Lucene search
K

67 matches found

Positive Technologies
Positive Technologies
added 2025/12/17 12:0 a.m.5 views

PT-2025-51980

Name of the Vulnerable Software and Affected Versions Zerobyte versions prior to 0.18.5 Zerobyte versions prior to 0.19.0 Description Zerobyte, a backup automation tool, has an issue where authentication middleware is not correctly applied to certain API endpoints. This allows access to these...

9.1CVSS6.9AI score0.00363EPSS
Exploits0References11
Positive Technologies
Positive Technologies
added 2025/12/04 12:0 a.m.10 views

PT-2025-49149

Name of the Vulnerable Software and Affected Versions Anthropic Sandbox Runtime versions prior to 0.0.16 Description Anthropic Sandbox Runtime is a sandboxing tool designed to enforce filesystem and network restrictions on processes. Prior to version 0.0.16, a flaw in the sandboxing logic allowed...

1.8CVSS6.9AI score0.00142EPSS
Exploits0References5
NVD
NVD
added 2025/06/06 8:15 a.m.12 views

CVE-2025-3321

A predefined administrative account is not documented and cannot be deactivated. This account cannot be misused from the network, only by local users on the server...

9.4CVSS0.00151EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/04/23 9:59 a.m.4 views

CVE-2024-10306 Mod_proxy_cluster: mod_proxy_cluster unauthorized mcmp requests

A vulnerability was found in modproxycluster. The issue is that the directive should be replaced by the directive as the former does not restrict IP/host access as Require ip IPADDRESS would suggest. This means that anyone with access to the host might send MCMP requests that may result in...

5.4CVSS6.9AI score0.0026EPSS
Exploits0References8
Vulnrichment
Vulnrichment
added 2025/03/20 4:52 p.m.8 views

CVE-2024-7598 Network restriction bypass via race condition during namespace termination

A security issue was discovered in Kubernetes where a malicious or compromised pod could bypass network restrictions enforced by network policies during namespace deletion. The order in which objects are deleted during namespace termination is not defined, and it is possible for network policies ...

3.1CVSS4AI score0.00301EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/03/20 4:52 p.m.17 views

CVE-2024-7598 Network restriction bypass via race condition during namespace termination

A security issue was discovered in Kubernetes where a malicious or compromised pod could bypass network restrictions enforced by network policies during namespace deletion. The order in which objects are deleted during namespace termination is not defined, and it is possible for network policies ...

3.1CVSS0.00301EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2024/12/25 12:0 a.m.5 views

PT-2024-10246 · Oracle +2 · Mysql Server +1

Name of the Vulnerable Software and Affected Versions: MySQL Server versions 8.0.36 and prior MySQL Server version 8.4.0 Description: The issue is related to the Server: Optimizer component of Oracle MySQL Server and is caused by inadequate authorization procedure due to incorrect input validatio...

7.5CVSS5AI score0.01236EPSS
Exploits0References67
Positive Technologies
Positive Technologies
added 2024/09/06 12:0 a.m.4 views

PT-2024-13925

Name of the Vulnerable Software and Affected Versions Video Station versions prior to 5.8.1 Description A SQL injection vulnerability has been reported to affect Video Station. If exploited, the vulnerability could allow authenticated users to inject malicious code via a network. Recommendations...

8.8CVSS5.6AI score0.00432EPSS
Exploits0References9
RedHat Linux
RedHat Linux
added 2024/08/26 8:12 a.m.5 views

nodejs: Bypass network import restriction via data URL

A flaw was found in the Node.js package. By embedding non-network imports in data URLs, this flaw allows an attacker to execute arbitrary code, compromising system security...

6.5CVSS7.5AI score0.01104EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2024/07/16 12:0 a.m.5 views

PT-2024-4998 · Oracle +4 · Mysql Server +3

Name of the Vulnerable Software and Affected Versions: MySQL Server versions 8.0.37 and prior MySQL Server versions 8.4.0 and prior Description: The issue is related to insufficient input validation in the Server: FTS component of the MySQL Server product. It allows a high-privileged attacker wit...

6.8CVSS5.6AI score0.01107EPSS
Exploits0References122
Positive Technologies
Positive Technologies
added 2024/04/16 12:0 a.m.8 views

PT-2024-3195 · Oracle +4 · Mysql Server +3

Name of the Vulnerable Software and Affected Versions: Oracle MySQL Server versions 8.0.36 and prior Oracle MySQL Server versions 8.3.0 and prior Description: The issue is related to a vulnerability in the MySQL Server product, specifically in the Server: Information Schema component. This...

