Lucene search
K

106 matches found

CVE
CVE
added 2025/06/06 6:33 a.m.53 views

CVE-2025-48902

CVE-2025-48902 affects Huawei HarmonyOS/EMUI and is described as a vulnerability in the setting module leading to potential availability impact. Public documentation in connected sources provides CVSS metrics (AV:L, AC:H, PR:L, UI:R, S:C, C:L/I:L/A:H) and notes exploitation is not detailed in the...

6.6CVSS6.9AI score0.0008EPSS
Exploits0References1Affected Software2
RedhatCVE
RedhatCVE
added 2025/05/23 8:57 a.m.11 views

CVE-2024-21902

An incorrect permission assignment for critical resource vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated users to read or modify the resource via a network. We have already fixed the vulnerability in the...

8.1CVSS6.6AI score0.00353EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 5:57 a.m.4 views

CVE-2023-31454

Incorrect Permission Assignment for Critical Resource Vulnerability in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.2.0 through 1.6.0. The attacker can bind any cluster, even if he is not the cluster owner. Users are advised to upgrade to Apache InLong's 1.7.0...

7.5CVSS7AI score0.01182EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 3:54 a.m.7 views

CVE-2023-46142

A incorrect permission assignment for critical resource vulnerability in PLCnext products allows an remote attacker with low privileges to gain full access on the affected devices...

8.8CVSS7.2AI score0.00745EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/22 5:34 p.m.8 views

CVE-2020-9227

Huawei Smart Phones Moana-AL00B with versions earlier than 10.1.0.166 have a missing initialization of resource vulnerability. An attacker tricks the user into installing then running a crafted application. Due to improper initialization of specific parameters, successful exploit of this...

5.5CVSS6.7AI score0.00469EPSS
Exploits0References1
NVD
NVD
added 2025/04/30 1:15 p.m.17 views

CVE-2025-3394

Incorrect Permission Assignment for Critical Resource vulnerability in ABB Automation Builder.This issue affects Automation Builder: through 2.8.0...

8.5CVSS0.00128EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/04/09 10:26 a.m.23 views

CVE-2025-2442

CWE-1188: Initialization of a Resource with an Insecure Default vulnerability exists that could potentially lead to unauthorized access which could result in the loss of confidentially, integrity and availability when a malicious user, having physical access, sets the radio to the factory default...

6.8CVSS0.00239EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2025/03/21 12:0 a.m.9 views

RHEL 7 : openstack-cinder, openstack-glance, and openstack-nova update (Moderate) (RHSA-2016:2991)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2016:2991 advisory. OpenStack Compute nova launches and schedules large networks of virtual machines, creating a redundant and scalable cloud computing platform. Compute...

7.8CVSS6.6AI score0.03062EPSS
Exploits1References17
CNNVD
CNNVD
added 2025/03/20 12:0 a.m.7 views

Gradio 资源管理错误漏洞

Gradio, an open source Python library from Gradio Open Source, is a method for demonstrating machine learning models through a friendly web interface. A resource management error vulnerability exists in Gradio version 98cbcae, which stems from a regular expression used by the gr.Datetime componen...

7.5CVSS7.5AI score0.01015EPSS
Exploits1References1
CISA KEV Catalog
CISA KEV Catalog
added 2025/03/03 12:0 a.m.32 views

Microsoft Windows Win32k Improper Resource Shutdown or Release Vulnerability

Microsoft Windows Win32k contains an improper resource shutdown or release vulnerability that allows for local, authenticated privilege escalation. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode...

8.4CVSS6.9AI score0.22349EPSS
In wildExploits0
Tenable Nessus
Tenable Nessus
added 2025/02/06 12:0 a.m.32 views

Atlassian Confluence 3.x < 7.19.29 / 8.0.x < 8.5.17 / 8.6.x < 8.9.8 / 9.0.1 < 9.1.1 (CONFSERVER-98484)

The version of Atlassian Confluence Server running on the remote host is affected by a vulnerability as referenced in the CONFSERVER-98484 advisory. - Applications serving static resources through the functional web frameworks WebMvc.fn or WebFlux.fn are vulnerable to path traversal attacks. An...

