Lucene search
K

143 matches found

Zero Day Initiative
Zero Day Initiative
added 2025/07/31 12:0 a.m.4 views

(Pwn2Own) QNAP QHora-322 Improper Restriction of Communication Channel to Intended Endpoints Vulnerability

This vulnerability allows network-adjacent attackers to access the management interface on affected installations of QNAP QHora-322 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the configuration of the management interface. The issue resul...

6.3CVSS7.2AI score
Exploits0References1
OSV
OSV
added 2025/07/11 4:15 p.m.4 views

CVE-2025-6549

An Incorrect Authorization vulnerability in the web server of Juniper Networks Junos OS on SRX Series allows an unauthenticated, network-based attacker to reach the Juniper Web Device Manager J-Web. When Juniper Secure connect JSC is enabled on specific interfaces, or multiple interfaces are...

6.9CVSS5.8AI score0.00208EPSS
Exploits0References1
OSV
OSV
added 2025/07/04 10:15 a.m.6 views

CVE-2025-5920

The Sharable Password Protected Posts before version 1.1.1 allows access to password protected posts by providing a secret key in a GET parameter. However, the key is exposed by the REST API...

7.5CVSS5.8AI score0.0038EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/23 9:17 a.m.5 views

CVE-2024-0910

The Restrict for Elementor plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.0.7 due to improper restrictions on hidden data that make it accessible through the REST API. This makes it possible for unauthenticated attackers to extract...

5.3CVSS5.9AI score0.00452EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 6:5 a.m.6 views

CVE-2023-30467

This vulnerability exists in Milesight 4K/H.265 Series NVR models MS-Nxxxx-xxG, MS-Nxxxx-xxE, MS-Nxxxx-xxT, MS-Nxxxx-xxH and MS-Nxxxx-xxC, due to improper authorization at the Milesight NVR web-based management interface. A remote attacker could exploit this vulnerability by sending a specially...

9.8CVSS6.8AI score0.01078EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/04/18 2:51 a.m.12 views

CVE-2025-3698

Interface exposure vulnerability in the mobile application com.transsion.carlcare may lead to information leakage risk...

7.5CVSS6.9AI score0.00364EPSS
Exploits0References1
OSV
OSV
added 2025/04/16 3:15 a.m.3 views

CVE-2025-3698

Interface exposure vulnerability in the mobile application com.transsion.carlcare may lead to information leakage risk...

7.5CVSS5.8AI score0.00364EPSS
Exploits0References2
CVE
CVE
added 2025/04/16 2:24 a.m.63 views

CVE-2025-3698

CVE-2025-3698 describes an interface exposure vulnerability in the mobile application com.transsion.carlcare (TECNO/Transsion). The available details indicate a potential information leakage risk. The CVSS 3.1 vector (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N) with a base score of 7.5 (HIGH) suggests e...

7.5CVSS6.7AI score0.00364EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2025/04/16 2:24 a.m.6 views

CVE-2025-3698

Interface exposure vulnerability in the mobile application com.transsion.carlcare may lead to information leakage risk...

7.5AI score0.00364EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/04/16 12:0 a.m.4 views

PT-2025-16551

Name of the Vulnerable Software and Affected Versions com.transsion.carlcare affected versions not specified Description The issue is related to an interface exposure vulnerability in the mobile application, which may lead to information leakage risk. Recommendations At the moment, there is no...

7.5CVSS6.4AI score0.00364EPSS
Exploits0References8
Vulnrichment
Vulnrichment
added 2025/02/05 5:36 p.m.1 views

CVE-2024-7595 GRE and GRE6 Protocols (RFC2784) do not validate or verify the source of a network packet

GRE and GRE6 Protocols RFC2784 do not validate or verify the source of a network packet allowing an attacker to spoof and route arbitrary traffic via an exposed network interface that can lead to spoofing, access control bypass, and other unexpected network behaviors. This can be considered simil...

