Lucene search
K

644 matches found

CVE
CVE
added 2025/10/12 2:27 a.m.16 views

CVE-2025-31997

CVE-2025-31997 affects HCL Unica Centralized Offer Management. The vulnerability is an Insecure Direct Object Reference (IDOR) that could allow an unauthenticated or authorized user to bypass access controls and directly access resources (e.g., database records or files). Root cause is insecure o...

7.5CVSS6.6AI score0.00204EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2025/10/12 2:23 a.m.6 views

CVE-2025-31993 HCL Unica Centralized Offer Management is vulnerable to a potential Server-Side Request Forgery (SSRF)

HCL Unica Centralized Offer Management is vulnerable to a potential Server-Side Request Forgery SSRF. An attacker can exploit improper input validation by submitting maliciously crafted input to a target application running on a server...

3.5CVSS0.00217EPSS
Exploits0References1
CVE
CVE
added 2025/10/12 2:23 a.m.12 views

CVE-2025-31993

CVE-2025-31993 : HCL Unica Centralized Offer Management is vulnerable to a Server-Side Request Forgery (SSRF) due to improper input validation. An attacker can submit malicious input to a server-hosted application to trigger SSRF. The NVD entry assigns CVSSv3.1 base metrics of AV:N/AC:L/PR:N/UI:N...

9.8CVSS6.6AI score0.00217EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2025/10/12 2:23 a.m.3 views

CVE-2025-31993 HCL Unica Centralized Offer Management is vulnerable to a potential Server-Side Request Forgery (SSRF)

HCL Unica Centralized Offer Management is vulnerable to a potential Server-Side Request Forgery SSRF. An attacker can exploit improper input validation by submitting maliciously crafted input to a target application running on a server...

3.5CVSS6.6AI score0.00217EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/10/12 12:0 a.m.7 views

PT-2025-41702

Name of the Vulnerable Software and Affected Versions HCL Unica Centralized Offer Management affected versions not specified Description The software is susceptible to a Server-Side Request Forgery SSRF issue. This occurs due to improper input validation, allowing an attacker to submit malicious...

3.5CVSS6.4AI score0.00217EPSS
Exploits0References6
CNNVD
CNNVD
added 2025/10/12 12:0 a.m.6 views

HCL Unica Centralized Offer Management 安全漏洞

HCL Unica Centralized Offer Management is a module of HCL India responsible for the unified management and distribution of offers. A security vulnerability exists in HCL Unica Centralized Offer Management, which stems from mishandling of exceptions and could lead to disclosure of sensitive...

9.8CVSS7.6AI score0.00357EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/10/12 12:0 a.m.5 views

HCL Unica Centralized Offer Management 安全漏洞

HCL Unica Centralized Offer Management is a module of HCL India responsible for the unified management and distribution of offers. A security vulnerability exists in HCL Unica Centralized Offer Management that originates from an insecure direct object reference that could lead to unauthorized...

7.5CVSS6.6AI score0.00204EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/07 12:30 a.m.2 views

EUVD-2017-15217

Malware in sbrugna...

6.7CVSS6.6AI score0.0032EPSS
Exploits0References3
CNNVD
CNNVD
added 2025/10/07 12:0 a.m.4 views

Nozomi Networks Guardian/CMC SQL注入漏洞

Nozomi Networks Guardian/CMC is a centralized management console from Nozomi Networks, Inc. in the United States. Nozomi Networks Guardian/CMC suffers from a SQL injection vulnerability that stems from improper validation of input parameters, which could lead to a SQL injection attack...

6.5CVSS7.7AI score0.00223EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.3 views

EUVD-2023-38776

Malicious code in bioql PyPI...

4.8CVSS5.4AI score0.00413EPSS
Exploits1References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2022-28120

Malicious code in bioql PyPI...