7.5CVSS7.2AI score0.14718EPSS
Exploits1References2
Veracode
Veracode
added 2024/12/10 7:1 a.m.9 views

Unauthorized Resource Access

github.com/rancher/steve is vulnerable to Unauthorized Resource Access. The vulnerability is due to improper authorization checks, allowing users with minimal generic permissions to access and watch restricted resources...

7.7CVSS6.7AI score0.00444EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2024/11/18 12:0 a.m.18 views

Siemens SCALANCE M-800 Missing Release of Resource after Effective Lifetime (CVE-2024-28882)

OpenVPN from 2.6.0 through 2.6.10 in a server role accepts multiple exit notifications from authenticated clients which will extend the validity of a closing session This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information. %NASLMINLEVE...

4.3CVSS6.1AI score0.00665EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2024/11/04 12:0 a.m.11 views

RHEL 7 : openstack-cinder (RHSA-2017:0156)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2017:0156 advisory. OpenStack Block Storage cinder manages block storage mounting and the presentation of such mounted block storage to instances. The backend physical...

7.8CVSS6.5AI score0.03062EPSS
Exploits1References7
Veracode
Veracode
added 2024/10/23 9:13 a.m.8 views

Insecure Default Initialization Of Resource

org.apache.solr, solr-core is vulnerable to Insecure Default Initialization of Resource. The vulnerability is due to the failure to set the "trusted" metadata when ConfigSets are created via a Restore command from a backup, allowing unauthorized ConfigSets to be trusted and potentially load custo...

8.1CVSS6.6AI score0.00722EPSS
Exploits0References5Affected Software1
CNNVD
CNNVD
added 2024/10/21 12:0 a.m.3 views

Linux kernel 资源管理错误漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from a dependency checking issue in the RDMA/iwcm component during a flushworkqueue call...

7.8CVSS6.7AI score0.00263EPSS
Exploits0References9
OSV
OSV
added 2024/10/18 7:18 a.m.13 views

BIT-SOLR-2024-45217 Apache Solr: ConfigSets created during a backup restore command are trusted implicitly

Insecure Default Initialization of Resource vulnerability in Apache Solr. New ConfigSets that are created via a Restore command, which copy a configSet from the backup and give it a new name, are created without setting the "trusted" metadata. ConfigSets that do not contain the flag are trusted...

8.1CVSS8AI score0.00722EPSS
Exploits0References3
NVD
NVD
added 2024/10/16 8:15 a.m.13 views

CVE-2024-45217

Insecure Default Initialization of Resource vulnerability in Apache Solr. New ConfigSets that are created via a Restore command, which copy a configSet from the backup and give it a new name, are created without setting the "trusted" metadata. ConfigSets that do not contain the flag are trusted...

8.1CVSS0.00722EPSS
Exploits0References2
CVE
CVE
added 2024/10/16 7:51 a.m.84 views

CVE-2024-45217

CVE-2024-45217 describes an insecure default initialization of resources in Apache Solr. New ConfigSets created via Restore may be created without the trusted metadata, causing some ConfigSets to be implicitly trusted and potentially able to load custom code into classloaders. The issue affects S...

8.1CVSS8.1AI score0.00722EPSS
Exploits0References2Affected Software1
Zero Day Initiative
Zero Day Initiative
added 2024/10/08 12:0 a.m.7 views

Axis Communications Autodesk Plugin AxisAddin axisapphelpfiles Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Axis Communications Autodesk Plugin. Authentication is not required to exploit this vulnerability. The specific flaw exists within the configuration of a cloud resource. The issue results from allowi...

8.8CVSS7.8AI score
Exploits0References1
Rows per page
Query Builder