Lucene search
K

3738 matches found

ICS
ICS
added 2026/01/27 7:0 a.m.12 views

Johnson Controls Metasys Products

RISK EVALUATION Successful exploitation of this vulnerability could result in remote SQL execution, leading to alteration or loss of data. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability, such as: Minimize network...

9.5CVSS5.8AI score0.0144EPSS
Exploits0References11
RedhatCVE
RedhatCVE
added 2026/01/09 11:27 a.m.8 views

CVE-2021-33577

An issue was discovered in Cleo LexiCom 5.5.0.0. The requirement for the sender of an AS2 message to identify themselves via encryption and signing of the message can be bypassed by changing the Content-Type of the message to text/plain...

5.3CVSS6.9AI score0.00585EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/01/09 9:34 a.m.9 views

CVE-2024-41720

Incorrect permission assignment for critical resource issue exists in ZWX-2000CSW2-HN firmware versions prior to Ver.0.3.15, which may allow a network-adjacent authenticated attacker to alter the configuration of the device...

8CVSS6.8AI score0.00238EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 9:16 a.m.6 views

CVE-2022-38468

Cross-Site Request Forgery CSRF vulnerability in Imagely WordPress Gallery Plugin – NextGEN Gallery plugin = 3.28 leading to thumbnail alteration...

4.3CVSS6.9AI score0.00229EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 9:14 a.m.5 views

CVE-2022-23586

Tensorflow is an Open Source Machine Learning Framework. A malicious user can cause a denial of service by altering a SavedModel such that assertions in function.cc would be falsified and crash the Python interpreter. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this comm...

6.5CVSS6.6AI score0.008EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/01/09 9:11 a.m.11 views

CVE-2022-35946

GLPI stands for Gestionnaire Libre de Parc Informatique and is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing. In affected versions request input is not properly validated in the plugin controller and can be used ...

6.5CVSS6.6AI score0.00698EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 8:52 a.m.5 views

CVE-2021-2474

Vulnerability in the Oracle Web Analytics product of Oracle E-Business Suite component: Admin. Supported versions that are affected are 12.1.1-12.1.3. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Web Analytics. Successful attack...

8.5CVSS6.5AI score0.01125EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 8:45 a.m.19 views

CVE-2025-40804

A vulnerability has been identified in SIMATIC Virtualization as a Service SIVaaS All versions. The affected application exposes a network share without any authentication. This could allow an attacker to access or alter sensitive data without proper authorization...

9.3CVSS6.8AI score0.00384EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/07 9:48 a.m.7 views

CVE-2022-27803

Improper input validation vulnerability in Space of Cybozu Garoon 4.0.0 to 5.5.1 allows a remote authenticated attacker to alter the data of Space...

4.3CVSS6.5AI score0.00685EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/07 9:48 a.m.10 views

CVE-2022-27661

Operation restriction bypass vulnerability in Workflow of Cybozu Garoon 4.0.0 to 5.5.1 allows a remote authenticated attacker to alter the data of Workflow...

4.3CVSS6.6AI score0.00718EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/07 9:33 a.m.6 views

CVE-2019-7889

An injection vulnerability exists in Magento Open Source prior to 1.9.4.2, and Magento Commerce prior to 1.14.4.2, Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. An authenticated user with marketing manipulation privileges can invoke methods that alter data o...

6.5CVSS6.8AI score0.00805EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/12/15 3:36 p.m.7 views

CVE-2025-14542

The vulnerability arises when a client fetches a tools’ JSON specification, known as a Manual, from a remote Manual Endpoint. While a provider may initially serve a benign manual e.g., one defining an HTTP tool call, earning the clients’ trust, a malicious provider can later change the manual to...

7.5CVSS6.9AI score0.00223EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/12/13 12:0 a.m.10 views

PT-2025-51111

Name of the Vulnerable Software and Affected Versions affected versions not specified Description The issue occurs when a client retrieves a tools’ JSON specification, referred to as a Manual, from a remote Manual Endpoint. A provider can initially deliver a harmless manual, establishing client...

7.5CVSS6.4AI score0.00223EPSS
Exploits0References12
EUVD
EUVD
added 2025/12/11 6:30 p.m.5 views

EUVD-2025-202692

Foxit PDF Editor and Reader before 2025.2.1 allow signature spoofing via triggers. An attacker can embed triggers e.g., JavaScript in a PDF document that execute during the signing process. When a signer reviews the document, the content appears normal. However, once the signature is applied, the...

5.3CVSS6.4AI score0.00156EPSS
Exploits0References2
ICS
ICS
added 2025/12/11 7:0 a.m.9 views

OpenPLC_V3 (Update A)

RISK EVALUATION Successful exploitation of this vulnerability could result in the alteration of PLC settings or the upload of malicious programs. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability, such as: Minimize...

9.8CVSS5.7AI score0.0045EPSS
Exploits0References11
Positive Technologies
Positive Technologies
added 2025/12/11 12:0 a.m.5 views

PT-2025-50624

Foxit PDF Editor and Reader before 2025.2.1 allow signature spoofing via triggers. An attacker can embed triggers e.g., JavaScript in a PDF document that execute during the signing process. When a signer reviews the document, the content appears normal. However, once the signature is applied, the...

5.3CVSS6.9AI score0.00156EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/12/05 5:18 p.m.3 views

CVE-2025-66553 Nextcloud Tables app allowed users to view columns metadata information of any table

Nextcloud Tables allows you to create your own tables with individual columns. Prior to 0.8.7 and 0.9.4, authenticated users were able to view meta data of columns in other tables of the Tables app by modifying the numeric ID in a request. This vulnerability is fixed in 0.8.7 and 0.9.4...

4.3CVSS6.1AI score0.0024EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2025/12/02 12:0 a.m.1 views

CVE-2025-59695

Entrust nShield Connect XC, nShield 5c, and nShield HSMi through 13.6.11, or 13.7, allow a user with OS root access to alter firmware on the Chassis Management Board without Authentication. This is called F04...

6.5AI score0.00547EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2025/12/02 12:0 a.m.4 views

PT-2025-48692

Name of the Vulnerable Software and Affected Versions Entrust nShield Connect XC versions through 13.6.11 Entrust nShield 5c versions through 13.6.11 Entrust nShield HSMi versions through 13.6.11 Entrust nShield Connect XC version 13.7 Entrust nShield 5c version 13.7 Entrust nShield HSMi version...

9.8CVSS6.7AI score0.00547EPSS
Exploits1References6
Cvelist
Cvelist
added 2025/12/02 12:0 a.m.10 views

CVE-2025-59695

Entrust nShield Connect XC, nShield 5c, and nShield HSMi through 13.6.11, or 13.7, allow a user with OS root access to alter firmware on the Chassis Management Board without Authentication. This is called F04...

0.00547EPSS
Exploits1References2
Rows per page
Query Builder