Lucene search
K

50 matches found

RedhatCVE
RedhatCVE
added 2025/08/15 11:42 p.m.12 views

CVE-2025-55196

External Secrets Operator is a Kubernetes operator that integrates external secret management systems. From version 0.15.0 to before 0.19.2, a vulnerability was discovered where the List calls for Kubernetes Secret and SecretStore resources performed by the PushSecret controller did not apply a...

7.1CVSS6.5AI score0.00324EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/02/05 12:3 a.m.5 views

CVE-2024-4844

Hardcoded credentials vulnerability in Trellix ePolicy Orchestrator ePO on Premise prior to 5.10 Service Pack 1 Update 2 allows an attacker with admin privileges on the ePO server to read the contents of the orion.keystore file, allowing them to access the ePO database encryption key. This was...

7.5CVSS6.9AI score0.00234EPSS
Exploits0References1
GithubExploit
GithubExploit
added 2024/09/06 3:38 a.m.648 views

Exploit for Insufficiently Protected Credentials in Litespeedtech Litespeed_Cache

Poc LiteSpeed Cache CVE-2024-44000 Exploit CVE-2024-44000 is a...

9.8CVSS10AI score0.83178EPSS
Exploits7
Cvelist
Cvelist
added 2024/05/30 2:14 a.m.48 views

CVE-2024-5514 MinMax CMS - Hidden Functionality

MinMax CMS from MinMax Digital Technology contains a hidden administrator account with a fixed password that cannot be removed or disabled from the management interface. Remote attackers who obtain this account can bypass IP access control restrictions and log in to the backend system without bei...

9.8CVSS9.7AI score0.00653EPSS
Exploits0References4
NVD
NVD
added 2024/05/16 7:15 a.m.23 views

CVE-2024-4844

Hardcoded credentials vulnerability in Trellix ePolicy Orchestrator ePO on Premise prior to 5.10 Service Pack 1 Update 2 allows an attacker with admin privileges on the ePO server to read the contents of the orion.keystore file, allowing them to access the ePO database encryption key. This was...

7.5CVSS7.5AI score0.00234EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/05/16 6:19 a.m.24 views

CVE-2024-4844

Hardcoded credentials vulnerability in Trellix ePolicy Orchestrator ePO on Premise prior to 5.10 Service Pack 1 Update 2 allows an attacker with admin privileges on the ePO server to read the contents of the orion.keystore file, allowing them to access the ePO database encryption key. This was...

7.5CVSS7.7AI score0.00234EPSS
Exploits0References1
IBM Security Bulletins
IBM Security Bulletins
added 2024/04/10 9:27 a.m.42 views

Security Bulletin: QRadar Suite Software includes components with multiple known vulnerabilities

Summary QRadar Suite Software includes components with known vulnerabilities. These have been updated in the latest release and vulnerabilities have been addressed. Please follow the instructions in the Remediation/Fixes section below to update to the latest version. Vulnerability Details...

10CVSS9.4AI score0.59501EPSS
Exploits2Affected Software1
Packet Storm
Packet Storm
added 2024/04/02 12:0 a.m.392 views

Daily Habit Tracker 1.0 Broken Access Control

Exploit Title: Daily Habit Tracker 1.0 - Broken Access Control Date: 2 Feb 2024 Exploit Author: Yevhenii Butenko Vendor Homepage: https://www.sourcecodester.com Software Link: https://www.sourcecodester.com/php/17118/daily-habit-tracker-using-php-and-mysql-source-code.html Version: 1.0 Tested on:...

9.8CVSS7.1AI score0.19503EPSS
Exploits4
Cvelist
Cvelist
added 2024/03/05 3:9 a.m.25 views

CVE-2024-21815

Insufficiently protected credentials CWE-522 for third party DVR integrations to the Command Centre Server are accessible to authenticated but unprivileged users. This issue affects: Gallagher Command Centre 9.00 prior to vEL9.00.1774 MR2, 8.90 prior to vEL8.90.1751 MR3, 8.80 prior to vEL8.80.152...

9.1CVSS9.4AI score0.00334EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/02/21 10:55 a.m.16 views

CVE-2023-7235

The OpenVPN GUI installer before version 2.6.9 did not set the proper access control restrictions to the installation directory of OpenVPN binaries when using a non-standard installation path, which allows an attacker to replace binaries to run arbitrary executables...

