Lucene search
+L

148 matches found

Tenable Nessus
Tenable Nessus
added 2025/08/27 12:0 a.m.3 views

Linux Distros Unpatched Vulnerability : CVE-2025-23217

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - mitmproxy is a interactive TLS-capable intercepting HTTP proxy for penetration testers and software developers and mitmweb is a web-based interface for mitmprox...

8.2CVSS6.1AI score0.00817EPSS
Exploits0References3
F5 Networks
F5 Networks
added 2025/08/26 2:33 p.m.12 views

K000153161: Ansible Tower vulnerability CVE-2019-19340

Security Advisory Description A flaw was found in Ansible Tower, versions 3.6.x before 3.6.2 and 3.5.x before 3.5.3, where enabling RabbitMQ manager by setting it with '-e rabbitmqenablemanager=true' exposes the RabbitMQ management interface publicly, as expected. If the default admin user is sti...

8.2CVSS8.1AI score0.01534EPSS
Exploits0
Cvelist
Cvelist
added 2025/08/21 5:28 a.m.30 views

CVE-2025-7221 GiveWP – Donation Plugin and Fundraising Platform <= 4.5.0 - Missing Authorization to Donation Update

The GiveWP – Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the giveupdatepaymentstatus function in all versions up to, and including, 4.5.0. This makes it possible for authenticated attackers,...

4.3CVSS0.00227EPSS
Exploits0References3
CVE
CVE
added 2025/08/14 8:48 a.m.47 views

CVE-2025-5998

The CVE-2025-5998 entry concerns the PPWP – Password Protect Pages WordPress plugin, prior to version 1.9.11. Technical details in the provided documents show that users with subscriber or higher roles can view content via the REST API, effectively bypassing password protection. The vulnerability...

6.5CVSS7AI score0.00311EPSS
Exploits1References1Affected Software1
Tenable Nessus
Tenable Nessus
added 2025/08/10 12:0 a.m.3 views

Linux Distros Unpatched Vulnerability : CVE-2022-49500

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: wl1251: dynamically allocate memory used for DMA With introduction of vmap'ed stacks, stack...

5.5CVSS5AI score0.00209EPSS
Exploits0References2
Zero Day Initiative
Zero Day Initiative
added 2025/07/31 12:0 a.m.5 views

(Pwn2Own) QNAP QHora-322 Improper Restriction of Communication Channel to Intended Endpoints Vulnerability

This vulnerability allows network-adjacent attackers to access the management interface on affected installations of QNAP QHora-322 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the configuration of the management interface. The issue resul...

6.3CVSS7.2AI score
Exploits0References1
OSV
OSV
added 2025/07/11 4:15 p.m.5 views

CVE-2025-6549

An Incorrect Authorization vulnerability in the web server of Juniper Networks Junos OS on SRX Series allows an unauthenticated, network-based attacker to reach the Juniper Web Device Manager J-Web. When Juniper Secure connect JSC is enabled on specific interfaces, or multiple interfaces are...

6.9CVSS5.8AI score0.00208EPSS
Exploits0References1
OSV
OSV
added 2025/07/04 10:15 a.m.6 views

CVE-2025-5920

The Sharable Password Protected Posts before version 1.1.1 allows access to password protected posts by providing a secret key in a GET parameter. However, the key is exposed by the REST API...

7.5CVSS5.8AI score0.0038EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/23 9:17 a.m.5 views

CVE-2024-0910

The Restrict for Elementor plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.0.7 due to improper restrictions on hidden data that make it accessible through the REST API. This makes it possible for unauthenticated attackers to extract...

5.3CVSS5.9AI score0.00452EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 6:5 a.m.7 views

CVE-2023-30467

This vulnerability exists in Milesight 4K/H.265 Series NVR models MS-Nxxxx-xxG, MS-Nxxxx-xxE, MS-Nxxxx-xxT, MS-Nxxxx-xxH and MS-Nxxxx-xxC, due to improper authorization at the Milesight NVR web-based management interface. A remote attacker could exploit this vulnerability by sending a specially...

