Lucene search
+L

317 matches found

RedhatCVE
RedhatCVE
added 2026/01/09 9:49 a.m.12 views

CVE-2020-24376

A DNS rebinding vulnerability in the UPnP IGD implementations in Freebox v5 before 1.5.29 and Freebox Server before 4.2.3...

9.6CVSS7AI score0.00997EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/12/30 12:0 a.m.15 views

TrueConf Server 安全漏洞

TrueConf Server is a self-hosted and secure video collaboration platform from the Russian company TrueConf. A security vulnerability exists in TrueConf Server version 5.5.2.10813, which stems from improper cleanup of user input in the Meeting Location field and could lead to a stored cross-site...

8.7CVSS5.6AI score0.00261EPSS
Exploits1References3
RedhatCVE
RedhatCVE
added 2025/12/14 8:51 p.m.10 views

CVE-2025-66573

Solstice Pod API version 5.5, 6.2 contains an unauthenticated API endpoint /api/config that exposes sensitive information such as the session key, server version, product details, and display name. Unauthorized users can extract live session information by accessing this endpoint without...

7.5CVSS6.8AI score0.00275EPSS
Exploits1References1
NVD
NVD
added 2025/12/11 10:15 p.m.5 views

CVE-2024-58288

Genexus Protection Server 9.7.2.10 contains an unquoted service path vulnerability in the protsrvservice Windows service configuration. Attackers can exploit the unquoted binary path to execute arbitrary code with elevated LocalSystem privileges by placing malicious executables in specific file...

8.7CVSS0.00335EPSS
Exploits0References4
Cvelist
Cvelist
added 2025/12/05 5:17 p.m.23 views

CVE-2025-34263 Advantech WISE-DeviceOn Server < 5.4 Authenticated Stored XSS via plugin-config/dashboards/menus

Advantech WISE-DeviceOn Server versions prior to 5.4 contain a stored cross-site scripting XSS vulnerability in the /rmm/v1/plugin-config/dashboards/menus endpoint. When an authenticated user adds or edits a dashboard entry, the label and path values are stored in plugin configuration data and...

5.1CVSS0.00172EPSS
Exploits0References3
OSV
OSV
added 2025/12/04 9:16 p.m.5 views

CVE-2025-66573

Solstice Pod API version 5.5, 6.2 contains an unauthenticated API endpoint /api/config that exposes sensitive information such as the session key, server version, product details, and display name. Unauthorized users can extract live session information by accessing this endpoint without...

7.5CVSS5.8AI score0.00275EPSS
Exploits1References4
EUVD
EUVD
added 2025/12/04 8:45 p.m.5 views

EUVD-2025-201276

Solstice Pod API version 5.5, 6.2 contains an unauthenticated API endpoint /api/config that exposes sensitive information such as the session key, server version, product details, and display name. Unauthorized users can extract live session information by accessing this endpoint without...

6.9CVSS6.3AI score0.00275EPSS
Exploits1References6
CVE
CVE
added 2025/12/04 8:45 p.m.27 views

CVE-2025-66573

Solstice Pod API exposure: Versions 5.5 and 6.2 include an unauthenticated /api/config endpoint that can disclose sensitive live-session data (session key, server version, product details, display name) to any user. This information exposure is documented across multiple sources (NVD/Red Hat/CVE ...

7.5CVSS6.4AI score0.00275EPSS
Exploits1References4Affected Software1
Cvelist
Cvelist
added 2025/12/04 8:45 p.m.25 views

CVE-2025-66573 Solstice Pod API Session Key Extraction via API Endpoint

Solstice Pod API version 5.5, 6.2 contains an unauthenticated API endpoint /api/config that exposes sensitive information such as the session key, server version, product details, and display name. Unauthorized users can extract live session information by accessing this endpoint without...

6.9CVSS0.00275EPSS
Exploits1References4
Vulnrichment
Vulnrichment
added 2025/12/04 8:45 p.m.9 views

CVE-2025-66573 Solstice Pod API Session Key Extraction via API Endpoint

Solstice Pod API version 5.5, 6.2 contains an unauthenticated API endpoint /api/config that exposes sensitive information such as the session key, server version, product details, and display name. Unauthorized users can extract live session information by accessing this endpoint without...

6.9CVSS6.4AI score0.00275EPSS
Exploits1References4
ATTACKERKB
ATTACKERKB
added 2025/12/04 8:45 p.m.5 views

CVE-2025-66573

Solstice Pod API version 5.5, 6.2 contains an unauthenticated API endpoint /api/config that exposes sensitive information such as the session key, server version, product details, and display name. Unauthorized users can extract live session information by accessing this endpoint without...

7.5CVSS5.8AI score0.00275EPSS
Exploits1References4Affected Software1
Positive Technologies
Positive Technologies
added 2025/12/04 12:0 a.m.10 views

PT-2025-49141

Name of the Vulnerable Software and Affected Versions Solstice Pod API versions 5.5 through 6.2 Description The Solstice Pod API has an unauthenticated API endpoint. Specifically, the /api/config endpoint allows unauthorized access to sensitive information without requiring authentication. This...

6.9CVSS6.7AI score0.00275EPSS
Exploits1References7
Packet Storm
Packet Storm
added 2025/11/10 12:0 a.m.165 views

📄 Ilevia EVE X1/X5 Server 4.7.18.0.eden Insecure Hashing Algorithm

Ilevia EVE X1/X5 Server version 4.7.18.0.eden stores user passwords in the database using the MD5 hashing algorithm, which is considered cryptographically insecure due to its vulnerability to collision and brute-force attacks. MD5 lacks modern protections such as salting and computational hardnes...

8.2CVSS7.1AI score0.00287EPSS
Exploits2
Positive Technologies
Positive Technologies
added 2025/11/10 12:0 a.m.12 views

PT-2025-46220

PacsOne Server version 6.6.2 prior versions are likely affected contains a directory traversal vulnerability within the web-based DICOM viewer component. Successful exploitation allows a remote unauthenticated attacker to read arbitrary files via the 'nocache.php' endpoint with a crafted 'path'...

8.7CVSS6.9AI score0.00903EPSS
Exploits0References4
Zero Science Lab
Zero Science Lab
added 2025/11/06 12:0 a.m.235 views

Ilevia EVE X1/X5 Server 4.7.18.0.eden Insecure Hashing Algorithm

Summary EVE is a smart home and building automation solution designed for both residential and commercial environments, including malls, hotels, restaurants, bars, gyms, spas, boardrooms, and offices. It enables comprehensive control and monitoring of electrical installations through a highly...

8.2CVSS5.8AI score0.00287EPSS
Exploits2
OpenVAS
OpenVAS
added 2025/11/06 12:0 a.m.15 views

motionEye Detection (HTTP)

HTTP based detection of motionEye. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptoid"1.3.6.1.4.1.25623.1.0.155713";...

7AI score
Exploits0References1
CNVD
CNVD
added 2025/11/05 12:0 a.m.51 views

Azure Access Technology BLU-IC2 and Azure Access Technology BLU-IC4 Information Disclosure Vulnerabilities

The Azure Access Technology BLU-IC2 and Azure Access Technology BLU-IC4 are both networked access controllers from Azure Access Technology, USA. An information disclosure vulnerability exists in Azure Access Technology BLU-IC2 and Azure Access Technology BLU-IC4, which is caused by incorrect...

10CVSS6.1AI score0.00317EPSS
Exploits0References1
OSV
OSV
added 2025/11/03 7:16 p.m.4 views

CVE-2025-8558

Insider Threat Management ITM Server versions prior to 7.17.2 contain an authentication bypass vulnerability that allows unauthenticated users on an adjacent network to perform agent unregistration when the number of registered agents exceeds the licensed limit. Successful exploitation prevents t...

5.4CVSS5.8AI score0.00598EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/30 9:30 p.m.7 views

EUVD-2025-37196

sqls-server/sqls 0.2.28 is vulnerable to command injection in the config command because the openEditor function passes the EDITOR environment variable and config file path to sh -c without sanitization, allowing attackers to execute arbitrary commands...

7.5CVSS7.5AI score0.01129EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2025/10/30 5:9 p.m.15 views

CVE-2025-12477

Server Version Disclosure.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5...

10CVSS7AI score0.00317EPSS
Exploits0References1
Rows per page
Query Builder