Lucene search
+L

93 matches found

Hacker One
Hacker One
added 2025/09/27 3:24 p.m.11 views

Mars: Publicly accessible `█████████` endpoint exposing internal user identifiers and email addresses

A publicly accessible JSON API endpoint was found to expose sensitive user information, including internal identifiers and email addresses. The vulnerability was classified as an information disclosure issue with a medium severity rating. The problem was remediated by implementing proper...

5.5AI score
Exploits0
Positive Technologies
Positive Technologies
added 2025/07/25 12:0 a.m.10 views

PT-2025-30921 · Iroad · Iroad Dash Cam Fx2

Name of the Vulnerable Software and Affected Versions: IROAD Dashcam FX2 affected versions not specified Description: The IROAD Dashcam FX2 lacks authentication controls on its HTTP and RTSP interfaces, potentially allowing attackers to retrieve sensitive files and video recordings, and view live...

9.4CVSS6.1AI score0.00532EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 2025/05/23 5:23 p.m.6 views

CVE-2025-20242

A vulnerability in the Cloud Connect component of Cisco Unified Contact Center Enterprise CCE could allow an unauthenticated, remote attacker to read and modify data on an affected device. This vulnerability is due to a lack of proper authentication controls. An attacker could exploit this...

9.1CVSS7.1AI score0.05008EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/05/21 4:35 p.m.5 views

CVE-2025-20242

A vulnerability in the Cloud Connect component of Cisco Unified Contact Center Enterprise CCE could allow an unauthenticated, remote attacker to read and modify data on an affected device. This vulnerability is due to a lack of proper authentication controls. An attacker could exploit this...

6.5CVSS6.6AI score0.05008EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/05/21 4:35 p.m.17 views

CVE-2025-20242

A vulnerability in the Cloud Connect component of Cisco Unified Contact Center Enterprise CCE could allow an unauthenticated, remote attacker to read and modify data on an affected device. This vulnerability is due to a lack of proper authentication controls. An attacker could exploit this...

6.5CVSS0.05008EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/05/21 12:0 a.m.11 views

PT-2025-22392 · Cisco · Cisco Unified Contact Center Enterprise

Name of the Vulnerable Software and Affected Versions: Cisco Unified Contact Center Enterprise CCE affected versions not specified Description: A vulnerability in the Cloud Connect component could allow an unauthenticated, remote attacker to read and modify data on an affected device due to a lac...

9.1CVSS6.4AI score0.05008EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2025/04/18 12:0 a.m.4 views

PT-2025-17288

Name of the Vulnerable Software and Affected Versions ASUS AiCloud affected versions not specified Description A critical authentication control issue exists in ASUS AiCloud, potentially allowing attackers to bypass authentication and execute unauthorized functions on affected devices remotely. T...

9.7CVSS9.2AI score0.01017EPSS
Exploits1References62
RedhatCVE
RedhatCVE
added 2025/02/14 10:12 a.m.10 views

CVE-2023-46694

Vtenext 21.02 allows an authenticated attacker to upload arbitrary files, potentially enabling them to execute remote commands. This flaw exists due to the application's failure to enforce proper authentication controls when accessing the Ckeditor file manager functionality...

8.1CVSS7.3AI score0.00941EPSS
Exploits1
Cvelist
Cvelist
added 2025/01/14 6:59 p.m.23 views

CVE-2024-49375 Remote Code Execution via Remote Model Loading in Rasa

Open source machine learning framework. A vulnerability has been identified in Rasa that enables an attacker who has the ability to load a maliciously crafted model remotely into a Rasa instance to achieve Remote Code Execution. The prerequisites for this are: 1. The HTTP API must be enabled on t...

9CVSS0.00895EPSS
Exploits0References1
CVE
CVE
added 2024/11/26 6:30 p.m.468 views

CVE-2024-11668

CVE-2024-11668 affects GitLab CE/EE, with versions 16.11–16.11.x before 17.4.5, 17.5 before 17.5.3, and 17.6 before 17.6.1. The issue allows long‑lived connections to bypass authentication controls and gain unauthorized access to streaming results. The provided connected documents describe the vu...

