Lucene search
+L

408 matches found

osv
osv
added 2025/10/17 9:15 p.m.5 views

CVE-2025-62650

The Restaurant Brands International RBI assistant platform through 2025-09-06 relies on client-side authentication for use of the diagnostic screen...

9.9CVSS5.8AI score0.00473EPSS
Exploits0References5
cnvd
cnvd
added 2025/10/16 12:0 a.m.3 views

Fortinet FortiPAM OS Command Injection Vulnerability (CNVD-2025-24146)

FortiPAM is Fortinet's privileged access management solution for centralized management of sensitive enterprise credentials. A security vulnerability exists in Fortinet FortiPAM that stems from an insufficiently strong authentication mechanism. An attacker could exploit the vulnerability to execu...

9.8CVSS7.5AI score0.00578EPSS
Exploits0References1
nessus
nessus
added 2025/10/14 12:0 a.m.4 views

Security Updates for Microsoft Exchange Server (October 2025)

The Microsoft Exchange Server installed on the remote host is missing a security update. It is, therefore, affected by multiple vulnerabilities as referenced in the October, 2025 security bulletin. - Weak authentication in Microsoft Exchange Server allows an authorized attacker to elevate...

8.8CVSS7.2AI score0.00943EPSS
Exploits0References6
nvd
nvd
added 2025/10/09 9:15 p.m.6 views

CVE-2025-61779

Confidential Containers's Trustee project contains tools and components for attesting confidential guests and providing secrets to them. In versions prior to 0.15.0, the attestation-policy endpoint didn't check if the kbs-client submitting the request was actually authenticated had the right key...

8.7CVSS0.00328EPSS
Exploits0References3
euvd
euvd
added 2025/10/07 12:30 a.m.4 views

EUVD-2019-8744

Malware in sbrugna...

9.4CVSS9.1AI score0.0165EPSS
Exploits0References3
euvd
euvd
added 2025/10/07 12:30 a.m.4 views

EUVD-2018-2429

Malware in sbrugna...

7CVSS6.9AI score0.00628EPSS
Exploits0References3
euvd
euvd
added 2025/10/07 12:30 a.m.8 views

EUVD-2019-8026

Malware in sbrugna...

9.8CVSS9.2AI score0.0137EPSS
Exploits0References2
euvd
euvd
added 2025/10/03 8:7 p.m.4 views

EUVD-2023-43674

Malicious code in bioql PyPI...

7.5CVSS7.6AI score0.00618EPSS
Exploits0References1
euvd
euvd
added 2025/10/03 8:7 p.m.6 views

EUVD-2022-26192

Malicious code in bioql PyPI...

6.5CVSS6.5AI score0.00891EPSS
Exploits0References1
euvd
euvd
added 2025/10/03 8:7 p.m.10 views

EUVD-2022-53191

Malicious code in bioql PyPI...

9.8CVSS9.3AI score0.01184EPSS
Exploits0References1
github
github
added 2025/09/15 8:30 p.m.11 views

Flowise has unsandboxed remote code execution via Custom MCP

Summary The Custom MCPs feature is designed to execute OS commands, for instance, using tools like npx to spin up local MCP Servers. However, Flowise's inherent authentication and authorization model is minimal and lacks role-based access controls RBAC. Furthermore, the default installation of...

7.8AI score
Exploits0References5Affected Software1
vulnrichment
vulnrichment
added 2025/08/19 12:0 a.m.6 views

CVE-2025-54336

In Plesk Obsidian 18.0.70, isAdminPasswordValid uses an == comparison. Thus, if the correct password is "0e" followed by any digit string, then an attacker can login with any other string that evaluates to 0.0 such as the 0e0 string. This occurs in admin/plib/LoginManager.php...

7.2AI score0.00475EPSS
Exploits0References3
vulnrichment
vulnrichment
added 2025/08/14 9:54 a.m.3 views

CVE-2025-8943 Unsupervised OS command execution leads to remote code execution by unauthenticated network attackers

The Custom MCPs feature is designed to execute OS commands, for instance, using tools like npx to spin up local MCP Servers. However, Flowise's inherent authentication and authorization model is minimal and lacks role-based access controls RBAC. Furthermore, in Flowise versions before 3.0.1 the...

