Lucene search
K

77 matches found

NVD
NVD
added 5 days ago10 views

CVE-2026-58459

gpsd through release-3.27.5, fixed at commit 4c06658, contains a command injection vulnerability in gpsprof that allows attackers who control the GPS device subtype value to execute arbitrary shell commands by embedding backtick payloads in the gnuplot plot title without proper escaping. The...

9.6CVSS0.00726EPSS
Exploits1References5
Cvelist
Cvelist
added 5 days ago35 views

CVE-2026-58459 gpsd gpsprof Command Injection via gnuplot plot title subtype field

gpsd through release-3.27.5, fixed at commit 4c06658, contains a command injection vulnerability in gpsprof that allows attackers who control the GPS device subtype value to execute arbitrary shell commands by embedding backtick payloads in the gnuplot plot title without proper escaping. The...

8.4CVSS0.00726EPSS
Exploits1References5
EUVD
EUVD
added 2026/07/03 12:31 a.m.10 views

EUVD-2026-41465

The Azure Blob Storage container used for Gardyn device logs is publicly listable without authentication. A malicious user would be able to access any device log file available in the blob storage container...

6.9CVSS5.8AI score0.00359EPSS
Exploits0References4
NVD
NVD
added 2026/07/03 12:16 a.m.8 views

CVE-2026-55726

The Azure Blob Storage container used for Gardyn device logs is publicly listable without authentication. A malicious user would be able to access any device log file available in the blob storage container...

6.9CVSS0.00359EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/07/02 11:49 p.m.63 views

CVE-2026-55726 Gardyn IoT Hub Exposure of Sensitive System Information to an Unauthorized Control Sphere

The Azure Blob Storage container used for Gardyn device logs is publicly listable without authentication. A malicious user would be able to access any device log file available in the blob storage container...

6.9CVSS0.00359EPSS
Exploits0References3
CVE
CVE
added 2026/07/02 11:49 p.m.17 views

CVE-2026-55726

CVE-2026-55726 concerns Gardyn IoT Hub: the Azure Blob Storage container used for device logs is publicly listable without authentication, enabling access to any device log file in that container. The root cause is a misconfiguration of storage permissions, exposing logs to unauthenticated users....

6.9CVSS5.8AI score0.00359EPSS
Exploits0References3
GithubExploit
GithubExploit
added 2026/04/07 4:37 a.m.119 views

Exploit for CVE-2025-10681

CERT/CC VU653116 | CISA Advisory ICSA-26-055-03https:/...

8.8CVSS6.1AI score0.00275EPSS
Exploits1
RedhatCVE
RedhatCVE
added 2026/01/09 10:52 a.m.9 views

CVE-2022-33697

Sensitive information exposure vulnerability in ImsServiceSwitchBase in ImsCore prior to SMR Jul-2022 Release 1 allows local attackers with log access permission to get IMSI through device log...

3.3CVSS6.3AI score0.00099EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/12/10 6:14 p.m.11 views

CVE-2025-57823

A direct request 'forced browsing' vulnerability in Fortinet FortiAuthenticator 6.6.0 through 6.6.6, FortiAuthenticator 6.5 all versions, FortiAuthenticator 6.4 all versions, FortiAuthenticator 6.3 all versions may allow an authenticated attacker with at least sponsor permissions to read and...

2.7CVSS6.7AI score0.00202EPSS
Exploits0References1
OSV
OSV
added 2025/12/09 6:15 p.m.5 views

CVE-2025-57823

A direct request 'forced browsing' vulnerability in Fortinet FortiAuthenticator 6.6.0 through 6.6.6, FortiAuthenticator 6.5 all versions, FortiAuthenticator 6.4 all versions, FortiAuthenticator 6.3 all versions may allow an authenticated attacker with at least sponsor permissions to read and...

2.7CVSS5.8AI score0.00202EPSS
Exploits0References1
NVD
NVD
added 2025/12/09 6:15 p.m.6 views

CVE-2025-57823

A direct request 'forced browsing' vulnerability in Fortinet FortiAuthenticator 6.6.0 through 6.6.6, FortiAuthenticator 6.5 all versions, FortiAuthenticator 6.4 all versions, FortiAuthenticator 6.3 all versions may allow an authenticated attacker with at least sponsor permissions to read and...

2.7CVSS0.00202EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/12/09 5:18 p.m.3 views

CVE-2025-57823

A direct request 'forced browsing' vulnerability in Fortinet FortiAuthenticator 6.6.0 through 6.6.6, FortiAuthenticator 6.5 all versions, FortiAuthenticator 6.4 all versions, FortiAuthenticator 6.3 all versions may allow an authenticated attacker with at least sponsor permissions to read and...

2.7CVSS6.2AI score0.00202EPSS
Exploits0References1
CVE
CVE
added 2025/12/09 5:18 p.m.18 views

CVE-2025-57823

CVE-2025-57823 affects Fortinet FortiAuthenticator 6.3–6.6.x (including 6.3, 6.4, 6.5, 6.6.0–6.6.6). It is a direct request (forced browsing) vulnerability that an authenticated user with sponsor permissions can use to read and download device logs by accessing specific endpoints. Impact is limit...

2.7CVSS6.2AI score0.00202EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2025/12/09 5:18 p.m.25 views

CVE-2025-57823

A direct request 'forced browsing' vulnerability in Fortinet FortiAuthenticator 6.6.0 through 6.6.6, FortiAuthenticator 6.5 all versions, FortiAuthenticator 6.4 all versions, FortiAuthenticator 6.3 all versions may allow an authenticated attacker with at least sponsor permissions to read and...

2.7CVSS0.00202EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/12/09 12:0 a.m.5 views

Fortinet FortiAuthenticator 安全漏洞

Fortinet FortiAuthenticator is a centralized user identity management solution from Fortinet, Inc. A security vulnerability exists in Fortinet FortiAuthenticator versions 6.6.0 through 6.6.6, all versions 6.5, all versions 6.4, and all versions 6.3, which stems from a direct request vulnerability...

2.7CVSS6.7AI score0.00202EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/12/09 12:0 a.m.7 views

PT-2025-50117

Name of the Vulnerable Software and Affected Versions Fortinet FortiAuthenticator versions 6.3 through 6.6.6 Fortinet FortiAuthenticator version 6.5 Fortinet FortiAuthenticator version 6.4 Fortinet FortiAuthenticator version 6.6.0 through 6.6.6 Description An authenticated attacker with sponsor...

2.7CVSS6.3AI score0.00202EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/07 12:30 a.m.3 views

EUVD-2010-0145

Malware in sbrugna...

4.3CVSS6.4AI score0.01184EPSS
Exploits0References6
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2023-48209

Malicious code in bioql PyPI...

5.3CVSS6.6AI score0.00581EPSS
Exploits1References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.8 views

EUVD-2024-1198

Malicious code in bioql PyPI...

7.5CVSS6.4AI score0.00576EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2024-49881

Malicious code in bioql PyPI...

4.3CVSS6.6AI score0.00343EPSS
Exploits0References1
Rows per page
Query Builder