Lucene search
K

313 matches found

Cvelist
Cvelist
added 2025/12/05 5:17 p.m.18 views

CVE-2025-34263 Advantech WISE-DeviceOn Server < 5.4 Authenticated Stored XSS via plugin-config/dashboards/menus

Advantech WISE-DeviceOn Server versions prior to 5.4 contain a stored cross-site scripting XSS vulnerability in the /rmm/v1/plugin-config/dashboards/menus endpoint. When an authenticated user adds or edits a dashboard entry, the label and path values are stored in plugin configuration data and...

5.1CVSS0.00172EPSS
Exploits0References3
OSV
OSV
added 2025/12/04 9:16 p.m.4 views

CVE-2025-66573

Solstice Pod API version 5.5, 6.2 contains an unauthenticated API endpoint /api/config that exposes sensitive information such as the session key, server version, product details, and display name. Unauthorized users can extract live session information by accessing this endpoint without...

7.5CVSS5.8AI score0.00275EPSS
Exploits1References4
EUVD
EUVD
added 2025/12/04 8:45 p.m.3 views

EUVD-2025-201276

Solstice Pod API version 5.5, 6.2 contains an unauthenticated API endpoint /api/config that exposes sensitive information such as the session key, server version, product details, and display name. Unauthorized users can extract live session information by accessing this endpoint without...

6.9CVSS6.3AI score0.00275EPSS
Exploits1References6
Vulnrichment
Vulnrichment
added 2025/12/04 8:45 p.m.9 views

CVE-2025-66573 Solstice Pod API Session Key Extraction via API Endpoint

Solstice Pod API version 5.5, 6.2 contains an unauthenticated API endpoint /api/config that exposes sensitive information such as the session key, server version, product details, and display name. Unauthorized users can extract live session information by accessing this endpoint without...

6.9CVSS6.4AI score0.00275EPSS
Exploits1References4
Cvelist
Cvelist
added 2025/12/04 8:45 p.m.21 views

CVE-2025-66573 Solstice Pod API Session Key Extraction via API Endpoint

Solstice Pod API version 5.5, 6.2 contains an unauthenticated API endpoint /api/config that exposes sensitive information such as the session key, server version, product details, and display name. Unauthorized users can extract live session information by accessing this endpoint without...

6.9CVSS0.00275EPSS
Exploits1References4
CVE
CVE
added 2025/12/04 8:45 p.m.16 views

CVE-2025-66573

Solstice Pod API exposure: Versions 5.5 and 6.2 include an unauthenticated /api/config endpoint that can disclose sensitive live-session data (session key, server version, product details, display name) to any user. This information exposure is documented across multiple sources (NVD/Red Hat/CVE ...

7.5CVSS6.4AI score0.00275EPSS
Exploits1References4Affected Software1
ATTACKERKB
ATTACKERKB
added 2025/12/04 8:45 p.m.5 views

CVE-2025-66573

Solstice Pod API version 5.5, 6.2 contains an unauthenticated API endpoint /api/config that exposes sensitive information such as the session key, server version, product details, and display name. Unauthorized users can extract live session information by accessing this endpoint without...

7.5CVSS5.8AI score0.00275EPSS
Exploits1References4Affected Software1
Positive Technologies
Positive Technologies
added 2025/12/04 12:0 a.m.8 views

PT-2025-49141

Name of the Vulnerable Software and Affected Versions Solstice Pod API versions 5.5 through 6.2 Description The Solstice Pod API has an unauthenticated API endpoint. Specifically, the /api/config endpoint allows unauthorized access to sensitive information without requiring authentication. This...

6.9CVSS6.7AI score0.00275EPSS
Exploits1References7
Positive Technologies
Positive Technologies
added 2025/11/10 12:0 a.m.5 views

PT-2025-46220

PacsOne Server version 6.6.2 prior versions are likely affected contains a directory traversal vulnerability within the web-based DICOM viewer component. Successful exploitation allows a remote unauthenticated attacker to read arbitrary files via the 'nocache.php' endpoint with a crafted 'path'...

