292 matches found
CVE-2025-65855
The OTA firmware update mechanism in Netun Solutions HelpFlash IoT firmware v18178221102ASCIIPRO1R550 uses hard-coded WiFi credentials identical across all devices and does not authenticate update servers or validate firmware signatures. An attacker with brief physical access can activate OTA mod...
FreeBSD : MongoDB Server -- Improper Certificate Validation (d2f2c691-cd42-11f0-85d4-b42e991fc52e)
The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the d2f2c691-cd42-11f0-85d4-b42e991fc52e advisory. https://jira.mongodb.org/browse/SERVER-105783 reports: Clients may successfully perform a TLS handshake...
CVE-2025-12893
Clients may successfully perform a TLS handshake with a MongoDB server despite presenting a client certificate not aligning with the documented Extended Key Usage EKU requirements. A certificate that specifies extendedKeyUsage but is missing extendedKeyUsage = clientAuth may still be successfully...
CVE-2025-12893
Clients may successfully perform a TLS handshake with a MongoDB server despite presenting a client certificate not aligning with the documented Extended Key Usage EKU requirements. A certificate that specifies extendedKeyUsage but is missing extendedKeyUsage = clientAuth may still be successfully...
EUVD-2025-199532
Clients may successfully perform a TLS handshake with a MongoDB server despite presenting a client certificate not aligning with the documented Extended Key Usage EKU requirements. A certificate that specifies extendedKeyUsage but is missing extendedKeyUsage = clientAuth may still be successfully...
opensourcepos 安全漏洞
opensourcepos is a point-of-sale system from opensourcepos open source. A security vulnerability exists in opensourcepos version 3.4.1, which stems from a lack of server-side authentication and could lead to the setting of empty passwords and unauthorized access...
PT-2025-47026
Name of the Vulnerable Software and Affected Versions General Industrial Controls Lynx+ Gateway affected versions not specified Description The embedded web server lacks critical authentication, potentially allowing a remote attacker to reset the device. This could lead to a complete remote...
CVE-2025-64180
Manager-io/Manager is accounting software. In Manager Desktop and Server versions 25.11.1.3085 and below, a critical vulnerability permits unauthorized access to internal network resources. The flaw lies in the fundamental design of the DNS validation mechanism. A Time-of-Check Time-of-Use TOCTOU...
CVE-2025-64180 Manager-io/Manager: Complete Bypass of SSRF Protection via Time-of-Check Time-of-Use (TOCTOU)
Manager-io/Manager is accounting software. In Manager Desktop and Server versions 25.11.1.3085 and below, a critical vulnerability permits unauthorized access to internal network resources. The flaw lies in the fundamental design of the DNS validation mechanism. A Time-of-Check Time-of-Use TOCTOU...
CVE-2025-64180 Manager-io/Manager: Complete Bypass of SSRF Protection via Time-of-Check Time-of-Use (TOCTOU)
Manager-io/Manager is accounting software. In Manager Desktop and Server versions 25.11.1.3085 and below, a critical vulnerability permits unauthorized access to internal network resources. The flaw lies in the fundamental design of the DNS validation mechanism. A Time-of-Check Time-of-Use TOCTOU...
VulnCheck KEV: CVE-2020-36870
Various Ruijie Gateway EG and NBR models firmware versions 11.16B9P1 11.94B12P1 contain a code execution vulnerability in the EWEB management system that can be abused via front-end functionality. Attackers can exploit front-end code when features such as guest authentication, local server...
PT-2025-45510
Name of the Vulnerable Software and Affected Versions Ruijie Gateway EG and NBR models versions 11.16B9P1 through 11.94B12P1 Description The EWEB management system in various Ruijie Gateway EG and NBR models contains a code execution issue. Attackers can exploit front-end code when features like...
CVE-2025-20358
A vulnerability in the Contact Center Express CCX Editor application of Cisco Unified CCX could allow an unauthenticated, remote attacker to bypass authentication and obtain administrative permissions pertaining to script creation and execution. This vulnerability is due to improper authenticatio...
CVE-2025-10640
An unauthenticated attacker with access to TCP port 12306 of the WorkExaminer server can exploit missing server-side authentication checks to bypass the login prompt in the WorkExaminer Professional console to gain administrative access to the WorkExaminer server and therefore all sensitive...
Perfex CRM 安全漏洞
Perfex CRM is a customer relationship management software from Perfex CRM open source. It is used to manage customers, projects and create invoices in the cloud. A security vulnerability exists in Perfex CRM versions prior to 3.3.1, which stems from insufficient server-side authentication and cou...
EUVD-2015-4194
Malware in sbrugna...
EUVD-2021-24826
Malware in sbrugna...
EUVD-2012-6293
Malware in sbrugna...
EUVD-2017-1387
Malware in sbrugna...
EUVD-2021-19641
Malware in sbrugna...