Lucene search
K

8 matches found

RedhatCVE
RedhatCVE
added 2025/10/17 7:46 p.m.3 views

CVE-2025-34255

D-Link Nuclias Connect firmware versions = 1.3.1.4 contain an observable response discrepancy vulnerability. The application's 'Forgot Password' endpoint returns distinct JSON responses depending on whether the supplied email address is associated with an existing account. Because the responses...

6.9CVSS7.2AI score0.00954EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/16 9:31 p.m.4 views

EUVD-2025-34832

D-Link Nuclias Connect firmware versions = 1.3.1.4 contain an observable response discrepancy vulnerability. The application's 'Forgot Password' endpoint returns distinct JSON responses depending on whether the supplied email address is associated with an existing account. Because the responses...

6.9CVSS6.6AI score0.00954EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/16 9:31 p.m.6 views

EUVD-2025-34830

D-Link Nuclias Connect firmware versions = 1.3.1.4 contain a stored cross-site scripting XSS vulnerability due to improper sanitization of the 'Network' field when editing the configuration, creating a profile, and adding a network. An authenticated attacker can inject arbitrary JavaScript to be...

5.1CVSS5.2AI score0.00501EPSS
Exploits0References4
NVD
NVD
added 2025/10/16 7:15 p.m.4 views

CVE-2025-34255

D-Link Nuclias Connect firmware versions = 1.3.1.4 contain an observable response discrepancy vulnerability. The application's 'Forgot Password' endpoint returns distinct JSON responses depending on whether the supplied email address is associated with an existing account. Because the responses...

6.9CVSS0.00954EPSS
Exploits0References3
Cvelist
Cvelist
added 2025/10/16 6:53 p.m.7 views

CVE-2025-34253 D-Link Nuclias Connect <= v1.3.1.4 Stored Cross-Site Scripting (XSS)

D-Link Nuclias Connect firmware versions = 1.3.1.4 contain a stored cross-site scripting XSS vulnerability due to improper sanitization of the 'Network' field when editing the configuration, creating a profile, and adding a network. An authenticated attacker can inject arbitrary JavaScript to be...

5.1CVSS0.00501EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2025/10/16 6:52 p.m.6 views

CVE-2025-34255

D-Link Nuclias Connect firmware versions = 1.3.1.4 contain an observable response discrepancy vulnerability. The application's 'Forgot Password' endpoint returns distinct JSON responses depending on whether the supplied email address is associated with an existing account. Because the responses...

6.9CVSS5.8AI score0.00954EPSS
Exploits0References4
CVE
CVE
added 2025/10/16 6:52 p.m.15 views

CVE-2025-34254

D-Link Nuclias Connect: firmware

6.9CVSS6.8AI score0.00954EPSS
Exploits0References3Affected Software1
RedhatCVE
RedhatCVE
added 2025/10/10 9:27 p.m.5 views

CVE-2025-34248

D-Link Nuclias Connect firmware versions 1.3.1.4 contain a directory traversal vulnerability within /api/web/dnc/global/database/deleteBackup due to improper sanitization of the deleteBackupList parameter. This can allow an authenticated attacker to delete arbitrary files impacting the integrity...

7.2CVSS7AI score0.00606EPSS
Exploits0References1
Rows per page
Query Builder