Lucene search
K

872 matches found

RedhatCVE
RedhatCVE
added 2026/03/26 3:5 p.m.7 views

CVE-2025-15605

A hardcoded cryptographic key within the configuration mechanism on TP-Link Archer NX200, NX210, NX500 and NX600 enables decryption and re-encryption of device configuration data. An authenticated attacker may decrypt configuration files, modify them, and re-encrypt them, affecting the...

8.5CVSS5.8AI score0.00133EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/03/26 12:0 a.m.32 views

Frigate 安全漏洞

Frigate is a complete native NVR designed by Blake Blackshear for home assistants with AI object detection capabilities. Version 0.17.0 of Frigate contains a security vulnerability caused by improper access control, which may lead to the exposure of sensitive configuration information...

6.5CVSS5.8AI score0.00246EPSS
Exploits1References1
NVD
NVD
added 2026/03/25 4:16 p.m.6 views

CVE-2026-20115

A vulnerability in Cisco IOS XE Software for Cisco Meraki could allow a remote, unauthenticated attacker to view confidential device information. This vulnerability is due to a device configuration upload being performed over an insecure tunnel. An attacker could exploit this vulnerability by...

6.1CVSS0.00152EPSS
Exploits0References1
EUVD
EUVD
added 2026/03/23 6:30 p.m.12 views

EUVD-2025-208943

A hardcoded cryptographic key within the configuration mechanism on TP-Link Archer NX200, NX210, NX500 and NX600 enables decryption and re-encryption of device configuration data. An authenticated attacker may decrypt configuration files, modify them, and re-encrypt them, affecting the...

8.5CVSS5.8AI score0.00133EPSS
Exploits0References6
NVD
NVD
added 2026/03/23 6:16 p.m.25 views

CVE-2025-15605

A hardcoded cryptographic key within the configuration mechanism on TP-Link Archer NX200, NX210, NX500 and NX600 enables decryption and re-encryption of device configuration data. An authenticated attacker may decrypt configuration files, modify them, and re-encrypt them, affecting the...

8.5CVSS0.00133EPSS
Exploits0References5
CVE
CVE
added 2026/03/23 6:2 p.m.16 views

CVE-2025-15605

This CVE affects TP-Link Archer NX200, NX210, NX500, and NX600 models. The root cause is a hardcoded cryptographic key in the configuration encryption mechanism, enabling an attacker (authenticated, adjacent access) to decrypt, modify, and re-encrypt device configuration data, compromising confid...

8.5CVSS5.8AI score0.00133EPSS
Exploits0References5Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/03/23 4:26 a.m.6 views

CVE-2025-10736

The ReviewX – WooCommerce Product Reviews with Multi-Criteria, Reminder Emails, Google Reviews, Schema & More plugin for WordPress is vulnerable to unauthorized access of data due to improper authorization checks on the userAccessibility function in all versions up to, and including, 2.2.10. This...

6.5CVSS5.8AI score0.00171EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/03/23 12:0 a.m.7 views

PutYourLightsOn Sprig Plugin for Craft CMS 安全漏洞

PutYourLightsOn Sprig Plugin for Craft CMS is a plugin developed by the Austrian company PutYourLightsOn, designed for Craft CMS. It provides dynamic content updates and interactive features. Versions of the plugin prior to 2.15.2 and 3.15.2 contained security vulnerabilities. These vulnerabiliti...

5.5CVSS5.8AI score0.00253EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/03/23 12:0 a.m.9 views

TP-Link多款产品 安全漏洞

TP-LINK Archer is a series of routers produced by TP-LINK Corporation. Several TP-Link products have security vulnerabilities. These vulnerabilities stem from hard-coded encryption keys in the configuration mechanism, which may allow authenticated attackers to decrypt configuration files, modify...

8.5CVSS7.5AI score0.00133EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/03/23 12:0 a.m.10 views

PT-2026-27165

Name of the Vulnerable Software and Affected Versions TP-Link Archer NX200 TP-Link Archer NX210 TP-Link Archer NX500 TP-Link Archer NX600 Description A cryptographic key that is hardcoded into the configuration mechanism allows decryption and re-encryption of device configuration data. An...

