Lucene search
K

5 matches found

OSV
OSV
added 5 days ago3 views

CVE-2026-59155 Nezha Monitoring: DDNS and Notification credential exposure via unredacted list API

Nezha Monitoring is a self-hostable, lightweight, servers and websites monitoring and O&M tool. Prior to 2.2.5, the GET /api/v1/ddns and GET /api/v1/notification endpoints return full resource objects including plaintext third-party API credentials, including Cloudflare API tokens, TencentCloud...

6.9CVSS6.1AI score0.00304EPSS
Exploits0References5
CVE
CVE
added 2026/04/29 7:24 p.m.12 views

CVE-2018-25316

CVE-2018-25316 affects Tenda W308R v2 (firmware V5.07.48). The issue is a cookie session weakness where insufficient session validation allows unauthenticated attackers to modify DNS settings via the goform/AdvSetDns endpoint by sending a crafted admin language cookie, enabling DNS changes that r...

9.8CVSS5.3AI score0.00651EPSS
Exploits1References2Affected Software1
Vulnrichment
Vulnrichment
added 2026/03/31 8:58 a.m.2 views

CVE-2025-41357 Reflected Cross-Site Scripting on Anon Proxy Server

Reflected Cross-Site Scripting XSS vulnerability in Anon Proxy Server v0.104. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending him/her a malicious URL. This vulnerability can be exploited to steal sensitive user data, such as session cookies, or ...

5.1CVSS6AI score0.00194EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/10/28 12:0 a.m.11 views

PT-2025-44168

Name of the Vulnerable Software and Affected Versions IPFire versions prior to 2.29 Core Update 198 Description The software contains a stored cross-site scripting XSS issue that allows an authenticated attacker to inject arbitrary JavaScript code. This is achieved by manipulating the SERVICE,...

5.4CVSS5.8AI score0.05013EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2025/10/28 12:0 a.m.7 views

PT-2025-44177

Name of the Vulnerable Software and Affected Versions IPFire versions prior to 2.29 Core Update 198 Description IPFire versions prior to 2.29 Core Update 198 are susceptible to a stored cross-site scripting XSS issue. An authenticated attacker can inject arbitrary JavaScript code through the TLS...

5.1CVSS5.9AI score0.00479EPSS
Exploits0References6
Rows per page
Query Builder