Lucene search
+L

1191 matches found

RedhatCVE
RedhatCVE
added 2026/01/09 10:27 a.m.14 views

CVE-2008-7311

The session cookie store implementation in Spree 0.2.0 uses a hardcoded config.actioncontrollersession hash value aka secret key, which makes it easier for remote attackers to bypass cryptographic protection mechanisms by leveraging an application that contains this value within the...

5CVSS6.9AI score0.01244EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 10:13 a.m.20 views

CVE-2019-2183

In generateServicesMap of RegisteredServicesCache.java, there is a possible account protection bypass due to a caching optimization. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product:...

5.5CVSS6.9AI score0.00158EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 9:35 a.m.11 views

CVE-2024-34524

In XLANG OpenAgents through fe73ac4, the allowedfile protection mechanism can be bypassed by using an incorrect file extension for the nature of the file content...

9.1CVSS7AI score0.00505EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/03 3:54 p.m.16 views

CVE-2025-11837

An improper control of generation of code vulnerability has been reported to affect Malware Remover. The remote attackers can then exploit the vulnerability to bypass protection mechanism. We have already fixed the vulnerability in the following version: Malware Remover 6.6.8.20251023 and later...

9.3CVSS7.1AI score0.01437EPSS
Exploits0References1
NVD
NVD
added 2026/01/02 2:15 a.m.6 views

CVE-2025-15422

A flaw has been found in EmpireSoft EmpireCMS up to 8.0. This issue affects the function egetip of the file e/class/connect.php of the component IP Address Handler. This manipulation causes protection mechanism failure. The attack may be initiated remotely. The exploit has been published and may ...

7.5CVSS0.01066EPSS
Exploits1References5
RedhatCVE
RedhatCVE
added 2025/12/31 9:12 a.m.5 views

CVE-2025-15102

DVP-12SE11T - Password Protection Bypass...

9.8CVSS7AI score0.00273EPSS
Exploits0References1
NVD
NVD
added 2025/12/30 9:15 a.m.6 views

CVE-2025-15102

DVP-12SE11T - Password Protection Bypass...

9.8CVSS0.00273EPSS
Exploits0References1
OSV
OSV
added 2025/12/30 9:15 a.m.5 views

CVE-2025-15102

DVP-12SE11T - Password Protection Bypass...

9.8CVSS5.8AI score0.00273EPSS
Exploits0References1
CVE
CVE
added 2025/12/30 8:48 a.m.12 views

CVE-2025-15102

CVE-2025-15102 impacts Delta Electronics DVP-12SE11T PLC. The vulnerability is a password protection bypass that can be exploited remotely without authentication, potentially allowing unauthorized access and manipulation of PLC functionality. Fixed via firmware updates in late December 2025. Conn...

9.8CVSS6.5AI score0.00273EPSS
Exploits0References1Affected Software1
Tenable Nessus
Tenable Nessus
added 2025/12/20 12:0 a.m.10 views

Unity Linux 20.1050a / 20.1060a / 20.1070a Security Update: tomcat (UTSA-2025-991299)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-991299 advisory. Relative Path Traversal vulnerability in Apache Tomcat. The fix for bug 60013 introduced a regression where the rewritten URL was normalized before it was decoded...

7.5CVSS8.6AI score0.66535EPSS
Exploits4References4
EUVD
EUVD
added 2025/12/18 7:20 a.m.6 views

EUVD-2025-204248

The Download Manager plugin for WordPress is vulnerable to unauthorized access of sensitive information in all versions up to, and including, 3.3.32. This is due to missing authorization and capability checks on the wpdmmediaaccess AJAX action. This makes it possible for authenticated attackers,...

4.3CVSS4.9AI score0.00365EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2025/12/18 12:0 a.m.7 views

PT-2025-51998

Name of the Vulnerable Software and Affected Versions Download Manager plugin for WordPress versions prior to 3.3.33 Description The Download Manager plugin for WordPress is susceptible to unauthorized access of sensitive information. This is caused by missing authorization and capability checks ...

4.3CVSS6.1AI score0.00365EPSS
Exploits0References7
RedhatCVE
RedhatCVE
added 2025/12/17 8:7 a.m.7 views

CVE-2025-65318

When using the attachment interaction functionality, Canary Mail 5.1.40 and below saves documents to a file system without a Mark-of-the-Web tag, which allows attackers to bypass the built-in file protection mechanisms of both Windows OS and third-party software...

9.1CVSS6.8AI score0.00485EPSS
Exploits2References1
OSV
OSV
added 2025/12/16 4:15 p.m.7 views

CVE-2025-65318

When using the attachment interaction functionality, Canary Mail 5.1.40 and below saves documents to a file system without a Mark-of-the-Web tag, which allows attackers to bypass the built-in file protection mechanisms of both Windows OS and third-party software...

9.1CVSS5.8AI score0.00496EPSS
Exploits3References5
NVD
NVD
added 2025/12/16 4:15 p.m.9 views

CVE-2025-65319

When using the attachment interaction functionality, Blue Mail 1.140.103 and below saves documents to a file system without a Mark-of-the-Web tag, which allows attackers to bypass the built-in file protection mechanisms of both Windows OS and third-party software...

9.1CVSS0.00496EPSS
Exploits2References4
Cvelist
Cvelist
added 2025/12/16 12:0 a.m.36 views

CVE-2025-65318

When using the attachment interaction functionality, Canary Mail 5.1.40 and below saves documents to a file system without a Mark-of-the-Web tag, which allows attackers to bypass the built-in file protection mechanisms of both Windows OS and third-party software...

0.00485EPSS
Exploits2References3
CVE
CVE
added 2025/12/16 12:0 a.m.24 views

CVE-2025-65318

CVE-2025-65318 : Red Hat and NVD/NVD-derived records describe a vulnerability in Canary Mail 5.1.40 and earlier where saving documents via the attachment interaction leads to files being written to the filesystem without a Mark-of-the-Web tag. This tag omission can bypass built-in file protection...

9.1CVSS6.5AI score0.00485EPSS
Exploits2References3Affected Software1
CNNVD
CNNVD
added 2025/12/16 12:0 a.m.12 views

Blue Mail 安全漏洞

Blue Mail is an email client from Blue Mail, Inc. A security vulnerability exists in Blue Mail versions 1.140.103 and earlier, which stems from a failure to add the Mark-of-the-Web tag when saving a document, and could lead to a bypass of the file protection mechanism...

9.1CVSS8.5AI score0.00496EPSS
Exploits3References5
CNNVD
CNNVD
added 2025/12/16 12:0 a.m.6 views

Canary Mail 安全漏洞

Canary Mail is an email client application from Canary Mail, Inc. in the United States. A security vulnerability exists in Canary Mail version 5.1.40 and earlier, which stems from a failure to add the Mark-of-the-Web tag when saving a document, which could lead to a bypass of the file protection...

9.1CVSS6.3AI score0.00496EPSS
Exploits3References5
Vulnrichment
Vulnrichment
added 2025/12/16 12:0 a.m.8 views

CVE-2025-65319

When using the attachment interaction functionality, Blue Mail 1.140.103 and below saves documents to a file system without a Mark-of-the-Web tag, which allows attackers to bypass the built-in file protection mechanisms of both Windows OS and third-party software...

9AI score0.00496EPSS
Exploits2References4
Rows per page
Query Builder