8.5CVSS5.9AI score0.00133EPSS
Exploits0References7
NVD
NVD
added 2026/03/16 2:17 p.m.9 views

CVE-2017-20217

Serviio PRO 1.8 contains an information disclosure vulnerability due to improper access control enforcement in the Configuration REST API that allows unauthenticated attackers to access sensitive information. Remote attackers can send specially crafted requests to the REST API endpoints to retrie...

8.7CVSS0.00661EPSS
Exploits1References8
CVE
CVE
added 2026/03/16 12:0 p.m.16 views

CVE-2026-2462

Mattermost versions 11.3.x <= 11.3.0, 11.2.x <= 11.2.2, and 10.11.x

6.6CVSS6.4AI score0.00328EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2026/03/16 11:11 a.m.5 views

CVE-2026-2476 MS Teams plugin sensitive config values not properly masked in support packets

Mattermost Plugins versions =2.0.3.0 fail to properly mask sensitive configuration values which allows an attacker with access to support packets to obtain original plugin settings via exported configuration data. Mattermost Advisory ID: MMSA-2026-00606...

7.6CVSS5.8AI score0.0018EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/03/16 11:11 a.m.8 views

CVE-2026-2476

Mattermost Plugins versions =2.0.3.0 fail to properly mask sensitive configuration values which allows an attacker with access to support packets to obtain original plugin settings via exported configuration data. Mattermost Advisory ID: MMSA-2026-00606...

7.6CVSS5.8AI score0.0018EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/03/16 12:0 a.m.10 views

PT-2026-25680

Name of the Vulnerable Software and Affected Versions Mattermost Plugins versions through 2.0.3.0 Description The Mattermost plugins do not properly mask sensitive configuration values. This allows an attacker with access to support packets to obtain original plugin settings through exported...

7.6CVSS5.8AI score0.0018EPSS
Exploits0References9
Cvelist
Cvelist
added 2026/03/15 6:34 p.m.23 views

CVE-2017-20217 Serviio PRO 1.8 REST API Information Disclosure

Serviio PRO 1.8 contains an information disclosure vulnerability due to improper access control enforcement in the Configuration REST API that allows unauthenticated attackers to access sensitive information. Remote attackers can send specially crafted requests to the REST API endpoints to retrie...

8.7CVSS0.00661EPSS
Exploits1References8
Vulnrichment
Vulnrichment
added 2026/03/15 6:34 p.m.7 views

CVE-2017-20217 Serviio PRO 1.8 REST API Information Disclosure

Serviio PRO 1.8 contains an information disclosure vulnerability due to improper access control enforcement in the Configuration REST API that allows unauthenticated attackers to access sensitive information. Remote attackers can send specially crafted requests to the REST API endpoints to retrie...

8.7CVSS5.8AI score0.00661EPSS
Exploits1References8
CVE
CVE
added 2026/03/15 6:34 p.m.7 views

CVE-2017-20217

CVE-2017-20217 affects Serviio PRO 1.8 and related builds via an information-disclosure vulnerability in the Configuration REST API. The root cause is improper access-control enforcement, allowing unauthenticated remote attackers to send crafted REST requests and retrieve sensitive configuration ...

8.7CVSS5.8AI score0.00661EPSS
Exploits1References8
Vulnrichment
Vulnrichment
added 2026/03/13 1:11 p.m.4 views

CVE-2025-13779 Configuration Data Spill

Missing authentication for critical function vulnerability in ABB AWIN GW100 rev.2, ABB AWIN GW120.This issue affects AWIN GW100 rev.2: 2.0-0, 2.0-1; AWIN GW120: 1.2-0, 1.2-1...

8.3CVSS5.8AI score0.00285EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/03/13 1:11 p.m.28 views

CVE-2025-13779 Configuration Data Spill

Missing authentication for critical function vulnerability in ABB AWIN GW100 rev.2, ABB AWIN GW120.This issue affects AWIN GW100 rev.2: 2.0-0, 2.0-1; AWIN GW120: 1.2-0, 1.2-1...

8.3CVSS0.00285EPSS
Exploits0References1
Rows per page
Query Builder