9AI score0.00572EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/01/19 6:8 p.m.3 views

CVE-2026-23878

HotCRP is conference review software. Starting in commit aa20ef288828b04550950cf67c831af8a525f508 and prior to commit ceacd5f1476458792c44c6a993670f02c984b4a0, authors with at least one submission on a HotCRP site could use the document API to download any documents PDFs, attachments associated...

6.5CVSS5.3AI score0.00257EPSS
Exploits0References4
CVE
CVE
added 2026/01/14 12:19 p.m.15 views

CVE-2025-13175

CVE-2025-13175 affects Y Soft SafeQ 6; the issue is the Workflow Connector password field being rendered insecurely, allowing an administrator with UI access to reveal the password via browser developer/inspection tools. Affected versions are before MU106. The impact is exposure of the password f...

5.1CVSS6.6AI score0.00286EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/01/14 12:0 a.m.7 views

PT-2026-2852

Y Soft SafeQ 6 renders the Workflow Connector password field in a way that allows an administrator with UI access to reveal the value using browser developer/inspection tools. The affected customers are only those with a password-protected scan workflow connector. This issue affects Y Soft SafeQ ...

5.1CVSS6.9AI score0.00286EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/01/09 12:29 p.m.7 views

CVE-2023-40829

There is an interface unauthorized access vulnerability in the background of Tencent Enterprise Wechat Privatization 2.5.x and 2.6.930000...

7.5CVSS6.9AI score0.00463EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 10:48 a.m.8 views

CVE-2022-31496

LibreHealth EHR Base 2.0.0 allows incorrect interface/super/managesitefiles.php access...

9CVSS6.9AI score0.01879EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/01/09 10:18 a.m.13 views

CVE-2019-18225

An issue was discovered in Citrix Application Delivery Controller ADC and Gateway before 10.5 build 70.8, 11.x before 11.1 build 63.9, 12.0 before build 62.10, 12.1 before build 54.16, and 13.0 before build 41.28. An attacker with management-interface access can bypass authentication to obtain...

9.8CVSS7AI score0.01509EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/12/23 6:29 a.m.6 views

CVE-2025-12049

Missing Authentication for Critical Function vulnerability in Sharp Display Solutions Media Player MP-01 All Verisons allows a attacker may access to the web interface of the affected product without authentication and change settings or perform other operations, and deliver content from the...

9.2CVSS7AI score0.00286EPSS
Exploits0References1
NVD
NVD
added 2025/12/22 5:16 a.m.8 views

CVE-2025-12049

Missing Authentication for Critical Function vulnerability in Sharp Display Solutions Media Player MP-01 All Verisons allows a attacker may access to the web interface of the affected product without authentication and change settings or perform other operations, and deliver content from the...

9.8CVSS0.00286EPSS
Exploits0References1
OSV
OSV
added 2025/12/04 9:16 p.m.5 views

CVE-2025-55948

This vulnerability fundamentally arises from yzcheng90 X-SpringBoot 6.0's implementation of role-based access control RBAC through dual dependency on frontend menu systems and backend permission tables, without enforcing atomic synchronization between these components. The critical flaw manifests...

7.3CVSS5.9AI score0.00249EPSS
Exploits1References2
NVD
NVD
added 2025/12/02 4:15 p.m.7 views

CVE-2025-59704

Entrust nShield Connect XC, nShield 5c, and nShield HSMi through 13.6.11, or 13.7, allow an attacker to gain access the the BIOS menu because is has no password...

7.8CVSS0.00211EPSS
Exploits1References2
Rows per page
Query Builder