Lucene search
K

292 matches found

Vulnrichment
Vulnrichment
added 2025/12/17 12:0 a.m.3 views

CVE-2025-65855

The OTA firmware update mechanism in Netun Solutions HelpFlash IoT firmware v18178221102ASCIIPRO1R550 uses hard-coded WiFi credentials identical across all devices and does not authenticate update servers or validate firmware signatures. An attacker with brief physical access can activate OTA mod...

7.4AI score0.00085EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/12/03 12:0 a.m.3 views

FreeBSD : MongoDB Server -- Improper Certificate Validation (d2f2c691-cd42-11f0-85d4-b42e991fc52e)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the d2f2c691-cd42-11f0-85d4-b42e991fc52e advisory. https://jira.mongodb.org/browse/SERVER-105783 reports: Clients may successfully perform a TLS handshake...

5.4CVSS5.4AI score0.00084EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/11/26 5:57 p.m.8 views

CVE-2025-12893

Clients may successfully perform a TLS handshake with a MongoDB server despite presenting a client certificate not aligning with the documented Extended Key Usage EKU requirements. A certificate that specifies extendedKeyUsage but is missing extendedKeyUsage = clientAuth may still be successfully...

5.4CVSS6.4AI score0.00084EPSS
Exploits0References1
NVD
NVD
added 2025/11/25 5:15 a.m.9 views

CVE-2025-12893

Clients may successfully perform a TLS handshake with a MongoDB server despite presenting a client certificate not aligning with the documented Extended Key Usage EKU requirements. A certificate that specifies extendedKeyUsage but is missing extendedKeyUsage = clientAuth may still be successfully...

5.4CVSS0.00084EPSS
Exploits0References1
EUVD
EUVD
added 2025/11/25 5:7 a.m.4 views

EUVD-2025-199532

Clients may successfully perform a TLS handshake with a MongoDB server despite presenting a client certificate not aligning with the documented Extended Key Usage EKU requirements. A certificate that specifies extendedKeyUsage but is missing extendedKeyUsage = clientAuth may still be successfully...

4.2CVSS5.9AI score0.00084EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/11/18 12:0 a.m.4 views

opensourcepos 安全漏洞

opensourcepos is a point-of-sale system from opensourcepos open source. A security vulnerability exists in opensourcepos version 3.4.1, which stems from a lack of server-side authentication and could lead to the setting of empty passwords and unauthorized access...

7.5CVSS6.8AI score0.00417EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2025/11/14 12:0 a.m.6 views

PT-2025-47026

Name of the Vulnerable Software and Affected Versions General Industrial Controls Lynx+ Gateway affected versions not specified Description The embedded web server lacks critical authentication, potentially allowing a remote attacker to reset the device. This could lead to a complete remote...

10CVSS6.6AI score0.00644EPSS
Exploits0References13
NVD
NVD
added 2025/11/07 4:15 a.m.5 views

CVE-2025-64180

Manager-io/Manager is accounting software. In Manager Desktop and Server versions 25.11.1.3085 and below, a critical vulnerability permits unauthorized access to internal network resources. The flaw lies in the fundamental design of the DNS validation mechanism. A Time-of-Check Time-of-Use TOCTOU...

10CVSS0.00315EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/11/07 2:58 a.m.4 views

CVE-2025-64180 Manager-io/Manager: Complete Bypass of SSRF Protection via Time-of-Check Time-of-Use (TOCTOU)

Manager-io/Manager is accounting software. In Manager Desktop and Server versions 25.11.1.3085 and below, a critical vulnerability permits unauthorized access to internal network resources. The flaw lies in the fundamental design of the DNS validation mechanism. A Time-of-Check Time-of-Use TOCTOU...

10CVSS6.3AI score0.00315EPSS
Exploits0References1
OSV
OSV
added 2025/11/07 2:58 a.m.6 views

CVE-2025-64180 Manager-io/Manager: Complete Bypass of SSRF Protection via Time-of-Check Time-of-Use (TOCTOU)

Manager-io/Manager is accounting software. In Manager Desktop and Server versions 25.11.1.3085 and below, a critical vulnerability permits unauthorized access to internal network resources. The flaw lies in the fundamental design of the DNS validation mechanism. A Time-of-Check Time-of-Use TOCTOU...

10CVSS6.8AI score0.00315EPSS
Exploits0References3
VulnCheck KEV
VulnCheck KEV
added 2025/11/07 12:0 a.m.4 views

VulnCheck KEV: CVE-2020-36870

Various Ruijie Gateway EG and NBR models firmware versions 11.16B9P1 11.94B12P1 contain a code execution vulnerability in the EWEB management system that can be abused via front-end functionality. Attackers can exploit front-end code when features such as guest authentication, local server...

9.2CVSS6.3AI score0.00762EPSS
In wildExploits0References89
Positive Technologies
Positive Technologies
added 2025/11/07 12:0 a.m.5 views

PT-2025-45510

Name of the Vulnerable Software and Affected Versions Ruijie Gateway EG and NBR models versions 11.16B9P1 through 11.94B12P1 Description The EWEB management system in various Ruijie Gateway EG and NBR models contains a code execution issue. Attackers can exploit front-end code when features like...

9.2CVSS7.5AI score0.00762EPSS
Exploits0References9
OSV
OSV
added 2025/11/05 5:15 p.m.5 views

CVE-2025-20358

A vulnerability in the Contact Center Express CCX Editor application of Cisco Unified CCX could allow an unauthenticated, remote attacker to bypass authentication and obtain administrative permissions pertaining to script creation and execution. This vulnerability is due to improper authenticatio...

9.8CVSS6AI score
Exploits0References1
NVD
NVD
added 2025/10/21 12:15 p.m.5 views

CVE-2025-10640

An unauthenticated attacker with access to TCP port 12306 of the WorkExaminer server can exploit missing server-side authentication checks to bypass the login prompt in the WorkExaminer Professional console to gain administrative access to the WorkExaminer server and therefore all sensitive...

9.8CVSS0.00887EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/10/09 12:0 a.m.11 views

Perfex CRM 安全漏洞

Perfex CRM is a customer relationship management software from Perfex CRM open source. It is used to manage customers, projects and create invoices in the cloud. A security vulnerability exists in Perfex CRM versions prior to 3.3.1, which stems from insufficient server-side authentication and cou...

7.3CVSS6.6AI score0.00263EPSS
Exploits1References1
EUVD
EUVD
added 2025/10/07 12:30 a.m.3 views

EUVD-2015-4194

Malware in sbrugna...

2.6CVSS8.2AI score0.02028EPSS
Exploits0References15
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2021-24826

Malware in sbrugna...

5.3CVSS5.3AI score0.00527EPSS
Exploits0References5
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2012-6293

Malware in sbrugna...

9.3CVSS6.1AI score0.08121EPSS
Exploits0References7
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2017-1387

Malware in sbrugna...

7.5CVSS7.5AI score0.01809EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2021-19641

Malware in sbrugna...

7.5CVSS7.4AI score0.01398EPSS
Exploits0References11
Rows per page
Query Builder