Lucene search
K

407 matches found

EUVD
EUVD
added 2026/02/25 9:30 a.m.7 views

EUVD-2026-8630

The WPGSI: Spreadsheet Integration plugin for WordPress is vulnerable to unauthorized modification and loss of data due to missing capability checks and an insecure authentication mechanism on the wpgsicallBackFuncAccept and wpgsicallBackFuncUpdate REST API functions in all versions up to, and...

7.5CVSS5.7AI score0.00357EPSS
Exploits0References9
CNNVD
CNNVD
added 2026/02/25 12:0 a.m.8 views

Linksys MR9600 安全漏洞

The Linksys MR9600 is a wireless router produced by the American company Linksys. Both the Linksys MR9600 version 1.0.4.205530 and the Linksys MX4200 version 1.0.13.210200 have security vulnerabilities. These vulnerabilities stem from the lack of authentication, which may lead to the disclosure o...

6.2CVSS5.8AI score0.00138EPSS
Exploits0References2
GithubExploit
GithubExploit
added 2026/02/14 3:16 p.m.162 views

host-based-vulnerability-assessments

Host-Based Vulnerability Assessments Overview This reposi...

6.4AI score
Exploits0
EUVD
EUVD
added 2026/01/26 10:3 a.m.7 views

EUVD-2025-206352

Multiple hardcoded credentials have been identified, which are allowed to sign-in to the exos 9300 datapoint server running on port 1004 and 1005. This server is used for relaying status information from and to the Access Managers. This information, among other things, is used to graphically...

9.3CVSS6AI score0.00759EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/01/26 12:0 a.m.6 views

Dormakaba Access Manager security vulnerabilities

The Dormakaba Access Manager is a smart hardware controller developed by the American company Dormakaba. There is a security vulnerability in the Dormakaba Access Manager, which stems from authentication based on the source IP address, potentially allowing IP address spoofing attacks to occur...

7.7CVSS5.8AI score0.00572EPSS
Exploits0References4
NVD
NVD
added 2026/01/23 12:15 a.m.9 views

CVE-2025-9290

An authentication weakness was identified in Omada Controllers, Gateways and Access Points, controller-device adoption due to improper handling of random values. Exploitation requires advanced network positioning and allows an attacker to intercept adoption traffic and forge valid authentication...

6CVSS0.00201EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/01/22 11:14 p.m.28 views

CVE-2025-9290 Authentication Weakness on Omada Controllers, Gateways and Access Points

An authentication weakness was identified in Omada Controllers, Gateways and Access Points, controller-device adoption due to improper handling of random values. Exploitation requires advanced network positioning and allows an attacker to intercept adoption traffic and forge valid authentication...

6CVSS0.00201EPSS
Exploits0References3
CVE
CVE
added 2026/01/22 11:14 p.m.36 views

CVE-2025-9290

CVE-2025-9290 describes an authentication weakness in Omada Controllers, Gateways, and Access Points related to improper handling of random values during controller-device adoption. The vulnerability could allow an attacker with adjacent network access to intercept adoption traffic and forge vali...

6CVSS5.5AI score0.00201EPSS
Exploits0References3Affected Software1
Positive Technologies
Positive Technologies
added 2026/01/22 12:0 a.m.29 views

PT-2026-4304

Name of the Vulnerable Software and Affected Versions Omada Controllers, Gateways and Access Points affected versions not specified Description An authentication weakness exists in Omada Controllers, Gateways, and Access Points related to controller-device adoption. This is due to improper handli...

6CVSS5.8AI score0.00201EPSS
Exploits0References9
CVE
CVE
added 2026/01/15 11:25 p.m.19 views

CVE-2021-47801

Vianeos OctoPUS 5 is affected by a time-based blind SQL injection in the login_user parameter during authentication requests. The vulnerability allows crafted POST requests with SQL payloads that trigger database sleep functions to extract information. Root cause is a time-based blind SQLi flaw i...

8.8CVSS7.8AI score0.0035EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/01/09 11:36 a.m.4 views

CVE-2021-41638

The authentication checks of the MELAG FTP Server in version 2.2.0.4 are incomplete, which allows a remote attacker to access local files only by using a valid username...