6.6AI score0.01552EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/01/27 12:0 a.m.4 views

imgproxy 代码问题漏洞

imgproxy is imgproxy individual developer's fast and secure standalone server for tweaking and converting remote mirrors. A code issue vulnerability exists in imgproxy that stems from the presence of a server-side request forgery vulnerability against 0.0.0.0...

5.3CVSS6.9AI score0.00844EPSS
Exploits0References2
OSV
OSV
added 2025/01/23 5:15 p.m.4 views

CVE-2024-55925

In Xerox Workplace Suite, an API restricted to specific hosts can be bypassed by manipulating the Host header. If the server improperly validates or trusts the Host header without verifying the actual destination, an attacker can forge a value to gain unauthorized access. This exploit targets...

7.5CVSS5.8AI score0.0035EPSS
Exploits0References1
CNNVD
CNNVD
added 2024/12/17 12:0 a.m.6 views

vivo Wifi Module 安全漏洞

The vivo Wifi Module is a wireless module from the Chinese company Vivo. A security vulnerability exists in vivo Wifi Module, which originates from the wifi module exposing the interface, improperly controlling permissions, and leaking sensitive device information...

6.3CVSS6.7AI score0.00204EPSS
Exploits0References1
BDU FSTEC
BDU FSTEC
added 2024/12/02 12:0 a.m.6 views

The vulnerability of the addRelatedObjects function in the universal monitoring system Zabbix allows attackers to increase their privileges.

The vulnerability of the addRelatedObjects function in the universal monitoring system Zabbix is related to the lack of measures taken to protect the SQL query structure. Exploiting this vulnerability allows a malicious actor to enhance their privileges by sending specially crafted SQL queries...

9.9CVSS8.1AI score0.78831EPSS
Exploits13References7Affected Software2
NCSC
NCSC
added 2024/11/20 8:41 a.m.5 views

Vulnerabilities fixed in Palo Alto PAN OS

Palo Alto Networks has actively fixed exploited vulnerabilities in PAN-OS. UPDATE Public PoC has now appeared to exploit CVE-2024-0012. The vulnerability with attribute CVE-2024-0012 allows a malicious person with access to the management web interface to gain administrator privileges. Through th...

9.8CVSS8.2AI score0.99698EPSS
Exploits18References2
Positive Technologies
Positive Technologies
added 2024/09/03 12:0 a.m.5 views

PT-2024-26075 · Unknown · Universalcredentialmanager

Name of the Vulnerable Software and Affected Versions: UniversalCredentialManager versions prior to SMR Sep-2024 Release 1 Description: The issue is related to the incorrect use of privileged API in UniversalCredentialManager, allowing local attackers to access privileged API related to...

6.2CVSS6.9AI score0.00137EPSS
Exploits0References5
OSV
OSV
added 2024/08/02 11:16 a.m.3 views

CVE-2024-38879

A vulnerability has been identified in Omnivise T3000 Application Server R9.2 All versions, Omnivise T3000 R8.2 SP3 All versions, Omnivise T3000 R8.2 SP4 All versions. The affected system exposes the port of an internal application on the public network interface allowing an attacker to circumven...

9.8CVSS5.7AI score0.00768EPSS
Exploits3References2
Positive Technologies
Positive Technologies
added 2024/06/26 12:0 a.m.5 views

PT-2024-20069 · Hms · Hms Anybus X-Gateway Ab7832-F

Name of the Vulnerable Software and Affected Versions: HMS Anybus X-Gateway AB7832-F 3 devices Description: The issue concerns the exposure of a web interface on port 80, allowing an unauthenticated GET request to a specific URL to trigger the reboot of the gateway or most of its modules. This ca...

7.5CVSS9.2AI score0.00441EPSS
Exploits0References4
OSV
OSV
added 2024/06/13 3:15 p.m.6 views

CVE-2024-28965

Dell SCG, versions prior to 5.24.00.00, contain an Improper Access Control vulnerability in the SCG exposed for an internal enable REST API if enabled by Admin user from UI. A remote low privileged attacker could potentially exploit this vulnerability, leading to the execution of certain Internal...

5.4CVSS5.9AI score0.00349EPSS
Exploits0References1
Rows per page
Query Builder