Lucene search
+L

147 matches found

Positive Technologies
Positive Technologies
added 2026/01/08 12:0 a.m.12 views

PT-2026-1871

Name of the Vulnerable Software and Affected Versions GL.Inet AX1800 versions 4.6.4 through 4.6.8 Description The LuCI web interface on GL.Inet AX1800 devices lacks rate limiting or account lockout mechanisms on the authentication endpoint /cgi-bin/luci. This allows an unauthenticated attacker on...

5.1CVSS6.9AI score0.00214EPSS
Exploits1References7
RedhatCVE
RedhatCVE
added 2025/12/29 5:54 a.m.11 views

CVE-2025-15106

A weakness has been identified in getmaxun maxun up to 0.0.28. The affected element is the function router.get of the file server/src/routes/auth.ts of the component Authentication Endpoint. Executing manipulation can lead to improper authorization. The attack can be executed remotely. The exploi...

6.5CVSS6.5AI score0.00323EPSS
Exploits1References1
EUVD
EUVD
added 2025/12/27 12:30 p.m.5 views

EUVD-2025-205474

A weakness has been identified in getmaxun maxun up to 0.0.28. The affected element is the function router.get of the file server/src/routes/auth.ts of the component Authentication Endpoint. Executing manipulation can lead to improper authorization. The attack can be executed remotely. The exploi...

6.5CVSS6.2AI score0.00323EPSS
Exploits1References5
NVD
NVD
added 2025/12/27 11:15 a.m.14 views

CVE-2025-15106

A weakness has been identified in getmaxun maxun up to 0.0.28. The affected element is the function router.get of the file server/src/routes/auth.ts of the component Authentication Endpoint. Executing manipulation can lead to improper authorization. The attack can be executed remotely. The exploi...

6.5CVSS0.00323EPSS
Exploits1References4
Vulnrichment
Vulnrichment
added 2025/12/27 10:32 a.m.4 views

CVE-2025-15106 getmaxun Authentication Endpoint auth.ts router.get improper authorization

A weakness has been identified in getmaxun maxun up to 0.0.28. The affected element is the function router.get of the file server/src/routes/auth.ts of the component Authentication Endpoint. Executing manipulation can lead to improper authorization. The attack can be executed remotely. The exploi...

6.5CVSS6.3AI score0.00323EPSS
Exploits1References4
Cvelist
Cvelist
added 2025/12/27 10:32 a.m.29 views

CVE-2025-15106 getmaxun Authentication Endpoint auth.ts router.get improper authorization

A weakness has been identified in getmaxun maxun up to 0.0.28. The affected element is the function router.get of the file server/src/routes/auth.ts of the component Authentication Endpoint. Executing manipulation can lead to improper authorization. The attack can be executed remotely. The exploi...

6.5CVSS0.00323EPSS
Exploits1References4
CVE
CVE
added 2025/12/27 10:32 a.m.25 views

CVE-2025-15106

The CVE-2025-15106 vulnerability affects the getmaxun project’s Authentication Endpoint, specifically the router.get in file server/src/routes/auth.ts. The underlying issue is improper authorization caused by manipulation of router.get, with remote exploit potential and a publicly available explo...

6.5CVSS6.3AI score0.00323EPSS
Exploits1References4Affected Software1
Positive Technologies
Positive Technologies
added 2025/12/27 12:0 a.m.11 views

PT-2025-53618

Name of the Vulnerable Software and Affected Versions getmaxun versions prior to 0.0.28 Description A weakness exists in the Authentication Endpoint component of getmaxun. Specifically, the router.get function within the server/src/routes/auth.ts file is susceptible to improper authorization due ...

6.5CVSS6.5AI score0.00323EPSS
Exploits1References10
Snyk
Snyk
added 2025/12/15 12:30 a.m.5 views

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the \authentication\ file. An attacker can inject and execute arbitrary scripts by submitting crafted input to the affected endpoint. Details Cross-site scripting or XSS is a code vulnerability that occurs...

6.1CVSS5.4AI score0.00399EPSS
Exploits1References2
GithubExploit
GithubExploit
added 2025/11/29 9:40 p.m.170 views

Exploit for CVE-2025-65899

CVE-2025-65899: Kalmia CMS v0.2.0 - is vulnerable to Observab...

7.3AI score0.00314EPSS
Exploits3
CNNVD
CNNVD
added 2025/11/05 12:0 a.m.12 views

WSO2多款产品 安全漏洞

WSO2 API Manager is an API lifecycle management solution, WSO2 Identity Server IS is an identity server, and WSO2 API Control Plane is a control panel. A security vulnerability exists in several WSO2 products that stems from a lack of output encoding on the authentication endpoint, which could le...

6.1CVSS6.2AI score0.00202EPSS
Exploits0References1
NVD
NVD
added 2025/10/30 4:15 p.m.16 views

CVE-2025-62712

JumpServer is an open source bastion host and an operation and maintenance security audit system. In JumpServer versions prior to v3.10.20-lts and v4.10.11-lts, an authenticated, non-privileged user can retrieve connection tokens belonging to other users via the super-connection API endpoint...

9.6CVSS0.00468EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/10/24 12:40 a.m.12 views

CVE-2025-56007

CRLF-injection in KeeneticOS before 4.3 at "/auth" API endpoint allows attackers to take over the device via adding additional users with full permissions by managing the victim to open page with exploit...

6.5CVSS6.8AI score0.00313EPSS
Exploits1References1
OSV
OSV
added 2025/10/23 3:15 p.m.2 views

CVE-2025-56007

CRLF-injection in KeeneticOS before 4.3 at "/auth" API endpoint allows attackers to take over the device via adding additional users with full permissions by managing the victim to open page with exploit...

6.5CVSS5.8AI score0.00313EPSS
Exploits1References2
CNNVD
CNNVD
added 2025/10/23 12:0 a.m.8 views

KeeneticOS 安全漏洞

KeeneticOS is an operating system from the German company Keenetic. A security vulnerability exists in KeeneticOS versions prior to 4.3, which stems from the presence of CRLF injection in the /auth API endpoint, which could lead to an attacker taking over the device by adding additional users wit...

6.5CVSS7AI score0.00313EPSS
Exploits1References3
CVE
CVE
added 2025/10/23 12:0 a.m.21 views

CVE-2025-56007

KeeneticOS prior to 4.3 is affected by a CRLF injection at the /auth API endpoint. The vulnerability allows an attacker to add new users with full permissions and take over the device, by tricking a victim into opening a page containing the exploit. Affected component is the /auth endpoint within...

6.5CVSS6.4AI score0.00313EPSS
Exploits1References3Affected Software1
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2023-59043

Malicious code in bioql PyPI...

6.1CVSS6.4AI score0.00433EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2024-54601

Malicious code in bioql PyPI...

6.1CVSS6.6AI score0.00223EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.17 views

EUVD-2025-24834

Malicious code in bioql PyPI...

9.8CVSS6.6AI score0.00428EPSS
Exploits0References2
CVE
CVE
added 2025/09/08 9:11 p.m.29 views

CVE-2025-57815

CVE-2025-57815 (Fides) describes a lack of anti-automation protections on the Admin UI login endpoint prior to version 2.69.1, enabling brute-force style credential testing (credential stuffing/password spraying) against accounts with weak or compromised passwords. Affected product: Fides (Open S...

6.5CVSS6.6AI score0.00277EPSS
Exploits0References3Affected Software1
Rows per page
Query Builder