Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

7 matches found

RedhatCVE
RedhatCVEadded 2025/05/22 5:52 p.m.7 views

CVE-2020-16244

GE Digital APM Classic, Versions 4.4 and prior. Salt is not used for hash calculation of passwords, making it possible to decrypt passwords. This design flaw, along with the IDOR vulnerability, puts the entire platform at high risk because an authenticated user can retrieve all user account data...

7.2CVSS6.7AI score0.00652EPSS
Exploits0
BDU FSTEC
BDU FSTECadded 2025/05/09 12:0 a.m.50 views

The vulnerability of the web interface of Xerox WorkCentre 3025 microprogramming software allows a perpetrator to gain unauthorized access to account data.

The vulnerability of the web interface of Xerox WorkCentre 3025 microprogramming software is related to the improper processing of special symbols in input data. Exploiting this vulnerability can allow an attacker to gain unauthorized access to account information by sending a specially crafted...

10CVSS5.5AI score
Exploits0Affected Software1
OSV
OSVadded 2023/03/21 4:15 p.m.2 views

CVE-2022-45635

An issue discovered in MEGAFEIS, BOFEI DBD+ Application for IOS & Android v1.4.4 allows attacker to gain access to sensitive account information via insecure password policy...

7.5CVSS5.8AI score0.00783EPSS
Exploits2References1
OSV
OSVadded 2022/07/18 1:15 p.m.2 views

CVE-2022-24689

An issue was discovered in DSK DSKNet 2.16.136.0 and 2.17.136.5. It mishandles access control. This allows a remote attacker to access account information pages including personal data without being authenticated. The collected information includes the badge numbers that operate as user login...

5.3CVSS6.7AI score0.02623EPSS
Exploits2References2
OSV
OSVadded 2022/04/22 7:15 a.m.1 views

CVE-2022-26672

ASUS WebStorage has a hardcoded API Token in the APP source code. An unauthenticated remote attacker can use this token to establish connections with the server and carry out login attempts to general user accounts. A successful login to a general user account allows the attacker to access, modif...

9.8CVSS5.8AI score0.01118EPSS
Exploits0References1
Positive Technologies
Positive Technologiesadded 2021/11/16 12:0 a.m.5 views

PT-2021-23580 · Aifu · Aifu

Name of the Vulnerable Software and Affected Versions: AIFU affected versions not specified Description: The issue concerns a bypass of permission control in the AIFU cashier management salary query function. This allows a remote attacker, after obtaining general user permission, to access accoun...

4.3CVSS4.5AI score0.00868EPSS
Exploits0References3
BDU FSTEC
BDU FSTECadded 2020/06/10 12:0 a.m.2 views

The vulnerability of the software for configuring Schneider Electric Easergy Builder lies in the storage of confidential information in unencrypted form in memory, allowing an attacker to gain access to the account data.

The vulnerability of the Schneider Electric Easergy Builder software for configuring controllers is related to the storage of confidential information in unencrypted form in memory. Exploiting this vulnerability could allow an attacker to gain access to account data...

8.4CVSS7.2AI score0.00203EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder