Lucene search
K

82 matches found

Positive Technologies
Positive Technologies
added 2025/09/18 12:0 a.m.8 views

PT-2025-38311

Name of the Vulnerable Software and Affected Versions Ericsson Catalog Manager and Ericsson Order Care APIs affected versions not specified Description Ericsson Catalog Manager and Ericsson Order Care APIs do not have authentication enabled by default, leading to an information disclosure issue...

5.3CVSS6.3AI score0.00258EPSS
Exploits0References6
CNNVD
CNNVD
added 2025/09/18 12:0 a.m.4 views

Ericsson Catalog Manager和Ericsson Order Care 安全漏洞

Ericsson Catalog Manager and Ericsson Order Care are both products of Ericsson, a Swedish company.Ericsson Catalog Manager is a service management platform.Ericsson Order Care is an order management system. A security vulnerability exists in Ericsson Catalog Manager and Ericsson Order Care that...

5.3CVSS6.6AI score0.00258EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/08/22 1:22 p.m.9 views

CVE-2025-24322

An unsafe default authentication vulnerability exists in the Initial Setup Authentication functionality of Tenda AC6 V5.0 V02.03.01.110. A specially crafted network request can lead to arbitrary code execution. An attacker can browse to the device to trigger this vulnerability...

9.8CVSS7.3AI score0.0054EPSS
Exploits0References1
OSV
OSV
added 2025/08/20 2:15 p.m.4 views

CVE-2025-24322

An unsafe default authentication vulnerability exists in the Initial Setup Authentication functionality of Tenda AC6 V5.0 V02.03.01.110. A specially crafted network request can lead to arbitrary code execution. An attacker can browse to the device to trigger this vulnerability...

9.8CVSS6.1AI score0.0054EPSS
Exploits0References2
NVD
NVD
added 2025/08/20 2:15 p.m.20 views

CVE-2025-24322

An unsafe default authentication vulnerability exists in the Initial Setup Authentication functionality of Tenda AC6 V5.0 V02.03.01.110. A specially crafted network request can lead to arbitrary code execution. An attacker can browse to the device to trigger this vulnerability...

9.8CVSS0.0054EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/08/20 1:9 p.m.9 views

CVE-2025-24322

An unsafe default authentication vulnerability exists in the Initial Setup Authentication functionality of Tenda AC6 V5.0 V02.03.01.110. A specially crafted network request can lead to arbitrary code execution. An attacker can browse to the device to trigger this vulnerability...

8.1CVSS0.0054EPSS
Exploits0References1
CVE
CVE
added 2025/08/20 1:9 p.m.31 views

CVE-2025-24322

CVE-2025-24322 affects Tenda AC6 V5.0 V02.03.01.110 where the Initial Setup Authentication has an unsafe default configuration. A specially crafted network request can lead to arbitrary code execution, and an attacker can trigger this by browsing to the device. Connected sources (Talos blog, Red ...

9.8CVSS8AI score0.0054EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2025/08/20 1:9 p.m.3 views

CVE-2025-24322

An unsafe default authentication vulnerability exists in the Initial Setup Authentication functionality of Tenda AC6 V5.0 V02.03.01.110. A specially crafted network request can lead to arbitrary code execution. An attacker can browse to the device to trigger this vulnerability...

8.1CVSS8AI score0.0054EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/08/20 12:0 a.m.7 views

PT-2025-34044 · Tenda · Tenda Ac6

Name of the Vulnerable Software and Affected Versions: Tenda AC6 version V02.03.01.110 Description: An unsafe default authentication issue exists in the Initial Setup Authentication functionality. A specially crafted network request can lead to arbitrary code execution. An attacker can access the...

9.8CVSS7.1AI score0.0054EPSS
Exploits0References4
Talos
Talos
added 2025/08/20 12:0 a.m.11 views

Tenda AC6 V5.0 missing initial setup authentication vulnerability

Talos Vulnerability Report TALOS-2025-2163 Tenda AC6 V5.0 missing initial setup authentication vulnerability August 20, 2025 CVE Number CVE-2025-24322 SUMMARY An unsafe default authentication vulnerability exists in the Initial Setup Authentication functionality of Tenda AC6 V5.0 V02.03.01.110. A...

