Lucene search
K

420 matches found

Positive Technologies
Positive Technologies
added 2026/01/15 12:0 a.m.7 views

PT-2026-3011

Certain requests pass the authentication token in the URL as string query parameter, making it vulnerable to theft through server logs, proxy logs and Referer headers, which could allow an attacker to hijack the user's session and gain unauthorized access...

5.3CVSS7.1AI score0.00478EPSS
Exploits0References7
RedhatCVE
RedhatCVE
added 2026/01/09 9:18 a.m.8 views

CVE-2021-22184

An information disclosure issue in GitLab starting from version 12.8 allowed a user with access to the server logs to see sensitive information that wasn't properly redacted...

6.2CVSS5.8AI score0.00302EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/01/06 12:0 a.m.6 views

RED-V Super Digital Signage System 安全漏洞

RED-V Super Digital Signage System is a digital signage system from RED-V, Italy. A security vulnerability exists in RED-V Super Digital Signage System version 5.1.1, which stems from the presence of an information disclosure vulnerability that could lead to unauthenticated access to sensitive we...

7.5CVSS6.2AI score0.00378EPSS
Exploits1References6
NVD
NVD
added 2025/12/16 5:16 p.m.11 views

CVE-2023-53895

PimpMyLog 1.7.14 contains an improper access control vulnerability that allows remote attackers to create admin accounts without authorization through the configuration endpoint. Attackers can exploit the unsanitized username field to inject malicious JavaScript, create a hidden backdoor account,...

9.8CVSS0.00567EPSS
Exploits1References4
EUVD
EUVD
added 2025/12/16 5:6 p.m.6 views

EUVD-2023-60195

PimpMyLog 1.7.14 contains an improper access control vulnerability that allows remote attackers to create admin accounts without authorization through the configuration endpoint. Attackers can exploit the unsanitized username field to inject malicious JavaScript, create a hidden backdoor account,...

9.8CVSS6.2AI score0.00567EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2025/12/16 12:0 a.m.11 views

PT-2025-51743

Name of the Vulnerable Software and Affected Versions PimpMyLog version 1.7.14 Description The software contains an improper access control issue that allows remote attackers to create administrator accounts without authorization through the configuration endpoint. Attackers can exploit the...

9.8CVSS6.4AI score0.00567EPSS
Exploits1References10
RedhatCVE
RedhatCVE
added 2025/12/09 8:27 a.m.7 views

CVE-2025-66549

Nextcloud Desktop is the desktop sync client for Nextcloud. Prior to 3.16.5, when trying to manually lock a file inside an end-to-end encrypted directory, the path of the file was sent to the server unencrypted, making it possible for administrators to see it in log files. This vulnerability is...

2.7CVSS6.5AI score0.00251EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/12/05 5:47 p.m.24 views

CVE-2025-66549 Nextcloud Desktop discloses information when attempting to lock a file inside a end-to-end encrypted directory

Nextcloud Desktop is the desktop sync client for Nextcloud. Prior to 3.16.5, when trying to manually lock a file inside an end-to-end encrypted directory, the path of the file was sent to the server unencrypted, making it possible for administrators to see it in log files. This vulnerability is...

2.4CVSS0.00251EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2025/11/27 12:58 a.m.14 views

CVE-2025-65239

Incorrect access control in the /aux1/ocussd/trace endpoint of OpenCode Systems USSD Gateway OC Release:5, version 6.13.11 allows attackers with low-level privileges to read server logs...

4.3CVSS6.8AI score0.00251EPSS
Exploits1References1
OSV
OSV
added 2025/11/26 5:15 p.m.6 views

CVE-2025-65239

Incorrect access control in the /aux1/ocussd/trace endpoint of OpenCode Systems USSD Gateway OC Release:5, version 6.13.11 allows attackers with low-level privileges to read server logs...

4.3CVSS5.8AI score0.00251EPSS
Exploits1References3
NVD
NVD
added 2025/11/26 5:15 p.m.5 views

CVE-2025-65239

Incorrect access control in the /aux1/ocussd/trace endpoint of OpenCode Systems USSD Gateway OC Release:5, version 6.13.11 allows attackers with low-level privileges to read server logs...

4.3CVSS0.00251EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2025/11/26 12:0 a.m.9 views

PT-2025-48155

Name of the Vulnerable Software and Affected Versions OpenCode Systems USSD Gateway OC Release:5 version 6.13.11 Description A flaw exists in access control within the /aux1/ocussd/trace endpoint of OpenCode Systems USSD Gateway OC Release:5. This allows attackers with limited privileges to acces...

4.3CVSS6.5AI score0.00251EPSS
Exploits1References8
CVE
CVE
added 2025/11/26 12:0 a.m.17 views

CVE-2025-65239

CVE-2025-65239 affects OpenCode Systems USSD Gateway OC Release:5 (version 6.13.11). The /aux1/ocussd/trace endpoint has incorrect access control, enabling attackers with low privileges to read server logs. Reported CVSSv3.1 base score is 4.3 (MEDIUM), with network access, low privileges required...

4.3CVSS6.4AI score0.00251EPSS
Exploits1References3Affected Software1
Vulnrichment
Vulnrichment
added 2025/11/26 12:0 a.m.5 views

CVE-2025-65239

Incorrect access control in the /aux1/ocussd/trace endpoint of OpenCode Systems USSD Gateway OC Release:5, version 6.13.11 allows attackers with low-level privileges to read server logs...

6.4AI score0.00251EPSS
Exploits1References3
CNNVD
CNNVD
added 2025/11/26 12:0 a.m.6 views

OpenCode USSD Gateway 安全漏洞

OpenCode USSD Gateway is an OpenCode open source gateway software for processing and managing USSD messages. A security vulnerability exists in OpenCode USSD Gateway, which stems from improper access control of the /aux1/ocussd/trace endpoint, which could allow a low-privileged attacker to read...

4.3CVSS6.6AI score0.00251EPSS
Exploits1References4
Cvelist
Cvelist
added 2025/11/26 12:0 a.m.10 views

CVE-2025-65239

Incorrect access control in the /aux1/ocussd/trace endpoint of OpenCode Systems USSD Gateway OC Release:5, version 6.13.11 allows attackers with low-level privileges to read server logs...

0.00251EPSS
Exploits1References3
Tenable Nessus
Tenable Nessus
added 2025/10/14 12:0 a.m.5 views

Linux Distros Unpatched Vulnerability : CVE-2025-32916

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Potential use of sensitive information in GET requests in Checkmk GmbH's Checkmk versions 2.4.0p13, 2.3.0p38, 2.2.0p46, and 2.1.0 EOL may cause sensitive form...

4.3CVSS5.5AI score0.00179EPSS
Exploits0References2
OSV
OSV
added 2025/10/09 3:0 p.m.5 views

CVE-2025-32916 Sensitive form data in URL query parameters

Potential use of sensitive information in GET requests in Checkmk GmbH's Checkmk versions 2.4.0p13, 2.3.0p38, 2.2.0p46, and 2.1.0 EOL may cause sensitive form data to be included in URL query parameters, which may be logged in various places such as browser history or web server logs...

1CVSS5.9AI score0.00179EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2019-3165

Malware in sbrugna...

7.5CVSS7.6AI score0.01111EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2013-4023

Malware in sbrugna...

5CVSS6.4AI score0.04865EPSS
Exploits0References3
Rows per page
Query Builder