Lucene search
K

72 matches found

RedhatCVE
RedhatCVE
added 2025/09/26 3:55 p.m.5 views

CVE-2025-10952

A security flaw has been discovered in geyang ml-logger up to acf255bade5be6ad88d90735c8367b28cbe3a743. Affected by this issue is the function streamhandler of the file mllogger/server.py of the component File Handler. Performing manipulation of the argument key results in information disclosure...

6.9CVSS6.6AI score0.0034EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/09/25 3:32 p.m.8 views

CVE-2025-10952 geyang ml-logger File server.py stream_handler information disclosure

A security flaw has been discovered in geyang ml-logger up to acf255bade5be6ad88d90735c8367b28cbe3a743. Affected by this issue is the function streamhandler of the file mllogger/server.py of the component File Handler. Performing manipulation of the argument key results in information disclosure...

6.9CVSS0.0034EPSS
Exploits0References4
OSV
OSV
added 2025/08/29 2:15 a.m.6 views

CVE-2025-9604

A vulnerability was identified in coze-studio up to 0.2.4. The impacted element is an unknown function of the file backend/domain/plugin/encrypt/aes.go. The manipulation of the argument AuthSecretKey/StateSecretKey/OAuthTokenSecretKey leads to use of hard-coded cryptographic key . It is possible ...

6.3CVSS5.4AI score0.00223EPSS
Exploits0References6
CVE
CVE
added 2025/08/27 5:32 a.m.15 views

CVE-2025-9513

The CVE-2025-9513 issue affects editso fuso up to version 1.0.4-beta.7. The vulnerable component is PenetrateRsaAndAesHandshake in src/net/penetrate/handshake/mod.rs, where manipulating the priv_key argument leads to inadequate encryption strength. This enables remote exploitation, though exploit...

6.3CVSS4.2AI score0.00141EPSS
Exploits0References4
Cvelist
Cvelist
added 2025/08/27 5:32 a.m.6 views

CVE-2025-9513 editso fuso mod.rs PenetrateRsaAndAesHandshake inadequate encryption

A flaw has been found in editso fuso up to 1.0.4-beta.7. This affects the function PenetrateRsaAndAesHandshake of the file src/net/penetrate/handshake/mod.rs. This manipulation of the argument privkey causes inadequate encryption strength. Remote exploitation of the attack is possible. A high...

6.3CVSS0.00141EPSS
Exploits0References4
NVD
NVD
added 2025/08/13 4:15 p.m.6 views

CVE-2025-50613

A buffer overflow vulnerability has been discovered in Netis WF2880 v2.1.40207 in the FUN00475e1c function of the cgitest.cgi file. Attackers can trigger this vulnerability by controlling the value of wdskeywep in the payload, which can cause the program to crash and potentially lead to a Denial ...

7.5CVSS0.0037EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/23 12:46 a.m.6 views

CVE-2022-4768

A vulnerability was found in Dropbox merou. It has been classified as critical. Affected is the function addpublickey of the file grouper/publickey.py of the component SSH Public Key Handler. The manipulation of the argument publickeystr leads to injection. It is possible to launch the attack...

9.8CVSS7.6AI score0.00666EPSS
Exploits0
Cvelist
Cvelist
added 2024/10/26 7:36 a.m.35 views

CVE-2024-10092 Download Monitor <= 5.0.12 - Missing Authorization to API Key Manipulation

The Download Monitor plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ajaxhandleapikeyactions function in all versions up to, and including, 5.0.12. This makes it possible for authenticated attackers, with Subscriber-level access and...

4.3CVSS0.0044EPSS
Exploits0References3
Patchstack
Patchstack
added 2024/10/25 10:23 p.m.4 views

WordPress Download Monitor plugin <= 5.0.12 - Missing Authorization to API Key Manipulation vulnerability

Missing Authorization to API Key Manipulation vulnerability discovered by Trương Hữu Phúc truonghuuphuc in WordPress Plugin Download Monitor versions = 5.0.12...

4.3CVSS7AI score0.0044EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2024/06/20 1:0 p.m.55 views

CVE-2024-6187

CVE-2024-6187 affects Ruijie RG-UAC 1.0. The vulnerability resides in the file /view/vpn/autovpn/sub_commit.php where manipulation of the key parameter enables remote OS command injection . Exploitation is possible without user interaction and has been disclosed publicly. Several sources refer to...

