Lucene search
K

16 matches found

CVE
CVE
added 2026/06/23 5:39 p.m.27 views

CVE-2026-54317

Insight (CVE-2026-54317): The Home Assistant Konnected integration exposes an unauthenticated GET endpoint (/api/konnected/device/{device_id}) that reveals alarm-panel state and topology on the LAN. Write operations (POST/PUT) enforce a Bearer token against configured access tokens, but GET reque...

7.6CVSS5.8AI score0.00193EPSS
Exploits1References1Affected Software1
RedhatCVE
RedhatCVE
added 2026/05/04 8:21 p.m.9 views

CVE-2026-7679

A security flaw has been discovered in YunaiV yudao-cloud up to 2026.01. This impacts the function getAccessToken of the file yudao-module-system-biz/src/main/java/io/github/ruoyi/common/oauth2/service/impl/OAuth2TokenServiceImpl.java. Performing a manipulation results in improper authentication...

7.5CVSS6.8AI score0.00414EPSS
Exploits0References1
NVD
NVD
added 2026/05/03 5:15 a.m.17 views

CVE-2026-7679

A security flaw has been discovered in YunaiV yudao-cloud up to 2026.01. This impacts the function getAccessToken of the file yudao-module-system-biz/src/main/java/io/github/ruoyi/common/oauth2/service/impl/OAuth2TokenServiceImpl.java. Performing a manipulation results in improper authentication...

7.5CVSS0.00414EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/05/03 4:15 a.m.8 views

CVE-2026-7679

A security flaw has been discovered in YunaiV yudao-cloud up to 2026.01. This impacts the function getAccessToken of the file yudao-module-system-biz/src/main/java/io/github/ruoyi/common/oauth2/service/impl/OAuth2TokenServiceImpl.java. Performing a manipulation results in improper authentication...

7.5CVSS6.8AI score0.00414EPSS
Exploits0References4Affected Software1
EUVD
EUVD
added 2026/05/03 4:15 a.m.20 views

EUVD-2026-26814

A security flaw has been discovered in YunaiV yudao-cloud up to 2026.01. This impacts the function getAccessToken of the file yudao-module-system-biz/src/main/java/io/github/ruoyi/common/oauth2/service/impl/OAuth2TokenServiceImpl.java. Performing a manipulation results in improper authentication...

7.5CVSS6.8AI score0.00414EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/05/03 4:15 a.m.43 views

CVE-2026-7679 YunaiV yudao-cloud OAuth2TokenServiceImpl.java getAccessToken improper authentication

A security flaw has been discovered in YunaiV yudao-cloud up to 2026.01. This impacts the function getAccessToken of the file yudao-module-system-biz/src/main/java/io/github/ruoyi/common/oauth2/service/impl/OAuth2TokenServiceImpl.java. Performing a manipulation results in improper authentication...

7.5CVSS0.00414EPSS
Exploits0References4
CVE
CVE
added 2026/05/03 4:15 a.m.23 views

CVE-2026-7679

YunaiV yudao-cloud (up to 2026.01) is affected. The flaw resides in OAuth2TokenServiceImpl.java (getAccessToken) where manipulation leads to improper authentication. The issue is exploitable remotely with a PROOF-OF-CONCEPT exploit and no remediation details are provided in the available document...

7.5CVSS6.8AI score0.00414EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2025/08/01 8:46 p.m.4 views

CVE-2013-10063 Netgear SPH200D <= 1.0.4.80 Path Traversal via HTTP GET

A path traversal vulnerability exists in the Netgear SPH200D Skype phone firmware versions = 1.0.4.80 in its embedded web server. Authenticated attackers can exploit crafted GET requests to access arbitrary files outside the web root by injecting traversal sequences. This can expose sensitive...

6.9CVSS6.5AI score0.00892EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2023/05/09 10:4 a.m.2 views

kernel: NFSD: Finish converting the NFSv2 GETACL result encoder

A flaw was identified in the Linux kernel’s NFSD NFSv2 GETACL result encoder. During conversion to xdrstream, leftover code erroneously set the pagelen field of the send buffer. The XDR stream encoders are expected to manage buffer length automatically, and the incorrect manual setting can result...

6AI score0.002EPSS
Exploits0References5
OSV
OSV
added 2022/12/30 9:15 p.m.6 views

CVE-2022-46585

TRENDnet TEW755AP 1.13B01 was discovered to contain a stack overflow via the REMOTEUSER parameter in the getaccess sub45AC2C function...

9.8CVSS5.8AI score0.00873EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2022/12/30 12:0 a.m.4 views

PT-2022-27913 · Trendnet · Trendnet Tew755Ap

Name of the Vulnerable Software and Affected Versions: TRENDnet TEW755AP version 1.13B01 Description: A stack overflow issue was discovered via the REMOTE USER parameter in the get access sub 45AC2C function. Recommendations: For TRENDnet TEW755AP version 1.13B01, consider restricting access to t...

9.8CVSS9.4AI score0.00873EPSS
Exploits1References3
CNNVD
CNNVD
added 2022/12/30 12:0 a.m.3 views

TRENDnet TEW-755AP 缓冲区错误漏洞

The TRENDnet TEW-755AP is a router from TRENDnet. The TRENDnet TEW-755AP suffers from a stack overflow vulnerability that stems from a lack of size checking of input data in the REMOTEUSER parameter of the getaccess sub45AC2C function, which can be exploited by an attacker to execute arbitrary co...

9.8CVSS7.9AI score0.00873EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2022/03/23 12:0 a.m.3 views

PT-2022-6942 · Argo Cd · Argo Cd

Name of the Vulnerable Software and Affected Versions: Argo CD versions 1.3.0 through 2.1.10 Argo CD versions 2.2.0 through 2.2.5 Argo CD versions 2.3.0 and earlier, excluding 2.3.0 itself as it is a fixed version Description: The issue is related to a path traversal bug compounded by an improper...

7.7CVSS6.7AI score0.0086EPSS
Exploits0References10
OSV
OSV
added 2020/11/17 8:15 p.m.2 views

CVE-2020-25988

UPNP Service listening on port 5555 in Genexis Platinum 4410 Router V2.1 P4410-V2–1.34H has an action 'XGetAccess' which leaks the credentials of 'admin', provided that the attacker is network adjacent...

6.5CVSS6.6AI score0.03016EPSS
Exploits3References4
OSV
OSV
added 2019/05/23 2:29 p.m.4 views

DEBIAN-CVE-2019-0201

An issue is present in Apache ZooKeeper 1.0.0 to 3.4.13 and 3.5.0-alpha to 3.5.4-beta. ZooKeeper’s getACL command doesn’t check any permission when retrieves the ACLs of the requested node and returns all information contained in the ACL Id field as plaintext string. DigestAuthenticationProvider...

5.9CVSS8.1AI score0.09634EPSS
Exploits0References1
CNVD
CNVD
added 2018/08/22 12:0 a.m.4 views

paypal/permissions-sdk-php cross-site scripting vulnerability

paypal/permissions-sdk-php is a PHP-based Paypal payment software development kit. A cross-site scripting vulnerability exists in the 'verificationcode' parameter of the samples/GetAccessToken.php file in paypal/permissions-sdk-php. A remote attacker could exploit this vulnerability to execute co...

5.4CVSS5.3AI score0.00805EPSS
Exploits1References1
Rows per page
Query Builder