6.5CVSS5.5AI score0.01107EPSS
Exploits0References124
Positive Technologies
Positive Technologies
added 2024/04/03 12:0 a.m.5 views

PT-2024-14372 · D Link · D-Link Covr 1100 +2

Name of the Vulnerable Software and Affected Versions: D-Link COVR 1100, 1102, 1103 AC1200 Dual-Band Whole-Home Mesh Wi-Fi System Hardware Rev B1 Description: The issue truncates Wireless Access Point Passwords WPA-PSK, allowing an attacker to gain unauthorized network access via weak...

8.1CVSS7.4AI score0.00301EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2024/02/07 12:0 a.m.8 views

PT-2024-12316 · Ibm · Ibm Security Verify Access

Name of the Vulnerable Software and Affected Versions: IBM Security Verify Access versions 10.0.0.0 through 10.0.6.1 Description: The issue allows an attacker on the network to take control of the server due to insecure calls. Recommendations: For versions 10.0.0.0 through 10.0.6.1, consider...

9.8CVSS9.6AI score0.0086EPSS
Exploits1References7
Positive Technologies
Positive Technologies
added 2024/01/16 12:0 a.m.6 views

PT-2024-1336 · Oracle · Oracle Agile Product Lifecycle Management For Process

Name of the Vulnerable Software and Affected Versions: Oracle Agile Product Lifecycle Management for Process versions prior to 6.2.4.2 Description: The issue is related to insufficient input validation in the Installation component of the Oracle Agile Product Lifecycle Management for Process...

7.5CVSS7.5AI score0.00439EPSS
Exploits0References10
Positive Technologies
Positive Technologies
added 2023/09/19 12:0 a.m.5 views

PT-2023-26382 · Minitool · Minitool Movie Maker

Name of the Vulnerable Software and Affected Versions: MiniTool Movie Maker versions 6.1.0 through 7.0 Description: The issue is related to an insecure installation process in MiniTool Movie Maker, which allows attackers to achieve remote code execution through a man-in-the-middle attack...

8.1CVSS8.2AI score0.0063EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2023/05/18 12:0 a.m.20 views

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : cups-filters (SUSE-SU-2023:2233-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2023:2233-1 advisory. - CVE-2023-24805: Fixed a remote code execution in the beh backend bsc1211340. Tenable has extracted the...

8.8CVSS7.8AI score0.03697EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2023/04/18 12:0 a.m.6 views

PT-2023-2642 · Oracle · Oracle Database Server

Name of the Vulnerable Software and Affected Versions: Oracle Database Server versions 19c through 21c Description: The issue exists due to insufficient input validation in the Oracle Database Recovery Manager component of Oracle Database Server. This can be exploited by a remote attacker to caus...

6.8CVSS6.4AI score0.00668EPSS
Exploits0References6
IBM Security Bulletins
IBM Security Bulletins
added 2023/03/29 1:48 a.m.35 views

Security bulletin: Authentication bypass vulnerability in IBM SAN Volume Controller and Storwize Family (CVE-2012-6354)

Problem Security bulletin: Authentication bypass vulnerability in IBM SAN Volume Controller and Storwize Family CVE-2012-6354 Resolving The Problem Security Bulletin --- Summary --- Administrative access to the system via the GUI may be obtained without supplying proper credentials. Vulnerability...

7.5CVSS6.4AI score0.02044EPSS
Exploits0
IBM Security Bulletins
IBM Security Bulletins
added 2023/02/18 1:45 a.m.38 views

Security Bulletin: The IBM FlashSystem 840 product is affected by a vulnerability in OpenSSL (CVE-2014-0224 = SSL/TLS MITM vulnerability)

Summary Security vulnerability has been discovered in OpenSSL Vulnerability Details CVE-ID: CVE-2014-0224 DESCRIPTION: FlashSystem 840 uses OpenSSL to protect connection from external management applications which use SMI-S to its CIM client. Affected versions of OpenSSL do not properly restrict...

7.4CVSS7.4AI score0.95326EPSS
Exploits9Affected Software1
Tenable Nessus
Tenable Nessus
added 2023/02/17 12:0 a.m.27 views

WAGO Series 750-88x and 750-87x Use of Hard-Coded Credentials (CVE-2019-10712)

The Web-GUI on WAGO Series 750-88x 750-330, 750-352, 750-829, 750-831, 750-852, 750-880, 750-881, 750-882, 750-884, 750-885, 750-889 and Series 750-87x 750-830, 750-849, 750-871, 750-872, 750-873 devices has undocumented service access. This plugin only works with Tenable.ot. Please visit...

9.8CVSS8.4AI score0.02763EPSS
Exploits0References11
Rows per page
Query Builder