Lucene search
K

968 matches found

CVE
CVE
added 2026/01/06 3:52 p.m.20 views

CVE-2020-36925

CVE-2020-36925 affects the Arteco Web Client DVR/NVR. The issue is a session hijacking vulnerability caused by insufficient session ID complexity, enabling attackers to brute‑force session IDs within a numeric range to bypass authentication and gain access to live camera streams. The available do...

9.8CVSS6.3AI score0.00595EPSS
Exploits1References8
Vulnrichment
Vulnrichment
added 2026/01/06 3:52 p.m.5 views

CVE-2020-36925 Arteco Web Client DVR/NVR Session ID Brute Force Authentication Bypass

Arteco Web Client DVR/NVR contains a session hijacking vulnerability with insufficient session ID complexity that allows remote attackers to bypass authentication. Attackers can brute force session IDs within a specific numeric range to obtain valid sessions and access live camera streams without...

9.8CVSS6.3AI score0.00595EPSS
Exploits1References8
Cvelist
Cvelist
added 2026/01/06 3:52 p.m.27 views

CVE-2020-36925 Arteco Web Client DVR/NVR Session ID Brute Force Authentication Bypass

Arteco Web Client DVR/NVR contains a session hijacking vulnerability with insufficient session ID complexity that allows remote attackers to bypass authentication. Attackers can brute force session IDs within a specific numeric range to obtain valid sessions and access live camera streams without...

9.8CVSS0.00595EPSS
Exploits1References8
CNNVD
CNNVD
added 2026/01/06 12:0 a.m.4 views

Arteco Web Client DVR/NVR 安全特征问题漏洞

Arteco Web Client DVR/NVR is a web management page from Arteco, Italy. A security feature issue vulnerability exists in Arteco Web Client DVR/NVR that stems from insufficient session ID complexity, which could lead to bypassing authentication and accessing live camera streams by brute-force...

9.8CVSS6.8AI score0.00595EPSS
Exploits1References8
Positive Technologies
Positive Technologies
added 2026/01/06 12:0 a.m.14 views

PT-2026-1458

Arteco Web Client DVR/NVR contains a session hijacking vulnerability with insufficient session ID complexity that allows remote attackers to bypass authentication. Attackers can brute force session IDs within a specific numeric range to obtain valid sessions and access live camera streams without...

9.8CVSS6.7AI score0.00595EPSS
Exploits1References9
RedhatCVE
RedhatCVE
added 2025/12/05 5:25 p.m.4 views

CVE-2025-66035

Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to versions 19.2.16, 20.3.14, and 21.0.1, there is a XSRF token leakage via protocol-relative URLs in angular HTTP clients. The vulnerability is a Credential...

7.7CVSS6.5AI score0.00572EPSS
Exploits0References10
Redos
Redos
added 2025/12/03 12:0 a.m.7 views

ROS-20251203-08

The aiohttp HTTP client vulnerability is related to the fact that the final sections of an HTTP request are not analyzed. Exploitation of the vulnerability could allow an attacker acting remotely to perform spoofing attacks on HTTP requests. HTTP requests...

7.5CVSS7.5AI score0.00297EPSS
Exploits0
Vulnrichment
Vulnrichment
added 2025/12/01 6:2 p.m.4 views

CVE-2025-13836 Excessive read buffering DoS in http.client

When reading an HTTP response from a server, if no read amount is specified, the default behavior will be to use Content-Length. This allows a malicious server to cause the client to read large amounts of data into memory, potentially causing OOM or other DoS...

6.3CVSS6.4AI score0.01525EPSS
Exploits0References9
GithubExploit
GithubExploit
added 2025/12/01 6:50 a.m.249 views

Exploit for CVE-2021-21980

CVE-2021-21980 Vulnerable Test Environment Overview Realis...

7.5CVSS7AI score0.04601EPSS
Exploits2
CNNVD
CNNVD
added 2025/11/30 12:0 a.m.4 views

Tryton sao 跨站脚本漏洞

Tryton sao is a web client for Tryton's open source Universal Application Platform. A cross-site scripting vulnerability exists in Tryton sao versions prior to 7.6.9, which stems from an HTML attachment that could lead to a cross-site scripting attack...

5.4CVSS5.7AI score0.00144EPSS
Exploits0References3
GithubExploit
GithubExploit
added 2025/11/27 5:16 a.m.298 views

Exploit for CVE-2021-21980

Clippy of the Dead - CVE-2021-21980 testing environment and Nucl...

7.5CVSS6.8AI score0.04601EPSS
Exploits2
Debian
Debian
added 2025/11/25 8:5 p.m.5 views

[SECURITY] [DSA 6061-1] tryton-sao security update

------------------------------------------------------------------------- Debian Security Advisory DSA-6061-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff November 25, 2025 https://www.debian.org/security/faq -...

6.2AI score
Exploits0
RedHat Linux
RedHat Linux
added 2025/11/18 6:4 a.m.5 views

libsoup: OOB Read on libsoup through function "soup_multipart_new_from_message" in soup-multipart.c leads to crash or exit of process

A flaw was found in libsoup, where the soupmultipartnewfrommessage function is vulnerable to an out-of-bounds read. This flaw allows a malicious HTTP client to induce the libsoup server to read out of bounds...

7.4CVSS5.7AI score0.00676EPSS
Exploits0References5
Cvelist
Cvelist
added 2025/11/17 4:2 a.m.12 views

CVE-2025-13262 lsfusion platform UploadFileRequestHandler.java UploadFileRequestHandler path traversal

A vulnerability was determined in lsfusion platform up to 6.1. Affected by this vulnerability is the function UploadFileRequestHandler of the file platform/web-client/src/main/java/lsfusion/http/controller/file/UploadFileRequestHandler.java. Executing manipulation of the argument sid can lead to...

7.5CVSS0.00525EPSS
Exploits1References5
OSV
OSV
added 2025/11/17 3:32 a.m.6 views

CVE-2025-13261 lsfusion platform DownloadFileRequestHandler.java DownloadFileRequestHandler path traversal

A vulnerability was found in lsfusion platform up to 6.1. Affected is the function DownloadFileRequestHandler of the file web-client/src/main/java/lsfusion/http/controller/file/DownloadFileRequestHandler.java. Performing manipulation of the argument Version results in path traversal. Remote...

6.9CVSS6AI score0.00627EPSS
Exploits1References7
Fedora
Fedora
added 2025/11/15 1:45 a.m.8 views

[SECURITY] Fedora 41 Update: rust-reqsign-http-send-reqwest-2.0.1-1.fc41

Reqwest-based HTTP client implementation for reqsign...

7AI score
Exploits0
NVD
NVD
added 2025/11/13 4:15 p.m.6 views

CVE-2025-52186

Lichess lila before commit 11b4c0fb00f0ffd823246f839627005459c8f05c 2025-06-02 contains a Server-Side Request Forgery SSRF vulnerability in the game export API. The players parameter is passed directly to an internal HTTP client without validation, allowing remote attackers to force the server to...

6.5CVSS0.00313EPSS
Exploits1References2
RedhatCVE
RedhatCVE
added 2025/11/12 12:36 a.m.15 views

CVE-2025-42893

Due to an Open Redirect vulnerability in SAP Business Connector, an unauthenticated attacker could craft a malicious URL that, if accessed by a victim, redirects them to an attacker-controlled site displayed within an embedded frame. Successful exploitation could allow the attacker to steal...

6.1CVSS6.3AI score0.00223EPSS
Exploits0References1
Debian
Debian
added 2025/10/23 6:18 p.m.6 views

[SECURITY] [DSA 6034-1] tryton-sao security update

------------------------------------------------------------------------- Debian Security Advisory DSA-6034-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff October 23, 2025 https://www.debian.org/security/faq -...

6.6AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2025/10/23 12:0 a.m.2 views

Debian dsa-6034 : tryton-sao - security update

The remote Debian 12 / 13 host has a package installed that is affected by a vulnerability as referenced in the dsa-6034 advisory. - ------------------------------------------------------------------------- Debian Security Advisory DSA-6034-1 [email protected] https://www.debian.org/security/...

5.4AI score
Exploits0References3
Rows per page
Query Builder