9.8CVSS6.9AI score0.07638EPSS
Exploits1References4Affected Software1
Cvelist
Cvelist
added 2024/03/24 7:4 p.m.27 views

CVE-2024-29194 OneUptime Vulnerable to a Privilege Escalation via Local Storage Key Manipulation

OneUptime is a solution for monitoring and managing online services. The vulnerability lies in the improper validation of client-side stored data within the web application. Specifically, the ismasteradmin key, stored in the local storage of the browser, can be manipulated by an attacker. By...

8.3CVSS8.3AI score0.00702EPSS
Exploits1References2
OSV
OSV
added 2024/01/25 10:15 p.m.6 views

CVE-2024-0886

A vulnerability classified as problematic was found in Poikosoft EZ CD Audio Converter 8.0.7. Affected by this vulnerability is an unknown functionality of the component Activation Handler. The manipulation of the argument Key leads to denial of service. Local access is required to approach this...

5.5CVSS4.7AI score
Exploits0References3
Positive Technologies
Positive Technologies
added 2024/01/25 12:0 a.m.4 views

PT-2024-15891 · Poikosoft · Poikosoft Ez Cd Audio Converter

Name of the Vulnerable Software and Affected Versions: Poikosoft EZ CD Audio Converter version 8.0.7 Description: A problematic vulnerability was found in the Activation Handler component. The manipulation of the Key argument leads to denial of service. Local access is required to approach this...

5.5CVSS6.9AI score0.00379EPSS
Exploits1References6
OSV
OSV
added 2024/01/22 12:15 a.m.4 views

CVE-2024-0772

A vulnerability was found in Nsasoft ShareAlarmPro 2.1.4 and classified as problematic. Affected by this issue is some unknown functionality of the component Registration Handler. The manipulation of the argument Name/Key leads to memory corruption. Local access is required to approach this attac...

5.5CVSS4.7AI score0.00364EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2024/01/21 12:0 a.m.5 views

PT-2024-15808 · Nsasoft · Nsasoft Sharealarmpro

Name of the Vulnerable Software and Affected Versions: Nsasoft ShareAlarmPro version 2.1.4 Description: A vulnerability was found in the Registration Handler component of Nsasoft ShareAlarmPro. The manipulation of the Name/Key argument leads to memory corruption. Local access is required to...

5.5CVSS5.5AI score0.00364EPSS
Exploits1References10
WPVulnDB
WPVulnDB
added 2023/11/23 12:0 a.m.14 views

Automatic YouTube Gallery < 2.3.5 - Missing Authorization via AJAX actions

Description The Automatic YouTube Gallery plugin for WordPress is vulnerable to unauthorized plugin settings change due to a missing capability check on the ajaxcallbacksaveapikey and ajaxcallbackdeletecache functions in versions up to, and including, 2.3.3. This makes it possible for authenticat...

6.7AI score0.00537EPSS
Exploits0References1Affected Software1
Redos
Redos
added 2023/11/10 12:0 a.m.28 views

ROS-20231110-02

The vulnerability of the functions EVPEncryptInitex2, EVPDecryptInitex2, EVPCipherInitex2 of the OpenSSL cryptographic library is related to manipulation of the keylen/ivelens argument. OpenSSL library is related to manipulation of the keylen/ivelens argument. Exploitation of the vulnerability...

7.5CVSS9.1AI score0.03332EPSS
Exploits0
NVD
NVD
added 2023/02/26 8:15 a.m.20 views

CVE-2019-25105

A vulnerability, which was classified as problematic, was found in dro.pm. This affects an unknown part of the file web/fileman.php. The manipulation of the argument secret/key leads to cross site scripting. It is possible to initiate the attack remotely. This product does not use versioning. Thi...

6.1CVSS4.4AI score0.00483EPSS
Exploits0References3
NVD
NVD
added 2022/05/03 4:15 p.m.25 views

CVE-2022-1434

The OpenSSL 3.0 implementation of the RC4-MD5 ciphersuite incorrectly uses the AAD data as the MAC key. This makes the MAC key trivially predictable. An attacker could exploit this issue by performing a man-in-the-middle attack to modify data being sent from one endpoint to an OpenSSL 3.0 recipie...

5.9CVSS0.01026EPSS
Exploits0References4
Veracode
Veracode
added 2021/02/23 2:41 a.m.21 views

Insecure Access Control

shinobi uses insecure access controls. An attacker is able to access the User/Admin/Super API functions through the use of JS Proto Method names held in an internal JS Object and trick the System into accepting supplied API Key that exists in the underlying JS object...

9.8CVSS1.8AI score0.01603EPSS
Exploits0References4Affected Software1
Rows per page
Query Builder