Lucene search
K

113 matches found

NVD
NVD
added 2025/07/21 9:15 p.m.6 views

CVE-2025-54127

HAXcms with nodejs backend allows users to start the server in any HAXsite or HAXcms instance. In versions 11.0.6 and below, the NodeJS version of HAXcms uses an insecure default configuration designed for local development. The default configuration does not perform authorization or authenticati...

9.8CVSS0.00403EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/07/21 8:36 p.m.5 views

CVE-2025-54127 HAXcms's Insecure Default Configuration Leads to Unauthenticated Access

HAXcms with nodejs backend allows users to start the server in any HAXsite or HAXcms instance. In versions 11.0.6 and below, the NodeJS version of HAXcms uses an insecure default configuration designed for local development. The default configuration does not perform authorization or authenticati...

9.3CVSS7.1AI score0.00403EPSS
Exploits0References1
OSV
OSV
added 2025/07/21 8:36 p.m.5 views

CVE-2025-54127 HAXcms's Insecure Default Configuration Leads to Unauthenticated Access

HAXcms with nodejs backend allows users to start the server in any HAXsite or HAXcms instance. In versions 11.0.6 and below, the NodeJS version of HAXcms uses an insecure default configuration designed for local development. The default configuration does not perform authorization or authenticati...

9.3CVSS6.5AI score0.00403EPSS
Exploits0References3
Cvelist
Cvelist
added 2025/07/21 8:36 p.m.8 views

CVE-2025-54127 HAXcms's Insecure Default Configuration Leads to Unauthenticated Access

HAXcms with nodejs backend allows users to start the server in any HAXsite or HAXcms instance. In versions 11.0.6 and below, the NodeJS version of HAXcms uses an insecure default configuration designed for local development. The default configuration does not perform authorization or authenticati...

9.3CVSS0.00403EPSS
Exploits0References1
OSV
OSV
added 2025/07/21 7:48 p.m.6 views

GHSA-F38F-JVQJ-MFG6 NodeJS version of HAX CMS Has Insecure Default Configuration That Leads to Unauthenticated Access

Summary The NodeJS version of HAX CMS uses an insecure default configuration designed for local development. The default configuration does not perform authorization or authentication checks. Details If a user were to deploy haxcms-nodejs without modifying the default settings,...

9.3CVSS6.6AI score0.00403EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2025/07/21 12:0 a.m.11 views

PT-2025-30344 · Hax Cms · Hax Cms

Name of the Vulnerable Software and Affected Versions: HAXcms versions prior to 11.0.7 Description: HAXcms with a nodejs backend allows users to start the server in any HAXsite or HAXcms instance. The NodeJS version of HAXcms, in versions 11.0.6 and below, uses an insecure default configuration...

9.8CVSS6.4AI score0.00403EPSS
Exploits0References9
NVD
NVD
added 2025/06/20 3:15 p.m.20 views

CVE-2025-3319

IBM Spectrum Protect Server 8.1 through 8.1.26 could allow attacker to bypass authentication due to improper session authentication which can result in access to unauthorized resources...

9.8CVSS0.00322EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/06/20 2:50 p.m.25 views

CVE-2025-3319 IBM Spectrum Protect Server authentication bypass

IBM Spectrum Protect Server 8.1 through 8.1.26 could allow attacker to bypass authentication due to improper session authentication which can result in access to unauthorized resources...

8.1CVSS0.00322EPSS
Exploits0References1
CVE
CVE
added 2025/06/20 2:50 p.m.41 views

CVE-2025-3319

IBM Spectrum Protect Server versions 8.1–8.1.26 are affected by an authentication bypass due to improper session authentication, potentially enabling access to unauthorized resources. The IBM security bulletin (CVE-2025-3319) confirms the issue and lists AIX/Linux/Windows platforms; remediation i...

9.8CVSS8.1AI score0.00322EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2025/06/20 2:50 p.m.7 views

CVE-2025-3319 IBM Spectrum Protect Server authentication bypass

IBM Spectrum Protect Server 8.1 through 8.1.26 could allow attacker to bypass authentication due to improper session authentication which can result in access to unauthorized resources...

8.1CVSS8.1AI score0.00322EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/06/20 12:0 a.m.8 views

PT-2025-26329 · Ibm · Ibm Spectrum Protect Server

Name of the Vulnerable Software and Affected Versions: IBM Spectrum Protect Server versions 8.1 through 8.1.26 Description: The issue is related to improper session authentication, which can allow an attacker to bypass authentication. This can result in access to unauthorized resources...

9.8CVSS6.1AI score0.00322EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 2025/05/22 5:55 p.m.9 views

CVE-2020-25165

BD Alaris PC Unit, Model 8015, Versions 9.33.1 and earlier and BD Alaris Systems Manager, Versions 4.33 and earlier The affected products are vulnerable to a network session authentication vulnerability within the authentication process between specified versions of the BD Alaris PC Unit and the ...

7.5CVSS7AI score0.01695EPSS
Exploits0
OSV
OSV
added 2025/03/26 5:13 p.m.9 views

CVE-2025-30351 Suspended Directus user can continue to use session token to access API

Directus is a real-time API and App dashboard for managing SQL database content. Starting in version 10.10.0 and prior to version 11.5.0, a suspended user can use the token generated in session auth mode to access the API despite their status. This happens because there is a check missing in...

3.5CVSS7AI score0.00337EPSS
Exploits1References4
CNNVD
CNNVD
added 2025/01/30 12:0 a.m.5 views

Broadcom Symantec Privileged Access Management 安全漏洞

Broadcom Symantec Privileged Access Management Broadcom Symantec PAM is a security software from Broadcom, Inc. It helps prevent security breaches by protecting sensitive administrative credentials, controlling privileged user access, proactively enforcing security policies, and monitoring and...

5.3CVSS6.3AI score0.00217EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2024/09/26 12:0 a.m.3 views

PT-2024-31393 · Ory · Ory Kratos

Name of the Vulnerable Software and Affected Versions: Ory Kratos versions prior to 1.3.0 Description: Ory Kratos is an identity, user management, and authentication system for cloud services. The highest available setting incorrectly assumes the identity's highest available Authenticator Assuran...

5.9CVSS7.3AI score0.00323EPSS
Exploits0References8
RedHat Linux
RedHat Linux
added 2024/07/01 1:19 a.m.4 views

ca: token authentication bypass vulnerability

A flaw was found in dogtag-pki and pki-core. The token authentication scheme can be bypassed with a LDAP injection. By passing the query string parameter sessionID=, an attacker can authenticate with an existing session saved in the LDAP directory server, which may lead to escalation of privilege...

7.5CVSS5.8AI score0.00659EPSS
Exploits0References7
Cvelist
Cvelist
added 2024/04/15 9:0 p.m.27 views

CVE-2024-23558 HCL DevOps Deploy / HCL Launch does not invalidate all session authentication cookies after logout

HCL DevOps Deploy / HCL Launch does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system...

6.3CVSS6.5AI score0.00308EPSS
Exploits0References1
CNVD
CNVD
added 2023/11/16 12:0 a.m.9 views

Bluetooth Core Specification Man-in-the-Middle Attack Vulnerability

Bluetooth is a popular wireless communication technology. A man-in-the-middle attack vulnerability exists in the Bluetooth Core Specification, which can be exploited by an attacker to compromise session authentication between Bluetooth devices, be able to force a short encryption key length using...

6.8CVSS6.7AI score0.01297EPSS
Exploits1References1
CNNVD
CNNVD
added 2023/11/14 12:0 a.m.6 views

Microsoft Bluetooth Driver 安全漏洞

Bluetooth is a popular wireless communication technology. A man-in-the-middle attack vulnerability exists in the Bluetooth Core Specification, which can be exploited by an attacker to compromise session authentication between Bluetooth devices, be able to force a short encryption key length using...

6.8CVSS7.4AI score0.01297EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2023/08/10 12:0 a.m.11 views

CVE-2023-40235

An NTLM Hash Disclosure was discovered in ArchiMate Archi before 5.1.0. When parsing the XMLNS value of an ArchiMate project file, if the namespace does not match the expected ArchiMate URL, the parser will access the provided resource. If the provided resource is a UNC path pointing to a share...

6.8AI score0.00702EPSS
Exploits1References4
Rows per page
Query Builder