Lucene search
K

9293 matches found

Vulnrichment
Vulnrichment
added 2025/05/22 2:16 p.m.5 views

CVE-2025-32915 Sensitive data exposed during automatic agent updates

Packages downloaded by Checkmk's automatic agent updates on Linux and Solaris have incorrect permissions in Checkmk 2.4.0p1, 2.3.0p32, 2.2.0p42 and = 2.1.0p49 EOL. This allows a local attacker to read sensitive data...

4.3CVSS6AI score0.0012EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 10:24 a.m.7 views

CVE-2019-10120

On eQ-3 HomeMatic CCU2 devices before 2.41.8 and CCU3 devices before 3.43.16, automatic login configuration aka setAutoLogin can be achieved by continuing to use a session ID after a logout, aka HMCCU-154...

8.8CVSS7AI score0.01283EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 10:20 a.m.7 views

CVE-2019-15310

An issue was discovered on various devices via the Linkplay firmware. There is WAN remote code execution without user interaction. An attacker could retrieve the AWS key from the firmware and obtain full control over Linkplay's AWS estate, including S3 buckets containing device firmware. When...

10CVSS8.6AI score0.08257EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 10:2 a.m.21 views

CVE-2019-17572

In Apache RocketMQ 4.2.0 to 4.6.0, when the automatic topic creation in the broker is turned on by default, an evil topic like “../../../../topic2020” is sent from rocketmq-client to the broker, a topic folder will be created in the parent directory in brokers, which leads to a directory traversa...

5.3CVSS6.7AI score0.02985EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 5:38 a.m.4 views

CVE-2017-15204

In Kanboard before 1.0.47, by altering form data, an authenticated user can add automatic actions to a private project of another user...

4.3CVSS4.8AI score0.00973EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/05/22 12:0 a.m.1 views

wire-webapp 安全漏洞

wire-webapp is an open source application from Wire Swiss. A security vulnerability exists in wire-webapp versions prior to 2025-05-20-production.0, which stems from a session not being expired correctly, which could lead to automatic re-logins...

5.6CVSS6.4AI score0.00123EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/05/22 12:0 a.m.3 views

PT-2025-22515 · Wire · Wire-Webapp

Name of the Vulnerable Software and Affected Versions: wire-webapp versions 2025-05-14-production.0 through 2025-05-20-production.0 Description: The issue is related to a regression in the session invalidation process. When a user logs out of the Wire webapp, they could be automatically logged in...

5.6CVSS6AI score0.00123EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2025/05/18 4:2 p.m.18 views

CVE-2025-39511

Missing Authorization vulnerability in ValvePress Pinterest Automatic Pin wp-pinterest-automatic allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Pinterest Automatic Pin: from n/a through = 4.19.0...

4.3CVSS7.2AI score0.00241EPSS
Exploits0References1
NVD
NVD
added 2025/05/16 4:15 p.m.10 views

CVE-2025-39511

Missing Authorization vulnerability in ValvePress Pinterest Automatic Pin wp-pinterest-automatic allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Pinterest Automatic Pin: from n/a through = 4.19.0...

4.3CVSS0.00241EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/05/16 3:45 p.m.18 views

CVE-2025-39511 WordPress Pinterest Automatic Pin plugin <= 4.19.0 - Broken Access Control Vulnerability

Missing Authorization vulnerability in ValvePress Pinterest Automatic Pin wp-pinterest-automatic allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Pinterest Automatic Pin: from n/a through = 4.19.0...

4.3CVSS0.00241EPSS
Exploits0References1
CVE
CVE
added 2025/05/16 3:45 p.m.29 views

CVE-2025-39511

CVE-2025-39511 refers to a Missing Authorization / Broken Access Control vulnerability in the WordPress plugin Pinterest Automatic Pin (ValvePress). Affected versions are reported as n/a through 4.18.2. The underlying issue is misconfigured access controls that could allow unauthorized access or ...

4.3CVSS7.2AI score0.00241EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/05/16 3:45 p.m.9 views

CVE-2025-39511 WordPress Pinterest Automatic Pin <= 4.18.2 - Broken Access Control Vulnerability

Missing Authorization vulnerability in ValvePress Pinterest Automatic Pin allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Pinterest Automatic Pin: from n/a through 4.18.2...

4.3CVSS6.9AI score0.00241EPSS
Exploits0References1
Patchstack
Patchstack
added 2025/05/16 12:50 p.m.8 views

WordPress Pinterest Automatic Pin plugin <= 4.19.0 - Broken Access Control Vulnerability

Broken Access Control Vulnerability discovered by Anhchangmutrang in WordPress Plugin Pinterest Automatic Pin versions = 4.19.0...

4.3CVSS8.2AI score0.00241EPSS
Exploits0Affected Software1
RedhatCVE
RedhatCVE
added 2025/05/16 12:57 a.m.15 views

CVE-2024-57273

Netgate pfSense CE prior to 2.8.0 beta release and corresponding Plus builds is vulnerable to Cross-site scripting XSS in the Automatic Configuration Backup ACB service, allowing remote attackers to execute arbitrary JavaScript, delete backups, or leak sensitive information via an unsanitized...

5.4CVSS6.5AI score0.01138EPSS
Exploits1References1
CNNVD
CNNVD
added 2025/05/16 12:0 a.m.2 views

WordPress plugin Pinterest Automatic Pin 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plug-in. A security vulnerability...

4.3CVSS6AI score0.00241EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2025/05/16 12:0 a.m.4 views

PT-2025-21703 · Valvepress · Valvepress Pinterest Automatic Pin

Name of the Vulnerable Software and Affected Versions: ValvePress Pinterest Automatic Pin versions n/a through 4.18.2 Description: The issue is related to a Missing Authorization vulnerability, which allows exploiting incorrectly configured access control security levels. Recommendations: For...

4.3CVSS5.4AI score0.00241EPSS
Exploits0References3
OSV
OSV
added 2025/05/14 5:15 p.m.12 views

CVE-2025-3877

Rejected reason: This CVE was marked as fixed, but due to other code landing - was not actually fixed. It was subsequently fixed in CVE-2025-5986...

6.3AI score
Exploits0References1
CVE
CVE
added 2025/05/14 4:56 p.m.103 views

CVE-2025-3877

CVE-2025-3877 is rejected/not used; this entry does not represent an active vulnerability.

6.4AI score
Exploits0
Debian CVE
Debian CVE
added 2025/05/14 4:56 p.m.8 views

CVE-2025-3877

Removed by vendor...

6.6AI score
Exploits0
NVD
NVD
added 2025/05/14 2:15 p.m.12 views

CVE-2024-57273

Netgate pfSense CE prior to 2.8.0 beta release and corresponding Plus builds is vulnerable to Cross-site scripting XSS in the Automatic Configuration Backup ACB service, allowing remote attackers to execute arbitrary JavaScript, delete backups, or leak sensitive information via an unsanitized...

5.4CVSS0.01138EPSS
Exploits1References4
Rows per page
Query Builder