Lucene search
K

129 matches found

OSV
OSV
added 2025/06/13 9:30 a.m.4 views

GHSA-4J59-VV55-Q6H3 Salt's salt.auth.pki module does not properly authenticate callers

The salt.auth.pki module does not properly authenticate callers. The "password" field contains a public certificate which is validated against a CA certificate by the module. This is not pki authentication, as the caller does not need access to the corresponding private key for the authentication...

6.4CVSS7.3AI score0.00132EPSS
Exploits0References6
Vulnrichment
Vulnrichment
added 2025/06/13 6:55 a.m.4 views

CVE-2025-22237 CVE-2025-22237 salt advisory

An attacker with access to a minion key can exploit the 'on demand' pillar functionality with a specially crafted git url which could cause and arbitrary command to be run on the master with the same privileges as the master process...

6.7CVSS7.3AI score0.00157EPSS
Exploits0References2
OSV
OSV
added 2025/06/10 11:15 p.m.5 views

CVE-2025-47849

A privilege escalation vulnerability exists in Apache CloudStack versions 4.10.0.0 through 4.20.0.0 where a malicious Domain Admin user in the ROOT domain can get the API key and secret key of user-accounts of Admin role type in the same domain. This operation is not appropriately restricted and...

8.8CVSS6.7AI score
Exploits0References3
Vulnrichment
Vulnrichment
added 2025/06/10 11:7 p.m.3 views

CVE-2025-47849 Apache CloudStack: Insecure access of user's API/Secret Keys in the same domain

A privilege escalation vulnerability exists in Apache CloudStack versions 4.10.0.0 through 4.20.0.0 where a malicious Domain Admin user in the ROOT domain can get the API key and secret key of user-accounts of Admin role type in the same domain. This operation is not appropriately restricted and...

7.5AI score0.00499EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/05/23 8:4 a.m.11 views

CVE-2024-51493

OctoPrint provides a web interface for controlling consumer 3D printers. OctoPrint versions up until and including 1.10.2 contain a vulnerability that allows an attacker that has gained temporary control over an authenticated victim's OctoPrint browser session to retrieve/recreate/delete the user...

6.5CVSS6.3AI score0.00282EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/23 6:16 a.m.13 views

CVE-2024-10092

The Download Monitor plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ajaxhandleapikeyactions function in all versions up to, and including, 5.0.12. This makes it possible for authenticated attackers, with Subscriber-level access and...

4.3CVSS6.5AI score0.0044EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 4:19 p.m.9 views

CVE-2020-13963

SOPlanning before 1.47 has Incorrect Access Control because certain secret key information, and the related authentication algorithm, is public. The key for admin is hardcoded in the installation code, and there is no key for publicsp which is a guest account...

9.8CVSS7.2AI score0.01812EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/03/30 3:29 a.m.19 views

CVE-2025-2894

The Go1 also known as "The World's First Intelligence Bionic Quadruped Robot Companion of Consumer Level," contains an undocumented backdoor that can enable the manufacturer, and anyone in possession of the correct API key, complete remote control over the affected robotic device using the...

6.6CVSS7.4AI score0.00763EPSS
Exploits2References7
NVD
NVD
added 2025/03/28 3:15 a.m.18 views

CVE-2025-2894

The Go1 also known as "The World's First Intelligence Bionic Quadruped Robot Companion of Consumer Level," contains an undocumented backdoor that can enable the manufacturer, and anyone in possession of the correct API key, complete remote control over the affected robotic device using the...

6.6CVSS0.00763EPSS
Exploits2References5
OSV
OSV
added 2025/03/24 7:7 p.m.8 views

GHSA-46MP-8W32-6G94 Kyverno ignores subjectRegExp and IssuerRegExp

Summary Kyverno ignores subjectRegExp and IssuerRegExp while verifying artifact's sign with keyless mode. It allows the attacker to deploy kubernetes resources with the artifacts that were signed by unexpected certificate. Details Kyverno checks only subject and issuer fields when verifying an...

5.8CVSS7.4AI score0.00317EPSS
Exploits1References7
OSV
OSV
added 2025/02/21 1:37 p.m.2 views

OESA-2025-1170 etcd security update

%expand: Security Fixes: Authentication vulnerability found in Etcd-io v.3.4.10 allows remote attackers to escalate privileges via the debug function.CVE-2021-28235 Parsing malicious or large YAML documents can consume excessive amounts of CPU or memory.CVE-2022-3064 Etcd v3.5.4 allows remote...

9.8CVSS7AI score0.04561EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2025/02/11 12:0 a.m.8 views

PT-2025-6202 · Siemens · Simatic Ipc Diagmonitor +1

Name of the Vulnerable Software and Affected Versions: SIMATIC IPC DiagBase All versions SIMATIC IPC DiagMonitor All versions Description: A vulnerability has been identified where the affected devices do not properly restrict user permissions for the registry key. This could allow an authenticat...

7.3CVSS7.5AI score0.0014EPSS
Exploits0References6
CVE
CVE
added 2025/02/04 7:19 a.m.78 views

CVE-2025-20886

CVE-2025-20886 concerns Samsung Mobile devices where the issue resides in the softsim trustlet due to sensitive information being included in test code prior to the SMR January 2025 Release 1. The documented impact is that local privileged attackers can obtain the test key. Public technical detai...

4.4CVSS4.2AI score0.0013EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2024/11/05 12:0 a.m.8 views

PT-2024-34657 · Octoprint · Octoprint

Name of the Vulnerable Software and Affected Versions: OctoPrint versions up to and including 1.10.2 Description: OctoPrint provides a web interface for controlling consumer 3D printers. The issue allows an attacker that has gained temporary control over an authenticated victim's OctoPrint browse...

6.5CVSS6.5AI score0.00282EPSS
Exploits0References11
OSV
OSV
added 2024/07/09 12:15 p.m.3 views

CVE-2024-39865

A vulnerability has been identified in SINEMA Remote Connect Server All versions V3.2 SP1. The affected application allows users to upload encrypted backup files. As part of this backup, files can be restored without correctly checking the path of the restored file. This could allow an attacker...

8.8CVSS7.2AI score0.00447EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2024/07/01 12:0 a.m.5 views

PT-2024-4827 · Jetbrains · Teamcity

Name of the Vulnerable Software and Affected Versions: JetBrains TeamCity versions prior to 2024.03.3 Description: The issue is related to insufficient protection of registration data in the continuous integration and delivery CI/CD system, allowing a remote attacker to gain unauthorized access t...

5.3CVSS7.4AI score0.0028EPSS
Exploits0References6
OSV
OSV
added 2024/06/14 4:15 a.m.6 views

UBUNTU-CVE-2024-5469

DoS in KAS in GitLab CE/EE affecting all versions from 16.10.0 prior to 16.10.6 and 16.11.0 prior to 16.11.3 allows an attacker to crash KAS via crafted gRPC requests...

4.3CVSS5.8AI score0.00426EPSS
Exploits0References2
NVD
NVD
added 2024/05/16 7:15 a.m.23 views

CVE-2024-4844

Hardcoded credentials vulnerability in Trellix ePolicy Orchestrator ePO on Premise prior to 5.10 Service Pack 1 Update 2 allows an attacker with admin privileges on the ePO server to read the contents of the orion.keystore file, allowing them to access the ePO database encryption key. This was...

7.5CVSS7.5AI score0.00234EPSS
Exploits0References1
CNNVD
CNNVD
added 2024/05/02 12:0 a.m.4 views

DELL ECS Connection Manager 安全漏洞

DELL ECS Connection Manager is a software from Dell USA for managing enterprise cloud storage. A security vulnerability exists in DELL ECS Connection Manager that originates from allowing an unauthenticated attacker to access computers on the same network in an HA or cluster group via an IP...

7.5CVSS6.5AI score0.00379EPSS
Exploits0References3
OSV
OSV
added 2024/04/19 4:15 a.m.4 views

CVE-2024-29957

When Brocade SANnav before v2.3.1 and v2.3.0a servers are configured in Disaster Recovery mode, the encryption key is stored in the DR log files. This could provide attackers with an additional, less-protected path to acquiring the encryption key...

7.5CVSS5.8AI score0.00301EPSS
Exploits0References1
Rows per page
Query Builder