Lucene search
K

109 matches found

Cvelist
Cvelist
added 2025/12/17 7:48 p.m.30 views

CVE-2025-34442 AVideo < 20.1 System Path Disclosure via Public API

AVideo versions prior to 20.1 disclose absolute filesystem paths via multiple public API endpoints. Returned metadata includes full server paths to media files, revealing underlying filesystem structure and facilitating more effective attack chains...

6.9CVSS0.00731EPSS
Exploits2References4
Vulnrichment
Vulnrichment
added 2025/12/17 7:48 p.m.3 views

CVE-2025-34442 AVideo < 20.1 System Path Disclosure via Public API

AVideo versions prior to 20.1 disclose absolute filesystem paths via multiple public API endpoints. Returned metadata includes full server paths to media files, revealing underlying filesystem structure and facilitating more effective attack chains...

6.9CVSS6.5AI score0.00731EPSS
Exploits2References4
Vulnrichment
Vulnrichment
added 2025/12/17 7:48 p.m.2 views

CVE-2025-34441 AVideo < 20.1 User Information Disclosure via Public API

AVideo versions prior to 20.1 expose sensitive user information through an unauthenticated public API endpoint. Responses include emails, usernames, administrative status, and last login times, enabling user enumeration and privacy violations...

6.9CVSS6.2AI score0.00731EPSS
Exploits2References4
CVE
CVE
added 2025/12/17 7:48 p.m.14 views

CVE-2025-34441

CVE-2025-34441 affects AVideo versions prior to 20.1, exposing emails, usernames, admin status, and last login times via an unauthenticated public API endpoint, enabling user enumeration/privacy violations. Connected sources also describe unauthenticated RCE paths in AVideo 14.3.1+ through notify...

7.5CVSS6.2AI score0.00731EPSS
Exploits2References4Affected Software1
Positive Technologies
Positive Technologies
added 2025/12/17 12:0 a.m.8 views

PT-2025-51874

Name of the Vulnerable Software and Affected Versions AVideo versions prior to 20.1 Description AVideo versions prior to 20.1 have an issue where sensitive user information is exposed through an unauthenticated public API endpoint. The responses from this endpoint include emails, usernames,...

7.5CVSS6.4AI score0.00731EPSS
Exploits2References7
CVE
CVE
added 2025/12/04 9:36 p.m.9 views

CVE-2025-10285

CVE-2025-10285 affects Silicon Labs Simplicity Device Manager. The exposed web interface enables an attacker to extract NTLMv2 hashes, which could be used to crack users’ domain passwords. Affected software is Silicon Labs Simplicity Device Manager; the root cause is publicly accessible web UI ex...

7.4CVSS6.5AI score0.0016EPSS
Exploits0References1
OSV
OSV
added 2025/12/02 12:27 a.m.7 views

GHSA-PQ5V-RWP8-P7GM rtvm-interpreter lacks sufficient checks in public API

The affected function is unsound due to insufficient checks on public struct field...

6.9CVSS6.8AI score
Exploits0References1
EUVD
EUVD
added 2025/12/02 12:27 a.m.2 views

EUVD-2025-200125

rtvm-interpreter lacks sufficient checks in public API...

6.4AI score
Exploits0References1
Github Security Blog
Github Security Blog
added 2025/12/02 12:27 a.m.6 views

rtvm-interpreter lacks sufficient checks in public API

The affected function is unsound due to insufficient checks on public struct field...

6.9AI score
Exploits0References2Affected Software1
Tenable Nessus
Tenable Nessus
added 2025/11/24 12:0 a.m.6 views

Liferay Portal API Explorer Detected

This is an informational plugin to inform the user that the scanner has detected that the target Liferay instance publicly expose the API explorer. No source data...

6.9AI score
Exploits0References2
NVD
NVD
added 2025/11/05 10:15 a.m.6 views

CVE-2025-12468

The FunnelKit Automations – Email Marketing Automation and CRM for WordPress & WooCommerce plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.6.4.1 via the '/wc-coupons/' REST API endpoint. This is due to the endpoint being marked as a...

5.3CVSS0.00351EPSS
Exploits0References3
OSV
OSV
added 2025/10/31 12:0 p.m.4 views

RUSTSEC-2025-0131 Lack of sufficient checks in public API

The affected function is unsound due to insufficient checks on public struct field...

6.8AI score
Exploits0References4
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2015-5058

Malware in sbrugna...

9.1CVSS9AI score0.03901EPSS
Exploits0References14
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2025-29387

Malicious code in bioql PyPI...

6.6AI score
Exploits0References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.3 views

EUVD-2025-29424

Malicious code in bioql PyPI...

6.6AI score
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.16 views

EUVD-2022-41620

Malicious code in bioql PyPI...

3.3CVSS4.7AI score0.00286EPSS
Exploits0References1
Gitee
Gitee
added 2025/09/06 12:42 p.m.105 views

Exploit for OS Command Injection in Apache Airflow

This is a proof-of-concept PoC exploit for CVE-2020-11978, a remote code execution RCE vulnerability in Apache Airflow's example DAGs. The exploit targets Airflow versions less than 1.10.11 and allows an attacker to execute arbitrary commands on the system. The exploit uses the Airflow Experiment...

8.8CVSS9.6AI score0.99118EPSS
Exploits9
NVD
NVD
added 2025/09/02 12:15 p.m.17 views

CVE-2024-58259

A vulnerability has been identified within Rancher Manager in which it did not enforce request body size limits on certain public unauthenticated and authenticated API endpoints. This allows a malicious user to exploit this by sending excessively large payloads, which are fully loaded into memory...

8.2CVSS0.00482EPSS
Exploits0References2
F5 Networks
F5 Networks
added 2025/08/26 2:33 p.m.9 views

K000153161: Ansible Tower vulnerability CVE-2019-19340

Security Advisory Description A flaw was found in Ansible Tower, versions 3.6.x before 3.6.2 and 3.5.x before 3.5.3, where enabling RabbitMQ manager by setting it with '-e rabbitmqenablemanager=true' exposes the RabbitMQ management interface publicly, as expected. If the default admin user is sti...

8.2CVSS8.1AI score0.01534EPSS
Exploits0
OSV
OSV
added 2025/07/14 4:15 p.m.5 views

CVE-2025-7616

A vulnerability, which was classified as critical, has been found in gmg137 snap7-rs up to 1.142.1. Affected by this issue is the function pthreadconddestroy of the component Public API. The manipulation leads to memory corruption. The exploit has been disclosed to the public and may be used...

7.5CVSS5.1AI score0.00382EPSS
Exploits1References3
Rows per page
Query Builder