Lucene search
K

7 matches found

NVD
NVD
added 2026/05/11 10:22 p.m.10 views

CVE-2026-43881

WWBN AVideo is an open source video platform. In versions up to and including 29.0, objects/users.json.php exposes two unauthenticated paths that disclose the full set of registered user accounts. The isCompany request parameter causes the handler to set $ignoreAdmin = true for any non-admin call...

5.3CVSS0.0027EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/04/03 12:0 a.m.9 views

Gardyn 访问控制错误漏洞

Gardyn is an indoor smart hydroponic cultivation device developed by the American company Gardyn. Gardyn has a access control vulnerability, which allows certain endpoints to expose the account information of all registered users without authentication...

9.3CVSS5.8AI score0.00436EPSS
Exploits1References3
NVD
NVD
added 2026/02/17 9:22 p.m.6 views

CVE-2026-23598

Vulnerabilities in the API error handling of an HPE Aruba Networking 5G Core server API could allow an unauthenticated remote attacker to obtain sensitive information. Successful exploitation could allow an attacker to access details such as user accounts, roles, and system configuration, as well...

6.5CVSS0.00326EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/02/17 8:47 p.m.5 views

CVE-2026-23598

Vulnerabilities in the API error handling of an HPE Aruba Networking 5G Core server API could allow an unauthenticated remote attacker to obtain sensitive information. Successful exploitation could allow an attacker to access details such as user accounts, roles, and system configuration, as well...

6.5CVSS5.5AI score0.00326EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2026/02/11 9:5 p.m.7 views

CVE-2026-26010 Leaky JWTs in OpenMetadata exposing highly-privileged bot users

OpenMetadata is a unified metadata platform. Prior to 1.11.8, calls issued by the UI against /api/v1/ingestionPipelines leak JWTs used by ingestion-bot for certain services Glue / Redshift / Postgres. Any read-only user can gain access to a highly privileged account, typically which has the...

7.6CVSS5.5AI score0.00331EPSS
Exploits1References4
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2019-4904

Malware in sbrugna...

7.5CVSS7.5AI score0.01535EPSS
Exploits0References3
BDU FSTEC
BDU FSTEC
added 2025/03/07 12:0 a.m.9 views

The vulnerability of the ManageEngine ADSelfService Plus password reset software, related to deficiencies in authentication procedures, allows a malicious individual to gain access to user accounts.

The vulnerability of the ManageEngine ADSelfService Plus password reset software is related to deficiencies in authentication procedures. Exploiting this vulnerability could allow a malicious actor to gain access to user accounts remotely...

8.5CVSS8AI score0.01426EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder