Lucene search
+L

269 matches found

Cvelist
Cvelist
added 2025/08/01 11:35 p.m.43 views

CVE-2025-54781 Himmelblau leaks an Intune service access token in its logs

Himmelblau is an interoperability suite for Microsoft Azure Entra ID and Intune. When debugging is enabled for Himmelblau in version 1.0.0, the himmelblaudtasks service leaks an Intune service access token to the system journal. This short-lived token can be used to detect the host's Intune...

2.8CVSS0.00138EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2025/06/26 12:0 a.m.5 views

FreeBSD : Gitlab -- Vulnerabilities (d45dabd9-5232-11f0-9ca4-2cf05da270f3)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the d45dabd9-5232-11f0-9ca4-2cf05da270f3 advisory. Gitlab reports: Denial of Service impacts GitLab CE/EE Missing Authentication issue impacts...

8.8CVSS5.5AI score0.00311EPSS
Exploits0References7
CVE
CVE
added 2025/06/23 8:42 p.m.95 views

CVE-2025-2828

CVE-2025-2828 describes an SSRF flaw in the RequestsToolkit of langchain-ai/langchain (langchain_community.agent_toolkits.openapi.toolkit.RequestsToolkit) affecting version 0.0.27. The vulnerability arises from insufficiently restricted requests to remote internet addresses, enabling an attacker ...

10CVSS8.3AI score0.14732EPSS
Exploits1References2Affected Software1
RedhatCVE
RedhatCVE
added 2025/05/23 10:38 a.m.8 views

CVE-2024-45871

Bandisoft BandiView 7.05 is Incorrect Access Control via sub0x232bd8 resulting in denial of service DOS...

6.3CVSS6.5AI score0.00443EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/23 2:14 a.m.14 views

CVE-2023-25683

IBM PowerVM Hypervisor FW950.00 through FW950.71, FW1010.00 through FW1010.40, FW1020.00 through FW1020.20, and FW1030.00 through FW1030.11 could allow an attacker to obtain sensitive information if they gain service access to the HMC. IBM X-Force ID: 247592...

7.5CVSS6.1AI score0.00626EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 1:47 a.m.20 views

CVE-2023-37940

Cross-site scripting XSS vulnerability in the edit Service Access Policy page in Liferay Portal 7.0.0 through 7.4.3.87, and Liferay DXP 7.4 GA through update 87, 7.3 GA through update 29, and older unsupported versions allows remote attackers to inject arbitrary web script or HTML via a crafted...

4.8CVSS5.8AI score0.0027EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 12:28 a.m.9 views

CVE-2022-48113

A vulnerability in TOTOLINK N200REv5 firmware V9.3.5u.6139 allows unauthenticated attackers to access the telnet service via a crafted POST request. Attackers are also able to leverage this vulnerability to login as root via hardcoded credentials...

9.8CVSS7AI score0.00937EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 9:37 p.m.8 views

CVE-2021-25337

Improper access control in clipboard service in Samsung mobile devices prior to SMR Mar-2021 Release 1 allows untrusted applications to read or write certain local files...

7.1CVSS6.5AI score0.02831EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 4:28 p.m.11 views

CVE-2020-19676

Nacos 1.1.4 is affected by: Incorrect Access Control. An environment can be set up locally to get the service details interface. Then other Nacos service names can be accessed through the service list interface. Service details can then be accessed when not logged in...

5.3CVSS6.7AI score0.0142EPSS
Exploits1
RedhatCVE
RedhatCVE
added 2025/05/22 10:25 a.m.9 views

CVE-2019-10917

A vulnerability has been identified in SIMATIC PCS 7 V8.0 and earlier All versions, SIMATIC PCS 7 V8.1 All versions V8.1 with WinCC V7.3 Upd 19, SIMATIC PCS 7 V8.2 All versions V8.2 SP1 with WinCC V7.4 SP1 Upd11, SIMATIC PCS 7 V9.0 All versions V9.0 SP2 with WinCC V7.4 SP1 Upd11, SIMATIC WinCC TI...

5.5CVSS6.5AI score0.00265EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 4:6 a.m.9 views

CVE-2010-0535

Dovecot in Apple Mac OS X 10.6 before 10.6.3, when Kerberos is enabled, does not properly enforce the service access control list SACL for sending and receiving e-mail, which allows remote authenticated users to bypass intended access restrictions via unspecified vectors...

6.5CVSS6.2AI score0.01396EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 4:6 a.m.12 views

CVE-2010-0534

Wiki Server in Apple Mac OS X 10.6 before 10.6.3 does not enforce the service access control list SACL for weblogs during weblog creation, which allows remote authenticated users to publish content via HTTP requests...

4CVSS6.1AI score0.01094EPSS
Exploits0References1
The Hacker News
The Hacker News
added 2025/05/20 12:42 p.m.43 views

AWS Default IAM Roles Found to Enable Lateral Movement and Cross-Service Exploitation

Cybersecurity researchers have discovered risky default identity and access management IAM roles impacting Amazon Web Services that could open the door for attackers to escalate privileges, manipulate other AWS services, and, in some cases, even fully compromise AWS accounts. "These roles, often...

7.9AI score
Exploits0
OSV
OSV
added 2025/04/25 5:15 a.m.9 views

CVE-2025-3775

The ShopLentor – WooCommerce Builder for Elementor & Gutenberg +20 Modules – All in One Solution formerly WooLentor plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 3.1.2 via the woolentortemplateproxy function. This makes it possible for...

6.5CVSS7.4AI score0.00251EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/04/07 12:0 a.m.6 views

PT-2025-15280

Name of the Vulnerable Software and Affected Versions fluent-bit version 3.7.2 Description The issue allows a local attacker to cause a denial of service via the cfl list size in cfl list.h:165. This can be exploited to disrupt the service. Recommendations For fluent-bit version 3.7.2, as a...

5.5CVSS5.3AI score0.0019EPSS
Exploits1References7
Vulnrichment
Vulnrichment
added 2025/03/20 3:0 p.m.7 views

CVE-2025-2546 D-Link DIR-618/DIR-605L Firewall Service formAdvFirewall access control

A vulnerability classified as problematic was found in D-Link DIR-618 and DIR-605L 2.02/3.02. This vulnerability affects unknown code of the file /goform/formAdvFirewall of the component Firewall Service. The manipulation leads to improper access controls. The attack needs to be approached within...

5.3CVSS6.9AI score0.09859EPSS
Exploits1References6
CVE
CVE
added 2025/03/20 10:9 a.m.71 views

CVE-2024-7959

The Open WebUI SSRF issue is in open-webui/open-webui version 0.3.8, exposed via the /openai/models endpoint. The vulnerable component allows changing the OpenAI URL without validation, causing the server to issue requests to arbitrary destinations and return their output. Reported impact include...

7.8AI score0.24461EPSS
Exploits0
CNNVD
CNNVD
added 2025/03/18 12:0 a.m.5 views

Hewlett Packard Enterprise AOS-CX(HPE AOS-CX) 安全漏洞

Hewlett Packard Enterprise AOS-CX HPE AOS-CX is a network operating system for data centers, campuses, and edges from Hewlett Packard Enterprise, Inc. It is used to provide flexible and innovative network services and enhance network performance. A security vulnerability exists in Hewlett Packard...

6CVSS6.6AI score0.00185EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/03/10 6:9 p.m.27 views

CVE-2025-22603 AutoGPT SSRF vulnerability

AutoGPT is a platform that allows users to create, deploy, and manage continuous artificial intelligence agents that automate complex workflows. Versions prior to autogpt-platform-beta-v0.4.2 contains a server-side request forgery SSRF vulnerability inside component or block Send Web Request. The...

8.7CVSS0.00534EPSS
Exploits1References4
CNNVD
CNNVD
added 2025/03/06 12:0 a.m.5 views

RSUPPORT RemoteView Agent 安全漏洞

RSUPPORT RemoteView Agent is a remote control agent program from RSUPPORT Japan. A security vulnerability exists in RSUPPORT RemoteView Agent versions prior to v8.1.5.2, which stems from incorrect access privileges to specific services, and could cause a non-administrative user to execute arbitra...

7.8CVSS7.9AI score0.00143EPSS
Exploits0References3
Rows per page
Query Builder