Lucene search
K

81 matches found

ICS
ICS
added 2026/06/18 3:56 p.m.8 views

Webmin multiple vulnerabilities

RISK EVALUATION Webmin contains multiple vulnerabilities. In the worst case, a remote, unauthenticated attacker could impersonate and authenticate as any user. 2. RECOMMENDED PRACTICES Update to most recent available version of Webmin. 3. DESCRIPTION The Webmin HTTP server miniserv.pl allows...

9.2CVSS6AI score0.00285EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:23 p.m.10 views

CVE-2026-43873

WWBN AVideo is an open source video platform. In versions up to and including 29.0, plugin/CloneSite/cloneClient.json.php echoes the local CloneSite shared secret $objClone-myKey, a constant md5$global'systemRootPath' . $global'salt' into the HTTP response body on every unauthenticated request. T...

7.5CVSS5.5AI score0.00255EPSS
Exploits0References1
NVD
NVD
added 2026/05/31 5:16 a.m.18 views

CVE-2026-10167

A weakness has been identified in OUSL-GROUP-BrinaryBrains School Student Management System up to 1e70e5ad1125b86dca4ee086eb6bb121f17708b6. This impacts the function signauthcookie of the file application/controllers/Login.php of the component MYController. Executing a manipulation of the argumen...

7.5CVSS0.00409EPSS
Exploits0References4
NVD
NVD
added 2026/05/11 10:22 p.m.44 views

CVE-2026-43873

WWBN AVideo is an open source video platform. In versions up to and including 29.0, plugin/CloneSite/cloneClient.json.php echoes the local CloneSite shared secret $objClone-myKey, a constant md5$global'systemRootPath' . $global'salt' into the HTTP response body on every unauthenticated request. T...

7.5CVSS0.00255EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/04/30 6:18 a.m.8 views

CVE-2026-41603

A flaw was found in Apache Thrift. This vulnerability involves improper validation of server certificates, where the hostname presented in the certificate does not match the expected hostname. A remote attacker could exploit this to impersonate a legitimate server, potentially intercepting or...

8.2CVSS5.4AI score0.00593EPSS
Exploits0References5
CNNVD
CNNVD
added 2025/12/05 12:0 a.m.4 views

Advantech WISE-DeviceOn Server 安全漏洞

Advantech WISE-DeviceOn Server is Advantech's next-generation unified device management solution based on the WISE-DeviceOn platform. Advantech WISE-DeviceOn Server suffers from a hard-coded encryption key vulnerability that can be exploited by an attacker to impersonate an arbitrary account...

10CVSS6.7AI score0.00604EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2025/10/23 9:13 a.m.5 views

CVE-2025-41108

The communication protocol implemented in Ghost Robotics Vision 60 v0.27.2 could allow an attacker to send commands to the robot from an external attack station, impersonating the control station tablet and gaining unauthorised full control of the robot. The absence of encryption and authenticati...

9.8CVSS7.3AI score0.00295EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/22 8:14 a.m.4 views

EUVD-2025-35344

The communication protocol implemented in Ghost Robotics Vision 60 v0.27.2 could allow an attacker to send commands to the robot from an external attack station, impersonating the control station tablet and gaining unauthorised full control of the robot. The absence of encryption and authenticati...

9.2CVSS6.8AI score0.00295EPSS
Exploits0References2
OSV
OSV
added 2025/10/15 7:23 p.m.9 views

CVE-2025-62375 go-witness Improper Verification of AWS EC2 Identity Documents

go-witness and witness are Go modules for generating attestations. In go-witness versions 0.8.6 and earlier and witness versions 0.9.2 and earlier the AWS attestor improperly verifies AWS EC2 instance identity documents. Verification can incorrectly succeed when a signature is not present or is...

6.9CVSS6.6AI score0.00186EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/07 12:30 a.m.7 views

EUVD-2013-7014

Malware in sbrugna...

7.5CVSS6.4AI score0.01527EPSS
Exploits0References8
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2004-0371

Malware in sbrugna...

5CVSS6.1AI score0.01528EPSS
Exploits0References9
Tenable Nessus
Tenable Nessus
added 2025/08/30 12:0 a.m.5 views

Linux Distros Unpatched Vulnerability : CVE-2018-16886

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - etcd versions 3.2.x before 3.2.26 and 3.3.x before 3.3.11 are vulnerable to an improper authentication issue when role-based access control RBAC is used and...

8.1CVSS7AI score0.04031EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2024/10/03 12:0 a.m.12 views

PT-2024-6647 · Su +4 · Su +4

Name of the Vulnerable Software and Affected Versions: Authd PAM module versions prior to 0.3.5 Description: The issue is related to errors in privilege management, allowing a remote attacker to gain access to another user's account by executing commands such as su, sudo, or ssh and modifying the...

10CVSS6.8AI score0.97781EPSS
Exploits23References219
OSV
OSV
added 2024/08/02 10:16 a.m.4 views

CVE-2024-40719

The encryption strength of the authorization keys in CHANGING Information Technology TCBServiSign Windows Version is insufficient. When a remote attacker tricks a victim into visiting a malicious website, TCBServiSign will treat that website as a legitimate server and interact with it...

6.5CVSS5.8AI score0.00175EPSS
Exploits0References2
CVE
CVE
added 2024/06/25 1:2 p.m.77 views

CVE-2024-6301

Conduit (federation API) is affected by CVE-2024-6301: lack of origin validation in the federation API allows any remote server to impersonate any user from any server in most EDUs. The vulnerability affects Conduit versions prior to 0.8.0. Root cause: insufficient validation of origin in federat...

7.5CVSS6AI score0.00168EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2024/05/29 12:0 a.m.9 views

PT-2024-3936 · Jetbrains · Teamcity

Name of the Vulnerable Software and Affected Versions: JetBrains TeamCity versions prior to 2022.04.7 JetBrains TeamCity versions prior to 2022.10.6 JetBrains TeamCity versions prior to 2023.05.6 JetBrains TeamCity versions prior to 2023.11.5 JetBrains TeamCity versions prior to 2024.03.2...

8.1CVSS7.2AI score0.00282EPSS
Exploits0References8
BDU FSTEC
BDU FSTEC
added 2024/01/12 12:0 a.m.7 views

The vulnerability of the Git-based software platform for collaborative code development on GitLab stems from improper verification of certificates during authentication using smart cards. This allows a perpetrator to impersonate another user and pass identity verification.

The vulnerability of the Git-based software platform for collaborative code development on GitLab is related to improper verification of the certificate during authentication using smart cards. Exploiting this vulnerability allows a malicious actor, operating remotely, to bypass the authenticity...

8.1CVSS7.5AI score0.00379EPSS
Exploits0References5Affected Software1
ATTACKERKB
ATTACKERKB
added 2023/12/12 1:15 a.m.4 views

CVE-2023-36647

A hard-coded cryptographic private key used to sign JWT authentication tokens in ProLion CryptoSpike 3.0.15P2 allows remote attackers to impersonate arbitrary users and roles in web management and REST API endpoints via crafted JWT tokens...

7.5CVSS7.3AI score0.00754EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2023/12/11 12:0 a.m.7 views

PT-2023-25652 · Grafana +1 · Loki +2

Name of the Vulnerable Software and Affected Versions: ProLion CryptoSpike version 3.0.15P2 Description: The issue allows remote attackers to impersonate other users in web management and the REST API by reading JWT tokens from logs as a Grafana authenticated user or from the Loki REST API withou...

9.1CVSS9AI score0.00879EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2023/11/30 12:0 a.m.5 views

PT-2023-32618 · Tyler Technologies · Tyler Technologies Court Case Management Plus

Name of the Vulnerable Software and Affected Versions: Tyler Technologies Court Case Management Plus affected versions not specified Description: The issue allows a remote attacker to authenticate as any user by manipulating at least the 'CmWebSearchPfp/Login.aspx?xyzldk=' and 'payforprint...

9.8CVSS9.3AI score0.0113EPSS
Exploits0References8
Rows per page
Query Builder