9.8CVSS7.6AI score0.7231EPSS
Exploits3References1
cve
cve
added 2025/08/12 11:17 a.m.27 views

CVE-2025-40743

CVE-2025-40743 affects multiple Siemens SINUMERIK controllers (828D PPU.4, 828D PPU.5, 840D sl, MC, MC V1.15, ONE, ONE V6.15) with VNC access authentication that does not validate passwords sufficiently. This could enable unauthorized remote access to affected systems and potentially impact confi...

8.7CVSS7.8AI score0.00242EPSS
Exploits0References1
ptsecurity
ptsecurity
added 2025/08/12 12:0 a.m.3 views

PT-2025-32796

Name of the Vulnerable Software and Affected Versions Windows Installer versions affected versions not specified Description A weak authentication issue in Windows Installer allows an authorized attacker to elevate privileges locally. The vulnerability is related to an authentication bypass. A...

7.8CVSS6.9AI score0.00486EPSS
Exploits0References16
bdu_fstec
bdu_fstec
added 2025/08/11 12:0 a.m.16 views

The vulnerability in the web interface of the Cisco Identity Services Engine (ISE) management platform allows a perpetrator to access and modify data.

The vulnerability of the Cisco Identity Services Engine ISE’s web management interface is related to deficiencies in the authentication process. Exploiting this vulnerability could allow a malicious actor to gain access and modify data by sending a specially crafted HTTP request...

4.3CVSS5.5AI score0.00396EPSS
Exploits0References2Affected Software1
bdu_fstec
bdu_fstec
added 2025/08/08 12:0 a.m.9 views

The vulnerability of the Single Sign-On component in macOS operating systems allows a perpetrator to gain unauthorized access to confidential data.

The vulnerability of the Single Sign-On component in macOS operating systems is related to deficiencies in the authentication mechanism. Exploiting this vulnerability can allow attackers to gain unauthorized access to confidential data...

4CVSS5.5AI score0.00202EPSS
Exploits0References4Affected Software1
bdu_fstec
bdu_fstec
added 2025/08/08 12:0 a.m.8 views

The vulnerability of the SetDDNSSettings() function (/HNAP1/) of the DDNS Service component of the D-Link DIR-823G router’s software, which allows a hacker to circumvent security restrictions.

The vulnerability of the SetDDNSSettings function /HNAP1/ of the DDNS Service component of the D-Link DIR-823G router’s software stack is related to deficiencies in authentication procedures. Exploiting this vulnerability could allow a malicious actor to circumvent security restrictions from a...

7.5CVSS7.2AI score0.14005EPSS
Exploits1References6Affected Software1
bdu_fstec
bdu_fstec
added 2025/07/29 12:0 a.m.9 views

The vulnerability of the configuration of the Version Control System (VCS) of the Continuous Integration and Delivery Application Framework (CI/CD) tool JetBrains TeamCity allows a malicious individual to gain unauthorized access to protected information.

The vulnerability of the TeamCity VCS configuration in continuous integration and delivery systems is related to deficiencies in authentication procedures. Exploiting this vulnerability could allow a malicious actor to gain unauthorized access to protected information from a remote location...

4.3CVSS5.5AI score0.00211EPSS
Exploits0References2Affected Software1
bdu_fstec
bdu_fstec
added 2025/07/28 12:0 a.m.11 views

The vulnerability of the Git-based software platform for collaborative code development on GitLab stems from deficiencies in the authentication process, which allows unauthorized users to gain unauthorized access to protected information.

The vulnerability of the Git-based software platform for collaborative code development on GitLab is related to deficiencies in the authentication process. Exploiting this vulnerability could allow a malicious actor, operating remotely, to gain unauthorized access to protected information...

4.3CVSS5.6AI score0.00298EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder