Lucene search
K

60 matches found

CVE
CVE
added 5 days ago18 views

CVE-2026-54801

This CVE affects CPCI85 Central Processing/Communication (all versions < V26.20) and SICORE Base system (all versions < V26.20.0). The vulnerability stems from insufficient validation of authentication credentials when processing administrative account modifications via the web API, enablin...

8.6CVSS5.9AI score0.0034EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/28 7:7 p.m.12 views

CVE-2026-9039 Initialization of a resource with an insecure default in XCharge C6

A configuration weakness in the device’s remote management service allows an authenticated session to be established over a communication channel intended solely for vehicle-charger signaling. The service is accessible on interfaces exposed through the charging connector, and it accepts a default...

8.6CVSS5.8AI score0.00185EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/28 7:7 p.m.14 views

CVE-2026-9039

A configuration weakness in the device’s remote management service allows an authenticated session to be established over a communication channel intended solely for vehicle-charger signaling. The service is accessible on interfaces exposed through the charging connector, and it accepts a default...

8.6CVSS5.8AI score0.00185EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/05/28 12:0 a.m.15 views

PT-2026-44500

A configuration weakness in the device’s remote management service allows an authenticated session to be established over a communication channel intended solely for vehicle-charger signaling. The service is accessible on interfaces exposed through the charging connector, and it accepts a default...

8.6CVSS5.8AI score0.00185EPSS
Exploits0References2
GithubExploit
GithubExploit
added 2026/05/23 3:41 a.m.122 views

Exploit for CVE-2026-23813

CVE-2026-23813 — AOS-CX Pre-Auth Authentication Bypass Unau...

9.8CVSS6.8AI score0.00736EPSS
Exploits1
Positive Technologies
Positive Technologies
added 2026/05/07 12:0 a.m.16 views

PT-2026-38595

Name of the Vulnerable Software and Affected Versions GitHub Enterprise Server versions 3.19.1 through 3.19.5 GitHub Enterprise Server versions 3.20.0 through 3.20.1 Description A reflected HTML injection issue exists in the Management Console login page. The redirect to query parameter on the...

5.9CVSS5.8AI score0.00164EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/03/06 12:0 a.m.7 views

PT-2026-23686

ABC ERP 0.6.4 contains a cross-site request forgery vulnerability that allows attackers to modify administrator credentials by submitting forged requests to configurar perfil.php. Attackers can craft malicious forms or links containing parameters like usuario, contrasena1, contrasena2, nombre, an...

6.9CVSS5.7AI score0.00125EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2025/12/13 12:3 a.m.3 views

CVE-2025-13970 OpenPLC_V3 Cross-Site Request Forgery

OpenPLCV3 is vulnerable to a cross-site request forgery CSRF attack due to the absence of proper CSRF validation. This issue allows an unauthenticated attacker to trick a logged-in administrator into visiting a maliciously crafted link, potentially enabling unauthorized modification of PLC settin...

8CVSS6.5AI score0.00281EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2025/12/09 12:0 a.m.7 views

PT-2025-50122

An improper access control vulnerability in Fortinet FortiAuthenticator 6.6.0 through 6.6.6, FortiAuthenticator 6.5 all versions, FortiAuthenticator 6.4 all versions, FortiAuthenticator 6.3 all versions may allow an authenticated attacker with at least read-only admin permission to obtain the...

2.7CVSS6.7AI score0.00186EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/30 9:30 p.m.6 views

EUVD-2025-37204

Incorrect access control in the Web management interface in Each Italy Wireless Mini Router WIRELESS-N 300M v28K.MiniRouter.20190211 allows attackers to arbitrarily change the administrator username and password via sending a crafted GET request...

7.5CVSS6.4AI score0.00307EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2025/10/30 12:0 a.m.4 views

CVE-2025-63422

Incorrect access control in the Web management interface in Each Italy Wireless Mini Router WIRELESS-N 300M v28K.MiniRouter.20190211 allows attackers to arbitrarily change the administrator username and password via sending a crafted GET request...

6.5AI score0.00307EPSS
Exploits1References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2018-3131

Malware in sbrugna...

8.8CVSS8.8AI score0.00961EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2007-2142

Malware in sbrugna...

10CVSS6.4AI score0.03416EPSS
Exploits0References5
EUVD
EUVD
added 2025/10/07 12:30 a.m.7 views

EUVD-2018-3130

Malware in sbrugna...

8.8CVSS8.8AI score0.00961EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/08/18 12:0 a.m.4 views

Linux Distros Unpatched Vulnerability : CVE-2020-12689

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in OpenStack Keystone before 15.0.1, and 16.0.0. Any user authenticated within a limited scope trust/oauth/application credential can...

8.8CVSS7.7AI score0.01562EPSS
Exploits0References2
OSV
OSV
added 2025/06/17 2:15 p.m.2 views

DEBIAN-CVE-2025-4404

A privilege escalation from host to domain vulnerability was found in the FreeIPA project. The FreeIPA package fails to validate the uniqueness of the krbCanonicalName for the admin account by default, allowing users to create services with the same canonical name as the REALM admin. When a...

9.1CVSS8.4AI score0.01827EPSS
Exploits1References1
RedHat Linux
RedHat Linux
added 2025/06/17 2:1 p.m.4 views

freeIPA: idm: Privilege escalation from host to domain admin in FreeIPA

A privilege escalation from host to domain vulnerability was found in the FreeIPA project. The FreeIPA package fails to validate the uniqueness of the krbCanonicalName for the admin account by default, allowing users to create services with the same canonical name as the REALM admin. When a...

9.1CVSS5.7AI score0.01827EPSS
Exploits1References6
Vulnrichment
Vulnrichment
added 2025/06/17 1:39 p.m.19 views

CVE-2025-4404 Freeipa: idm: privilege escalation from host to domain admin in freeipa

A privilege escalation from host to domain vulnerability was found in the FreeIPA project. The FreeIPA package fails to validate the uniqueness of the krbCanonicalName for the admin account by default, allowing users to create services with the same canonical name as the REALM admin. When a...

9.1CVSS9.4AI score0.01827EPSS
Exploits1References15
CVE
CVE
added 2025/06/17 1:39 p.m.126 views

CVE-2025-4404

CVE-2025-4404/7493 describe a privilege-escalation in FreeIPA: failure to validate the uniqueness of krbCanonicalName (admin@REALM, later root@REALM in some advisories) allows creation of services with the realm admin name and obtaining a Kerberos ticket that authenticates as admin, enabling admi...

9.1CVSS7.1AI score0.01827EPSS
Exploits1References16
RedhatCVE
RedhatCVE
added 2025/05/23 2:7 a.m.9 views

CVE-2023-46385

LOYTEC electronics GmbH LINX Configurator all versions is vulnerable to Insecure Permissions. An admin credential is passed as a value of URL parameters without encryption, so it allows remote attackers to steal the password and gain full control of Loytec device configuration...

7.5CVSS7.3AI score0.00755EPSS
Exploits2References1
Rows per page
Query Builder