Lucene search
+L

752 matches found

Rapid7 Blog
Rapid7 Blog
added 2025/12/11 10:57 a.m.9 views

New Research: Multifunction Printer (MFP) Security Concerns within the Enterprise Business Environment

Multifunction printers MFPs do far more than print. They scan, email, fax, store, and authenticate. That convenience comes with risk. Our latest report, Understanding Multifunction Printer MFP Security within the Enterprise Business Environment, from Rapid7’s Deral Heiland, Principal Security...

7AI score
Exploits0
RedhatCVE
RedhatCVE
added 2025/12/11 5:3 a.m.7 views

CVE-2025-65289

A stored Cross site scripting XSS vulnerability in the Mercury MR816v2 081C3114 4.8.7 Build 110427 Rel 36550n router allows a remote attacker on the LAN to inject JavaScript into the router's management UI by submitting a malicious hostname. The injected script is stored and later executed in the...

6.1CVSS5.6AI score0.00317EPSS
Exploits1References1
EUVD
EUVD
added 2025/12/09 6:30 p.m.5 views

EUVD-2025-202296

A stored Cross site scripting XSS vulnerability in the Mercury MR816v2 081C3114 4.8.7 Build 110427 Rel 36550n router allows a remote attacker on the LAN to inject JavaScript into the router's management UI by submitting a malicious hostname. The injected script is stored and later executed in the...

5.2AI score0.00317EPSS
Exploits1References2
NVD
NVD
added 2025/12/09 5:15 p.m.6 views

CVE-2025-65289

A stored Cross site scripting XSS vulnerability in the Mercury MR816v2 081C3114 4.8.7 Build 110427 Rel 36550n router allows a remote attacker on the LAN to inject JavaScript into the router's management UI by submitting a malicious hostname. The injected script is stored and later executed in the...

6.1CVSS0.00317EPSS
Exploits1References1
Veracode
Veracode
added 2025/12/09 6:35 a.m.8 views

Weak Authentication

org.apache.druid, druid is vulnerable to Weak Authentication. The vulnerability is due to the Kerberos authenticator using a weak fallback secret generated with a non-cryptographically secure RNG when druid.auth.authenticator.kerberos.cookieSignatureSecret is not set, which allows an attacker to...

9.8CVSS7AI score0.00597EPSS
Exploits0References5Affected Software2
Cvelist
Cvelist
added 2025/12/09 12:0 a.m.25 views

CVE-2025-65289

A stored Cross site scripting XSS vulnerability in the Mercury MR816v2 081C3114 4.8.7 Build 110427 Rel 36550n router allows a remote attacker on the LAN to inject JavaScript into the router's management UI by submitting a malicious hostname. The injected script is stored and later executed in the...

0.00317EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/12/05 12:9 a.m.16 views

CVE-2025-54303

The Thermo Fisher Torrent Suite Django application 5.18.1 has weak default credentials, which are stored as fixtures for the Django ORM API. The ionadmin user account can be used to authenticate to default deployments with the password ionadmin. The user guide recommends changing default...

9.8CVSS6.8AI score0.00338EPSS
Exploits0References1
CNVD
CNVD
added 2025/11/27 12:0 a.m.6 views

AMD Xilinx Run Time Elevation of Privilege Vulnerability

AMD Xilinx Run Time is a standardized runtime environment developed by AMD for Xilinx FPGAs that provides a unified software interface to optimize FPGA arithmetic. An elevation of privilege vulnerability exists in AMD Xilinx Run Time that stems from insufficient authentication and can be exploite...

5.7CVSS7.3AI score0.00094EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/11/25 12:0 a.m.5 views

WordPress plugin Wishlist for WooCommerce 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plug-in. A security...

6.5CVSS6.7AI score0.00212EPSS
Exploits0References3
CNVD
CNVD
added 2025/11/18 12:0 a.m.6 views

Desktop Alert PingAlert Server-Side Request Forgery Vulnerability

Desktop Alert PingAlert is a network status monitoring tool developed by Desktop Alert, Inc. and is mainly used to monitor the status of network devices in real time and send alerts. Desktop Alert PingAlert suffers from a server-side request forgery vulnerability, which stems from the server not...

3.8CVSS7.2AI score0.00184EPSS
Exploits0References1
CNVD
CNVD
added 2025/11/14 12:0 a.m.2 views

Rockwell Automation Studio 5000 Simulation Interface Server-Side Request Forgery Vulnerability

Rockwell Automation Studio 5000 Simulation Interface is a simulation modeling tool from Rockwell Automation. The Rockwell Automation Studio 5000 Simulation Interface suffers from a server-side request forgery vulnerability that stems from the server not implementing sufficient authentication...

8.9CVSS5.9AI score0.00167EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/11/05 12:0 a.m.9 views

PT-2025-45129

Name of the Vulnerable Software and Affected Versions Cisco Unified Contact Center Enterprise Cisco Unified CCX affected versions not specified Description A flaw exists in the Java Remote Method Invocation RMI process of Cisco Unified CCX. This issue could allow a remote attacker to upload...

10CVSS8.2AI score0.00877EPSS
Exploits0References11
CNVD
CNVD
added 2025/10/31 12:0 a.m.4 views

IBM Concert Software Server-Side Request Forgery Vulnerability

IBM Concert Software is IBM's generative AI-driven automated application management and monitoring tool based on the WatsonX platform, focused on optimizing the operational efficiency and reliability of applications. IBM Concert Software suffers from a server-side request forgery vulnerability th...

5.4CVSS7AI score0.0016EPSS
Exploits0References1
CNVD
CNVD
added 2025/10/31 12:0 a.m.6 views

Apache Kylin server-side request forgery vulnerability (CNVD-2025-30839)

Apache Kylin is the United States Apache Apache Foundation of an open source distributed analytical data warehouse . The product mainly provides Hadoop/Spark on top of the SQL query interface and multidimensional analysis OLAP and other functions. A server-side request forgery vulnerability exist...

7.3CVSS7.7AI score0.00499EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/10/30 12:0 a.m.5 views

Nagios XI 安全漏洞

Nagios XI is a suite of IT infrastructure monitoring solutions from US-based Nagios. The solution supports monitoring and alerting of applications, services, operating systems, and more. A security vulnerability exists in Nagios XI versions prior to 5.7.3, which stems from insecure file and comma...

8.5CVSS6.9AI score0.00309EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/10/28 12:0 a.m.4 views

IBM Concert 代码问题漏洞

IBM Concert Software is IBM's generative AI-driven automated application management and monitoring tool based on the WatsonX platform, focused on optimizing the operational efficiency and reliability of applications. IBM Concert Software suffers from a server-side request forgery vulnerability th...

5.4CVSS6.8AI score0.0016EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/10/15 5:44 p.m.5 views

CVE-2025-59249

Weak authentication in Microsoft Exchange Server allows an authorized attacker to elevate privileges over a network...

8.8CVSS7AI score0.00764EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/10/15 3:47 p.m.8 views

CVE-2025-49201

A weak authentication vulnerability in Fortinet FortiPAM 1.5.0, FortiPAM 1.4.0 through 1.4.2, FortiPAM 1.3 all versions, FortiPAM 1.2 all versions, FortiPAM 1.1 all versions, FortiPAM 1.0 all versions, FortiSwitchManager 7.2.0 through 7.2.4 allows attacker to execute unauthorized code or commands...

9.8CVSS7.7AI score0.00578EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/14 6:30 p.m.6 views

EUVD-2025-34376

Weak authentication in Microsoft Exchange Server allows an authorized attacker to elevate privileges over a network...

8.8CVSS6.4AI score0.00764EPSS
Exploits0References2
NVD
NVD
added 2025/10/14 5:16 p.m.6 views

CVE-2025-59249

Weak authentication in Microsoft Exchange Server allows an authorized attacker to elevate privileges over a network...

8.8CVSS0.00764EPSS
Exploits0References1
Rows per page
Query Builder