Lucene search
+L

64 matches found

NVD
NVD
added 2025/09/22 6:15 p.m.26 views

CVE-2025-57437

The Blackmagic Web Presenter HD firmware version 3.3 exposes sensitive information via an unauthenticated Telnet service on port 9977. When connected, the service reveals extensive device configuration data including: - Model, version, and unique identifiers - Network settings including IP, MAC,...

9.8CVSS0.00497EPSS
Exploits1References2
The Hacker News
The Hacker News
added 2025/05/15 2:28 p.m.27 views

Coinbase Agents Bribed, Data of ~1% Users Leaked; $20M Extortion Attempt Fails

Cryptocurrency exchange Coinbase has disclosed that unknown cyber actors broke into its systems and stole account data for a small subset of its customers. "Criminals targeted our customer support agents overseas," the company said in a statement. "They used cash offers to convince a small group ...

6.9AI score
Exploits0
OSV
OSV
added 2025/05/09 12:42 p.m.6 views

OESA-2025-1468 cobbler security update

Cobbler is a network install server. Cobbler supports PXE, ISO virtualized installs, and re-installing existing Linux machines. The last two modes use a helper tool, 'koan', that integrates with cobbler. Cobbler's advanced features include importing distributions from DVDs and rsync mirrors,...

9.8CVSS7.1AI score0.88482EPSS
Exploits1References6
Malwarebytes
Malwarebytes
added 2024/12/02 8:7 a.m.8 views

A week in security (November 25 – December 1)

Last week on Malwarebytes Labs: Printer problems? Beware the bogus help Data broker exposes 600,000 sensitive files including background checks Medical testing company LifeLabs failed to protect customer data, report finds Explained: the Microsoft connected experiences controversy Spotify, Audibl...

7.1AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2024/10/14 12:0 a.m.16 views

Splunk Enterprise 9.1.0 < 9.1.6, 9.2.0 < 9.2.3, 9.3.0 < 9.3.1 (SVD-2024-1008)

The version of Splunk installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the SVD-2024-1008 advisory. - In Splunk Enterprise versions below 9.3.1, 9.2.3, and 9.1.6, the software potentially exposes sensitive HTTP parameters to th...

4.9CVSS5.6AI score0.00488EPSS
Exploits0References2
CNNVD
CNNVD
added 2024/08/26 12:0 a.m.6 views

WordPress plugin Store Locator Plus 信息泄露漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. An information disclosure...

7.5CVSS6AI score0.00389EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2024/06/03 12:0 a.m.25 views

RHEL 7 : ansible (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - Ansible: Compromised remote hosts can lead to running commands on the Ansible controller CVE-2016-9587 - ...

8.1CVSS7.8AI score0.1765EPSS
Exploits5References4
Tenable Nessus
Tenable Nessus
added 2024/05/11 12:0 a.m.27 views

RHEL 7 : ansible (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - Ansible: Compromised remote hosts can lead to running commands on the Ansible controller CVE-2016-9587 - ...

7.8AI score0.1765EPSS
Exploits5References3
CNNVD
CNNVD
added 2024/02/20 12:0 a.m.7 views

Unisys Stealth Security Vulnerability

Unisys Stealth is a zero-trust security software from Unisys, Inc. A security vulnerability exists in Unisys Stealth version 5.3.062.0 that originates from allowing an attacker to view sensitive information via the Enterprise ManagementInstallermsi.log file...

7.5CVSS6.4AI score0.00468EPSS
Exploits0References2
Cvelist
Cvelist
added 2024/01/12 8:37 p.m.21 views

CVE-2023-49098 Reaction data for user notifications exposed in Discourse-reactions

Discourse-reactions is a plugin that allows user to add their reactions to the post. Data about a user's reaction notifications could be exposed. This vulnerability was patched in commit 2c26939...

3.5CVSS4.2AI score0.00307EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2023/07/13 7:6 p.m.16 views

CVE-2023-30565 CQI Data Sniffing

An insecure connection between Systems Manager and CQI Reporter application could expose infusion data to an attacker...

