Lucene search
K

311 matches found

Positive Technologies
Positive Technologies
added 2025/06/06 12:0 a.m.9 views

PT-2025-24081 · Idf +1 · Idf +1

Name of the Vulnerable Software and Affected Versions: IDF versions 0.10.0-0C03-03 ZLF versions 0.10.0-0C03-04 Description: A configuration error has been detected in cross-origin resource sharing CORS in the affected software. This issue can be exploited by authenticating to the device and...

5.3CVSS6.6AI score0.00282EPSS
Exploits0References4
Snyk
Snyk
added 2025/05/28 4:41 p.m.4 views

Exposure of Sensitive System Information to an Unauthorized Control Sphere

Overview Affected versions of this package are vulnerable to Exposure of Sensitive System Information to an Unauthorized Control Sphere due to improper server configuration that fails to restrict access to sensitive files. An attacker can view sensitive configuration data, including database...

6.3CVSS6.8AI score0.00104EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2025/05/23 9:30 a.m.7 views

CVE-2024-35116

IBM MQ 9.0 LTS, 9.1 LTS, 9.2 LTS, 9.3 LTS, and 9.3 CD is vulnerable to a denial of service attack caused by an error applying configuration changes. IBM X-Force ID: 290335...

7.5CVSS6.3AI score0.00702EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 11:35 p.m.5 views

CVE-2022-20258

In Bluetooth, there is a possible way to bypass compiler exploit mitigations due to a configuration error. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android I...

7.8CVSS6.8AI score0.001EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 9:47 p.m.8 views

CVE-2022-45778

https://www.hillstonenet.com.cn/ Hillstone Firewall SG-6000 = 5.0.4.0 is vulnerable to Incorrect Access Control. There is a permission bypass vulnerability in the Hillstone WEB application firewall. An attacker can enter the background of the firewall with super administrator privileges through a...

9.8CVSS6.9AI score0.0073EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 8:42 p.m.8 views

CVE-2021-39672

In fastboot, there is a possible secure boot bypass due to a configuration error. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android SoC Android ID: A-202018701...

7.8CVSS7.3AI score0.00133EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 7:11 p.m.6 views

CVE-2021-21728

A ZTE product has a configuration error vulnerability. Because a certain port is open by default, an attacker can consume system processing resources by flushing a large number of packets to the port, and successfully exploiting this vulnerability could reduce system processing capabilities. This...

5.3CVSS6.8AI score0.00957EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 10:33 a.m.8 views

CVE-2019-3428

The version V6.01.03.01 of ZTE ZXCDN IAMWEB product is impacted by a configuration error vulnerability. An attacker could directly access the management portal in HTTP, resulting in users’ information leakage...

6.5CVSS6.7AI score0.00885EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 3:34 a.m.8 views

CVE-2018-21229

Certain NETGEAR devices are affected by incorrect configuration of security settings. This affects R7500v2 before 1.0.3.20, R7800 before 1.0.2.38, WN3000RPv3 before 1.0.2.50, WNDR4300v2 before 1.0.0.50, and WNDR4500v3 before 1.0.0.50...

6.5CVSS7AI score0.00462EPSS
Exploits0References1
CVE
CVE
added 2025/05/09 6:45 a.m.92 views

CVE-2025-37876

The CVE-2025-37876 vulnerability affects the Linux kernel netfs subsystem. When CONFIG_NETFS_SUPPORTS=y is set but CONFIG_PROC_FS=n, netfs_init() can create /proc/fs/netfs, causing a kernel oops/BUG in mm/mempool.c and a crash. Root cause: /proc/fs/netfs is created without CONFIG_PROC_FS. Remedia...

5.5CVSS6.5AI score0.00226EPSS
Exploits0References3Affected Software1
Citrix
Citrix
added 2025/05/02 12:0 a.m.61 views

PVS configuration wizard error - Unable to communicate with license server

When upgrading the PVS farm to PVS 2402, PVS configuration wizard could not progress further if "Validate license server communication" was checked, displaying an error "Unable to communicate with the license server, or the license server version is not compatible with this version of Citrix...

7AI score
Exploits0
Cvelist
Cvelist
added 2025/04/16 7:45 a.m.17 views

CVE-2025-27571 Channel metadata visible in archived channels despite configuration setting

Mattermost versions 10.5.x = 10.5.1, 10.4.x = 10.4.3, 9.11.x = 9.11.9 fail to check the "Allow Users to View Archived Channels" configuration when fetching channel metadata of a post from archived channels, which allows authenticated users to access such information when a channel is archived...

4.3CVSS0.00239EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/03/31 12:55 p.m.17 views

CVE-2025-31611 WordPress Auto Post After Image Upload plugin <= 1.6 - Broken Access Control vulnerability

Missing Authorization vulnerability in Shaharia Azam Auto Post After Image Upload auto-post-after-image-upload allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Auto Post After Image Upload: from n/a through = 1.6...

4.3CVSS0.00219EPSS
Exploits0References1
OpenVAS
OpenVAS
added 2025/02/27 12:0 a.m.7 views

Mageia: Security Advisory (MGASA-2025-0082)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

6.1CVSS6.4AI score0.00149EPSS
Exploits0References4
CNNVD
CNNVD
added 2025/02/26 12:0 a.m.5 views

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in Linux kernel that stems from an integer overflow that could lead to a configuration error...

5.5CVSS5.6AI score0.00243EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2025/01/21 12:0 a.m.16 views

EulerOS 2.0 SP8 : openssl (EulerOS-SA-2025-1126)

According to the versions of the openssl packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : Issue summary: Calling the OpenSSL API function SSLselectnextproto with an empty supported client protocols buffer may cause a crash or memory...

9.1CVSS7.6AI score0.05582EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2024/11/20 12:0 a.m.4 views

Fedora 41 : llvm-test-suite (2024-6d9aba8c3c)

The remote Fedora 41 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2024-6d9aba8c3c advisory. Remove ClamAV subdirectory because of viruses in input files: These were the findings: MultiSource/Applications/ClamAV/inputs/rtf-test/rtf1.rtf:...

5.8AI score
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/11/01 2:18 p.m.13 views

CVE-2024-37203 WordPress Laybuy Payment Extension for WooCommerce plugin <= 5.3.9 - Broken Access Control vulnerability

Missing Authorization vulnerability in Laybuy Laybuy Payment Extension for WooCommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Laybuy Payment Extension for WooCommerce: from n/a through 5.3.9...

4.3CVSS6.9AI score0.00328EPSS
Exploits0References1
Citrix
Citrix
added 2024/10/10 12:0 a.m.21 views

Get-MonitorConfiguration returns an error after DDC/Site upgrade

When admin invokes a cmdlet: Get-MonitorConfiguration, the error is displayed: A database operation failed and could not be recovered : Reason ? CDF Control trace captured on the DDC shows the error: Monitor System Setting 'DisableGoogleAnalytics' exists in the database was loaded but not found i...

7AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2024/10/09 12:0 a.m.15 views

EulerOS 2.0 SP12 : openssl (EulerOS-SA-2024-2537)

According to the versions of the openssl packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : Issue summary: Calling the OpenSSL API function SSLselectnextproto with an empty supported client protocols buffer may cause a crash or memory...

9.1CVSS7.6AI score0.05582EPSS
Exploits1References2
Rows per page
Query Builder