CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

1215 matches found

ICS•added 2023/08/31 6:0 a.m.•120 views

PTC Kepware KepServerEX (Update A)

1. EXECUTIVE SUMMARY CVSS v3 6.3 ATTENTION : Exploitable remotely/low attack complexity Vendor : PTC Equipment : Kepware KepServerEX Vulnerabilities : Uncontrolled Search Path Element, Improper Input Validation, Insufficiently Protected Credentials 2. RISK EVALUATION Successful exploitation of...

7.8CVSS7.1AI score0.00071EPSS

Exploits0References10

Positive Technologies•added 2023/08/31 12:0 a.m.•2 views

PT-2023-5232 · Kepware · Kepserverex

Name of the Vulnerable Software and Affected Versions: KEPServerEX affected versions not specified Description: The issue is related to insufficient protection of credentials in KEPServerEX, allowing an adversary to capture user credentials due to the web server's use of basic authentication. Thi...

6.1CVSS5AI score0.00053EPSS

Exploits0References10

Vulnrichment•added 2023/08/25 8:31 p.m.•13 views

CVE-2023-40585 Unauthenticated access to Ironic API

ironic-image is a container image to run OpenStack Ironic as part of Metal³. Prior to version capm3-v1.4.3, if Ironic is not deployed with TLS and it does not have API and Conductor split into separate services, access to the API is not protected by any authentication. Ironic API is also listenin...

7.3CVSS7AI score0.0013EPSS

Exploits0References2

OSV•added 2023/08/17 9:19 p.m.•5 views

CVE-2023-40171 Dispatch writes JWT tokens in error message

Dispatch is an open source security incident management tool. The server response includes the JWT Secret Key used for signing JWT tokens in error message when the Dispatch Plugin - Basic Authentication Provider plugin encounters an error when attempting to decode a JWT token. Any Dispatch users...

9.1CVSS7.5AI score0.00128EPSS

Exploits1References6

Veracode•added 2023/08/06 7:56 p.m.•38 views

Authentication Bypass

gitlab is vulnerable to Authentication Bypass. The vulnerability allows an attacker to bypass 2FA for LDAP users and access some specific pages with Basic Authentication...

9.8CVSS6.9AI score0.0006EPSS

Exploits0References3Affected Software1

Snyk•added 2023/08/01 7:41 a.m.•3 views

Information Exposure

Overview logstash-core is a scalable log and event management tool. Affected versions of this package are vulnerable to Information Exposure. Elasticsearch Output plugin would log to file HTTP basic auth credentials when updating connections after sniffing. Remediation Upgrade logstash-core to...

6.5CVSS6.9AI score0.0028EPSS

Exploits0References2

Prion•added 2023/07/06 11:15 p.m.•14 views

Authentication flaw

The number of login attempts is not limited. This could allow an attacker to perform a brute force on HTTP basic authentication...

7.5CVSS9.3AI score0.00066EPSS

Exploits0References1

CVE•added 2023/07/06 10:53 p.m.•34 views

CVE-2023-33868

CVE-2023-33868 concerns an authentication flaw in PiiGAB M-Bus software (notably the 900S family). The root issue is an unlimited number of login attempts, enabling brute-force against HTTP basic authentication. Public sources (NVD, CVE list, PRION, ics-advisory) consistently describe this vulner...

9.8CVSS7.5AI score0.00066EPSS

Exploits0References1Affected Software1

Positive Technologies•added 2023/07/06 12:0 a.m.•2 views

PT-2023-24522 · Piigab · M-Bus Softwarepack +1

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided descriptions. Description: The issue concerns the lack of limitation on the number of login attempts, which could allow an attacker to perform a brute force attack on HTTP basic...

9.8CVSS9.3AI score0.00066EPSS

Exploits0References4