Lucene search
+L

306 matches found

NVD
NVD
added 2025/06/10 3:15 p.m.7 views

CVE-2025-22455

A hardcoded key in Ivanti Workspace Control before version 10.19.0.0 allows a local authenticated attacker to decrypt stored SQL credentials...

8.8CVSS0.00352EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/06/10 2:39 p.m.5 views

CVE-2025-5353

A hardcoded key in Ivanti Workspace Control before version 10.19.10.0 allows a local authenticated attacker to decrypt stored SQL credentials...

8.8CVSS8.7AI score0.00352EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/06/10 2:39 p.m.13 views

CVE-2025-5353

A hardcoded key in Ivanti Workspace Control before version 10.19.10.0 allows a local authenticated attacker to decrypt stored SQL credentials...

8.8CVSS0.00352EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/06/10 2:39 p.m.13 views

CVE-2025-22463

A hardcoded key in Ivanti Workspace Control before version 10.19.10.0 allows a local authenticated attacker to decrypt the stored environment password...

7.3CVSS0.00337EPSS
Exploits0References1
CVE
CVE
added 2025/06/10 2:39 p.m.66 views

CVE-2025-22463

CVE-2025-22463 affects Ivanti Workspace Control prior to 10.19.10.0, due to a hard-coded key that enables a local authenticated attacker to decrypt stored credentials (SQL and environment passwords). Root cause: hard-coded cryptographic key in the product. Impact: unauthorized access to sensitive...

7.3CVSS7AI score0.00352EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2025/06/10 2:38 p.m.67 views

CVE-2025-22455

Ivanti Workspace Control is affected by CVE-2025-22455 due to a hardcoded key that can allow a local authenticated attacker to decrypt stored SQL credentials. The vulnerability concerns versions before 10.19.0.0 (per initial CVE description) with broader remediation references indicating fixes fo...

8.8CVSS8.6AI score0.00352EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2025/06/10 2:38 p.m.13 views

CVE-2025-22455

A hardcoded key in Ivanti Workspace Control before version 10.19.0.0 allows a local authenticated attacker to decrypt stored SQL credentials...

8.8CVSS0.00352EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/06/10 12:0 a.m.3 views

PT-2025-24665 · Ivanti · Ivanti Workspace Control

Name of the Vulnerable Software and Affected Versions: Ivanti Workspace Control versions prior to 10.19.10.0 Description: A hardcoded key in the software allows a local authenticated attacker to decrypt the stored environment password. This issue enables an attacker with local access to potential...

8.8CVSS8.9AI score0.00352EPSS
Exploits0References10
OSV
OSV
added 2025/06/04 5:15 p.m.14 views

CVE-2025-20278

A vulnerability in the CLI of multiple Cisco Unified Communications products could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system of an affected device as the root user. This vulnerability is due to improper validation of user-supplied...

6.7CVSS6AI score0.00155EPSS
Exploits0References1
NVD
NVD
added 2025/06/03 8:15 a.m.10 views

CVE-2025-46355

Incorrect default permissions issue in PC Time Tracer prior to 5.2. If exploited, arbitrary code may be executed with SYSTEM privilege on Windows system where the product is running by a local authenticated attacker...

7.3CVSS0.00139EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/05/23 9:39 a.m.11 views

CVE-2024-1591

Prior to version 24.1, a local authenticated attacker can view Sysvol when Privilege Management for Windows is configured to use a GPO policy. This allows them to view the policy and potentially find configuration issues...

3.3CVSS6.5AI score0.00156EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 7:23 a.m.8 views

CVE-2024-26012

A improper neutralization of special elements used in an os command 'os command injection' in Fortinet FortiAP-S 6.2 all verisons, and 6.4.0 through 6.4.9, FortiAP-W2 6.4 all versions, 7.0 all versions, 7.2.0 through 7.2.3, and 7.4.0 through 7.4.2, FortiAP 6.4 all versions, 7.0 all versions, 7.2....

7.8CVSS7.1AI score0.00675EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 3:47 a.m.8 views

CVE-2023-31805

Cross Site Scripting vulnerability found in Chamilo Lms v.1.11.18 allows a local authenticated attacker to execute arbitrary code via the homepage function...

4.8CVSS6.9AI score0.00417EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 12:11 a.m.8 views

CVE-2022-26531

Multiple improper input validation flaws were identified in some CLI commands of Zyxel USG/ZyWALL series firmware versions 4.09 through 4.71, USG FLEX series firmware versions 4.50 through 5.21, ATP series firmware versions 4.32 through 5.21, VPN series firmware versions 4.30 through 5.21, NSG...

7.8CVSS7.3AI score0.05805EPSS
Exploits4References1
RedhatCVE
RedhatCVE
added 2025/05/22 10:57 p.m.11 views

CVE-2022-33878

An exposure of sensitive information to an unauthorized actor vulnerabiltiy CWE-200 in FortiClient for Mac versions 7.0.0 through 7.0.5 may allow a local authenticated attacker to obtain the SSL-VPN password in cleartext via running a logstream for the FortiTray process in the terminal...

5.5CVSS6.2AI score0.00143EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 10:27 p.m.9 views

CVE-2022-23234

SnapCenter versions prior to 4.5 are susceptible to a vulnerability which could allow a local authenticated attacker to discover plaintext HANA credentials...

5.5CVSS6.5AI score0.00166EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 6:9 p.m.12 views

CVE-2021-26093

An access of uninitialized pointer CWE-824 vulnerability in FortiWLC versions 8.6.0, 8.5.3 and earlier may allow a local and authenticated attacker to crash the access point being managed by the controller by executing a crafted CLI command...

7.3CVSS6.5AI score0.0016EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/22 5:40 p.m.9 views

CVE-2020-1857

Huawei NIP6800 versions V500R001C30, V500R001C60SPC500, and V500R005C00SPC100; and Secospace USG6600 and USG9500 versions V500R001C30SPC200, V500R001C30SPC600, V500R001C60SPC500, and V500R005C00SPC100 have an information leakage vulnerability. Due to improper processing of some data, a local...

5.5CVSS6.3AI score0.00207EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/22 4:53 p.m.10 views

CVE-2020-9078

FusionCompute 8.0.0 have local privilege escalation vulnerability. A local, authenticated attacker could perform specific operations to exploit this vulnerability. Successful exploitation may cause the attacker to obtain a higher privilege and compromise the service...

7.8CVSS6.8AI score0.00219EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 4:43 p.m.11 views

CVE-2020-5793

A vulnerability in Nessus versions 8.9.0 through 8.12.0 for Windows & Nessus Agent 8.0.0 and 8.1.0 for Windows could allow an authenticated local attacker to copy user-supplied files to a specially constructed path in a specifically named user directory. An attacker could exploit this vulnerabili...

7.8CVSS6.4AI score0.00392EPSS
Exploits0References1
Rows per page
Query Builder