Lucene search
K

5470 matches found

Vulnrichment
Vulnrichment
added 2025/03/14 3:2 p.m.9 views

CVE-2024-40590

An improper certificate validation vulnerability CWE-295 in FortiPortal version 7.4.0, version 7.2.4 and below, version 7.0.8 and below, version 6.0.15 and below when connecting to a FortiManager device, a FortiAnalyzer device, or an SMTP server may allow an unauthenticated attacker in a...

4.8CVSS5.2AI score0.00152EPSS
Exploits0References1
CVE
CVE
added 2025/03/14 3:2 p.m.44 views

CVE-2024-40590

CVE-2024-40590 describes an improper certificate validation (CWE-295) in FortiPortal. Affected are FortiPortal versions 7.4.0, 7.2.4 and below, 7.0.8 and below, and 6.0.15 and below when connecting to a FortiManager device, FortiAnalyzer device, or an SMTP server. This allows an unauthenticated a...

4.8CVSS5.2AI score0.00152EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2025/03/14 12:0 a.m.4 views

Fortinet FortiManager和Fortinet FortiAnalyzer 日志信息泄露漏洞

Fortinet FortiManager and Fortinet FortiAnalyzer are both products of Fortinet, Inc. Fortinet FortiManager is a centralized network security management platform. The platform supports centralized management of any number of Fortinet devices, and can be grouped into different management domains AD...

6.5CVSS6.1AI score0.00276EPSS
Exploits0References3
BDU FSTEC
BDU FSTEC
added 2025/03/13 12:0 a.m.7 views

The vulnerability of the Secure Encrypted Virtualization (SEV) technology of AMD’s microprogramming processor allows a hacker to gain unauthorized access to protected information.

The vulnerability of the Secure Encrypted Virtualization SEV technology of AMD microprocessors lies in the execution of operations outside the buffer in memory. Exploiting this vulnerability can allow an attacker to gain unauthorized access to protected information...

6CVSS5.9AI score0.00174EPSS
Exploits0References3
BDU FSTEC
BDU FSTEC
added 2025/03/13 12:0 a.m.5 views

The command-line interface vulnerability of the FortiSandbox system allows a intruder to gain unauthorized access to protected information.

The vulnerability of the command-line interface of the FortiSandbox threat detection and removal system is related to the use of a strictly encrypted cryptographic key. Exploiting this vulnerability could allow an attacker to gain unauthorized access to protected information...

4.6CVSS5.5AI score0.00148EPSS
Exploits0References2Affected Software1
Wired Threat Level
Wired Threat Level
added 2025/03/12 5:17 p.m.84 views

How to Use Signal Encrypted Messaging

The best end-to-end encrypted messaging app has a host of security features. Here are the ones you should care about...

1AI score
Exploits0
RedhatCVE
RedhatCVE
added 2025/03/12 10:47 a.m.6 views

CVE-2025-27255

Use of Hard-coded Credentials vulnerability in GE Vernova EnerVista UR Setup allows Privilege Escalation. The local user database is encrypted using an hardcoded password retrievable by an attacker analyzing the application code...

8CVSS6.9AI score0.00143EPSS
Exploits0References1
OSV
OSV
added 2025/03/12 10:15 a.m.1 views

DEBIAN-CVE-2025-21844

In the Linux kernel, the following vulnerability has been resolved: smb: client: Add check for nextbuffer in receiveencryptedstandard Add check for the return value of cifsbufget and cifssmallbufget in receiveencryptedstandard to prevent null pointer dereference...

5.5CVSS5.6AI score0.0021EPSS
Exploits0References1
OSV
OSV
added 2025/03/12 10:15 a.m.6 views

AZL-58518 CVE-2025-21844 affecting package kernel for versions less than 6.6.82.1-1

In the Linux kernel, the following vulnerability has been resolved: smb: client: Add check for nextbuffer in receiveencryptedstandard Add check for the return value of cifsbufget and cifssmallbufget in receiveencryptedstandard to prevent null pointer dereference...

5.5CVSS6.7AI score0.0021EPSS
Exploits0References1
OSV
OSV
added 2025/03/12 10:15 a.m.7 views

UBUNTU-CVE-2025-21844

In the Linux kernel, the following vulnerability has been resolved: smb: client: Add check for nextbuffer in receiveencryptedstandard Add check for the return value of cifsbufget and cifssmallbufget in receiveencryptedstandard to prevent null pointer dereference...

5.5CVSS6.2AI score0.0021EPSS
Exploits0References31
Debian CVE
Debian CVE
added 2025/03/12 9:42 a.m.7 views

CVE-2025-21844

In the Linux kernel, the following vulnerability has been resolved: smb: client: Add check for nextbuffer in receiveencryptedstandard Add check for the return value of cifsbufget and cifssmallbufget in receiveencryptedstandard to prevent null pointer dereference...

5.5CVSS5.6AI score0.0021EPSS
Exploits0
SUSE CVE
SUSE CVE
added 2025/03/12 5:5 a.m.3 views

SUSE CVE-2025-26696

Certain crafted MIME email messages that claimed to contain an encrypted OpenPGP message, which instead contained an OpenPGP signed message, were wrongly shown as being encrypted. This vulnerability was fixed in Thunderbird 136 and Thunderbird 128.8...

6.5CVSS6.5AI score0.00331EPSS
Exploits0References4
Veracode
Veracode
added 2025/03/11 9:49 a.m.19 views

Information Disclosure

Jenkins is vulnerable to information disclosure. The vulnerability is due to improper redaction of encrypted secret values in config.xml when accessed via REST API or CLI, allowing attackers with View/Read permission to retrieve sensitive information...

4.3CVSS6.1AI score0.00298EPSS
Exploits0References4Affected Software1
Positive Technologies
Positive Technologies
added 2025/03/11 12:0 a.m.3 views

PT-2025-10811 · Microsoft · Windows

Name of the Vulnerable Software and Affected Versions: Windows 10 Version 1809 Windows versions prior to the patch released on 2025-03-11 Description: A security-feature bypass vulnerability in Windows Mark of the Web MOTW allows an unauthorized attacker to bypass a security feature locally. This...

7.8CVSS8.2AI score0.0113EPSS
Exploits0References21
AlpineLinux
AlpineLinux
added 2025/03/10 7:15 p.m.4 views

CVE-2025-26696

Certain crafted MIME email messages that claimed to contain an encrypted OpenPGP message, which instead contained an OpenPGP signed message, were wrongly shown as being encrypted. This vulnerability affects Thunderbird 136 and Thunderbird 128.8...

7CVSS5.2AI score0.00331EPSS
Exploits0References3
OSV
OSV
added 2025/03/10 7:15 p.m.2 views

DEBIAN-CVE-2025-26696

Certain crafted MIME email messages that claimed to contain an encrypted OpenPGP message, which instead contained an OpenPGP signed message, were wrongly shown as being encrypted. This vulnerability was fixed in Thunderbird 136 and Thunderbird 128.8...

7CVSS6.2AI score0.00331EPSS
Exploits0References1
OSV
OSV
added 2025/03/10 7:15 p.m.12 views

CVE-2025-26696

Certain crafted MIME email messages that claimed to contain an encrypted OpenPGP message, which instead contained an OpenPGP signed message, were wrongly shown as being encrypted. This vulnerability affects Thunderbird 136 and Thunderbird 128.8...

7CVSS7.1AI score
Exploits0References3
Vulnrichment
Vulnrichment
added 2025/03/10 6:41 p.m.8 views

CVE-2025-26696 Crafted email message incorrectly shown as being encrypted

Certain crafted MIME email messages that claimed to contain an encrypted OpenPGP message, which instead contained an OpenPGP signed message, were wrongly shown as being encrypted. This vulnerability was fixed in Thunderbird 136 and Thunderbird 128.8...

6.5AI score0.00331EPSS
Exploits0References3
NVD
NVD
added 2025/03/10 9:15 a.m.5 views

CVE-2025-27255

Use of Hard-coded Credentials vulnerability in GE Vernova EnerVista UR Setup allows Privilege Escalation. The local user database is encrypted using an hardcoded password retrievable by an attacker analyzing the application code...

8CVSS0.00143EPSS
Exploits0References2
OSV
OSV
added 2025/03/07 8:56 p.m.9 views

BIT-JENKINS-2025-27622

Jenkins 2.499 and earlier, LTS 2.492.1 and earlier does not redact encrypted values of secrets when accessing config.xml of agents via REST API or CLI, allowing attackers with Agent/Extended Read permission to view encrypted values of secrets...

4.3CVSS6.5AI score0.00684EPSS
Exploits0References2
Rows per page
Query Builder