Lucene search
K

510 matches found

CNNVD
CNNVD
added 2025/11/06 12:0 a.m.5 views

Advantech WebAccess/VPN 安全漏洞

Advantech WebAccess/VPN is a virtual private network feature integrated in Advantech WebAccess/SCADA software, designed to provide a secure and reliable network connectivity solution for industrial automation and remote monitoring systems. Advantech WebAccess/VPN suffers from a cross-site scripti...

6.3CVSS6.1AI score0.00197EPSS
Exploits0References3
NVD
NVD
added 2025/11/04 5:16 p.m.7 views

CVE-2025-61956

Radiometrics VizAir is vulnerable to a lack of authentication mechanisms for critical functions, such as admin access and API requests. Attackers can modify configurations without authentication, potentially manipulating active runway settings and misleading air traffic control ATC and pilots...

10CVSS0.0071EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/10/27 12:0 a.m.6 views

WordPress plugin MDTF 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security...

5.3CVSS6.5AI score0.002EPSS
Exploits0References1
CNVD
CNVD
added 2025/10/13 12:0 a.m.6 views

AndSoft e-TMS Cross-Site Scripting Vulnerability (CNVD-2025-23558)

AndSoft e-TMS is a logistics management software from AndSoft Spain. AndSoft e-TMS suffers from a cross-site scripting vulnerability that stems from the lack of effective filtering and escaping of user-supplied data in the parameters l, demo, demo2, TNTLOGIN, UO, and SuppConn in the file...

6.1CVSS6.5AI score0.00181EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/06 6:49 a.m.7 views

EUVD-2025-32499

An API endpoint allows arbitrary log entries to be created via POST request. Without sufficient validation of the input data, an attacker can create manipulated log entries and thus falsify or dilute logs, for example...

6.5CVSS6.5AI score0.00341EPSS
Exploits0References7
CNNVD
CNNVD
added 2025/10/03 12:0 a.m.6 views

HCL MyXalytics 安全漏洞

HCL MyXalytics is an analytics software product from HCL India. It is used to perform data analysis and other related tasks. A security vulnerability exists in HCL MyXalytics version 6.6, which stems from a lack of proper validation and access control when automatically binding user inputs to...

7.6CVSS6.5AI score0.00235EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/09/25 6:44 a.m.7 views

CVE-2025-58317

Delta Electronics CNCSoft-G2 lacks proper validation of the user-supplied file. If a user opens a malicious file, an attacker can leverage this vulnerability to execute code in the context of the current process...

7.8CVSS7.2AI score0.00284EPSS
Exploits0References1
NVD
NVD
added 2025/09/04 12:15 p.m.19 views

CVE-2025-41058

A vulnerability has been discovered in appRain CMF version 4.0.5, consisting of a stored authenticated XSS due to a lack of proper validation of user input, through the 'dataAddonlayouts' and 'dataAddonlayoutsexcept' parameters in /apprain/developer/addons/update/rowmanager...

5.4CVSS0.00162EPSS
Exploits0References1
CVE
CVE
added 2025/09/04 11:13 a.m.16 views

CVE-2025-41052

CVE-2025-41052 affects appRain CMF 4.0.5. A stored authenticated XSS exists due to insufficient validation of user input in the /apprain/developer/addons/update/canvasjs endpoint, triggered via data[Addon][layouts] and data[Addon][layouts_except]. Consequences described include cookie-based crede...

5.4CVSS5.7AI score0.00162EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2025/09/03 12:0 a.m.5 views

PT-2025-35809

Name of the Vulnerable Software and Affected Versions: Cisco Webex Meetings affected versions not specified Description: A vulnerability in Cisco Webex Meetings could allow an unauthenticated, remote attacker to redirect a targeted user to an untrusted website. The issue stemmed from insufficient...

4.3CVSS6AI score0.00219EPSS
Exploits0References7
Cvelist
Cvelist
added 2025/08/20 4:26 p.m.15 views

CVE-2025-20345 Cisco Duo Authentication Proxy Information Disclosure Vulnerability

A vulnerability in the debug logging function of Cisco Duo Authentication Proxy could allow an authenticated, high-privileged, remote attacker to view sensitive information in a system log file. This vulnerability is due to insufficient masking of sensitive information before it is written to...

