Lucene search
K

73 matches found

CVE
CVE
added 2025/07/18 3:14 p.m.37 views

CVE-2025-7789

Summary of CVE-2025-7789 : The issue affects the xxl-job framework (versions up to 3.1.1). The vulnerable component is the makeToken function in IndexController.java (Token Generation). The root cause is password hashing with insufficient computational effort, enabling a remote attack; exploitati...

6.3CVSS4.4AI score0.0028EPSS
Exploits1References4Affected Software1
CVE
CVE
added 2025/06/27 11:31 a.m.25 views

CVE-2025-6763

The CVE-2025-6763 entry concerns a missing authentication issue in the Web-based Management Interface of multiple Comet System products (T0510, T3510, T3511, T4511, T6640, T7511, T7611, P8510, P8552, H3531) version 1.60. The vulnerability centers on the file /setupA.cfg; manipulation of this file...

9.2CVSS7.2AI score0.01157EPSS
Exploits1References5Affected Software1
RedhatCVE
RedhatCVE
added 2025/06/25 11:41 p.m.13 views

CVE-2025-6530

A vulnerability was found in 70mai M300 up to 20250611. It has been classified as problematic. This affects an unknown part of the file demo.sh of the component Telnet Service. The manipulation leads to denial of service. Access to the local network is required for this attack. The complexity of ...

5.9CVSS5AI score0.0055EPSS
Exploits1References1
NVD
NVD
added 2025/06/23 10:15 p.m.5 views

CVE-2025-6527

A vulnerability, which was classified as problematic, was found in 70mai M300 up to 20250611. Affected is an unknown function of the component Web Server. The manipulation leads to improper access controls. The attack can only be initiated within the local network. The complexity of an attack is...

3.1CVSS0.00489EPSS
Exploits1References4
Cvelist
Cvelist
added 2025/06/23 9:0 p.m.14 views

CVE-2025-6524 70mai 1S Video Services improper authentication

A vulnerability classified as problematic has been found in 70mai 1S up to 20250611. This affects an unknown part of the component Video Services. The manipulation leads to improper authentication. Access to the local network is required for this attack to succeed. The complexity of an attack is...

3.1CVSS0.00326EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2025/06/12 3:21 p.m.7 views

CVE-2025-26394

SolarWinds Observability Self-Hosted is susceptible to an open redirection vulnerability. The URL is not properly sanitized, and an attacker could manipulate the string to redirect a user to a malicious site. The attack complexity is high, and authentication is required...

4.8CVSS5.1AI score0.00174EPSS
Exploits0References1
OSV
OSV
added 2025/06/10 3:15 p.m.4 views

CVE-2025-26394

SolarWinds Observability Self-Hosted is susceptible to an open redirection vulnerability. The URL is not properly sanitized, and an attacker could manipulate the string to redirect a user to a malicious site. The attack complexity is high, and authentication is required...

4.8CVSS5.7AI score0.00174EPSS
Exploits0References2
CVE
CVE
added 2025/06/10 2:39 p.m.54 views

CVE-2025-26394

CVE-2025-26394 affects SolarWinds Observability Self-Hosted and is an open redirection vulnerability caused by insufficient URL sanitization. The core issue is improper URL cleanup that could redirect users to a malicious site. The CVE entry lists CVSS v3.1 base score 4.8 (Medium) with adjacent a...

4.8CVSS5.1AI score0.00174EPSS
Exploits0References2Affected Software1
NVD
NVD
added 2025/06/06 4:15 a.m.12 views

CVE-2025-5715

A vulnerability was found in Signal App 7.41.4 on Android. It has been declared as problematic. This vulnerability affects unknown code of the component Biometric Authentication Handler. The manipulation leads to missing critical step in authentication. It is possible to launch the attack on the...

6.4CVSS0.00257EPSS
Exploits1References5
Cvelist
Cvelist
added 2025/06/06 3:0 a.m.14 views

CVE-2025-5715 Signal App Biometric Authentication missing critical step in authentication

A vulnerability was found in Signal App 7.41.4 on Android. It has been declared as problematic. This vulnerability affects unknown code of the component Biometric Authentication Handler. The manipulation leads to missing critical step in authentication. It is possible to launch the attack on the...

