Lucene search
K

66 matches found

EUVD
EUVD
added 2025/12/20 3:31 a.m.5 views

EUVD-2025-204619

The HTTPS service on Tapo C200 V3 exposes a connectAP interface without proper authentication. An unauthenticated attacker on the same local network segment can exploit this to modify the device’s Wi-Fi configuration, resulting in loss of connectivity and denial-of-service DoS...

8.7CVSS6.2AI score0.00304EPSS
Exploits0References3
NVD
NVD
added 2025/12/16 7:15 p.m.6 views

CVE-2025-14553

Exposure of password hashes through an unauthenticated API response in TP-Link Tapo app on iOS and Android for Tapo cameras, allowing attackers to brute force the password in the local network. Issue can be mitigated through mobile application updates. Device firmware remains unchanged...

7CVSS0.00174EPSS
Exploits0References3
Cvelist
Cvelist
added 2025/12/16 6:38 p.m.27 views

CVE-2025-14553 Password Hash Leak Could Lead to Unauthorized Access on Tapo App via Local Network

Exposure of password hashes through an unauthenticated API response in TP-Link Tapo app on iOS and Android for Tapo cameras, allowing attackers to brute force the password in the local network. Issue can be mitigated through mobile application updates. Device firmware remains unchanged...

7CVSS0.00174EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2025/12/16 12:0 a.m.4 views

PT-2025-51777

Name of the Vulnerable Software and Affected Versions TP-Link Tapo C210 versions 1.8 Description An unauthenticated API response exposes password hashes in the TP-Link Tapo C210 application on iOS and Android. This allows attackers to attempt to brute force the password within the local network...

7CVSS6.4AI score0.00174EPSS
Exploits0References8
RedhatCVE
RedhatCVE
added 2025/12/13 3:58 p.m.5 views

CVE-2025-36743

SolarEdge SE3680H has an exposed debug/test interface accessible to unauthenticated actors, allowing disclosure of system internals and execution of debug commands...

8.6CVSS7AI score0.00189EPSS
Exploits0References1
EUVD
EUVD
added 2025/12/12 3:30 p.m.6 views

EUVD-2025-203086

SolarEdge SE3680H has an exposed debug/test interface accessible to unauthenticated actors, allowing disclosure of system internals and execution of debug commands...

8.6CVSS6.5AI score0.00189EPSS
Exploits0References4
OSV
OSV
added 2025/12/12 3:15 p.m.6 views

CVE-2025-36743

SolarEdge SE3680H has an exposed debug/test interface accessible to unauthenticated actors, allowing disclosure of system internals and execution of debug commands...

6.8CVSS5.9AI score0.00189EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/12/12 12:0 a.m.5 views

SolarEdge SE3680H 安全漏洞

The SolarEdge SE3680H is a high-clearance wave inverter from SolarEdge, Israel. A security vulnerability exists in the SolarEdge SE3680H that originates from the exposure of an unauthenticated debug or test interface, which could lead to the disclosure of internal system information and the...

8.6CVSS6.5AI score0.00189EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/12/02 12:0 a.m.4 views

Iskra iHUB和Iskra iHUB Lite 访问控制错误漏洞

Both Iskra iHUB and Iskra iHUB Lite are a smart metering gateway from Iskra, Slovenia. An access control error vulnerability exists in the Iskra iHUB and Iskra iHUB Lite that originates from an unauthenticated web management interface and could lead to unauthorized access and modification...

9.3CVSS7.7AI score0.00593EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/10/27 12:0 a.m.5 views

SICK AG TLOC100-100 安全漏洞

The SICK AG TLOC100-100 is a mobile robot positioning system from SICK Germany. A security vulnerability exists in the SICK AG TLOC100-100 that stems from an unauthenticated C++ API that could be exploited by a remote attacker to cause sensitive data to be accessed or modified and service...

9.8CVSS6.6AI score0.00449EPSS
Exploits0References6
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2019-17256

Malware in sbrugna...

