Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

8 matches found

CVE
CVEadded 2025/12/01 3:25 p.m.7 views

CVE-2024-45370

Talos reports CVE-2024-45370 as an authentication bypass in Socomec Easy Config System 2.6.1.0. The flaw arises in the User profile management module, where the application stores credentials in a local sqlite database. An attacker who has system access can modify the database to set passwordActi...

7.3CVSS6.4AI score0.00027EPSS
Exploits0References3
EUVD
EUVDadded 2025/12/01 3:25 p.m.2 views

EUVD-2024-55108

An authentication bypass vulnerability exists in the User profile management functionality of Socomec Easy Config System 2.6.1.0. A specially crafted database record can lead to unauthorized access. An attacker can modify a local database to trigger this vulnerability...

7.3CVSS6.3AI score0.00027EPSS
Exploits0References4
Vulnrichment
Vulnrichmentadded 2025/12/01 3:25 p.m.1 views

CVE-2024-45370

An authentication bypass vulnerability exists in the User profile management functionality of Socomec Easy Config System 2.6.1.0. A specially crafted database record can lead to unauthorized access. An attacker can modify a local database to trigger this vulnerability...

7.3CVSS6.4AI score0.00027EPSS
Exploits0References2
Positive Technologies
Positive Technologiesadded 2025/12/01 12:0 a.m.2 views

PT-2025-48468

Name of the Vulnerable Software and Affected Versions Socomec Easy Config System version 2.6.1.0 Description An authentication bypass exists in the User profile management functionality. A crafted database record can allow unauthorized access. An attacker can modify a local database to trigger th...

7.3CVSS6.3AI score0.00027EPSS
Exploits0References5
EUVD
EUVDadded 2025/10/07 12:30 a.m.3 views

EUVD-2019-0664

Malware in sbrugna...

5.3CVSS5.3AI score0.00297EPSS
Exploits0References7
Prion
Prionadded 2022/04/19 5:15 p.m.14 views

Default credentials

DISPUTED ecjia-daojia 1.38.1-20210202629 is vulnerable to information leakage via content/apps/installer/classes/Helper.php. When the web program is installed, a new environment file is created, and the database information is recorded, including the database record password. NOTE: the vendor...

5CVSS7.4AI score0.00515EPSS
Exploits1References3Affected Software1
NVD
NVDadded 2019/09/08 8:15 p.m.11 views

CVE-2019-16109

An issue was discovered in Plataformatec Devise before 4.7.1. It confirms accounts upon receiving a request with a blank confirmationtoken, if a database record has a blank value in the confirmationtoken column. However, there is no scenario within Devise itself in which such database records wou...

5.3CVSS5.2AI score0.00297EPSS
Exploits0References3
Prion
Prionadded 2019/09/08 8:15 p.m.12 views

Cross site request forgery (csrf)

An issue was discovered in Plataformatec Devise before 4.7.1. It confirms accounts upon receiving a request with a blank confirmationtoken, if a database record has a blank value in the confirmationtoken column. However, there is no scenario within Devise itself in which such database records wou...

5CVSS5.2AI score0.00297EPSS
Exploits0References3Affected Software1
Rows per page
Query Builder