5.3CVSS4.3AI score0.00326EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2024/11/26 6:30 p.m.13 views

CVE-2024-11668 Insufficient Session Expiration in GitLab

An issue has been discovered in GitLab CE/EE affecting all versions from 16.11 before 17.4.5, 17.5 before 17.5.3, and 17.6 before 17.6.1. Long-lived connections could potentially bypass authentication controls, allowing unauthorized access to streaming results...

4.2CVSS6.9AI score0.00326EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/11/26 6:30 p.m.21 views

CVE-2024-11668 Insufficient Session Expiration in GitLab

An issue has been discovered in GitLab CE/EE affecting all versions from 16.11 before 17.4.5, 17.5 before 17.5.3, and 17.6 before 17.6.1. Long-lived connections could potentially bypass authentication controls, allowing unauthorized access to streaming results...

4.2CVSS0.00326EPSS
Exploits0References1
OSV
OSV
added 2024/11/26 6:30 p.m.10 views

CVE-2024-11668 Insufficient Session Expiration in GitLab

An issue has been discovered in GitLab CE/EE affecting all versions from 16.11 before 17.4.5, 17.5 before 17.5.3, and 17.6 before 17.6.1. Long-lived connections could potentially bypass authentication controls, allowing unauthorized access to streaming results...

4.2CVSS6.7AI score0.00326EPSS
Exploits0References4
Cvelist
Cvelist
added 2024/10/02 4:53 p.m.49 views

CVE-2024-20442 Cisco Nexus Dashboard Unauthorized API Endpoints Vulnerability

A vulnerability in the REST API endpoints of Cisco Nexus Dashboard could allow an authenticated, low-privileged, remote attacker to perform limited Administrator actions on an affected device. This vulnerability is due to insufficient authorization controls on some REST API endpoints. An attacker...

5.4CVSS0.00362EPSS
Exploits0References1
Veracode
Veracode
added 2024/08/28 4:19 a.m.18 views

Authentication Bypass

flowise is vulnerable to Authentication Bypass. The vulnerability is due to inadequate authentication controls that fail to properly verify user credentials, allowing unauthenticated attackers to access administrator-level API endpoints...

9.8CVSS7.1AI score0.42783EPSS
Exploits0References4Affected Software1
NVD
NVD
added 2024/08/07 4:17 a.m.31 views

CVE-2024-36132

Insufficient verification of authentication controls in EPMM prior to 12.1.0.1 allows a remote attacker to bypass authentication and access sensitive resources...

8.2CVSS0.01246EPSS
Exploits0References1
CVE
CVE
added 2024/08/07 3:54 a.m.52 views

CVE-2024-36132

Ivanti Endpoint Manager for Mobile (EPMM) before 12.1.0.1 exposes an authentication-control verification weakness that allows a remote attacker to bypass authentication and access sensitive resources. Affected product/version: EPMM prior to 12.1.0.1. Root cause: insufficient verification of authe...

8.2CVSS7.1AI score0.01246EPSS
Exploits0References1Affected Software1
Veracode
Veracode
added 2024/06/26 8:13 a.m.8 views

Denial Of Service (DoS)

silverstripe/framework is vulnerable to Denial Of Service DoS. The vulnerability is due to insufficient authentication controls in the dev/build system controller, which could allow unauthorized users to trigger the dev/build process and potentially causing resource exhaustion and disrupting...

7.2AI score
Exploits0
Vulnrichment
Vulnrichment
added 2024/05/28 7:21 p.m.11 views

CVE-2023-46694

Vtenext 21.02 allows an authenticated attacker to upload arbitrary files, potentially enabling them to execute remote commands. This flaw exists due to the application's failure to enforce proper authentication controls when accessing the Ckeditor file manager functionality...

7.4AI score0.00941EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2024/05/28 12:0 a.m.5 views

PT-2024-13371 · Vtenext +1 · Vtenext +1

Name of the Vulnerable Software and Affected Versions: Vtenext version 21.02 Description: The issue allows an authenticated attacker to upload arbitrary files, potentially enabling them to execute remote commands. This flaw exists due to the application's failure to enforce proper authentication...

8.1CVSS7.8AI score0.00941EPSS
Exploits1References2
Rows per page
Query Builder