6.8AI score0.00214EPSS
Exploits0References1
Veracode
Veracode
added 2023/11/29 6:51 a.m.18 views

Information Disclosure

oro/crm-call-bundle is vulnerable to Information Disclosure. The vulnerability allows back-office users to bypass access control ACL restrictions and gain unauthorized access to sensitive information, such as customer call logs and personal data...

5CVSS7.1AI score0.00538EPSS
Exploits0References5Affected Software1
Openbugbounty
Openbugbounty
added 2023/11/23 8:8 p.m.6 views

abcparasail.com Improper Access Control vulnerability OBB-3791315

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

7AI score
Exploits0
Cvelist
Cvelist
added 2023/11/23 2:58 p.m.25 views

CVE-2023-41812 Uploading executables via the file manager

Unrestricted Upload of File with Dangerous Type vulnerability in Pandora FMS on all allows Accessing Functionality Not Properly Constrained by ACLs. This vulnerability allowed PHP executable files to be uploaded through the file manager. This issue affects Pandora FMS: from 700 through 773...

5.7CVSS8.8AI score0.00573EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2023/01/20 5:33 p.m.27 views

Shopware's log module vulnerable to Improper Output Neutralization

Impact The log module contains all kind of sent mails. It is possible to see the password reset email of customers and admin users to gain probably more access. Patches Update to the latest 6.4.18.1 version. Workarounds - For older versions of 6.1, 6.2, and 6.3, corresponding security measures ar...

6.5CVSS6.5AI score0.00705EPSS
Exploits0References6Affected Software2
Prion
Prion
added 2022/08/04 6:15 p.m.18 views

Improper access control

In BIG-IP Versions 17.0.x before 17.0.0.1, 16.1.x before 16.1.3.1, 15.1.x before 15.1.6.1, 14.1.x before 14.1.5.1, and all versions of 13.1.x, certain iRules commands may allow an attacker to bypass the access control restrictions for a self IP address, regardless of the port lockdown settings...

4CVSS6.6AI score0.00185EPSS
Exploits0References1Affected Software11
Cvelist
Cvelist
added 2022/08/04 5:46 p.m.21 views

CVE-2022-33962 BIG-IP iRule vulnerability CVE-2022-33962

In BIG-IP Versions 17.0.x before 17.0.0.1, 16.1.x before 16.1.3.1, 15.1.x before 15.1.6.1, 14.1.x before 14.1.5.1, and all versions of 13.1.x, certain iRules commands may allow an attacker to bypass the access control restrictions for a self IP address, regardless of the port lockdown settings...

6.7CVSS6.8AI score0.00185EPSS
Exploits0References1
Cvelist
Cvelist
added 2022/06/30 4:50 p.m.16 views

CVE-2022-22472

IBM Spectrum Protect Plus Container Backup and Restore 10.1.5 through 10.1.10.2 for Kubernetes and 10.1.7 through 10.1.10.2 for Red Hat OpenShift could allow a remote attacker to bypass IBM Spectrum Protect Plus role based access control restrictions, caused by improper disclosure of session...

6CVSS8.5AI score0.00825EPSS
Exploits0References2
GithubExploit
GithubExploit
added 2021/12/22 5:3 a.m.162 views

Exploit for CVE-2022-26726

CVE-2022-26726 Affected Versions As a student, I have limi...

6.5CVSS6.5AI score0.02219EPSS
Exploits2
Veracode
Veracode
added 2020/12/06 3:56 a.m.45 views

Escalation Of Privilege

In Apache HTTP Server 2.4 is vulnerable to escalation of privilege. The vulnerability exist because of a bug in modssl that uses per-location client certificate verification which allows a client to bypass configured access control restrictions...

7.5CVSS2.2AI score0.10508EPSS
Exploits0References49Affected Software1
Ubuntu
Ubuntu
added 2020/09/03 4:41 p.m.127 views

USN-4483-1: Linux kernel vulnerabilities

Chuhong Yuan discovered that go7007 USB audio device driver in the Linux kernel did not properly deallocate memory in some failure conditions. A physically proximate attacker could use this to cause a denial of service memory exhaustion. CVE-2019-20810 Fan Yang discovered that the mremap...

7.8CVSS6.7AI score0.00992EPSS
Exploits4
Rows per page
Query Builder