4.9CVSS0.00448EPSS
Exploits0References4
SUSE CVE
SUSE CVE
added 2025/08/12 11:23 p.m.3 views

SUSE CVE-2025-49090

The Matrix specification before 1.16 i.e., with a room version before 12 and State Resolution before 2.1 has deficient state resolution...

7.1CVSS7AI score0.00421EPSS
Exploits0References3
OSV
OSV
added 2025/08/12 5:15 p.m.4 views

CVE-2025-24305

Insufficient control flow management in the Alias Checking Trusted Module ACTM firmware for some IntelR XeonR processors may allow a privileged user to potentially enable escalation of privilege via local access...

7.4AI score
Exploits0References1
BDU FSTEC
BDU FSTEC
added 2025/08/08 12:0 a.m.8 views

The vulnerability in the management of FortiOS operating systems and FortiProxy proxy servers, related to authentication procedures that lack sufficient protection, allows attackers to bypass existing security restrictions and gain access to the system.

The vulnerability in the management of FortiOS operating systems and FortiProxy proxy servers for protecting against Internet attacks is related to authentication procedures’ deficiencies. Exploiting this vulnerability allows a malicious actor to bypass existing security restrictions and gain...

9CVSS5.5AI score0.00251EPSS
Exploits0References3Affected Software2
BDU FSTEC
BDU FSTEC
added 2025/07/24 12:0 a.m.9 views

The vulnerability of the Java VM component of the Oracle Database Server system allows a perpetrator to gain unauthorized access to protected information.

The vulnerability of the Java VM component of the Oracle Database Server management system is related to deficiencies in access control. Exploiting this vulnerability could allow a malicious actor, operating remotely, to gain unauthorized access to protected information...

7.7CVSS7.2AI score0.00314EPSS
Exploits0References2Affected Software1
BDU FSTEC
BDU FSTEC
added 2025/07/23 12:0 a.m.8 views

The vulnerability of the sub_41F0FC function in the /H5/webgl.data file of the D-Link DI-7003GV2 router’s microprogramming software, which allows a hacker to disclose confidential information

The vulnerability of the sub41F0FC function in the /H5/webgl.data file of the D-Link DI-7003GV2 router’s microprogramming system is related to deficiencies in access control. Exploiting this vulnerability can allow an attacker to disclose confidential information remotely...

5.3CVSS5.8AI score0.01033EPSS
Exploits1References6
BDU FSTEC
BDU FSTEC
added 2025/07/21 12:0 a.m.8 views

Vulnerability of the Server component: The MySQL Server database management system’s Optimizer component allows a hacker to gain unauthorized access for creating, deleting, and modifying data.

The vulnerability of the MySQL Server component, which is part of the database management system, is related to deficiencies in access control. Exploiting this vulnerability could allow an attacker to gain unauthorized access to create, delete, and modify data...

6.8CVSS7.1AI score0.00424EPSS
Exploits0References2Affected Software2
BDU FSTEC
BDU FSTEC
added 2025/07/21 12:0 a.m.9 views

The vulnerability of Juniper Networks Junos OS web server allows a hacker to gain access to device command interfaces.

The vulnerability of Juniper Networks Junos OS web servers is related to deficiencies in the authentication mechanism. Exploiting this vulnerability can allow a malicious actor to gain access to device command interfaces remotely...

6.5CVSS5.4AI score0.00208EPSS
Exploits0References3Affected Software1
BDU FSTEC
BDU FSTEC
added 2025/07/21 12:0 a.m.13 views

The vulnerability of the Internal Operations component of the Oracle Lease and Finance Management system, a business automation solution, allows a perpetrator to gain access to read, modify, and delete information.

The vulnerability of the Internal Operations component of the Oracle Lease and Finance Management system, a part of the Oracle E-Business Suite, relates to deficiencies in the authorization process. Exploiting this vulnerability could allow an attacker to gain access to read, modify, and delete...

8.5CVSS7.2AI score0.00322EPSS
Exploits0References3Affected Software2
BDU FSTEC
BDU FSTEC
added 2025/07/17 12:0 a.m.9 views

The vulnerability of the Unified Audit component of the Oracle Database Server system allows a perpetrator to gain access to read, modify, and delete information.

The vulnerability of the Unified Audit component of the Oracle Database Server management system is related to deficiencies in the authentication process. Exploiting this vulnerability could allow an attacker to gain access to read, modify, and delete data...

4CVSS7.2AI score0.00232EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder