Lucene search
K

148 matches found

Positive Technologies
Positive Technologies
added 2024/01/17 12:0 a.m.6 views

PT-2024-15711 · Unknown · C21 Live Encoder/Live Mosaic

Name of the Vulnerable Software and Affected Versions: C21 Live Encoder and Live Mosaic version 5.3 Description: The issue is related to inadequate access control, allowing a remote attacker to access the application as an administrator user due to lack of proper credential management. This can b...

9.8CVSS9.2AI score0.0063EPSS
Exploits0References7
CNNVD
CNNVD
added 2023/11/17 12:0 a.m.6 views

Devellion CubeCart Security Breach

Devellion CubeCart is a free and open source e-commerce shopping cart software from the company of Devellion UK. The software supports selling products, adding/editing products or images in an online store, etc. A security vulnerability exists in Devellion CubeCart versions prior to 6.5.3, which...

4.9CVSS6.7AI score0.01181EPSS
Exploits0References3
OSV
OSV
added 2023/05/23 2:15 a.m.4 views

CVE-2023-27512

Use of hard-coded credentials exists in SolarView Compact SV-CPT-MC310 versions prior to Ver.8.10, and SV-CPT-MC310F versions prior to Ver.8.10, which may allow a remote authenticated attacker to login the affected product with an administrative privilege and perform an unintended operation...

7.2CVSS7.2AI score0.01036EPSS
Exploits0References3
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2023/05/09 7:9 a.m.4 views

Multiple vulnerabilities in SolarView Compact

Overview SolarView Compact provided by CONTEC CO.,LTD. contains multiple vulnerabilities listed below. Use of hard-coded credentials CWE-798 - CVE-2023-27512 OS command injection in the download page CWE-78 - CVE-2023-27514 Buffer overflow in the multiple setting pages CWE-120 - CVE-2023-27518 OS...

8.8CVSS8.7AI score0.01924EPSS
Exploits0References17
The Hacker News
The Hacker News
added 2023/05/03 7:30 a.m.2 views

Hackers Exploiting 5-year-old Unpatched Vulnerability in TBK DVR Devices

Threat actors are actively exploiting an unpatched five-year-old flaw impacting TBK digital video recording DVR devices, according to an advisory issued by Fortinet FortiGuard Labs. The vulnerability in question is CVE-2018-9995 CVSS score: 9.8, a critical authentication bypass issue that could b...

9.8CVSS8AI score0.86289EPSS
Exploits14
OSV
OSV
added 2023/03/23 6:15 a.m.4 views

CVE-2022-22512

Hard-coded credentials in Web-UI of multiple VARTA Storage products in multiple versions allows an unauthorized attacker to gain administrative access to the Web-UI via network...

9.8CVSS5.8AI score0.00675EPSS
Exploits0References1
OSV
OSV
added 2023/02/15 7:15 p.m.5 views

CVE-2022-47504

SolarWinds Platform was susceptible to the Deserialization of Untrusted Data. This vulnerability allows a remote adversary with Orion admin-level account access to SolarWinds Web Console to execute arbitrary commands...

7.2CVSS6AI score0.25061EPSS
Exploits0References2
SUSE CVE
SUSE CVE
added 2023/02/15 5:0 a.m.4 views

SUSE CVE-2016-5507

Unspecified vulnerability in Oracle MySQL 5.6.32 and earlier and 5.7.14 and earlier allows remote administrators to affect availability via vectors related to Server: InnoDB...

4.9CVSS8.6AI score0.02779EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2023/02/15 12:0 a.m.9 views

PT-2023-6826 · Solarwinds · Solarwinds Orion Platform +2

Name of the Vulnerable Software and Affected Versions: SolarWinds Platform version 2022.4.1 Description: The issue is related to the deserialization of untrusted data in the SolarWinds Orion Platform, which can be exploited by a remote adversary with admin-level access to the SolarWinds Web...

9CVSS7AI score0.80298EPSS
Exploits0References9
Positive Technologies
Positive Technologies
added 2023/02/10 12:0 a.m.7 views

PT-2025-6092 · Tenda · Tenda W18E

Name of the Vulnerable Software and Affected Versions: Tenda W18E version 16.01.0.81625 Description: The issue concerns an authentication bypass in the web management portal, allowing an unauthorized remote attacker to gain administrative access by sending a specially crafted HTTP request...

8.8CVSS7.7AI score0.00894EPSS
Exploits1References8
VulnCheck KEV
VulnCheck KEV
added 2022/12/05 12:0 a.m.2 views

VulnCheck KEV: CVE-2017-16562

The UserPro plugin before 4.9.17.1 for WordPress, when used on a site with the "admin" username, allows remote attackers to bypass authentication and obtain administrative access via a "true" value for the upautolog parameter in the QUERYSTRING to the default URI...

9.8CVSS7.2AI score0.27369EPSS
Exploits3References1
OSV
OSV
added 2022/11/09 9:15 p.m.5 views

CVE-2022-31685

VMware Workspace ONE Assist prior to 22.10 contains an Authentication Bypass vulnerability. A malicious actor with network access to Workspace ONE Assist may be able to obtain administrative access without the need to authenticate to the application...

9.8CVSS5.8AI score0.00954EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2022/08/01 12:0 a.m.5 views

PT-2022-6315 · Asus · Asus Rt-Ax82U

Name of the Vulnerable Software and Affected Versions: Asus RT-AX82U version 3.0.0.4.386 49674-ge182230 Description: An authentication bypass issue exists in the get IFTTTTtoken.cgi functionality, allowing a specially-crafted HTTP request to lead to full administrative access to the device. An...

9CVSS9.2AI score0.20849EPSS
Exploits1References7
OSV
OSV
added 2022/06/24 12:15 p.m.4 views

CVE-2021-41635

When installed as Windows service MELAG FTP Server 2.2.0.4 is run as SYSTEM user, which grants remote attackers to abuse misconfigurations or vulnerabilities with administrative access over the entire host system...

8.8CVSS5.8AI score0.01978EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2022/06/22 12:0 a.m.4 views

PT-2022-3059 · Cisco · Cisco Firepower Services Software For Asa +1

Name of the Vulnerable Software and Affected Versions: Cisco FirePOWER Services Software for ASA affected versions not specified Description: The issue is related to improper handling of undefined command parameters in the CLI parser of Cisco FirePOWER Software for Adaptive Security Appliance ASA...

9CVSS7.4AI score0.4831EPSS
Exploits4References10
ATTACKERKB
ATTACKERKB
added 2022/05/26 5:15 p.m.4 views

CVE-2022-30494

In oretnom23 Automotive Shop Management System v1.0, the first and last name user fields suffer from a stored XSS Injection Vulnerability allowing remote attackers to gain admin access and view internal IPs...

5.4CVSS6.1AI score0.00596EPSS
Exploits1References2
OSV
OSV
added 2022/05/26 5:15 p.m.4 views

CVE-2022-30494

In oretnom23 Automotive Shop Management System v1.0, the first and last name user fields suffer from a stored XSS Injection Vulnerability allowing remote attackers to gain admin access and view internal IPs...

5.4CVSS6.1AI score0.00596EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2022/03/23 12:0 a.m.6 views

PT-2022-13480 · Mcafee · Mcafee Enterprise Epolicy Orchestrator

Name of the Vulnerable Software and Affected Versions: McAfee Enterprise ePolicy Orchestrator versions prior to 5.10 Update 13 Description: A XML Extended entity issue allows a remote administrator attacker to upload a malicious XML file through the extension import functionality, resulting in...

5.5CVSS4.2AI score0.00443EPSS
Exploits0References4
NCSC
NCSC
added 2022/02/24 12:0 a.m.4 views

Vulnerabilities fixed in Trend Micro Server Protect

Trend Micro has fixed multiple vulnerabilities in Server Protect. The vulnerability with reference CVE-2022-25329 allows a remote malicious person to misuse a hardcoded password in order to perform administrative actions. perform. The other vulnerabilities allow an authenticated malicious person...

9.8CVSS7.2AI score0.04872EPSS
Exploits2
NVD
NVD
added 2022/02/18 10:15 p.m.35 views

CVE-2022-23650

Netmaker is a platform for creating and managing virtual overlay networks using WireGuard. Prior to versions 0.8.5, 0.9.4, and 010.0, there is a hard-coded cryptographic key in the code base which can be exploited to run admin commands on a remote server if the exploiter know the address and...

9CVSS0.01543EPSS
Exploits0References4
Rows per page
Query Builder