Lucene search
K

11 matches found

EUVD
EUVD
added 2026/03/30 3:32 p.m.2 views

EUVD-2026-17084

A vulnerability of authorization bypass through user-controlled key in the 'console-survey/api/v1/answer/EVENTID/TIMESTAMP/' endpoint. Exploiting this vulnerability would allow an unauthenticated attacker to enumerate event IDs and obtain the complete Q&A history. This publicly exposed data may...

8.7CVSS5.8AI score0.00287EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/03/30 1:17 p.m.2 views

CVE-2026-3321

A vulnerability of authorization bypass through user-controlled key in the 'console-survey/api/v1/answer/EVENTID/TIMESTAMP/' endpoint. Exploiting this vulnerability would allow an unauthenticated attacker to enumerate event IDs and obtain the complete Q&A history. This publicly exposed data may...

8.7CVSS5.8AI score0.00287EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/03/18 10:23 p.m.3 views

CVE-2026-32737 Romeo's invalid NetworkPolicy enables a malicious actor to pivot into another namespace

Romeo gives the capability to reach high code coverage of Go ≥1.20 apps by helping to measure code coverage for functional and integration tests within GitHub Actions. Prior to version 0.2.1, due to a mis-written NetworkPolicy, a malicious actor can pivot from the "hardened" namespace to any Pod...

7.9CVSS6AI score0.00386EPSS
Exploits0References2
NVD
NVD
added 2025/11/25 7:15 p.m.7 views

CVE-2025-34350

UnForm Server versions 10.1.15 contain an unauthenticated arbitrary file read and SMB coercion vulnerability in the Doc Flow feature’s 'arc' endpoint. The Doc Flow module uses the 'arc' handler to retrieve and render pages or resources specified by the user-supplied 'pp' parameter, but it does so...

8.7CVSS0.00872EPSS
Exploits0References2
CVE
CVE
added 2025/10/09 9:10 p.m.21 views

CVE-2016-15047

CVE-2016-15047 (AVTECH CloudSetup.cgi): Authenticated OS command injection via the exefile parameter in CloudSetup.cgi. The parameter is passed to system command execution without proper validation/whitelisting, enabling an authenticated attacker to run arbitrary commands as root and potentially ...

8.7CVSS7.4AI score0.03946EPSS
Exploits0References6
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2025-30258

Malicious code in bioql PyPI...

8.8CVSS6.6AI score0.00918EPSS
Exploits1References5
Cvelist
Cvelist
added 2025/09/19 6:50 p.m.11 views

CVE-2025-34202 Vasion Print (formerly PrinterLogic) Insecure Access to Docker Instances WAN

Vasion Print formerly PrinterLogic Virtual Appliance Host prior to 25.2.169 and Application prior to 25.2.1518 VA and SaaS deployments expose Docker internal networks in a way that allows an attacker on the same external L2 segment — or an attacker able to add routes using the appliance as a...

8.7CVSS0.00918EPSS
Exploits1References4
Vulnrichment
Vulnrichment
added 2025/09/19 6:47 p.m.4 views

CVE-2025-34201 Vasion Print (formerly PrinterLogic) Lack of Network Segmentation Between Docker Instances

Vasion Print formerly PrinterLogic Virtual Appliance Host and Application VA and SaaS deployments run many Docker containers on shared internal networks without firewalling or segmentation between instances. A compromise of any single container allows direct access to internal services HTTP, Redi...

8.5CVSS6.5AI score0.00271EPSS
Exploits1References4
The Hacker News
The Hacker News
added 2025/04/22 7:38 a.m.32 views

Microsoft Secures MSA Signing with Azure Confidential VMs Following Storm-0558 Breach

Microsoft on Monday announced that it has moved the Microsoft Account MSA signing service to Azure confidential virtual machines VMs and that it's also in the process of migrating the Entra ID signing service as well. The disclosure comes about seven months after the tech giant said it completed...

7.5AI score
Exploits0
Gitee
Gitee
added 2019/12/02 9:28 a.m.6 views

Exploit for Improper Input Validation in Microsoft

CVE-2019-0708 批量检测 0x01 前言 CVE-2019-0708 Windows RDP 远程命令执行漏洞 Windows系列服务器于2019年5月15号,被爆出高危漏洞,该漏洞影响范围较广,windows2003、windows2008、windows2008 R2、windows xp 系统都会遭到攻击,该服务器漏洞利用方式是通过远程桌面端口3389,RDP协议进行攻击的...

10CVSS7.1AI score0.99999EPSS
Exploits123
Positive Technologies
Positive Technologies
added 2016/10/11 12:0 a.m.5 views

PT-2025-41460

Name of the Vulnerable Software and Affected Versions AVTECH devices affected versions not specified Description AVTECH devices that include the CloudSetup.cgi management endpoint are susceptible to authenticated OS command injection. The exefile parameter within the ''CloudSetup.cgi'' endpoint i...

9CVSS6.2AI score0.03946EPSS
Exploits0References11
Rows per page
Query Builder