Lucene search
K

31 matches found

Positive Technologies
Positive Technologies
added 2026/05/29 12:0 a.m.16 views

PT-2026-44816

Nozomi Networks Labs identified a CWE-125: Out-of-bounds Read in Waterfall WF-500 RX Host in version 7.10.0.0 R2601141040 that allows attackers with access to the TX Host to execute code on the RX Host...

7.5CVSS6AI score0.0012EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/05/11 12:0 a.m.43 views

Linux Distros Unpatched Vulnerability : CVE-2023-2905

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Due to a failure in validating the length of a provided MQTTCMDPUBLISH parsed message with a variable length header, Cesanta Mongoose, an embeddable web server,...

8.8CVSS6AI score0.01014EPSS
Exploits1References2
NVD
NVD
added 2026/04/21 3:16 p.m.11 views

CVE-2026-0971

An improper session timeout issue in Fortra's GoAnywhere MFT prior to version 7.10.0 results in SAML configured Web Users being redirected to the regular login page instead of the SAML login page...

4.3CVSS0.0018EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/04/21 2:14 p.m.4 views

CVE-2026-1089 User‑Controlled HTTP Header In Fortra's GoAnywhere MFT Allows Arbitrary DNS Lookups

User‑Controlled HTTP Header in Fortra's GoAnywhere MFT prior to version 7.10.0 allows attackers to trigger a DNS lookup, as well as DNS Rebinding and Information Disclosure...

6.5CVSS5.8AI score0.00229EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/04/21 2:14 p.m.31 views

CVE-2025-14362 GoAnywhere MFT SFTP Service Login Vulnerable to Brute Force Attack Under Certain Circumstances

The login limit is not enforced on the SFTP service of Fortra's GoAnywhere MFT prior to 7.10.0 if the Web User attempting to be logged in to is configured to log in with an SSH Key, making the SSH key vulnerable to being guessed via Brute Force...

7.3CVSS0.00194EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/04/21 2:10 p.m.5 views

CVE-2025-1241 Encryption vulnerable to brute-force decryption in GoAnywhere MFT

Encrypted values in Fortra's GoAnywhere MFT prior to version 7.10.0 and GoAnywhere Agents prior to version 2.2.0 utilize a static IV which allows admin users to brute-force decryption of data...

5.8CVSS5.8AI score0.00127EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/04/21 12:0 a.m.9 views

Fortra GoAnywhere MFT 安全漏洞

Fortra GoAnywhere MFT is a file transfer software developed by the American company Fortra. Versions of Fortra GoAnywhere MFT prior to 7.10.0 contained a security vulnerability. This vulnerability stemmed from the SFTP service not enforcing login restrictions when the web user was configured to l...

7.3CVSS5.8AI score0.00194EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/04/21 12:0 a.m.9 views

PT-2026-33978

The login limit is not enforced on the SFTP service of Fortra's GoAnywhere MFT prior to 7.10.0 if the Web User attempting to be logged in to is configured to log in with an SSH Key, making the SSH key vulnerable to being guessed via Brute Force...

7.3CVSS5.7AI score0.00155EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2026/02/04 12:0 a.m.4 views

PT-2026-6420

Impact The deriveVaultKey function calls retrieveCloudKey which always returns "foobarfoobarfoobarfoobarfoobarfo". When merged with the randomly generated 32-byte key using mergeKeys 16 bytes from each, the last 16 bytes are always "arfoobarfoobarfo". This enables an attacker with physical access...

7.8CVSS5.4AI score0.00134EPSS
Exploits0References7
EUVD
EUVD
added 2025/11/24 3:30 p.m.5 views

EUVD-2025-198806

iStats contains an insecure XPC service that allows local, unprivileged users to escalate their privileges to root via command injection.This issue affects iStats: 7.10.4...

9.3CVSS6.8AI score0.0056EPSS
Exploits0References4
CNNVD
CNNVD
added 2025/11/24 12:0 a.m.4 views

Bjango iStats 安全漏洞

Bjango iStats is a system monitoring tool from Bjango Australia. A security vulnerability exists in Bjango iStats version 7.10.4, which originates from an insecure XPC service and could lead to elevation of privilege...

8.5CVSS6.6AI score0.0056EPSS
Exploits0References4
OSV
OSV
added 2025/09/08 6:15 p.m.4 views

CVE-2025-56266

A Host Header Injection vulnerability in Avigilon ACM v7.10.0.20 allows attackers to execute arbitrary code via supplying a crafted URL...

9.8CVSS6.1AI score0.02695EPSS
Exploits1References3
CNNVD
CNNVD
added 2025/09/08 12:0 a.m.4 views

Avigilon ACM 安全漏洞

Avigilon ACM is a physical access control system from Avigilon USA. A security vulnerability exists in Avigilon ACM version v7.10.0.20, which originates from CSV injection and could lead to the execution of arbitrary code...

9.8CVSS7AI score0.00673EPSS
Exploits1References3
Tenable Nessus
Tenable Nessus
added 2025/08/30 12:0 a.m.3 views

Linux Distros Unpatched Vulnerability : CVE-2025-53025

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization component: Core. The supported version that is affected is 7.1.10. Easily exploitable...

6CVSS6.8AI score0.00291EPSS
Exploits0References2
CNNVD
CNNVD
added 2024/10/11 12:0 a.m.4 views

Snipe-IT 安全漏洞

Snipe-IT is an open source IT asset/license management system for snipe individual developers. A security vulnerability exists in Snipe-IT versions prior to 7.0.10 that stems from allowing remote code execution when an attacker knows the APPKEY...

6.6CVSS7.6AI score0.00962EPSS
Exploits1References2
CNNVD
CNNVD
added 2024/09/08 12:0 a.m.5 views

Texas Instruments Fusion Digital Power Designer 安全漏洞

Texas Instruments Fusion Digital Power Designer is a digital power design tool from Texas Instruments. A security vulnerability exists in Texas Instruments Fusion Digital Power Designer version 7.10.1, which originated from a vulnerability that allows a local attacker to gain access to sensitive...

6.6CVSS6.4AI score0.00171EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2024/01/21 12:0 a.m.6 views

PT-2024-15806 · European Chemicals Agency · Iuclid

Name of the Vulnerable Software and Affected Versions: European Chemicals Agency IUCLID version 7.10.3 Description: A critical vulnerability was found in the European Chemicals Agency IUCLID, affecting an unknown function of the file iuclid6.exe of the component Desktop Installer. The manipulatio...

7.1CVSS7AI score0.00278EPSS
Exploits1References8
OSV
OSV
added 2023/08/09 5:15 a.m.5 views

DEBIAN-CVE-2023-2905

Due to a failure in validating the length of a provided MQTTCMDPUBLISH parsed message with a variable length header, Cesanta Mongoose, an embeddable web server, version 7.10 is susceptible to a heap-based buffer overflow vulnerability in the default configuration. Version 7.9 and prior does not...

8.8CVSS6.9AI score0.01014EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2023/08/08 12:0 a.m.3 views

PT-2023-4690 · Unknown · Sicam Toolbox Ii

Name of the Vulnerable Software and Affected Versions: SICAM TOOLBOX II versions prior to V07.10 Description: A vulnerability has been identified in the SICAM TOOLBOX II application, where the database service is executed as NT AUTHORITYSYSTEM. This could allow a local attacker to execute operati...

7.8CVSS7.7AI score0.0018EPSS
Exploits0References6
CNNVD
CNNVD
added 2023/05/09 12:0 a.m.4 views

Open-Xchange OX App Suite 信息泄露漏洞

Open-Xchange OX App Suite is an email and productivity suite client software from Open-Xchange Germany. An information disclosure vulnerability exists in Open-Xchange OX App Suite version 7.10.6-rev23. An attacker could exploit the vulnerability to view user privacy...

6.5CVSS6.5AI score0.00759EPSS
Exploits0References5
Rows per page
Query Builder