3.5CVSS7.1AI score0.00142EPSS
Exploits0References1
SUSE CVE
SUSE CVE
added 2023/02/15 3:25 a.m.4 views

SUSE CVE-2022-32210

Undici.ProxyAgent never verifies the remote server's certificate, and always exposes all request & response data to the proxy. This unexpectedly means that proxies can MitM all HTTPS traffic, and if the proxy's URL is HTTP then it also means that nominally HTTPS requests are actually sent via...

6.5CVSS9.3AI score0.0044EPSS
Exploits1References3
CNNVD
CNNVD
added 2023/02/03 12:0 a.m.5 views

BILTEMA IP CAM 安全漏洞

BILTEMA IP CAM is a client for plug-and-play IP cameras from BILTEMA. A security vulnerability exists in BILTEMA IP CAM version v124, which originates from an insecure direct object reference in the web server. An attacker can exploit this vulnerability to access sensitive information...

7.5CVSS7.4AI score0.00583EPSS
Exploits0References3
CNNVD
CNNVD
added 2022/10/03 12:0 a.m.9 views

Dapr Dashboard 访问控制错误漏洞

Dapr Dashboard is a web-based user interface for Dapr that allows users to view information, view logs of running Dapr applications, components, configurations, etc. Dapr Dashboard 0.1.0 and later, 0.10.0 and earlier versions have an access control error vulnerability that stems from the existenc...

7.5CVSS6.3AI score0.03026EPSS
Exploits1References2
OSV
OSV
added 2022/08/22 3:15 p.m.5 views

CVE-2022-34775

Tabit - Excessive data exposure. Another endpoint mapped by the tiny url, was one for reservation cancellation, containing the MongoDB ID of the reservation, and organization. This can be used to query the http://tgm-api.tabit.cloud/rsv/management/reservationId?organization=orgId API which return...

7.5CVSS5.8AI score0.00398EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2022/07/14 3:15 p.m.7 views

CVE-2022-32210

Undici.ProxyAgent never verifies the remote server's certificate, and always exposes all request & response data to the proxy. This unexpectedly means that proxies can MitM all HTTPS traffic, and if the proxy's URL is HTTP then it also means that nominally HTTPS requests are actually sent via...

6.5CVSS5.4AI score0.0044EPSS
Exploits1References3
Tenable Nessus
Tenable Nessus
added 2022/06/22 12:0 a.m.101 views

Cisco Identity Services Engine Authentication Bypass (cisco-sa-ISE-SAML-nuukMPf9)

A vulnerability in the login page of Cisco Identity Services Engine ISE could allow an unauthenticated, remote attacker to log in without credentials and access all roles without any restrictions. This vulnerability is due to exposed sensitive Security Assertion Markup Language SAML metadata. An...

9.8CVSS8.4AI score0.01045EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2021/11/05 7:41 p.m.6 views

CVE-2021-3774 Meross MSS550X Missing Encryption of Sensitive Data

Meross Smart Wi-Fi 2 Way Wall Switch MSS550X, on its 3.1.3 version and before, creates an open Wi-Fi Access Point without the required security measures in its initial setup. This could allow a remote attacker to obtain the Wi-Fi SSID as well as the password configured by the user from Meross app...

7.4CVSS7.3AI score0.00703EPSS
Exploits0References1
Prion
Prion
added 2021/09/02 5:15 p.m.28 views

Design/Logic Flaw

The Gutenberg Template Library & Redux Framework plugin = 4.2.11 for WordPress registered several AJAX actions available to unauthenticated users in the includes function in redux-core/class-redux-core.php that were unique to a given site but deterministic and predictable given that they were bas...

5CVSS5.2AI score0.28961EPSS
Exploits6References1Affected Software1
The Hacker News
The Hacker News
added 2021/03/30 6:21 a.m.51 views

MobiKwik Suffers Major Breach — KYC Data of 3.5 Million Users Exposed

Popular Indian mobile payments service MobiKwik on Monday came under fire after 8.2 terabytes TB of data belonging to millions of its users began circulating on the dark web in the aftermath of a major data breach that came to light earlier this month. The leaked data includes sensitive personal...

0.4AI score
Exploits0
Rows per page
Query Builder