9.8CVSS7.4AI score0.0054EPSS
Exploits0
OSV
OSV
added 2025/08/14 9:54 a.m.4 views

CVE-2025-8943 Unsupervised OS command execution leads to remote code execution by unauthenticated network attackers

The Custom MCPs feature is designed to execute OS commands, for instance, using tools like npx to spin up local MCP Servers. However, Flowise's inherent authentication and authorization model is minimal and lacks role-based access controls RBAC. Furthermore, in Flowise versions before 3.0.1 the...

9.8CVSS7.4AI score0.70866EPSS
Exploits3References4
CVE
CVE
added 2025/08/14 9:54 a.m.62 views

CVE-2025-8943

Flowise CVE-2025-8943 affects Flowise versions before 3.0.1. The vulnerability resides in the Custom MCPs feature, specifically the /api/v1/node-load-method/customMCP endpoint, where insufficient authentication/authorization allows unauthenticated network attackers to execute OS commands unsandbo...

9.8CVSS7.6AI score0.70866EPSS
In wildExploits3References1Affected Software1
RedhatCVE
RedhatCVE
added 2025/08/10 4:29 p.m.9 views

CVE-2025-8284

By default, the Packet Power Monitoring and Control Web Interface do not enforce authentication mechanisms. This vulnerability could allow unauthorized users to access and manipulate monitoring and control functions...

9.8CVSS7.3AI score0.00508EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/07/01 12:0 a.m.7 views

Pilz IndustrialPI 访问控制错误漏洞

Pilz IndustrialPI is a gateway for the Industrial Internet of Things from Pilz Individual Developers in Germany. An access control error vulnerability exists in Pilz IndustrialPI that stems from the default unconfigured NodeRED server authentication leading to command execution...

10CVSS7.2AI score0.09952EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/05/23 10:9 a.m.7 views

CVE-2024-31813

TOTOLINK EX200 V4.0.3c.7646B20201211 does not contain an authentication mechanism by default...

8.4CVSS7.2AI score0.00203EPSS
Exploits0References1
BDU FSTEC
BDU FSTEC
added 2025/04/23 12:0 a.m.7 views

The vulnerability of registrars (self-checking devices) GX10, GX20, GP10, GP20, DX1000, DX2000, DX1000N, FX1000, DX1000T, DX2000T, CX1000, CX2000, R10000, and R20000, data collection systems, and data collection devices MW100 manufactured by Yokogawa lies in the possibility of initializing the authentication function with a default unsafe value, allowing unauthorized access to the device by intruders.

The vulnerability of the GX10, GX20, GP10, GP20, DX1000, DX2000, DX1000N, FX1000, DX1000T, DX2000T, CX1000, CX2000, R10000, and R20000 registrators, as well as the GM data collection systems and MW100 data collection devices manufactured by Yokogawa, is related to the possibility of initializing...

10CVSS5.5AI score0.00648EPSS
Exploits0References3
CNNVD
CNNVD
added 2025/04/18 12:0 a.m.4 views

Yokogawa Electric 安全漏洞

Yokogawa Electric is a server owned by Yokogawa Electric Yokogawa, a Japanese company. A security vulnerability exists in Yokogawa Electric that stems from a disabled default authentication setting, which could lead to the unauthorized manipulation of critical data...

9.8CVSS6.7AI score0.00648EPSS
Exploits0References1
SUSE CVE
SUSE CVE
added 2025/02/14 3:52 a.m.4 views

SUSE CVE-2025-0896

Orthanc server prior to version 1.5.8 does not enable basic authentication by default when remote access is enabled. This could result in unauthorized access by an attacker...

9.8CVSS6.5AI score0.02376EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/02/04 10:59 p.m.6 views

CVE-2024-0840

The Grandstream UCM Series IP PBX before firmware version 1.0.20.52 is affected by a parameter injection vulnerability in the HTTP interface. A remote and authenticated attacker can execute arbitrary code by sending a crafted HTTP request. Authentication may be possible using a default user and...

8.8CVSS8AI score0.0088EPSS
Exploits0References1
SUSE CVE
SUSE CVE
added 2024/12/23 8:18 p.m.4 views

SUSE CVE-2024-12582

A flaw was found in the skupper console, a read-only interface that renders cluster network, traffic details, and metrics for a network application that a user sets up across a hybrid multi-cloud environment. When the default authentication method is used, a random password is generated for the...

7.1CVSS6.7AI score0.00484EPSS
Exploits0References3
Rows per page
Query Builder