Lucene search
+L

130 matches found

RedhatCVE
RedhatCVE
added 2025/05/22 11:5 a.m.10 views

CVE-2017-14942

Intelbras WRN 150 devices allow remote attackers to read the configuration file, and consequently bypass authentication, via a direct request for cgi-bin/DownloadCfg/RouterCfm.cfg containing an admin:language=pt cookie...

9.8CVSS7AI score0.60857EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 6:19 a.m.9 views

CVE-2019-3927

Crestron AM-100 with firmware 1.6.0.2 and AM-101 with firmware 2.7.0.2 anyone can change the administrator and moderator passwords via the iso.3.6.1.4.1.3212.100.3.2.8.1 and iso.3.6.1.4.1.3212.100.3.2.8.2 OIDs. A remote, unauthenticated attacker can use this vulnerability to change the admin or...

9.8CVSS7.4AI score0.02167EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 12:25 a.m.7 views

CVE-2010-2620

Open FTP Server Open-FTPD 1.2 and earlier allows remote attackers to bypass authentication by sending 1 LIST, 2 RETR, 3 STOR, or other commands without performing the required login steps first...

9.3CVSS7.5AI score0.28605EPSS
Exploits5References1
Positive Technologies
Positive Technologies
added 2025/05/08 12:0 a.m.23 views

PT-2025-20377 · Checkmk · Checkmk

Name of the Vulnerable Software and Affected Versions: Checkmk versions 2.1.0 through 2.3.0 Checkmk version 2.4.0b6 and earlier Description: The issue allows files to be deployed with agents to be accessible without authentication. This could enable an attacker to access files that may contain...

6.3CVSS6.1AI score0.00275EPSS
Exploits0References9
NVD
NVD
added 2025/04/25 9:15 p.m.12 views

CVE-2025-32986

NETSCOUT nGeniusONE before 6.4.0 b2350 has a Sensitive File Accessible Without Proper Authentication to an endpoint...

7.5CVSS0.00409EPSS
Exploits0References1
NVD
NVD
added 2025/04/16 6:16 p.m.7 views

CVE-2025-32839

A vulnerability has been identified in TeleControl Server Basic All versions V3.1.2.2. The affected application is vulnerable to SQL injection through the internally used 'GetGateways' method. This could allow an authenticated remote attacker to bypass authorization controls, to read from and wri...

8.8CVSS0.00683EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/04/14 3:32 p.m.11 views

CVE-2025-22371 SQL-injection in admin_login_handler allows unauthenticated user to log in as an administrator in SicommNet BASEC

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in SicommNet BASEC SaaS Service login page allows an unauthenticated remote attacker to Bypass Authentication and execute arbitrary SQL commands.This issue at least affects BASEC for the date of 14 De...

9.3CVSS7.8AI score0.00566EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2025/04/05 12:0 a.m.5 views

PT-2025-15053 · Zendto · Zendto

Name of the Vulnerable Software and Affected Versions: ZendTo versions prior to 5.04-7 Description: A type confusion vulnerability in lib/NSSAuthenticator.php allows remote attackers to bypass authentication for users with passwords stored as MD5 hashes that can be interpreted as numbers. The...

4.8CVSS6.7AI score0.00312EPSS
Exploits0References8
NVD
NVD
added 2025/03/31 1:15 p.m.12 views

CVE-2025-29266

Unraid 7.0.0 before 7.0.1 allows remote users to access the Unraid WebGUI and web console as root without authentication if a container is running in Host networking mode with Use Tailscale enabled...

9.6CVSS0.00406EPSS
Exploits0References3
CNVD
CNVD
added 2025/03/13 12:0 a.m.7 views

Cisco Meraki MX67 and Cisco Meraki MX68 Access Authentication Error Vulnerabilities

The Cisco Meraki MX67 and Cisco Meraki MX68 are cloud-managed routers in the Cisco Meraki series. An access validation error vulnerability exists in the Cisco Meraki MX67 and Cisco Meraki MX68 that stems from improper access control and can be exploited by an attacker to cause information...

5.3CVSS6.6AI score0.00343EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2025/03/11 12:0 a.m.6 views

CVE-2024-54085

AMI’s SPx contains a vulnerability in the BMC where an Attacker may bypass authentication remotely through the Redfish Host Interface. A successful exploitation of this vulnerability may lead to a loss of confidentiality, integrity, and/or availability. Recent assessments: Assessed Attacker Value...

10CVSS7.5AI score0.61462EPSS
In wildExploits0References2
RedhatCVE
RedhatCVE
added 2025/02/05 5:28 a.m.7 views

CVE-2024-1817

A vulnerability has been found in Demososo DM Enterprise Website Building System up to 2022.8 and classified as critical. Affected by this vulnerability is the function dmlogin of the file indexDMload.php of the component Cookie Handler. The manipulation of the argument isadmin with the input y...

9.8CVSS6.8AI score0.00777EPSS
Exploits0References1
CVE
CVE
added 2024/12/06 4:35 p.m.82 views

CVE-2024-48859

Summary: CVE-2024-48859 is an improper authentication vulnerability affecting QNAP QTS and QuTS hero operating systems. The issue could allow remote attackers to compromise system security via network access. Affected versions (patched): QTS 5.1.9.2954 build 20241120 and later; QTS 5.2.2.2950 bui...

9.1CVSS6.9AI score0.00597EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2023/06/02 4:15 p.m.33 views

CVE-2023-34094

ChuanhuChatGPT is a graphical user interface for ChatGPT and many large language models. A vulnerability in versions 20230526 and prior allows unauthorized access to the config.json file of the privately deployed ChuanghuChatGPT project, when authentication is not configured. The attacker can...

7.5CVSS7.6AI score0.00624EPSS
Exploits0References2
Prion
Prion
added 2023/06/02 4:15 p.m.18 views

Design/Logic Flaw

ChuanhuChatGPT is a graphical user interface for ChatGPT and many large language models. A vulnerability in versions 20230526 and prior allows unauthorized access to the config.json file of the privately deployed ChuanghuChatGPT project, when authentication is not configured. The attacker can...

5CVSS5.3AI score0.00624EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2023/06/02 3:19 p.m.10 views

CVE-2023-34094 ChuanhuChatGPT vulnerable to unauthorized configuration file access

ChuanhuChatGPT is a graphical user interface for ChatGPT and many large language models. A vulnerability in versions 20230526 and prior allows unauthorized access to the config.json file of the privately deployed ChuanghuChatGPT project, when authentication is not configured. The attacker can...

7.5CVSS6.9AI score0.00624EPSS
Exploits0References2
Prion
Prion
added 2022/08/08 7:15 p.m.21 views

Hardcoded credentials

websda.c in GoAhead WebServer 2.1.8 has insufficient nonce entropy because the nonce calculation relies on the hardcoded onceuponatimeinparadise value, which does not follow the secret-data guideline for HTTP Digest Access Authentication in RFC 7616 section 3.3 or RFC 2617 section 3.2.1. NOTE:...

7.5CVSS9.5AI score0.01089EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2022/08/08 6:26 p.m.75 views

CVE-2021-41615

The CVE-2021-41615 entry relates to GoAhead WebServer 2.1.8 (websda.c) having insufficient nonce entropy because nonce calculation uses a hardcoded value (onceuponatimeinparadise) that does not comply with RFC 7616/2617 secret-data guidelines. The vulnerability is documented with a high CVSS v3.1...

9.8CVSS9.4AI score0.01089EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2022/08/08 6:26 p.m.44 views

CVE-2021-41615

websda.c in GoAhead WebServer 2.1.8 has insufficient nonce entropy because the nonce calculation relies on the hardcoded onceuponatimeinparadise value, which does not follow the secret-data guideline for HTTP Digest Access Authentication in RFC 7616 section 3.3 or RFC 2617 section 3.2.1. NOTE:...

9.8AI score0.01089EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2022/08/04 12:0 a.m.9 views

PT-2022-22634 · Unknown · Omicard Edm

Name of the Vulnerable Software and Affected Versions: OMICARD EDM affected versions not specified Description: The mail image relay function in OMICARD EDM has a path traversal issue. This allows an unauthenticated remote attacker to bypass authentication and access arbitrary system files...

7.5CVSS7.8AI score0.01153EPSS
Exploits0References5
Rows per page
Query Builder