Lucene search
K

13931 matches found

Cvelist
Cvelist
added 2026/03/27 1:43 p.m.26 views

CVE-2025-13478 Cache Misconfiguration Leading to Cross-User Data Exposure

Cache misconfiguration vulnerability in OpenText Identity Manager on Windows, Linux allows remote authenticated users to obtain another user's session data via insecure application cache handling. This issue affects Identity Manager: 25.2v4.10.1...

8.4CVSS0.00286EPSS
Exploits0References2
CVE
CVE
added 2026/03/27 1:43 p.m.11 views

CVE-2025-13478

CVE-2025-13478 affects OpenText Identity Manager on Windows and Linux (Identity Manager: 25.2 v4.10.1). The issue is a cache misconfiguration where insecure application cache handling allows remote authenticated users to obtain another user’s session data. Impact per available docs: potential exp...

8.4CVSS6AI score0.00286EPSS
Exploits0References2
NVD
NVD
added 2026/03/19 6:16 p.m.10 views

CVE-2025-67115

A path traversal vulnerability in /ftl/web/setup.cgi in Small Cell Sercomm SCE4255W FreedomFi Englewood firmware before DG3934v3@2308041842 allows remote authenticated users to read arbitrary files from the filesystem via crafted values in the logtype parameter to /logsave.htm...

6.5CVSS0.00405EPSS
Exploits0References3
CVE
CVE
added 2026/03/19 12:0 a.m.12 views

CVE-2025-67112

The CVE-2025-67112 entry concerns the Small Cell Sercomm SCE4255W (FreedomFi Englewood) firmware prior to DG3934v3@2308041842, where a hard-coded AES-256-CBC key in the configuration backup/restore flow allows remote authenticated users to decrypt, modify, and re-encrypt device configurations. Th...

9.8CVSS5.8AI score0.00401EPSS
Exploits0References3
CVE
CVE
added 2026/03/12 12:0 a.m.8 views

CVE-2025-66955

The CVE-2025-66955 entry concerns Local File Inclusion in Asseco SEE Live 2.0, specifically within the Contact Plan, E-Mail, SMS and Fax components. The vulnerable surface is the downloadAttachment and downloadAttachmentFromPath APIs, where a malicious user with authentication can supply a path p...

6.5CVSS5.8AI score0.0027EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2026/03/12 12:0 a.m.6 views

PT-2026-25039

Name of the Vulnerable Software and Affected Versions Asseco SEE Live 2.0 Description A local file inclusion issue exists in the Contact Plan, E-Mail, SMS, and Fax components. Remote authenticated users can access files on the host system through the path parameter in the downloadAttachment and...

6.5CVSS5.8AI score0.0027EPSS
Exploits0References9
Vulnrichment
Vulnrichment
added 2026/03/12 12:0 a.m.4 views

CVE-2025-66955

Local File Inclusion in Contact Plan, E-Mail, SMS and Fax components in Asseco SEE Live 2.0 allows remote authenticated users to access files on the host via "path" parameter in the downloadAttachment and downloadAttachmentFromPath API calls...

5.9AI score0.0027EPSS
Exploits0References2
NVD
NVD
added 2026/02/24 4:24 p.m.7 views

CVE-2025-63409

Privilege escalation and improper access control in GCOM EPON 1GE C00R371V00B01 allows remote authenticated users to modify administrator only settings and extract administrator credentials...

8.8CVSS0.00277EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/02/24 12:0 a.m.5 views

PT-2026-21742

Name of the Vulnerable Software and Affected Versions GCOM EPON 1GE C00R371V00B01 affected versions not specified Description A flaw exists in GCOM EPON 1GE C00R371V00B01 related to privilege escalation and improper access control. Remote authenticated users can modify administrator-only settings...

8.8CVSS5.9AI score0.00277EPSS
Exploits0References6
CNNVD
CNNVD
added 2026/02/24 12:0 a.m.7 views

GCOM EPON 1GE 安全漏洞

GCOM EPON 1GE is a fiber-optic access device developed by GCOM Corporation. The GCOM EPON 1GE C00R371V00B01 version contains a security vulnerability. This vulnerability stems from improper permission escalation and access control mechanisms, which may allow remote authenticated users to modify...

