Lucene search
K

40447 matches found

BDU FSTEC
BDU FSTEC
added 2025/06/16 12:0 a.m.7 views

The vulnerability of the “Termide Virtual Desktops Connection Monitor” software agent arises from the lack of protective measures for the request structure, allowing attackers to enhance their privileges.

The vulnerability of the “Termide Virtual Desktops Connection Monitor” software agent is related to the lack of protective measures for the request structure. Exploiting this vulnerability allows a malicious actor to enhance their privileges by using specially crafted authorized HTTP requests...

6.5CVSS5.5AI score
Exploits0References2Affected Software1
Tenable Nessus
Tenable Nessus
added 2025/06/16 12:0 a.m.4 views

TencentOS Server 3: curl (TSSA-2022:0142)

The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2022:0142 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities...

8.1CVSS6.7AI score0.03425EPSS
Exploits4References5
OSV
OSV
added 2025/06/14 4:29 p.m.1 views

CGA-MH5Q-9FXH-HJ2P

Bulletin has no description...

7.5CVSS7.9AI score0.00311EPSS
Exploits0
OSV
OSV
added 2025/06/13 2:50 p.m.3 views

GHSA-VHGQ-R8GX-5FPV Ibexa Admin UI assets XSS vulnerabilities in back office

Impact This security advisory is a part of IBEXA-SA-2025-003, which resolves XSS vulnerabilities in several parts of the back office of Ibexa DXP. Back office access and varying levels of editing and management permissions are required to exploit these vulnerabilities. This typically means Editor...

6.1CVSS6.6AI score
Exploits0References4
BDU FSTEC
BDU FSTEC
added 2025/06/13 12:0 a.m.6 views

The vulnerability of the Cisco Webex web conferencing platform, which exists due to the lack of measures taken to protect the website structure, allows attackers to carry out XSS attacks.

The vulnerability of the Cisco Webex web conferencing platform exists due to the lack of security measures taken to protect the website structure. Exploiting this vulnerability allows a malicious actor to carry out XSS attacks remotely...

6.4CVSS5.4AI score0.00257EPSS
Exploits0References2
BDU FSTEC
BDU FSTEC
added 2025/06/13 12:0 a.m.5 views

The vulnerability of the Cisco Webex web conferencing platform, which exists due to the lack of measures taken to protect the website structure, allows attackers to carry out XSS attacks.

The vulnerability of the Cisco Webex web conferencing platform exists due to the lack of security measures taken to protect the website structure. Exploiting this vulnerability allows a malicious actor to carry out XSS attacks remotely...

6.4CVSS5.4AI score0.00257EPSS
Exploits0References2
OSV
OSV
added 2025/06/12 11:0 p.m.5 views

GHSA-J6G5-P62X-58HW vantage6 lacks brute-force protection on change password functionality

Impact If attacker gets access to an authenticated session, they can try to brute-force the user password by using the change password functionality: they can call that route infinitely which will return the message that password is wrong until it is correct Patches This issue has been patched in...

6.3CVSS7AI score0.00397EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2025/06/12 11:0 p.m.12 views

vantage6 lacks brute-force protection on change password functionality

Impact If attacker gets access to an authenticated session, they can try to brute-force the user password by using the change password functionality: they can call that route infinitely which will return the message that password is wrong until it is correct Patches This issue has been patched in...

9.8CVSS6.4AI score0.00397EPSS
Exploits0References5Affected Software1
Cvelist
Cvelist
added 2025/06/12 5:29 p.m.14 views

CVE-2025-43863 vantage6 lacks brute-force protection on change password functionality

vantage6 is an open source framework built to enable, manage and deploy privacy enhancing technologies like Federated Learning and Multi-Party Computation. If attacker gets access to an authenticated session, they can try to brute-force the user password by using the change password functionality...

6.3CVSS0.00397EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/06/12 5:29 p.m.6 views

CVE-2025-43863 vantage6 lacks brute-force protection on change password functionality

vantage6 is an open source framework built to enable, manage and deploy privacy enhancing technologies like Federated Learning and Multi-Party Computation. If attacker gets access to an authenticated session, they can try to brute-force the user password by using the change password functionality...

6.3CVSS7AI score0.00397EPSS
Exploits0References1
CVE
CVE
added 2025/06/12 5:29 p.m.52 views

CVE-2025-43863

vantage6 contains a brute-force vulnerability in the change password flow when an attacker has an authenticated session. The issue arises from unlimited password-change attempts via the route, enabling password-guessing and account compromise. Multiple sources (CVEs, advisories, and vendor notes)...

9.8CVSS6.4AI score0.00397EPSS
Exploits0References1Affected Software1
RedhatCVE
RedhatCVE
added 2025/06/12 5:6 p.m.5 views

CVE-2025-47160

Protection mechanism failure in Windows Shell allows an unauthorized attacker to bypass a security feature over a network...

5.4CVSS6.5AI score0.00716EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/06/12 5:6 p.m.8 views

CVE-2025-33050

Protection mechanism failure in Windows DHCP Server allows an unauthorized attacker to deny service over a network...

7.5CVSS7.7AI score0.0152EPSS
Exploits0References1
Schneier on Security
Schneier on Security
added 2025/06/12 3:44 p.m.8 views

Airlines Secretly Selling Passenger Data to the Government

This is news: A data broker owned by the country's major airlines, including Delta, American Airlines, and United, collected U.S. travellers' domestic flight records, sold access to them to Customs and Border Protection CBP, and then as part of the contract told CBP to not reveal where the data...

7.2AI score
Exploits0
ATTACKERKB
ATTACKERKB
added 2025/06/12 3:15 p.m.2 views

CVE-2025-49193

The application fails to implement several security headers. These headers help increase the overall security level of the web application by e.g., preventing the application to be displayed in an iFrame Clickjacking attacks or not executing injected malicious JavaScript code XSS attacks...

6.1CVSS5.8AI score0.00263EPSS
Exploits0References7
Vulnrichment
Vulnrichment
added 2025/06/12 1:27 p.m.6 views

CVE-2025-49186 No brute-force protection

The product does not implement sufficient measures to prevent multiple failed authentication attempts within a short time frame, making it susceptible to brute-force attacks...

5.3CVSS7.3AI score0.0032EPSS
Exploits0References6
OSV
OSV
added 2025/06/12 10:3 a.m.6 views

RHSA-2025:8844 Red Hat Security Advisory: mod_security security update

Bulletin has no description...

7.5CVSS8.3AI score0.00559EPSS
Exploits1References9
ICS
ICS
added 2025/06/12 6:0 a.m.15 views

AVEVA PI Web API

RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to disable content security policy protections. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability, such as: Minimize network...

6.5CVSS6.6AI score0.00201EPSS
Exploits0References10
Packet Storm News
Packet Storm News
added 2025/06/12 12:0 a.m.3 views

ObfusBFA: a Holistic Approach to Safeguarding DNNs from Different Types of Bit-Flip Attacks

Bit-flip attacks BFAs represent a serious threat to Deep Neural Networks DNNs, where flipping a small number of bits in the model parameters or binary code can significantly degrade the model accuracy or mislead the model prediction in a desired way. Existing defenses exclusively focus on...

7.1AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2025/06/12 12:0 a.m.9 views

EulerOS 2.0 SP11 : kernel (EulerOS-SA-2025-1661)

According to the versions of the kernel packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : net: gso: fix ownership in udpgsosegmentCVE-2025-21926 usbnet: gl620a: fix endpoint checking in genelinkbind.CVE-2025-21877 netsched: Prevent...

7.8CVSS7.7AI score0.13626EPSS
Exploits4References113
Rows per page
Query Builder