9.8CVSS6.8AI score0.01078EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/04/18 2:51 a.m.12 views

CVE-2025-3698

Interface exposure vulnerability in the mobile application com.transsion.carlcare may lead to information leakage risk...

7.5CVSS6.9AI score0.00364EPSS
Exploits0References1
OSV
OSV
added 2025/04/16 3:15 a.m.3 views

CVE-2025-3698

Interface exposure vulnerability in the mobile application com.transsion.carlcare may lead to information leakage risk...

7.5CVSS5.8AI score0.00364EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/04/16 2:24 a.m.6 views

CVE-2025-3698

Interface exposure vulnerability in the mobile application com.transsion.carlcare may lead to information leakage risk...

7.5AI score0.00364EPSS
Exploits0References2
CVE
CVE
added 2025/04/16 2:24 a.m.67 views

CVE-2025-3698

CVE-2025-3698 describes an interface exposure vulnerability in the mobile application com.transsion.carlcare (TECNO/Transsion). The available details indicate a potential information leakage risk. The CVSS 3.1 vector (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N) with a base score of 7.5 (HIGH) suggests e...

7.5CVSS6.7AI score0.00364EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2025/04/16 12:0 a.m.4 views

PT-2025-16551

Name of the Vulnerable Software and Affected Versions com.transsion.carlcare affected versions not specified Description The issue is related to an interface exposure vulnerability in the mobile application, which may lead to information leakage risk. Recommendations At the moment, there is no...

7.5CVSS6.4AI score0.00364EPSS
Exploits0References8
Vulnrichment
Vulnrichment
added 2025/02/05 5:36 p.m.1 views

CVE-2024-7595 GRE and GRE6 Protocols (RFC2784) do not validate or verify the source of a network packet

GRE and GRE6 Protocols RFC2784 do not validate or verify the source of a network packet allowing an attacker to spoof and route arbitrary traffic via an exposed network interface that can lead to spoofing, access control bypass, and other unexpected network behaviors. This can be considered simil...

6.6AI score0.01552EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/01/27 12:0 a.m.5 views

imgproxy 代码问题漏洞

imgproxy is imgproxy individual developer's fast and secure standalone server for tweaking and converting remote mirrors. A code issue vulnerability exists in imgproxy that stems from the presence of a server-side request forgery vulnerability against 0.0.0.0...

5.3CVSS6.9AI score0.00844EPSS
Exploits0References2
OSV
OSV
added 2025/01/23 5:15 p.m.4 views

CVE-2024-55925

In Xerox Workplace Suite, an API restricted to specific hosts can be bypassed by manipulating the Host header. If the server improperly validates or trusts the Host header without verifying the actual destination, an attacker can forge a value to gain unauthorized access. This exploit targets...

7.5CVSS5.8AI score0.0035EPSS
Exploits0References1
CNNVD
CNNVD
added 2024/12/17 12:0 a.m.7 views

vivo Wifi Module 安全漏洞

The vivo Wifi Module is a wireless module from the Chinese company Vivo. A security vulnerability exists in vivo Wifi Module, which originates from the wifi module exposing the interface, improperly controlling permissions, and leaking sensitive device information...

6.3CVSS6.7AI score0.00208EPSS
Exploits0References1
BDU FSTEC
BDU FSTEC
added 2024/12/02 12:0 a.m.8 views

The vulnerability of the addRelatedObjects function in the universal monitoring system Zabbix allows attackers to increase their privileges.

The vulnerability of the addRelatedObjects function in the universal monitoring system Zabbix is related to the lack of measures taken to protect the SQL query structure. Exploiting this vulnerability allows a malicious actor to enhance their privileges by sending specially crafted SQL queries...

9.9CVSS8.1AI score0.78831EPSS
Exploits13References7Affected Software2
Rows per page
Query Builder