Lucene search
K

13 matches found

CVE
CVE
added 2026/05/08 11:55 a.m.18 views

CVE-2026-8076

CVE-2026-8076 concerns the CashDro 3 web administration panel (version 24.01.00.26). The identified issue is weak credentials enabling PIN-based authentication, which supports numeric PINs compatible with POS integrations dating back to 2012. This design allows an attacker to perform brute-force ...

9.3CVSS5.8AI score0.00324EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/05/23 3:15 a.m.3 views

CVE-2023-22636

An unauthorized configuration download vulnerability in FortiWeb 6.3.6 through 6.3.21, 6.4.0 through 6.4.2 and 7.0.0 through 7.0.4 may allow a local attacker to access confidential configuration files via a crafted http request...

7CVSS6.5AI score0.00163EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2024/05/22 12:0 a.m.28 views

Fortinet FortiWeb - Unauthorized Configuration Download (FG-IR-22-460)

The version of FortiWeb installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the FG-IR-22-460 advisory. - An unauthorized configuration download vulnerability in FortiWeb 6.3.6 through 6.3.21, 6.4.0 through 6.4.2 and 7.0.0 through...

7CVSS5AI score0.00163EPSS
Exploits0References2
NVD
NVD
added 2024/03/05 12:15 p.m.18 views

CVE-2023-45596

A CWE-425 “Direct Request 'Forced Browsing'” vulnerability in the “fileconfiguration” functionality of the web application allows a remote unauthenticated attacker to access confidential configuration files. This issue affects: AiLux imx6 bundle below version imx61.0.7-2...

5.3CVSS5.3AI score0.00487EPSS
Exploits0References1
CVE
CVE
added 2024/03/05 11:31 a.m.51 views

CVE-2023-45596

The CVE-2023-45596 issue affects AiLux imx6 bundle prior to version imx6_1.0.7-2. A CWE-425 Direct Request/Forced Browsing vulnerability in the web app’s file_configuration functionality allows remote unauthenticated access to confidential configuration files. Root cause: missing/weak authorizati...

5.3CVSS5.3AI score0.00487EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2024/03/05 11:31 a.m.12 views

CVE-2023-45596

A CWE-425 “Direct Request 'Forced Browsing'” vulnerability in the “fileconfiguration” functionality of the web application allows a remote unauthenticated attacker to access confidential configuration files. This issue affects: AiLux imx6 bundle below version imx61.0.7-2...

5.3CVSS5.3AI score0.00487EPSS
Exploits0References1
OSV
OSV
added 2023/06/13 9:15 a.m.4 views

CVE-2023-27465

A vulnerability has been identified in SIMOTION C240 All versions = V5.4 = V5.4 = V5.4 = V5.4 = V5.4 = V5.4 = V5.4 = V5.4 = V5.4, SIMOTION D445-2 DP/PN All versions = V5.4 = V5.4 = V5.4, SIMOTION P320-4 S All versions = V5.4. When operated with Security Level Low the device does not protect acces...

4.6CVSS6.1AI score0.00276EPSS
Exploits0References1
ICS
ICS
added 2023/06/13 12:0 a.m.30 views

Siemens SIMOTION

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories CERT Services | Services |...

4.6CVSS4.9AI score0.00276EPSS
Exploits0References12
CNNVD
CNNVD
added 2023/02/23 12:0 a.m.4 views

Fortinet FortiWeb 安全漏洞

Fortinet FortiWeb is a web application layer firewall from Fortinet that blocks threats such as cross-site scripting, SQL injection, cookie poisoning, schema poisoning and other attacks, secures web applications and protects sensitive database content. A security vulnerability exists that could b...

7CVSS7.1AI score0.00163EPSS
Exploits0References3
NVD
NVD
added 2022/01/19 1:15 a.m.20 views

CVE-2022-22152

A Protection Mechanism Failure vulnerability in the REST API of Juniper Networks Contrail Service Orchestration allows one tenant on the system to view confidential configuration details of another tenant on the same system. By utilizing the REST API, one tenant is able to obtain information on...

7.7CVSS0.0078EPSS
Exploits0References1
CNVD
CNVD
added 2022/01/19 12:0 a.m.23 views

Juniper Networks Contrail Service Orchestration Access Control Error Vulnerability

Juniper Networks Contrail Service Orchestration is a robust software platform from Juniper Networks USA, Inc. used to connect many enterprise and multi-tenant service provider solutions. Juniper Networks Contrail Service Orchestration suffers from an access control error vulnerability that stems...

7.7CVSS2.8AI score0.0078EPSS
Exploits0References1
BDU FSTEC
BDU FSTEC
added 2021/11/02 12:0 a.m.8 views

The vulnerability in the web interface of Cisco Firepower Management Center’s software management interface allows a perpetrator to gain unauthorized access to confidential configuration information.

The vulnerability of the Cisco Firepower Management Center’s software network management interface is related to errors in the encryption of confidential information stored in the graphical interface configuration console. Exploiting this vulnerability can allow an attacker to gain unauthorized...

4.3CVSS5.5AI score0.00271EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2020/08/12 2:15 p.m.4 views

CVE-2020-6297

Under certain conditions the upgrade of SAP Data Hub 2.7 to SAP Data Intelligence, version - 3.0, allows an attacker to access confidential system configuration information, that should otherwise be restricted, leading to Information Disclosure...

4.4CVSS6.4AI score0.00335EPSS
Exploits0References2
Rows per page
Query Builder