9.8CVSS9.5AI score0.03791EPSS
Exploits0References4
The Hacker News
The Hacker News
added 2025/08/25 5:53 p.m.10 views

Docker Fixes CVE-2025-9074, Critical Container Escape Vulnerability With CVSS Score 9.3

Docker has released fixes to address a critical security flaw affecting the Docker Desktop app for Windows and macOS that could potentially allow an attacker to break out of the confines of a container. The vulnerability, tracked as CVE-2025-9074 , carries a CVSS score of 9.3 out of 10.0. It has...

9.3CVSS7AI score0.01594EPSS
Exploits15
NCSC
NCSC
added 2025/08/20 12:15 p.m.9 views

Vulnerabilities fixed in Commvault

Commvault has fixed vulnerabilities in Commvault components such as CommCell and ComServe versions prior to 11.36.60. The vulnerabilities are in versions of Commvault prior to 11.36.60. The first vulnerability allows unauthenticated attackers to execute API calls through a known login mechanism,...

8.8CVSS8.5AI score0.20719EPSS
Exploits4References3
Tenable Nessus
Tenable Nessus
added 2025/08/19 12:0 a.m.8 views

Linux Distros Unpatched Vulnerability : CVE-2019-2964

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE component: Concurrency. Supported versions that are affected are Java SE: 7u231, 8u221,...

4.3CVSS6.1AI score0.03533EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/07/09 12:0 a.m.4 views

Radiflow iSAP Smart Collector 安全漏洞

Radiflow iSAP Smart Collector is a remote traffic collection and forwarding appliance designed for industrial networks from Radiflow USA. A security vulnerability exists in the Radiflow iSAP Smart Collector that stems from an OS command injection in an unauthenticated REST API on the management...

10CVSS7.9AI score0.01028EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/06/29 6:5 p.m.11 views

CVE-2025-5310

Dover Fueling Solutions ProGauge MagLink LX Consoles expose an undocumented and unauthenticated target communication framework TCF interface on a specific port. Files can be created, deleted, or modified, potentially leading to remote code execution...

9.8CVSS8AI score0.00727EPSS
Exploits0References1
CVE
CVE
added 2025/06/27 5:22 p.m.39 views

CVE-2025-5310

Dover Fueling Solutions ProGauge MagLink LX Consoles expose an undocumented and unauthenticated Target Communication Framework (TCF) interface on a specific port. The interface allows files to be created, deleted, or modified and could enable remote code execution. Affected product: ProGauge MagL...

9.8CVSS7.5AI score0.00727EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/06/27 12:0 a.m.4 views

Dover Fueling Solutions ProGauge MAGLINK LX CONSOLE 访问控制错误漏洞

The Dover Fueling Solutions ProGauge MAGLINK LX CONSOLE DFS ProGauge MAGLINK LX CONSOLE is an industrial console from Dover Fueling Solutions, Inc. designed for expansion. An access control error vulnerability exists in the Dover Fueling Solutions ProGauge MAGLINK LX CONSOLE that stems from...

9.8CVSS7.8AI score0.00727EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/06/25 12:0 a.m.5 views

Autel MaxiCharger AC Wallbox Commercial 访问控制错误漏洞

Autel MaxiCharger AC Wallbox Commercial is a smart AI electric car charger from Autel USA. Autel MaxiCharger AC Wallbox Commercial suffers from an Access Control Error vulnerability that stems from a lack of authentication in the Pile API, which can be exploited by an attacker to cause a credenti...

7.5CVSS6.9AI score0.00423EPSS
Exploits0References2
CNNVD
CNNVD
added 2024/04/05 12:0 a.m.5 views

Lenovo XClarity Administrator 安全漏洞

Lenovo XClarity Administrator LXCA is a centralized resource management solution from Lenovo China. The product is capable of providing agentless hardware management for servers, storage, network switches, and more. A security vulnerability exists in Lenovo XClarity Administrator. An attacker cou...

6.5CVSS6.6AI score0.00458EPSS
Exploits0References2
Rows per page
Query Builder