Lucene search
+L

43 matches found

redhatcve
redhatcve
added 2025/11/20 12:21 a.m.18 views

CVE-2025-63212

GatesAir Flexiva-LX devices on firmware 1.0.13 and 2.0, including models LX100, LX300, LX600, and LX1000, expose sensitive session identifiers sid in the publicly accessible log file located at /log/Flexiva%20LX.log. An unauthenticated attacker can retrieve valid session IDs and hijack sessions...

6.5CVSS6.9AI score0.0032EPSS
Exploits1References1
osv
osv
added 2025/11/19 8:15 p.m.11 views

CVE-2025-63212

GatesAir Flexiva-LX devices on firmware 1.0.13 and 2.0, including models LX100, LX300, LX600, and LX1000, expose sensitive session identifiers sid in the publicly accessible log file located at /log/Flexiva%20LX.log. An unauthenticated attacker can retrieve valid session IDs and hijack sessions...

6.5CVSS5.8AI score0.0032EPSS
Exploits1References2
nvd
nvd
added 2025/11/19 8:15 p.m.4 views

CVE-2025-63212

GatesAir Flexiva-LX devices on firmware 1.0.13 and 2.0, including models LX100, LX300, LX600, and LX1000, expose sensitive session identifiers sid in the publicly accessible log file located at /log/Flexiva%20LX.log. An unauthenticated attacker can retrieve valid session IDs and hijack sessions...

6.5CVSS0.0032EPSS
Exploits1References2
cvelist
cvelist
added 2025/11/19 12:0 a.m.12 views

CVE-2025-63212

GatesAir Flexiva-LX devices on firmware 1.0.13 and 2.0, including models LX100, LX300, LX600, and LX1000, expose sensitive session identifiers sid in the publicly accessible log file located at /log/Flexiva%20LX.log. An unauthenticated attacker can retrieve valid session IDs and hijack sessions...

0.0032EPSS
Exploits1References2
cnnvd
cnnvd
added 2025/11/19 12:0 a.m.5 views

GatesAir Flexiva-LX Series 安全漏洞

The GatesAir Flexiva-LX Series is a series of solid-state FM transmitters from GatesAir USA. A security vulnerability exists in the GatesAir Flexiva-LX Series versions 1.0.13 and 2.0 that originates from a publicly accessible log file exposing sensitive session identifiers, which could lead to...

6.5CVSS6.5AI score0.0032EPSS
Exploits1References3
vulnrichment
vulnrichment
added 2025/11/19 12:0 a.m.4 views

CVE-2025-63212

GatesAir Flexiva-LX devices on firmware 1.0.13 and 2.0, including models LX100, LX300, LX600, and LX1000, expose sensitive session identifiers sid in the publicly accessible log file located at /log/Flexiva%20LX.log. An unauthenticated attacker can retrieve valid session IDs and hijack sessions...

6.5AI score0.0032EPSS
Exploits1References2
cve
cve
added 2025/11/19 12:0 a.m.13 views

CVE-2025-63212

The vulnerability CVE-2025-63212 affects GatesAir Flexiva-LX devices running firmware 1.0.13 and 2.0 (LX100/LX300/LX600/LX1000). The issue is that sensitive session identifiers (sid) are written to a publicly accessible log at /log/Flexiva%20LX.log, enabling an unauthenticated attacker to hijack ...

6.5CVSS6.5AI score0.0032EPSS
Exploits1References2Affected Software1
ptsecurity
ptsecurity
added 2025/11/19 12:0 a.m.10 views

PT-2025-47524

Name of the Vulnerable Software and Affected Versions GatesAir Flexiva-LX versions 1.0.13 and 2.0 GatesAir Flexiva-LX models LX100, LX300, LX600, and LX1000 Description The GatesAir Flexiva-LX devices are affected by an issue where sensitive session identifiers sid are exposed in a publicly...

6.6AI score0.0032EPSS
Exploits1References4
euvd
euvd
added 2025/10/03 8:7 p.m.3 views

EUVD-2023-40064

Malicious code in bioql PyPI...

9.8CVSS9.2AI score0.00774EPSS
Exploits1References3
euvd
euvd
added 2025/10/03 8:7 p.m.4 views

EUVD-2023-40063

Malicious code in bioql PyPI...

5.4CVSS5.8AI score0.00504EPSS
Exploits1References3
euvd
euvd
added 2025/10/03 8:7 p.m.4 views

EUVD-2025-3054

Malicious code in bioql PyPI...

8CVSS6.6AI score0.0039EPSS
Exploits0References2
euvd
euvd
added 2025/10/03 8:7 p.m.4 views

EUVD-2025-3055

Malicious code in bioql PyPI...

8CVSS6.6AI score0.00382EPSS
Exploits0References2
euvd
euvd
added 2025/10/03 8:7 p.m.5 views

EUVD-2025-3056

Malicious code in bioql PyPI...

7.2CVSS6.6AI score0.00932EPSS
Exploits0References2
redhatcve
redhatcve
added 2025/05/23 4:0 a.m.4 views

CVE-2023-36082

An isssue in GatesAIr Flexiva FM Transmitter/Exiter Fax 150W allows a remote attacker to gain privileges via the LDAP and SMTP credentials...

9.8CVSS7.2AI score0.00774EPSS
Exploits1
redhatcve
redhatcve
added 2025/02/15 12:26 a.m.5 views

CVE-2025-22961

A critical information disclosure vulnerability exists in the web-based management interface of GatesAir Maxiva UAXT, VAXT transmitters due to Incorrect Access Control CWE-284. Unauthenticated attackers can directly access sensitive database backup files snapshotusers.db via publicly exposed URLs...

8CVSS6.4AI score0.00382EPSS
Exploits0References1
redhatcve
redhatcve
added 2025/02/15 12:26 a.m.8 views

CVE-2025-22962

A critical remote code execution RCE vulnerability exists in the web-based management interface of GatesAir Maxiva UAXT, VAXT transmitters when debugging mode is enabled. An attacker with a valid session ID sessid can send specially crafted POST requests to the /json endpoint, enabling arbitrary...

7.2CVSS7.9AI score0.00932EPSS
Exploits0References1
redhatcve
redhatcve
added 2025/02/15 12:25 a.m.7 views

CVE-2025-22960

A session hijacking vulnerability exists in the web-based management interface of GatesAir Maxiva UAXT, VAXT transmitters. Unauthenticated attackers can access exposed log files /logs/debug/xteLog, potentially revealing sensitive session-related information such as session IDs sessid and...

8CVSS7AI score0.0039EPSS
Exploits0References1
nvd
nvd
added 2025/02/13 11:15 p.m.12 views

CVE-2025-22961

A critical information disclosure vulnerability exists in the web-based management interface of GatesAir Maxiva UAXT, VAXT transmitters due to Incorrect Access Control CWE-284. Unauthenticated attackers can directly access sensitive database backup files snapshotusers.db via publicly exposed URLs...

8CVSS0.00382EPSS
Exploits0References1
nvd
nvd
added 2025/02/13 11:15 p.m.10 views

CVE-2025-22962

A critical remote code execution RCE vulnerability exists in the web-based management interface of GatesAir Maxiva UAXT, VAXT transmitters when debugging mode is enabled. An attacker with a valid session ID sessid can send specially crafted POST requests to the /json endpoint, enabling arbitrary...

7.2CVSS0.00932EPSS
Exploits0References1
nvd
nvd
added 2025/02/13 11:15 p.m.13 views

CVE-2025-22960

A session hijacking vulnerability exists in the web-based management interface of GatesAir Maxiva UAXT, VAXT transmitters. Unauthenticated attackers can access exposed log files /logs/debug/xteLog, potentially revealing sensitive session-related information such as session IDs sessid and...

8CVSS0.0039EPSS
Exploits0References1
Rows per page
Query Builder