7.5CVSS6.8AI score0.01615EPSS
Exploits1References1
Cvelist
Cvelist
added 2025/12/27 9:2 a.m.23 views

CVE-2025-15105 getmaxun auth.ts hard-coded key

A security flaw has been discovered in getmaxun maxun up to 0.0.28. Impacted is an unknown function of the file /getmaxun/maxun/blob/develop/server/src/routes/auth.ts. Performing manipulation of the argument apikey results in use of hard-coded cryptographic key . Remote exploitation of the attack...

6.3CVSS0.00458EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2025/12/19 12:0 a.m.6 views

PT-2025-52522

Name of the Vulnerable Software and Affected Versions Ever Gauzy version 0.281.9 Description The software contains a JWT authentication issue due to a weak HMAC secret key implementation. This allows attackers to exploit the exposed JWT token to authenticate and gain unauthorized access,...

9.8CVSS6.7AI score0.0032EPSS
Exploits0References10
Positive Technologies
Positive Technologies
added 2025/12/09 12:0 a.m.6 views

PT-2025-49765

The SAP Internet Communication Framework does not conduct any authentication checks for features that need user identification allowing an attacker to reuse authorization tokens, violating secure authentication practices causing low impact on Confidentiality, Integrity and Availability of the...

6.6CVSS7.1AI score0.0031EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/12/03 12:0 a.m.5 views

Splunk Cloud Platform和Splunk Enterprise 安全漏洞

Splunk Cloud Platform and Splunk Enterprise are both products of Splunk Corporation, U.S.A. Splunk Cloud Platform is a powerful data collection, processing, and analytics service.Splunk Enterprise is a suite of data collection and analytics software. A security vulnerability exists in Splunk Clou...

5.3CVSS7.1AI score0.00352EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2025/10/28 12:0 a.m.4 views

Siemens Industrial Edge Devices Weak Authentication (CVE-2024-54092)

Affected devices do not properly enforce user authentication on specific API endpoints when identity federation is used. This could facilitate an unauthenticated remote attacker to circumvent authentication and impersonate a legitimate user. Successful exploitation requires that identity federati...

9.8CVSS6.1AI score0.00744EPSS
Exploits0References5
CNVD
CNVD
added 2025/10/24 12:0 a.m.3 views

WordPress Plugin Captcha.eu Server-Side Request Forgery Attack Vulnerability

WordPress Plugin Captcha.eu is a CAPTCHA plugin for the WordPress platform, which is mainly used to prevent bots from attacking and is also compliant with GDPR General Data Protection Regulation. WordPress Plugin Captcha.eu suffers from a server-side request forgery attack vulnerability that stem...

5.3CVSS7.1AI score0.00195EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/10/22 12:0 a.m.3 views

CVE-2025-62774

On Mercku M6a devices through 2.1.0, the authentication system uses predictable session tokens based on timestamps...

3.1CVSS6.8AI score0.00178EPSS
Exploits0References2
BDU FSTEC
BDU FSTEC
added 2025/10/21 12:0 a.m.3 views

The vulnerability of Moxa network device software of the EDR-G9010, EDR-8010, EDF-G1002-BP, TN-4900, NAT-102, NAT-108, and OnCell G4302-LTE4 series is related to deficiencies in authentication mechanisms. This allows unauthorized individuals to gain access to protected information.

The vulnerability of Moxa network devices with microprogrammed software, such as EDR-G9010, EDR-8010, EDG-G1002-BP, TN-4900, NAT-102, NAT-108, and OnCell G4302-LTE4, is related to deficiencies in authentication mechanisms. Exploiting this vulnerability can allow unauthorized actors to gain...

10CVSS5.8AI score0.00637EPSS
Exploits0References2Affected Software7
OSV
OSV
added 2025/10/17 9:15 p.m.5 views

CVE-2025-62650

The Restaurant Brands International RBI assistant platform through 2025-09-06 relies on client-side authentication for use of the diagnostic screen...

9.9CVSS5.8AI score0.00479EPSS
Exploits0References5
Rows per page
Query Builder