Lucene search
K

5655 matches found

Positive Technologies
Positive Technologies
added 2025/02/27 12:0 a.m.3 views

PT-2025-8978 · Unknown · Zyx0814 Pichome

Name of the Vulnerable Software and Affected Versions: zyx0814 Pichome version 2.1.0 Description: A critical vulnerability was found in zyx0814 Pichome, affecting an unknown part of the file /index.php?mod=textviewer. The manipulation of the src argument leads to path traversal, allowing remote...

6.9CVSS5.6AI score0.01623EPSS
Exploits0References8
CNNVD
CNNVD
added 2025/02/24 12:0 a.m.2 views

Benner Connecta 安全漏洞

Benner Connecta is a cloud connectivity platform from Benner Inc. bringing greater security and optimization to authorization and e-invoicing processes. A security vulnerability exists in Benner Connecta version 1.0.5330 that stems from improper control of resource identifiers and could allow...

6.5CVSS6.5AI score0.00395EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/02/24 12:0 a.m.2 views

Lumsoft ERP 安全漏洞

Lumsoft ERP is an enterprise resource management system from Lumsoft Corporation. A security vulnerability exists in Lumsoft ERP version 8, which stems from an unrestricted file upload that could allow remote attacks...

7.5CVSS7.6AI score0.00443EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/02/24 12:0 a.m.3 views

Benner ModernaNet 安全漏洞

Benner ModernaNet is a diagnostic center application from Benner. A security vulnerability exists in Benner ModernaNet version 1.2.0 and prior versions that stems from cross-site request forgery and could allow remote attacks...

6.5CVSS5AI score0.00324EPSS
Exploits1References1
CNNVD
CNNVD
added 2025/02/24 12:0 a.m.3 views

Benner ModernaNet 安全漏洞

Benner ModernaNet is a diagnostic center application from Benner. A security vulnerability exists in Benner ModernaNet version 1.1.0 and prior versions that stems from cross-site request forgery and could allow remote attacks...

8.8CVSS4.9AI score0.00342EPSS
Exploits1References1
CNNVD
CNNVD
added 2025/02/24 12:0 a.m.3 views

Benner ModernaNet 安全漏洞

Benner ModernaNet is a diagnostic center application from Benner. A security vulnerability exists in Benner ModernaNet version 1.1.0 and prior versions that stems from improper control of resource identifiers and could allow remote attacks...

7.5CVSS4.9AI score0.00616EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/02/14 9:47 a.m.20 views

CVE-2023-26566

Sangoma FreePBX 1805 through 2203 on Linux contains hardcoded credentials for the Asterisk REST Interface ARI, which allows remote attackers to reconfigure Asterisk and make external and internal calls via HTTP and WebSocket requests sent to the API...

8.6CVSS7.1AI score0.00712EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/02/14 8:58 a.m.10 views

CVE-2025-1185

A vulnerability was found in pihome-shc PiHome 2.0. It has been classified as critical. This affects an unknown part of the file /ajax.php?Ajax=GetModalSensorGraph. The manipulation leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the publi...

6.5CVSS7.2AI score0.00577EPSS
Exploits1References1
Zero Science Lab
Zero Science Lab
added 2025/02/13 12:0 a.m.279 views

ABB Cylon FLXeon 9.3.4 Default Credentials

Summary BACnet® Smart Building Controllers. ABB's BACnet portfolio features a series of BACnet® IP and BACnet MS/TP field controllers for ASPECT® and INTEGRA™ building management solutions. ABB BACnet controllers are designed for intelligent control of HVAC equipment such as central plant, boiler...

5.9AI score
Exploits0
Packet Storm
Packet Storm
added 2025/02/13 12:0 a.m.282 views

ABB Cylon FLXeon 9.3.4 Default Credentials

ABB Cylon FLXeon version 9.3.4 uses a weak set of default administrative credentials that can be guessed in remote password attacks and gain full control of the system. ABB Cylon FLXeon 9.3.4 Default Credentials Vendor: ABB Ltd. Product web page: https://www.global.abb Affected version: FLXeon...

7.9AI score
Exploits0
Cvelist
Cvelist
added 2025/02/12 1:29 p.m.13 views

CVE-2025-26364

A CWE-306 "Missing Authentication for Critical Function" in maxprofile/setup/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an unauthenticated remote attacker to disable an authentication profile server via crafted HTTP requests...

7.5CVSS0.00517EPSS
Exploits0References1
NVD
NVD
added 2025/02/11 5:15 a.m.12 views

CVE-2025-1173

A vulnerability, which was classified as critical, was found in 1000 Projects Bookstore Management System 1.0. This affects an unknown part of the file processusersdel.php. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely...

7.2CVSS0.00602EPSS
Exploits1References5
RedhatCVE
RedhatCVE
added 2025/02/08 4:50 a.m.11 views

CVE-2024-57587

Multiple SQL injection vulnerabilities in EasyVirt DCScope = 8.6.0 and CO2Scope = 1.3.0 allows remote unauthenticated attackers to execute arbitrary SQL commands via the 1 username or 2 password parameter to /api/auth/login...

9.1CVSS9.1AI score0.00561EPSS
Exploits1References1
CNNVD
CNNVD
added 2025/02/07 12:0 a.m.7 views

Mindskip xzs-mysql 安全漏洞

Mindskip xzs-mysql is a java + vue front-end and back-end separated exam system from Wuhan Mindskip Technology Mindskip company in China. The main advantages are simple and fast development and deployment, friendly interface design and clear code structure. Support web end and wechat small progra...

5.3CVSS5.1AI score0.00289EPSS
Exploits1References4
RedhatCVE
RedhatCVE
added 2025/02/06 3:43 a.m.10 views

CVE-2021-26611

HejHome GKW-IC052 IP Camera contained a hard-coded credentials vulnerability. This issue allows remote attackers to operate the IP Camera.reboot, factory reset, snapshot etc...

9.8CVSS6.9AI score0.01127EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/02/06 3:35 a.m.6 views

CVE-2021-26263

Cross-site scripting XSS issue in Discuss app of Odoo Community 14.0 through 15.0, and Odoo Enterprise 14.0 through 15.0, allows remote attackers to inject arbitrary web script in the browser of a victim, by posting crafted contents...

7.5CVSS6AI score0.00557EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/02/05 11:16 p.m.29 views

CVE-2022-23768

This Vulnerability in NIS-HAP11AC is caused by an exposed external port for the telnet service. Remote attackers use this vulnerability to induce all attacks such as source code hijacking, remote control of the device...

9.8CVSS7.2AI score0.00844EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/02/05 10:55 p.m.8 views

CVE-2022-1083

A vulnerability classified as critical has been found in Microfinance Management System. The manipulation of arguments like customertypenumber/accountnumber/accountstatusnumber/accounttypenumber with the input ' and select fromselectsleep10Avx and 'abc' = 'abc leads to sql injection in multiple...

9.8CVSS7.2AI score0.00912EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/02/05 10:46 p.m.10 views

CVE-2022-36301

BF-OS version 3.x up to and including 3.83 do not enforce strong passwords which may allow a remote attacker to brute-force the device password...

9.8CVSS6.9AI score0.00808EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/02/05 9:0 p.m.11 views

CVE-2022-46415

DJI Spark 01.00.0900 allows remote attackers to prevent legitimate terminal connections by exhausting the DHCP IP address pool. To accomplish this, the attacker would first need to connect to the device's internal Wi-Fi network e.g., by guessing the password. Then, the attacker would need to send...

9.1CVSS6.9AI score0.00908EPSS
Exploits1References1
Rows per page
Query Builder