Lucene search
K

128 matches found

EUVD
EUVD
added 2025/12/09 6:30 p.m.5 views

EUVD-2025-201846

SAP BusinessObjects Business Intelligence Platform lets an unauthenticated remote attacker send crafted requests through the URL parameter that controls the login page error message. This can cause the server to fetch attacker-supplied URLs, resulting in low impact to confidentiality and integrit...

5.4CVSS6.5AI score0.00271EPSS
Exploits0References3
NVD
NVD
added 2025/12/09 4:17 p.m.6 views

CVE-2025-42896

SAP BusinessObjects Business Intelligence Platform lets an unauthenticated remote attacker send crafted requests through the URL parameter that controls the login page error message. This can cause the server to fetch attacker-supplied URLs, resulting in low impact to confidentiality and integrit...

5.4CVSS0.00271EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/12/09 2:15 a.m.35 views

CVE-2025-42896 Server-Side Request Forgery (SSRF) in SAP BusinessObjects Business Intelligence Platform

SAP BusinessObjects Business Intelligence Platform lets an unauthenticated remote attacker send crafted requests through the URL parameter that controls the login page error message. This can cause the server to fetch attacker-supplied URLs, resulting in low impact to confidentiality and integrit...

5.4CVSS0.00271EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/11/27 1:54 p.m.6 views

CVE-2025-56423

An issue in Austrian Academy of Sciences AW Austrian Archaeological Institute OpenAtlas v.8.12.0 allows a remote attacker to obtain sensitive information via the login error messages...

5.3CVSS6.7AI score0.00278EPSS
Exploits0References1
EUVD
EUVD
added 2025/11/24 6:31 p.m.7 views

EUVD-2025-198803

An issue in Austrian Academy of Sciences AW Austrian Archaeological Institute OpenAtlas v.8.12.0 allows a remote attacker to obtain sensitive information via the login error messages...

5.3CVSS6.2AI score0.00278EPSS
Exploits0References3
Cvelist
Cvelist
added 2025/11/24 12:0 a.m.9 views

CVE-2025-56423

An issue in Austrian Academy of Sciences AW Austrian Archaeological Institute OpenAtlas v.8.12.0 allows a remote attacker to obtain sensitive information via the login error messages...

0.00278EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/11/24 12:0 a.m.5 views

Austrian Academy of Sciences OpenAtlas 安全漏洞

Austrian Academy of Sciences OpenAtlas is a database application dealing with archaeology and history organized by the Austrian Academy of Sciences in Austria. A security vulnerability exists in Austrian Academy of Sciences OpenAtlas version 8.12.0 that stems from a login error message that could...

5.3CVSS6.3AI score0.00278EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2025/11/24 12:0 a.m.2 views

CVE-2025-56423

An issue in Austrian Academy of Sciences AW Austrian Archaeological Institute OpenAtlas v.8.12.0 allows a remote attacker to obtain sensitive information via the login error messages...

6.3AI score0.00278EPSS
Exploits0References2
OSV
OSV
added 2025/11/24 12:0 a.m.3 views

CVE-2025-56423

An issue in Austrian Academy of Sciences AW Austrian Archaeological Institute OpenAtlas v.8.12.0 allows a remote attacker to obtain sensitive information via the login error messages...

5.3CVSS6.6AI score0.00278EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2025/11/19 2:10 p.m.7 views

CVE-2025-59113

Windu CMS implements weak client-side brute-force protection by using parameter loginError. Information about attempt count or timeout is not stored on the server, which allows a malicious attacker to bypass this brute-force protection by resetting this parameter. Only version 4.1 was tested and...

7.5CVSS6.6AI score0.00249EPSS
Exploits0References1
OSV
OSV
added 2025/11/18 3:16 p.m.9 views

CVE-2025-59113

Windu CMS implements weak client-side brute-force protection by using parameter loginError. Information about attempt count or timeout is not stored on the server, which allows a malicious attacker to bypass this brute-force protection by resetting this parameter. Only version 4.1 was tested and...

7.5CVSS5.8AI score0.00249EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/10/22 12:0 a.m.4 views

PT-2025-43031

Name of the Vulnerable Software and Affected Versions langgenius/dify-web version 1.6.0 Description The authentication process in the software reveals whether user accounts exist by providing different error messages depending on whether a username or email is registered. Attempting to log in or...

5.3CVSS6.9AI score0.00722EPSS
Exploits1References4
CNVD
CNVD
added 2025/10/13 12:0 a.m.5 views

AndSoft e-TMS Operating System Command Injection Vulnerability

AndSoft e-TMS is a logistics management software from AndSoft Spain. AndSoft e-TMS suffers from an operating system command injection vulnerability, which is due to program misuse of parameter m in file /CLT/LOGINERRORFRM.ASP, and can be exploited by an attacker to execute operating system comman...

9.8CVSS8AI score0.01298EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/10/07 9:21 p.m.7 views

CVE-2025-61583

TS3 Manager is modern web interface for maintaining Teamspeak3 servers. A reflected cross-site scripting vulnerability has been identified in versions 2.2.1 and earlier. The vulnerability exists in the error handling mechanism of the login page, where malicious scripts embedded in server hostname...

4.3CVSS6.1AI score0.00236EPSS
Exploits1References1
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2002-0232

Malware in sbrugna...

7.5CVSS6.4AI score0.01316EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2009-1798

Malware in sbrugna...

5CVSS6.4AI score0.01218EPSS
Exploits0References5
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2007-3480

Malware in sbrugna...

4.3CVSS6.4AI score0.01263EPSS
Exploits0References8
EUVD
EUVD
added 2025/10/07 12:30 a.m.3 views

EUVD-2018-9679

Malware in sbrugna...

5.3CVSS5.5AI score0.00601EPSS
Exploits0References3
NVD
NVD
added 2025/10/06 7:15 a.m.5 views

CVE-2025-58586

For failed login attempts, the application returns different error messages depending on whether the login failed due to an incorrect password or a non-existing username. This allows an attacker to guess usernames until they find an existing one...

5.3CVSS0.0034EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2025/10/06 7:2 a.m.5 views

CVE-2025-58586

For failed login attempts, the application returns different error messages depending on whether the login failed due to an incorrect password or a non-existing username. This allows an attacker to guess usernames until they find an existing one...

5.3CVSS5.8AI score0.0034EPSS
Exploits0References7
Rows per page
Query Builder