8.8CVSS5.8AI score0.00277EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/02/11 12:0 a.m.25 views

CVE-2025-70297

A stored cross-site scripting XSS vulnerability in the recipe asset upload and media serving component in Mealie 3.3.1 allows remote authenticated users to inject arbitrary web script or HTML via an uploaded SVG file that is served as image/svg+xml and rendered by a victim s browser...

0.00183EPSS
Exploits1References2
Cvelist
Cvelist
added 2026/02/11 12:0 a.m.25 views

CVE-2025-70296

A stored HTML injection vulnerability in the Recipe Notes rendering component in Mealie 3.3.1 allows remote authenticated users to inject arbitrary HTML, resulting in user interface redressing within the recipe view...

0.0023EPSS
Exploits1References3
ATTACKERKB
ATTACKERKB
added 2026/02/11 12:0 a.m.4 views

CVE-2025-70297

A stored cross-site scripting XSS vulnerability in the recipe asset upload and media serving component in Mealie 3.3.1 allows remote authenticated users to inject arbitrary web script or HTML via an uploaded SVG file that is served as image/svg+xml and rendered by a victim s browser...

5.4AI score0.00183EPSS
Exploits1References3
CVE
CVE
added 2026/02/11 12:0 a.m.17 views

CVE-2025-70296

CVE-2025-70296 is a stored HTML injection in Mealie 3.3.1’s Recipe Notes rendering component. Remote authenticated users can inject arbitrary HTML, causing user interface redressing in the recipe view. Descriptions across multiple sources confirm the vulnerability and affected version; one connec...

5.4CVSS5.8AI score0.0023EPSS
Exploits1References3Affected Software1
NVD
NVD
added 2026/01/30 6:15 p.m.11 views

CVE-2025-15497

Insufficient epoch key slot processing in OpenVPN 2.7alpha1 through 2.7rc5 allows remote authenticated users to trigger an assert resulting in a denial of service...

7CVSS0.00323EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/01/30 6:6 p.m.3 views

CVE-2025-15497

Insufficient epoch key slot processing in OpenVPN 2.7alpha1 through 2.7rc5 allows remote authenticated users to trigger an assert resulting in a denial of service...

7CVSS5.9AI score0.00323EPSS
Exploits0References3Affected Software1
CNNVD
CNNVD
added 2026/01/30 12:0 a.m.15 views

OpenVPN security vulnerabilities

OpenVPN is a software package developed by OpenVPN Inc. in the United States, used to create encrypted VPN tunnels. It utilizes the OpenSSL library to encrypt data and control information, and allows the created VPNs to use public keys, electronic certificates, or username/password for...

7CVSS5.8AI score0.00323EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/01/16 12:0 a.m.4 views

MiracleLinux 4 : samba-3.6.23-25.AXS4 (AXSA:2016-137:02)

The remote MiracleLinux 4 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2016-137:02 advisory. Samba is the suite of programs by which a lot of PC-related machines share files, printers, and other information such as lists of available files and printer...

6.5CVSS7AI score0.12938EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/01/16 12:0 a.m.5 views

MiracleLinux 4 : mysql-5.1.66-2.0.1.AXS4 (AXSA:2013-03:01)

The remote MiracleLinux 4 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2013-03:01 advisory. MySQL is a multi-user, multi-threaded SQL database server. MySQL is a client/server implementation consisting of a server daemon mysqld and many different clie...

6.5CVSS8.3AI score0.24564EPSS
Exploits2References2
Tenable Nessus
Tenable Nessus
added 2026/01/16 12:0 a.m.7 views

MiracleLinux 7 : krb5-1.13.2-12.el7 (AXSA:2016-190:01)

The remote MiracleLinux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2016-190:01 advisory. Kerberos V5 is a trusted-third-party network authentication system, which can improve your network's security by eliminating the insecure practice of...

7.5CVSS6.4AI score0.04643EPSS
Exploits0References4
Rows per page
Query Builder