3.8CVSS0.00257EPSS
Exploits1References4
OSV
OSV
added 2025/06/05 7:31 a.m.8 views

CVE-2025-5645 Radare2 radiff2 pal.c r_cons_pal_init memory corruption

A vulnerability, which was classified as problematic, was found in Radare2 5.9.9. This affects the function rconspalinit in the library /libr/cons/pal.c of the component radiff2. The manipulation of the argument -T leads to memory corruption. Attacking locally is a requirement. The complexity of ...

2CVSS4.1AI score0.00185EPSS
Exploits1References9
Vulnrichment
Vulnrichment
added 2025/06/05 7:0 a.m.7 views

CVE-2025-5644 Radare2 radiff2 cons.c r_cons_flush use after free

A vulnerability, which was classified as problematic, has been found in Radare2 5.9.9. Affected by this issue is the function rconsflush in the library /libr/cons/cons.c of the component radiff2. The manipulation of the argument -T leads to use after free. Local access is required to approach thi...

2.5CVSS3.5AI score0.00191EPSS
Exploits1References7
CVE
CVE
added 2025/05/29 6:0 p.m.58 views

CVE-2025-5323

CVE-2025-5323 affects fossasia open-event-server 1.19.1, specifically the Mail Verification Handler’s function send_email_change_user_email . The issue is described as relying on obfuscation or encryption of security-relevant inputs without integrity checks, with possible remote activation and hi...

6.3CVSS7AI score0.00118EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2025/05/24 4:31 p.m.15 views

CVE-2025-5129 Sangfor 零信任访问控制系统 aTrust MSASN1.dll uncontrolled search path

A vulnerability has been found in Sangfor 零信任访问控制系统 aTrust 2.3.10.60 and classified as critical. Affected by this vulnerability is an unknown functionality in the library MSASN1.dll. The manipulation leads to uncontrolled search path. Local access is required to approach this attack. The complexi...

7.3CVSS6.9AI score0.0025EPSS
Exploits1References5
RedhatCVE
RedhatCVE
added 2025/05/23 11:57 a.m.6 views

CVE-2025-0575

A vulnerability has been found in Union Bank of India Vyom 8.0.34 on Android and classified as problematic. This vulnerability affects unknown code of the component Rooting Detection. The manipulation leads to protection mechanism failure. The attack needs to be approached locally. The complexity...

3.9CVSS6.8AI score0.00164EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 11:56 a.m.14 views

CVE-2025-0870

A vulnerability was found in Axiomatic Bento4 up to 1.6.0-641. It has been rated as critical. Affected by this issue is the function AP4DataBuffer::GetData in the library Ap4DataBuffer.h. The manipulation leads to heap-based buffer overflow. The attack may be launched remotely. The complexity of ...

6.3CVSS7AI score0.00536EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/23 8:20 a.m.7 views

CVE-2024-10073

A vulnerability, which was classified as critical, was found in flairNLP flair 0.14.0. Affected is the function ClusteringModel of the file flair\models\clustering.py of the component Mode File Loader. The manipulation leads to code injection. It is possible to launch the attack remotely. The...

7.5CVSS7.2AI score0.00537EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 6:42 a.m.12 views

CVE-2024-11619

A vulnerability, which was classified as problematic, has been found in macrozheng mall up to 1.0.3. Affected by this issue is some unknown functionality of the component JWT Token Handler. The manipulation leads to use of default cryptographic key. The complexity of an attack is rather high. The...

8.1CVSS6.7AI score0.00696EPSS
Exploits0References1
CVE
CVE
added 2025/04/03 8:0 p.m.77 views

CVE-2025-3177

Concerning CVE-2025-3177, multiple connected sources confirm a vulnerability in FastCMS 0.1.5 affecting the JWT Handler component, specifically the use of a hard-coded cryptographic key. Access is remote, attack complexity is high, and no privileges are required. The Public disclosure status is n...

8.1CVSS7.2AI score0.00427EPSS
Exploits1References4Affected Software1
CVE
CVE
added 2025/03/19 7:8 p.m.47 views

CVE-2025-27704

CVE-2025-27704 affects Absolute Secure Access (Secure Access administrative console) prior to version 13.53. The issue is a cross-site scripting vulnerability that can be exploited by a user with system administrator permissions to interfere with another admin’s session when they are logged into ...

5.5CVSS5.9AI score0.00292EPSS
Exploits0References1
Rows per page
Query Builder