8.7CVSS6.9AI score0.00826EPSS
Exploits0References4
Packet Storm
Packet Storm
added 2025/11/10 12:0 a.m.155 views

📄 Ilevia EVE X1/X5 Server 4.7.18.0.eden Insecure Hashing Algorithm

Ilevia EVE X1/X5 Server version 4.7.18.0.eden stores user passwords in the database using the MD5 hashing algorithm, which is considered cryptographically insecure due to its vulnerability to collision and brute-force attacks. MD5 lacks modern protections such as salting and computational hardnes...

8.2CVSS7.1AI score0.0028EPSS
Exploits2
Zero Science Lab
Zero Science Lab
added 2025/11/06 12:0 a.m.221 views

Ilevia EVE X1/X5 Server 4.7.18.0.eden Insecure Hashing Algorithm

Summary EVE is a smart home and building automation solution designed for both residential and commercial environments, including malls, hotels, restaurants, bars, gyms, spas, boardrooms, and offices. It enables comprehensive control and monitoring of electrical installations through a highly...

8.2CVSS5.8AI score0.0028EPSS
Exploits2
OpenVAS
OpenVAS
added 2025/11/06 12:0 a.m.14 views

motionEye Detection (HTTP)

HTTP based detection of motionEye. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptoid"1.3.6.1.4.1.25623.1.0.155713";...

7AI score
Exploits0References1
CNVD
CNVD
added 2025/11/05 12:0 a.m.5 views

Azure Access Technology BLU-IC2 and Azure Access Technology BLU-IC4 Information Disclosure Vulnerabilities

The Azure Access Technology BLU-IC2 and Azure Access Technology BLU-IC4 are both networked access controllers from Azure Access Technology, USA. An information disclosure vulnerability exists in Azure Access Technology BLU-IC2 and Azure Access Technology BLU-IC4, which is caused by incorrect...

10CVSS6.1AI score0.00317EPSS
Exploits0References1
OSV
OSV
added 2025/11/03 7:16 p.m.4 views

CVE-2025-8558

Insider Threat Management ITM Server versions prior to 7.17.2 contain an authentication bypass vulnerability that allows unauthenticated users on an adjacent network to perform agent unregistration when the number of registered agents exceeds the licensed limit. Successful exploitation prevents t...

5.4CVSS5.8AI score0.00598EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/30 9:30 p.m.6 views

EUVD-2025-37196

sqls-server/sqls 0.2.28 is vulnerable to command injection in the config command because the openEditor function passes the EDITOR environment variable and config file path to sh -c without sanitization, allowing attackers to execute arbitrary commands...

7.5CVSS7.5AI score0.01129EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2025/10/30 5:9 p.m.14 views

CVE-2025-12477

Server Version Disclosure.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5...

10CVSS7AI score0.00317EPSS
Exploits0References1
OSV
OSV
added 2025/10/30 3:2 p.m.4 views

GO-2025-4029 Mattermost has a Missing Authorization vulnerability in github.com/mattermost/mattermost-server

Mattermost has a Missing Authorization vulnerability in github.com/mattermost/mattermost-server. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is causing false-positive reports from vulnerabili...

5.4CVSS6.8AI score0.00285EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2025/10/30 12:0 a.m.6 views

PT-2025-44455

Name of the Vulnerable Software and Affected Versions sqls-server/sqls version 0.2.28 Description sqls-server/sqls version 0.2.28 contains a command injection issue in the config command. The openEditor function passes the EDITOR environment variable and the config file path to sh -c without prop...

7.5CVSS7.8AI score0.01129EPSS
Exploits0References11
EUVD
EUVD
added 2025/10/29 6:30 p.m.12 views

EUVD-2025-36680

Server Version Disclosure.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5...

10CVSS6.5AI score0.00317EPSS
Exploits0References2
OSV
OSV
added 2025/10/29 5:15 p.m.8 views

CVE-2025-12477

Server Version Disclosure.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5...

9.8CVSS5.8AI score0.00317EPSS
Exploits0References1
Rows per page
Query Builder