Lucene search
K

19187 matches found

Vulnrichment
Vulnrichment
added 2025/10/14 4:53 p.m.2 views

CVE-2025-37132 Authenticated Remote Code Execution Vulnerability in AOS-10 GW and AOS-8 Controller/Mobility Conductor Web-Based Management Interface via Arbitrary File Write

An arbitrary file write vulnerability exists in the web-based management interface of both the AOS-10 GW and AOS-8 Controller/Mobility Conductor operating systems. Successful exploitation could allow an authenticated malicious actor to upload arbitrary files and execute arbitrary commands on the...

7.2CVSS7.1AI score0.00501EPSS
Exploits0References1
Snyk
Snyk
added 2025/10/14 3:43 p.m.3 views

Insufficiently Protected Credentials

Overview Affected versions of this package are vulnerable to Insufficiently Protected Credentials due to workflow-controller logging configuration with credentials in plaintext. An attacker can access sensitive credentials by reading pod logs if they have permissions to view logs in the affected...

8.5CVSS6.5AI score0.00441EPSS
Exploits0References2
NVD
NVD
added 2025/10/14 3:16 p.m.8 views

CVE-2025-62157

Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. Argo Workflows versions prior to 3.6.12 and versions 3.7.0 through 3.7.2 expose artifact repository credentials in plaintext in workflow-controller pod logs. An attacker with permissio...

8.5CVSS0.00441EPSS
Exploits0References3
Cvelist
Cvelist
added 2025/10/14 3:6 p.m.9 views

CVE-2025-62157 Argo Workflows exposes artifact repository credentials in workflow-controller logs

Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. Argo Workflows versions prior to 3.6.12 and versions 3.7.0 through 3.7.2 expose artifact repository credentials in plaintext in workflow-controller pod logs. An attacker with permissio...

8.5CVSS0.00441EPSS
Exploits0References3
CVE
CVE
added 2025/10/14 3:6 p.m.14 views

CVE-2025-62157

CVE-2025-62157 affects Argo Workflows. Vulnerable in versions prior to 3.6.12 and 3.7.0–3.7.2, where artifact repository credentials are exposed in plaintext in workflow-controller logs. An attacker with pod-log access in a namespace running Argo Workflows can read these credentials. Remediation:...

8.5CVSS6.3AI score0.00441EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2025/10/14 3:6 p.m.4 views

CVE-2025-62157 Argo Workflows exposes artifact repository credentials in workflow-controller logs

Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. Argo Workflows versions prior to 3.6.12 and versions 3.7.0 through 3.7.2 expose artifact repository credentials in plaintext in workflow-controller pod logs. An attacker with permissio...

8.5CVSS6.7AI score0.00441EPSS
Exploits0References5
EUVD
EUVD
added 2025/10/14 9:14 a.m.6 views

EUVD-2011-5261

A vulnerability has been identified in SIMATIC S7-1200 CPU V1 family incl. SIPLUS variants All versions V2.0.2, SIMATIC S7-1200 CPU V2 family incl. SIPLUS variants All versions V2.0.2. Affected controllers are vulnerable to capture-replay in the communication with the engineering software. This...

8.3CVSS7AI score0.00288EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/10/14 8:35 a.m.2 views

CVE-2025-41699 Phoenix Contact: Security Advisory for CHARX SEC-3xxx charging controllers

An low privileged remote attacker with an account for the Web-based management can change the system configuration to perform a command injection as root, resulting in a total loss of confidentiality, availability and integrity due to improper control of generation of code 'Code Injection'...

8.8CVSS7.3AI score0.00881EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/10/14 12:0 a.m.5 views

PT-2025-41985

Arbitrary file download vulnerabilities exist in the CLI binary of AOS-10 GW and AOS-8 Controller/Mobility Conductor operating systems. Successful exploitation could allow an authenticated malicious actor to download arbitrary files through carefully constructed exploits...

4.9CVSS6.9AI score0.00319EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/10/14 12:0 a.m.5 views

PT-2025-41893

Name of the Vulnerable Software and Affected Versions Studio 5000 Logix Designer affected versions not specified Description A security issue exists that can lead to a denial-of-service condition. This is caused by providing invalid values to Component Object Model COM methods. The vulnerability...

8.7CVSS6.2AI score0.00345EPSS
Exploits0References5
CNNVD
CNNVD
added 2025/10/14 12:0 a.m.5 views

Creativeitem Academy LMS 安全漏洞

Creativeitem Academy LMS is an online learning management system from Creativeitem Bangladesh. A security vulnerability exists in Creativeitem Academy LMS version 5.13 and earlier, which stems from a lack of role validation in the Apiinstructor controller, which could lead to elevation of privile...

6.5CVSS6.6AI score0.00263EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2025/10/14 12:0 a.m.4 views

PT-2025-41981

Arbitrary file deletion vulnerabilities have been identified in the command-line interface of an AOS-8 Controller/Mobility Conductor. Successful exploitation of these vulnerabilities could allow an authenticated remote malicious actor to delete arbitrary files within the affected system...

6.5CVSS7.1AI score0.00333EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/10/14 12:0 a.m.3 views

Rockwell Automation ArmorStart AOP 安全漏洞

Rockwell Automation ArmorStart AOP is a distributed motor controller from Rockwell Automation. The Rockwell Automation ArmorStart AOP suffers from a denial of service vulnerability that originates from entering an invalid value into a COM method, which can be exploited by an attacker to cause a...

8.7CVSS6.7AI score0.00345EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/10/14 12:0 a.m.5 views

PT-2025-41980

Arbitrary file deletion vulnerabilities have been identified in the command-line interface of an AOS-8 Controller/Mobility Conductor. Successful exploitation of these vulnerabilities could allow an authenticated remote malicious actor to delete arbitrary files within the affected system...

6.5CVSS7.1AI score0.00333EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/10/14 12:0 a.m.4 views

Argo Workflows 安全漏洞

Argo Workflows is an open source container-native workflow engine for Kubernetes from the Argo project. A security vulnerability exists in Argo Workflows versions prior to 3.6.12 and versions 3.7.0 through 3.7.2, which stems from workflow-controller pod logs exposing workware repository credentia...

8.5CVSS6.3AI score0.00441EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2025/10/14 12:0 a.m.4 views

PT-2025-41988

Name of the Vulnerable Software and Affected Versions AOS-10 GW affected versions not specified AOS-8 Controller/Mobility Conductor affected versions not specified Description An issue exists in a low-level interface library that could allow an authenticated malicious actor to download arbitrary...

4.9CVSS6.4AI score0.00409EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2025/10/14 12:0 a.m.4 views

PT-2025-41978

Name of the Vulnerable Software and Affected Versions AOS-8 Controller/Mobility Conductor affected versions not specified Description An authenticated command injection flaw exists in the CLI binary of the AOS-8 Controller/Mobility Conductor operating system. Successful exploitation could allow a...

7.2CVSS7.4AI score0.01274EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2025/10/14 12:0 a.m.4 views

PT-2025-41934

Name of the Vulnerable Software and Affected Versions Creativeitem Academy LMS versions up to and including 5.13 Description A privilege escalation issue exists in the Api instructor controller. Authenticated users without the necessary permissions can access functions intended only for...

6.5CVSS6.6AI score0.00263EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2025/10/14 12:0 a.m.5 views

PT-2025-41984

Arbitrary file download vulnerabilities exist in the CLI binary of AOS-10 GW and AOS-8 Controller/Mobility Conductor operating systems. Successful exploitation could allow an authenticated malicious actor to download arbitrary files through carefully constructed exploits...

4.9CVSS6.9AI score0.00319EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/10/14 12:0 a.m.5 views

PT-2025-41977

Name of the Vulnerable Software and Affected Versions AOS-8 Controller/Mobility Conductor affected versions not specified Description An authenticated command injection flaw exists in the Command Line Interface CLI binary. Exploitation allows an attacker with valid credentials to execute arbitrar...

7.2CVSS7.6AI score0.01274EPSS
Exploits0References3
Rows per page
Query Builder