9CVSS7AI score0.01112EPSS
Exploits0References1
Fedora
Fedora
added 2025/10/03 1:17 a.m.7 views

[SECURITY] Fedora 41 Update: freeipa-4.12.5-2.1.fc41

IPA is an integrated solution to provide centrally managed Identity users, hosts, services, Authentication SSO, 2FA, and Authorization host access control, SELinux user roles, services. The solution provides features for further integration with Linux based clients SUDO, automount and integration...

9.1CVSS6.9AI score0.00523EPSS
Exploits0
Fedora
Fedora
added 2025/10/03 12:18 a.m.7 views

[SECURITY] Fedora 43 Update: freeipa-4.12.5-2.fc43

IPA is an integrated solution to provide centrally managed Identity users, hosts, services, Authentication SSO, 2FA, and Authorization host access control, SELinux user roles, services. The solution provides features for further integration with Linux based clients SUDO, automount and integration...

9.1CVSS6.9AI score0.00523EPSS
Exploits0
Packet Storm News
Packet Storm News
added 2025/09/23 12:0 a.m.5 views

Centralized Vs. Decentralized Security for Space AI Systems? A New Look

This paper investigates the trade-off between centralized and decentralized security management in constellations of satellites to balance security and performance. We highlight three key AI architectures for automated security management: a centralized, b distributed and c federated. The...

6.9AI score
Exploits0
CNNVD
CNNVD
added 2025/09/14 12:0 a.m.2 views

LG Electronics AC Smart II 安全漏洞

LG Electronics AC Smart II is a centralized centralized controller for air conditioners from LG Electronics, a South Korean company. A security vulnerability exists in the LG Electronics AC Smart II that stems from a hidden form that allows unauthorized changes to the administrator's password,...

7.1CVSS6.7AI score0.00451EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2025/08/20 12:0 a.m.6 views

Linux Distros Unpatched Vulnerability : CVE-2024-11029

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw was found in the FreeIPA API audit, where it sends the whole FreeIPA command line to journalctl. As a consequence, during the FreeIPA installation proces...

5.5CVSS6AI score0.00226EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2025/08/19 11:33 a.m.11 views

Important: Red Hat Security Advisory: Red Hat Developer Hub 1.7.0 release.

Red Hat Developer Hub 1.7.0 has been released. Red Hat Developer Hub RHDH is Red Hat's enterprise-grade, self-managed, customizable developer portal based on Backstage.io. RHDH is supported on OpenShift and other major Kubernetes clusters AKS, EKS, GKE. The core features of RHDH include a single...

10CVSS6.6AI score0.00644EPSS
Exploits2References16
OSV
OSV
added 2025/08/19 5:43 a.m.4 views

BIT-JENKINS-2024-9453 Jenkins-image: sensitive data disclosure when using openshift jenkins image

A vulnerability was found in Red Hat OpenShift Jenkins. The bearer token is not obfuscated in the logs and potentially carries a high risk if those logs are centralized when collected. The token is typically valid for one year. This flaw allows a malicious user to jeopardize the environment if th...

6.5CVSS6.8AI score0.00344EPSS
Exploits0References3
Redos
Redos
added 2025/08/14 12:0 a.m.4 views

ROS-20250814-04

Vulnerability in the moddavsvn module of the Subversion centralized version control system is related to a bug in the path-based authorization rule lookup. Exploitation of the vulnerability allows an attacker acting remotely to cause a denial of service. remotely to cause a denial of service...

7.5CVSS7AI score0.09254EPSS
Exploits0
Packet Storm News
Packet Storm News
added 2025/08/03 12:0 a.m.4 views

Hard-Earned Lessons in Access Control at Scale: Enforcing Identity and Policy across Trust Boundaries with Reverse Proxies and MTLS

In today's enterprise environment, traditional access methods such as Virtual Private Networks VPNs and application-specific Single Sign-On SSO often fall short when it comes to securely scaling access for a distributed and dynamic workforce. This paper presents our experience implementing a...

6.8AI score
Exploits0
Rows per page
Query Builder