Lucene search
K

152 matches found

CNNVD
CNNVD
added 2025/09/02 12:0 a.m.4 views

Copeland E3 Supervisory Control 安全漏洞

Copeland E3 Supervisory Control is an industrial equipment control system from Copeland, USA. A security vulnerability exists in Copeland E3 Supervisory Control versions prior to 2.31F01, which stems from client-side hash authentication and could lead to authentication via password hashing...

7.5CVSS7AI score0.00282EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/07/08 12:0 a.m.4 views

IBM OpenPages with Watson 安全漏洞

IBM OpenPages with Watson is an AI-powered financial risk analytics solution from International Business Machines IBM. The platform is based on AI technology to predict risk factors and minimize risk in financial activities by integrating, automatically identifying, measuring, monitoring,...

6.5CVSS6.5AI score0.00221EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/05/30 12:53 a.m.13 views

CVE-2025-48925

The TeleMessage service through 2025-05-05 relies on the client side e.g., the TM SGNL app to do MD5 hashing, and then accepts the hash as the authentication credential...

4.3CVSS6.7AI score0.00233EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/05/28 12:0 a.m.6 views

CVE-2025-48925

The TeleMessage service through 2025-05-05 relies on the client side e.g., the TM SGNL app to do MD5 hashing, and then accepts the hash as the authentication credential...

4.3CVSS6.7AI score0.00233EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 9:21 p.m.7 views

CVE-2021-41286

Omikron MultiCash Desktop 4.00.008.SP5 relies on a client-side authentication mechanism. When a user logs into the application, the validity of the password is checked locally. All communication to the database backend is made via the same technical account. Consequently, an attacker can attach a...

7.8CVSS7.3AI score0.00227EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/22 8:36 p.m.7 views

CVE-2021-35193

Patterson Application Service in Patterson Eaglesoft 18 through 21 accepts the same certificate authentication across different customers' installations that have the same software version. This provides remote access to SQL database credentials. In the normal use of the product, retrieving those...

7.5CVSS7.2AI score0.0117EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 6:22 p.m.6 views

CVE-2021-23196

The web application on Agilia Link+ version 3.0 implements authentication and session management mechanisms exclusively on the client-side and does not protect authentication attributes sufficiently...

9.8CVSS7.1AI score0.00909EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 3:22 p.m.10 views

CVE-2020-25251

An issue was discovered in Hyland OnBase 16.0.2.83 and below, 17.0.2.109 and below, 18.0.0.37 and below, 19.8.16.1000 and below and 20.3.10.1000 and below. Client-side authentication is used for critical functions such as adding users or retrieving sensitive information...

9.1CVSS7.2AI score0.01216EPSS
Exploits0
NVD
NVD
added 2025/03/31 5:15 a.m.25 views

CVE-2025-24517

Use of client-side authentication issue exists in CHOCO TEI WATCHER mini IB-MCT001 all versions. If this issue is exploited, a remote attacker may obtain the product login password without authentication...

7.5CVSS0.00787EPSS
Exploits0References4
CVE
CVE
added 2025/03/31 4:48 a.m.58 views

CVE-2025-24517

CVE-2025-24517 affects CHOCO TEI WATCHER mini (IB-MCT001) all versions, with a use of client-side authentication vulnerability (CWE-603). A remote attacker could obtain the product login password without authentication, per multiple sources. The connected documents confirm the issue and its impac...

7.5CVSS7.4AI score0.00787EPSS
Exploits0References4
Cvelist
Cvelist
added 2025/03/31 4:48 a.m.33 views

CVE-2025-24517

Use of client-side authentication issue exists in CHOCO TEI WATCHER mini IB-MCT001 all versions. If this issue is exploited, a remote attacker may obtain the product login password without authentication...

7.5CVSS0.00787EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2025/03/31 4:48 a.m.5 views

CVE-2025-24517

Use of client-side authentication issue exists in CHOCO TEI WATCHER mini IB-MCT001 all versions. If this issue is exploited, a remote attacker may obtain the product login password without authentication...

7.5CVSS7.8AI score0.00787EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2025/03/28 12:0 a.m.3 views

PT-2025-13437 · Unknown · Choco Tei Watcher Mini

Name of the Vulnerable Software and Affected Versions: CHOCO TEI WATCHER mini IB-MCT001 all versions Description: A use of client-side authentication issue exists, allowing a remote attacker to obtain the product login password without authentication if exploited. Recommendations: For CHOCO TEI...

7.5CVSS6.5AI score0.00787EPSS
Exploits0References12
RedhatCVE
RedhatCVE
added 2025/02/05 8:34 p.m.14 views

CVE-2022-31463

Owl Labs Meeting Owl 5.2.0.15 does not require a password for Bluetooth commands, because only client-side authentication is used...

8.2CVSS8.6AI score0.00967EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/02/05 3:38 a.m.10 views

CVE-2024-45785

MUSASI version 3 contains an issue with use of client-side authentication. If this vulnerability is exploited, other users' credential and sensitive information may be retrieved...

7.5CVSS6.5AI score0.00425EPSS
Exploits0References1
Veracode
Veracode
added 2025/01/02 9:6 a.m.7 views

Incorrect Access Control

oqtane.framework is vulnerable to Incorrect Access Control. The vulnerability is due to relying on client-side information for authentication and the absence of server-side validation, which allows attackers to manipulate parameters like entityid and bypass security controls...

7.5CVSS7.3AI score0.00447EPSS
Exploits0References4Affected Software2
Github Security Blog
Github Security Blog
added 2024/12/20 6:31 p.m.14 views

Oqtane Framework Incorrect Access Control vulnerability

Oqtane Framework 6.0.0 is vulnerable to Incorrect Access Control. By manipulating the entityid parameter, attackers can bypass passcode validation and successfully log into the application or access restricted data without proper authorization. The lack of server-side validation exacerbates the...

7.5CVSS6.7AI score0.00447EPSS
Exploits0References4Affected Software2
Positive Technologies
Positive Technologies
added 2024/11/07 12:0 a.m.6 views

PT-2024-10737 · Alecto +5 · Alecto Ivm-100 +6

Name of the Vulnerable Software and Affected Versions: Alecto IVM-100 2019-11-12 Tk-star nan affected versions not specified Svakom Nan affected versions not specified Alecto nan affected versions not specified Loven nan affected versions not specified Sannce products affected versions not...

9.8CVSS7.7AI score0.00861EPSS
Exploits0References19
NVD
NVD
added 2024/10/25 8:15 a.m.28 views

CVE-2024-45785

MUSASI version 3 contains an issue with use of client-side authentication. If this vulnerability is exploited, other users' credential and sensitive information may be retrieved...

7.5CVSS0.00425EPSS
Exploits0References1
OSV
OSV
added 2024/10/25 8:15 a.m.1 views

CVE-2024-45785

MUSASI version 3 contains an issue with use of client-side authentication. If this vulnerability is exploited, other users' credential and sensitive information may be retrieved...

7.5CVSS5.7AI score0.00425EPSS
Exploits0References1
Rows per page
Query Builder