Lucene search
K

158 matches found

ATTACKERKB
ATTACKERKB
added 2026/03/10 9:22 p.m.6 views

CVE-2026-31820

Sylius is an Open Source eCommerce Framework on Symfony. An authenticated Insecure Direct Object Reference IDOR vulnerability exists in multiple shop LiveComponents due to unvalidated resource IDs accepted via LiveArg parameters. Unlike props, which are protected by LiveComponent's @checksum, arg...

7.1CVSS5.8AI score0.0029EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2026/03/04 8:43 p.m.4 views

GHSA-V33R-R6H2-8WR7 Kimai's API invoice endpoint missing customer-level access control (IDOR)

Summary GET /api/invoices/id only checks the role-based viewinvoice permission but does not verify the requesting user has access to the invoice's customer. Any user with ROLETEAMLEAD which grants viewinvoice can read all invoices in the system, including those belonging to customers assigned to...

6.5CVSS5.9AI score0.00399EPSS
Exploits1References5
CNNVD
CNNVD
added 2026/01/28 12:0 a.m.12 views

SolarWinds Web Help Desk code-related vulnerabilities

SolarWinds Web Help Desk is a service desk and asset management software provided by the American company SolarWinds. This software supports centralized knowledge bases, IT asset management, project and task management functions. There is a code vulnerability in SolarWinds Web Help Desk, which...

9.8CVSS7.8AI score0.8413EPSS
Exploits3References2
RedhatCVE
RedhatCVE
added 2025/12/20 5:12 p.m.10 views

CVE-2025-65035

pluginsGLPI's Database Inventory Plugin "manages" the Teclib' inventory agents in order to perform an inventory of the databases present on the workstation. Prior to version 1.1.2, in certain conditions database write access must first be obtained through another vulnerability or misconfiguration...

6.4CVSS7AI score0.0026EPSS
Exploits0References1
NVD
NVD
added 2025/12/19 5:15 p.m.5 views

CVE-2025-65035

pluginsGLPI's Database Inventory Plugin "manages" the Teclib' inventory agents in order to perform an inventory of the databases present on the workstation. Prior to version 1.1.2, in certain conditions database write access must first be obtained through another vulnerability or misconfiguration...

6.4CVSS0.0026EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2025/12/19 12:0 a.m.7 views

PT-2025-52493

pluginsGLPI's Database Inventory Plugin "manages" the Teclib' inventory agents in order to perform an inventory of the databases present on the workstation. Prior to version 1.1.2, in certain conditions database write access must first be obtained through another vulnerability or misconfiguration...

6.4CVSS7AI score0.0026EPSS
Exploits0References4
EUVD
EUVD
added 2025/12/10 9:31 p.m.4 views

EUVD-2025-202612

The mobile application insecurely handles information stored within memory. By performing a memory dump on the application after a user has logged out and terminated it, Wi-Fi credentials sent during the pairing process, JWTs used for authentication, and other sensitive details can be retrieved. ...

5.8AI score0.00127EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/12/03 8:2 a.m.6 views

CVE-2025-10971

Insecure Storage of Sensitive Information vulnerability in MeetMe on iOS, Android allows Retrieve Embedded Sensitive Data. This issue affects MeetMe: through v2.2.5...

8.8CVSS6.9AI score0.00103EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/10/16 7:59 a.m.9 views

CVE-2025-41020 Insecure direct object reference (IDOR) vulnerability in Sergestec's Exito

Insecure direct object reference IDOR vulnerability in Sergestec's Exito v8.0. This vulnerability allows an attacker to access data belonging to other customers through the 'id' parameter in '/admin/ticketa4.php'...

7.1CVSS0.00313EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/10/13 8:23 p.m.6 views

CVE-2025-11644

A weakness has been identified in Tomofun Furbo 360 and Furbo Mini. Affected by this issue is some unknown functionality of the component UART Interface. Executing manipulation can lead to insecure storage of sensitive information. The physical device can be targeted for the attack. This attack i...

4.2CVSS3.8AI score0.00257EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/10/13 6:22 p.m.7 views

CVE-2025-11639

A vulnerability has been found in Tomofun Furbo 360 and Furbo Mini. The impacted element is an unknown function of the file collectlogs.sh of the component Debug Log S3 Bucket Handler. The manipulation leads to insecure storage of sensitive information. An attack has to be approached locally. The...

5.5CVSS6.3AI score0.00216EPSS
Exploits1References1
OSV
OSV
added 2025/10/12 8:15 p.m.4 views

CVE-2025-11644

A weakness has been identified in Tomofun Furbo 360 and Furbo Mini. Affected by this issue is some unknown functionality of the component UART Interface. Executing manipulation can lead to insecure storage of sensitive information. The physical device can be targeted for the attack. This attack i...

4.2CVSS5.2AI score0.00257EPSS
Exploits1References6
Vulnrichment
Vulnrichment
added 2025/10/12 8:2 p.m.3 views

CVE-2025-11644 Tomofun Furbo 360/Furbo Mini UART sensitive information

A weakness has been identified in Tomofun Furbo 360 and Furbo Mini. Affected by this issue is some unknown functionality of the component UART Interface. Executing manipulation can lead to insecure storage of sensitive information. The physical device can be targeted for the attack. This attack i...

2CVSS3.4AI score0.00257EPSS
Exploits1References6
NVD
NVD
added 2025/10/12 6:15 p.m.5 views

CVE-2025-11639

A vulnerability has been found in Tomofun Furbo 360 and Furbo Mini. The impacted element is an unknown function of the file collectlogs.sh of the component Debug Log S3 Bucket Handler. The manipulation leads to insecure storage of sensitive information. An attack has to be approached locally. The...

5.5CVSS0.00216EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2025/10/12 12:0 a.m.6 views

PT-2025-41732

Name of the Vulnerable Software and Affected Versions Tomofun Furbo 360 versions prior to FB0035 FW 036 Tomofun Furbo Mini versions prior to MC0020 FW 074 Description A weakness exists in the UART Interface component of Tomofun Furbo 360 and Furbo Mini. Manipulation of this component can result i...

2CVSS3.7AI score0.00257EPSS
Exploits1References10
Positive Technologies
Positive Technologies
added 2025/10/12 12:0 a.m.8 views

PT-2025-41727

Name of the Vulnerable Software and Affected Versions Tomofun Furbo 360 versions prior to FB0035 FW 036 Tomofun Furbo Mini versions prior to MC0020 FW 074 Description A security issue exists in Tomofun Furbo 360 and Furbo Mini related to insecure storage of sensitive information. The issue is...

4.8CVSS4AI score0.00216EPSS
Exploits1References8
RedhatCVE
RedhatCVE
added 2025/10/11 7:23 a.m.3 views

CVE-2025-21045

Insecure storage of sensitive information in Galaxy Watch prior to SMR Oct-2025 Release 1 allows local attackers to access sensitive information...

4CVSS6.2AI score0.00117EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2018-3571

Malware in sbrugna...

9.8CVSS9.2AI score0.01527EPSS
Exploits1References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.3 views

EUVD-2021-26522

Malware in sbrugna...

5.5CVSS5.6AI score0.00441EPSS
Exploits0References5
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2018-12670

Malware in sbrugna...

9.8CVSS9.5AI score0.0071EPSS
Exploits0References2
Rows per page
Query Builder