Lucene search
K

543 matches found

EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2025-5207

Malicious code in bioql PyPI...

7.1CVSS7.8AI score0.00223EPSS
Exploits0References9
EUVD
EUVD
added 2025/10/03 8:7 p.m.3 views

EUVD-2024-42780

Malicious code in bioql PyPI...

8.7CVSS6.5AI score0.00387EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/09/12 9:24 a.m.15 views

CVE-2025-36756

A problem with missing authorization on SolaX Cloud platform allows taking over any SolaX solarpanel inverter of which the serial number is known...

5.8CVSS6.9AI score0.00256EPSS
Exploits0References1
NVD
NVD
added 2025/09/10 9:15 a.m.6 views

CVE-2025-36756

A problem with missing authorization on SolaX Cloud platform allows taking over any SolaX solarpanel inverter of which the serial number is known...

5.8CVSS0.00256EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/09/10 8:50 a.m.3 views

CVE-2025-36756 Device Takeover vulnerability in SolaX Cloud

A problem with missing authorization on SolaX Cloud platform allows taking over any SolaX solarpanel inverter of which the serial number is known...

5.8CVSS6.3AI score0.00256EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/09/10 8:50 a.m.9 views

CVE-2025-36756 Device Takeover vulnerability in SolaX Cloud

A problem with missing authorization on SolaX Cloud platform allows taking over any SolaX solarpanel inverter of which the serial number is known...

5.8CVSS0.00256EPSS
Exploits0References2
CVE
CVE
added 2025/09/10 8:50 a.m.15 views

CVE-2025-36756

The CVE-2025-36756 entry describes a missing-authorization vulnerability in the SolaX Cloud platform that could allow takeover of a known-serial-number SolaX solar inverter. Affected component is the SolaX Cloud platform beneath the inverter management flow; root cause is insufficient access cont...

5.8CVSS6.4AI score0.00256EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/09/10 12:0 a.m.4 views

PT-2025-37028

Name of the Vulnerable Software and Affected Versions: SolaX Cloud platform affected versions not specified Description: A missing authorization issue exists on the SolaX Cloud platform. This allows unauthorized access and potential takeover of SolaX solar panel inverters when the serial number i...

5.8CVSS6.3AI score0.00256EPSS
Exploits0References5
Microsoft CVE
Microsoft CVE
added 2025/09/03 11:18 p.m.7 views

rxrpc: Fix delayed ACKs to not set the reference serial number

...

5.5CVSS7AI score0.00241EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2025/08/27 12:0 a.m.3 views

Linux Distros Unpatched Vulnerability : CVE-2021-37155

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - wolfSSL 4.6.x through 4.7.x before 4.8.0 does not produce a failure outcome when the serial number in an OCSP request differs from the serial number in the OCSP...

9.8CVSS7.3AI score0.01493EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/08/14 3:49 p.m.12 views

CVE-2025-8452

By using the "uscan" protocol provided by the eSCL specification, an attacker can discover the serial number of multi-function printers that implement the Brother-provided firmware. This serial number can, in turn, can be leveraged by the flaw described by CVE-2024-51978 to calculate the default...

9.8CVSS7.2AI score0.7656EPSS
Exploits0References1
OSV
OSV
added 2025/08/12 7:15 p.m.5 views

CVE-2024-26009

An authentication bypass using an alternate path or channel CWE-288 vulnerability in Fortinet FortiOS version 6.4.0 through 6.4.15 and before 6.2.16, FortiProxy version 7.4.0 through 7.4.2, 7.2.0 through 7.2.8 and before 7.0.15 & FortiPAM before version 1.2.0 allows an unauthenticated attacker to...

8.1CVSS5.8AI score0.00556EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2025/08/12 6:59 p.m.4 views

CVE-2024-26009

An authentication bypass using an alternate path or channel CWE-288 vulnerability in Fortinet FortiOS 6.4.0 through 6.4.15, FortiOS 6.2.0 through 6.2.16, FortiOS 6.0 all versions, FortiPAM 1.2.0, FortiPAM 1.1.0 through 1.1.2, FortiPAM 1.0.0 through 1.0.3, FortiProxy 7.4.0 through 7.4.2, FortiProx...

8.1CVSS5.7AI score0.00556EPSS
Exploits0References2Affected Software4
NVD
NVD
added 2025/08/12 4:15 p.m.6 views

CVE-2025-8452

By using the "uscan" protocol provided by the eSCL specification, an attacker can discover the serial number of multi-function printers that implement the Brother-provided firmware. This serial number can, in turn, can be leveraged by the flaw described by CVE-2024-51978 to calculate the default...

4.3CVSS0.00227EPSS
Exploits0References5
Cvelist
Cvelist
added 2025/08/12 3:23 p.m.16 views

CVE-2025-8452 Unauthenticated leak of sensitive information affecting multiple models from Brother Industries, Ltd., Toshiba Tec, and Konica Minolta, Inc.

By using the "uscan" protocol provided by the eSCL specification, an attacker can discover the serial number of multi-function printers that implement the Brother-provided firmware. This serial number can, in turn, can be leveraged by the flaw described by CVE-2024-51978 to calculate the default...

4.3CVSS0.00227EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2025/08/10 4:29 p.m.6 views

CVE-2025-47872

The public-facing product registration endpoint server responds differently depending on whether the S/N is valid and unregistered, valid but already registered, or does not exist in the database. Combined with the fact that serial numbers are sequentially assigned, this allows an attacker to gai...

6.9CVSS6.8AI score0.00297EPSS
Exploits0References1
NVD
NVD
added 2025/08/08 5:15 p.m.8 views

CVE-2025-47872

The public-facing product registration endpoint server responds differently depending on whether the S/N is valid and unregistered, valid but already registered, or does not exist in the database. Combined with the fact that serial numbers are sequentially assigned, this allows an attacker to gai...

6.9CVSS0.00297EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/08/08 4:17 p.m.5 views

CVE-2025-46414 EG4 Electronics EG4 Inverters Improper Restriction of Excessive Authentication Attempts

The affected product does not limit the number of attempts for inputting the correct PIN for a registered product, which may allow an attacker to gain unauthorized access using brute-force methods if they possess a valid device serial number. The API provides clear feedback when the correct PIN i...

9.2CVSS6.8AI score0.0035EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/08/08 4:14 p.m.10 views

CVE-2025-47872 EG4 Electronics EG4 Inverters Observable Discrepancy

The public-facing product registration endpoint server responds differently depending on whether the S/N is valid and unregistered, valid but already registered, or does not exist in the database. Combined with the fact that serial numbers are sequentially assigned, this allows an attacker to gai...

6.9CVSS0.00297EPSS
Exploits0References2
CVE
CVE
added 2025/08/08 4:14 p.m.20 views

CVE-2025-47872

CVE-2025-47872 affects EG4 Electronics EG4 Inverters. The public-facing product registration endpoint exposes information about serial numbers (SNs) based on their status (valid/unregistered, valid/registered, nonexistent). Because SNs are sequential, an attacker can infer the registration status...

6.9CVSS6.4AI score0.00297EPSS
Exploits0References2
Rows per page
Query Builder