Lucene search
K

137 matches found

RedhatCVE
RedhatCVE
added 2025/05/22 7:27 p.m.6 views

CVE-2021-25917

In OpenEMR, versions 5.0.2 to 6.0.0 are vulnerable to Stored Cross-Site-Scripting XSS due to user input not being validated properly and rendered in the U2F USB Device authentication method page. A highly privileged attacker could inject arbitrary code into input fields when creating a new user...

4.8CVSS6.7AI score0.00621EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/03/27 12:21 a.m.19 views

CVE-2025-30118

An issue was discovered on the Audi Universal Traffic Recorder 2.88. It has Susceptibility to denial of service. It uses the same default credentials for all devices and does not implement proper multi-device authentication, allowing attackers to deny the owner access by occupying the only...

7.5CVSS7.3AI score0.00384EPSS
Exploits0References1
CVE
CVE
added 2025/03/25 12:0 a.m.60 views

CVE-2025-30118

CVE-2025-30118 affects the Audi Universal Traffic Recorder (version/variant 2.88). The issue arises from use of the same default credentials across all devices and lack of proper multi-device authentication, enabling a denial of service by an attacker who can occupy the only available connection....

7.5CVSS7.2AI score0.00384EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/03/25 12:0 a.m.4 views

CVE-2025-30118

An issue was discovered on the Audi Universal Traffic Recorder 2.88. It has Susceptibility to denial of service. It uses the same default credentials for all devices and does not implement proper multi-device authentication, allowing attackers to deny the owner access by occupying the only...

7.2AI score0.00384EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/03/25 12:0 a.m.19 views

CVE-2025-30118

An issue was discovered on the Audi Universal Traffic Recorder 2.88. It has Susceptibility to denial of service. It uses the same default credentials for all devices and does not implement proper multi-device authentication, allowing attackers to deny the owner access by occupying the only...

0.00384EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/03/25 12:0 a.m.4 views

Audi Universal Traffic Recorder App 信任管理问题漏洞

The Audi Universal Traffic Recorder App is a special app for traffic recorders from Audi, which is used to connect to a traffic recorder, view previews, lock videos, and other operations. A security vulnerability exists in the Audi Universal Traffic Recorder App version 2.88, which could result i...

7.5CVSS6.5AI score0.00384EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2025/03/14 12:50 p.m.8 views

CVE-2025-27594 Unencrypted transmission of password hash

The device uses an unencrypted, proprietary protocol for communication. Through this protocol, configuration data is transmitted and device authentication is performed. An attacker can thereby intercept the authentication hash and use it to log into the device using a pass-the-hash attack...

7.5CVSS7.6AI score0.00434EPSS
Exploits0References7
Cvelist
Cvelist
added 2025/03/14 12:50 p.m.14 views

CVE-2025-27594 Unencrypted transmission of password hash

The device uses an unencrypted, proprietary protocol for communication. Through this protocol, configuration data is transmitted and device authentication is performed. An attacker can thereby intercept the authentication hash and use it to log into the device using a pass-the-hash attack...

7.5CVSS0.00434EPSS
Exploits0References7
CVE
CVE
added 2025/03/12 4:43 a.m.67 views

CVE-2025-24912

Summary: CVE-2025-24912 affects hostapd (RADIUS handling) and has been addressed in multiple vendor advisories. The issue causes hostapd to mishandle crafted RADIUS packets during authentication, enabling an attacker positioned between hostapd and the RADIUS server to inject crafted RADIUS packet...

3.7CVSS4.3AI score0.00716EPSS
Exploits0References4Affected Software1
NVD
NVD
added 2024/12/31 2:15 a.m.14 views

CVE-2024-12839

The login mechanism via device authentication of CGFIDO from Changing Information Technology has an Authentication Bypass vulnerability. If a user visits a forged website, the agent program deployed on their device will send an authentication signature to the website. An unauthenticated remote...

8.8CVSS0.00687EPSS
Exploits0References2
Prion
Prion
added 2024/12/31 2:15 a.m.11 views

CVE-2024-12839

The login mechanism via device authentication of CGFIDO from Changing Information Technology has an Authentication Bypass vulnerability. If a user visits a forged website, the agent program deployed on their device will send an authentication signature to the website. An unauthenticated remote...

8.8CVSS0.00687EPSS
Exploits0References2
CVE
CVE
added 2024/12/31 1:32 a.m.56 views

CVE-2024-12839

CVE-2024-12839 affects CGFIDO by Changing Information Technology. The login uses a device authentication signature; an unauthenticated remote attacker who obtains this signature can log in with any device after visiting a forged site, constituting an authentication bypass. Connected sources menti...

8.8CVSS8.9AI score0.00687EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2024/12/31 12:0 a.m.10 views

PT-2024-17758 · Changing Information Technology · Cgfido

Name of the Vulnerable Software and Affected Versions: CGFIDO affected versions not specified Description: The login mechanism via device authentication of CGFIDO from Changing Information Technology has an authentication bypass issue. If a user visits a forged website, the agent program deployed...

8.8CVSS7.4AI score0.00687EPSS
Exploits0References9
Packet Storm
Packet Storm
added 2024/08/31 12:0 a.m.249 views

Brocade Enable Login Check Scanner

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'metasploit/framework/credentialcollection' require 'metasploit/framework/loginscanner/telnet' class MetasploitModule 'Brocade Enable Login Check Scanner',...

7.2AI score0.53618EPSS
Exploits41
CNVD
CNVD
added 2024/01/23 12:0 a.m.4 views

Huawei HarmonyOS and EMUI device authentication module out-of-bounds access vulnerability

Huawei HarmonyOS is an operating system from Huawei, a Chinese company. It provides a full-scenario distributed operating system based on a microkernel.Huawei EMUI is a user interface developed by Huawei based on the Android operating system. An out-of-bounds access vulnerability exists in the...

7.5CVSS5.9AI score0.0035EPSS
Exploits0References1
NVD
NVD
added 2024/01/16 8:15 a.m.26 views

CVE-2023-44112

Out-of-bounds access vulnerability in the device authentication module. Successful exploitation of this vulnerability may affect confidentiality...

7.5CVSS7.7AI score0.0035EPSS
Exploits0References2
OSV
OSV
added 2024/01/16 8:15 a.m.6 views

CVE-2023-44112

Out-of-bounds access vulnerability in the device authentication module. Successful exploitation of this vulnerability may affect confidentiality...

7.5CVSS5.8AI score0.0035EPSS
Exploits0References2
Prion
Prion
added 2024/01/16 8:15 a.m.15 views

Improper access control

Out-of-bounds access vulnerability in the device authentication module. Successful exploitation of this vulnerability may affect confidentiality...

5CVSS7.4AI score0.0035EPSS
Exploits0References2Affected Software2
Vulnrichment
Vulnrichment
added 2024/01/16 8:0 a.m.10 views

CVE-2023-44112

Out-of-bounds access vulnerability in the device authentication module. Successful exploitation of this vulnerability may affect confidentiality...

7.3AI score0.0035EPSS
Exploits0References2
Cvelist
Cvelist
added 2024/01/16 8:0 a.m.25 views

CVE-2023-44112

Out-of-bounds access vulnerability in the device authentication module. Successful exploitation of this vulnerability may affect confidentiality...

7.8AI score0.0035EPSS
Exploits0References2
Rows per page
Query Builder