Lucene search
K

9 matches found

Cvelist
Cvelist
added 2026/05/28 8:41 p.m.36 views

CVE-2026-45344 LinkAce: Setup database password newline injection enables pre-auth RCE on uninitialized instances

LinkAce is a self-hosted archive to collect website links. Prior to 2.5.6, the setup database configuration flow on uninitialized LinkAce instances accepts attacker-controlled database credential fields and writes them back into .env without escaping. A remote attacker who can reach the setup...

8.1CVSS0.00456EPSS
Exploits0References1
OSV
OSV
added 2025/11/19 6:15 p.m.10 views

CVE-2025-63205

An issue was discovered in bridgetech probes VB220 IP Network Probe,VB120 Embedded IP + RF Probe, VB330 High-Capacity Probe, VB440 ST 2110 Production Analytics Probe, and NOMAD, firmware versions 6.5.0-9, allowing attackers to gain sensitive information such as administrator passwords via the...

7.5CVSS5.8AI score0.00334EPSS
Exploits1References2
OSV
OSV
added 2025/11/19 6:15 p.m.11 views

CVE-2025-63208

An issue was discovered in bridgetech VB288 Objective QoE Content Extractor, firmware version 5.6.0-8, allowing attackers to gain sensitive information such as administrator passwords via the /probe/core/setup/passwd endpoint...

7.5CVSS5.8AI score0.00219EPSS
Exploits1References2
CVE
CVE
added 2025/11/19 12:0 a.m.19 views

CVE-2025-63205

Bridgetech probes and NOMAD (VB220, VB120, VB330, VB440) firmware versions 6.5.0-9 have a reported information-disclosure flaw exposed via the /probe/core/setup/passwd endpoint that can reveal administrator passwords. Multiple sources corroborate the affected product set and version, but the supp...

7.5CVSS5.3AI score0.00334EPSS
Exploits1References2Affected Software1
EUVD
EUVD
added 2025/10/03 8:7 p.m.21 views

EUVD-2025-23997

Malicious code in bioql PyPI...

10CVSS9.5AI score0.00635EPSS
Exploits0References4
Cvelist
Cvelist
added 2025/09/04 11:9 a.m.10 views

CVE-2025-41039 Stored Cross-Site Scripting vulnerability in appRain CMF

A vulnerability has been discovered in appRain CMF version 4.0.5, consisting of a stored authenticated XSS due to a lack of proper validation of user input, through the 'datasconfigadminlandingpage', 'datasconfigcurrency', 'datasconfigdbversion', 'datasconfigdefaultpagination',...

5.1CVSS0.00162EPSS
Exploits0References1
CVE
CVE
added 2025/08/08 3:32 p.m.27 views

CVE-2025-8731

TRENDnet CVE-2025-8731 affects TI-G160i, TI-PG102i and TPL-430AP (up to 20250724) with the SSH Service using default credentials. Several sources confirm remote exploitation is possible and that the exploit has been publicly disclosed. Mitigation in publicly released documents centers on credenti...

10CVSS9.6AI score0.00635EPSS
Exploits0References4
CNVD
CNVD
added 2020/03/20 12:0 a.m.6 views

Ignite Realtime Openfire Cross-Site Scripting Vulnerability

Ignite Realtime Openfire is a real-time collaboration RTC server licensed under the open source Apache license. A cross-site scripting vulnerability exists in Ignite Realtime Openfire 4.4.1. An attacker can exploit this vulnerability via the setup/setup-datasource-standard.jsp password parameter ...

6.1CVSS6.4AI score0.00906EPSS
Exploits1References1
CNVD
CNVD
added 2015/08/05 12:0 a.m.5 views

GE Healthcare Precision THUNIS-800+ Trust Management Vulnerability

The GE Healthcare Precision THUNIS-800+ PT800+ is an all-in-one digital remote-controlled multifunction X-ray machine the device that produces the X-rays from General Electric GE for the medical industry. A security vulnerability exists in the GE Healthcare PT800+ that originates from the program...

10CVSS7.1AI score0.01679EPSS
Exploits0References1
Rows per page
Query Builder