Lucene search
K

12 matches found

NVD
NVD
added 2026/02/09 10:16 p.m.5 views

CVE-2026-25961

SumatraPDF is a multi-format reader for Windows. In 3.5.0 through 3.5.2, SumatraPDF's update mechanism disables TLS hostname verification INTERNETFLAGIGNORECERTCNINVALID and executes installers without signature checks. A network attacker with any valid TLS certificate e.g., Let's Encrypt can...

7.5CVSS0.00445EPSS
Exploits4References1
NVD
NVD
added 2025/08/20 4:16 a.m.12 views

CVE-2025-57788

A vulnerability in a known login mechanism allows unauthenticated attackers to execute API calls without requiring user credentials. RBAC helps limit the exposure but does not eliminate risk...

6.9CVSS0.02721EPSS
Exploits4References2
RedhatCVE
RedhatCVE
added 2025/05/23 10:21 a.m.7 views

CVE-2024-7579

A vulnerability was found in Alien Technology ALR-F800 up to 19.10.24.00. It has been declared as critical. Affected by this vulnerability is the function popen of the file /var/www/cgi-bin/upgrade.cgi of the component File Name Handler. The manipulation of the argument uploadedFile leads to os...

8.8CVSS6.9AI score0.08379EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 5:9 a.m.5 views

CVE-2017-20166

Ecto 2.2.0 lacks a certain protection mechanism associated with the interaction between isnil and raise...

9.8CVSS6.8AI score0.01279EPSS
Exploits1References1
OSV
OSV
added 2025/05/09 12:42 p.m.3 views

OESA-2025-1487 firefox security update

Mozilla Firefox is an open-source web browser, designed for standards compliance, performance and portability. Security Fixes: Thunderbird's update mechanism allowed a medium-integrity user process to interfere with the SYSTEM-level updater by manipulating the file-locking behavior. By injecting...

9.1CVSS7.9AI score0.00538EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2025/04/09 12:0 a.m.4 views

PT-2025-19288 · Оао 'Инфотекс' · Vipnet Client

Уязвимость механизма обновления программно-аппаратного комплекса защиты информации ViPNet Client 4 связана с недостаточным количеством проверок легитимности конверта обновления, распространяемого по транспортному протоколу mftp. Эксплуатация уязвимости возможна только для внутреннего нарушителя,...

1CVSS7.3AI score
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/02/23 1:28 a.m.8 views

CVE-2025-1001

Medixant RadiAnt DICOM Viewer is vulnerable due to failure of the update mechanism to verify the update server's certificate which could allow an attacker to alter network traffic and carry out a machine-in-the-middle attack MITM. An attacker could modify the server's response and deliver a...

5.7CVSS6.8AI score0.00133EPSS
Exploits0References1
Code423n4
Code423n4
added 2023/05/26 12:0 a.m.13 views

Recovery transaction can be replayed after a cancellation

Lines of code Vulnerability details Recovery transaction can be replayed after a cancellation The recovery transaction can be replayed after a cancellation of the recovery procedure, reinstating the recovery mechanism. Impact The Ambire wallet provides a recovery mechanism in which a privilege ca...

7AI score
Exploits0
NCSC
NCSC
added 2023/04/25 12:0 a.m.7 views

Vulnerability fixed in Rancher

A vulnerability has been fixed in Rancher. The vulnerability is located in the update mechanism. Systems that used the internal update mechanism used to upgrade from versions 2.6.x and 2.7.x upgrade to 2.7.2 are vulnerable. Systems initially installed on version 2.7.2 are not vulnerable. Due to a...

9.9CVSS7.2AI score0.00779EPSS
Exploits0
BDU FSTEC
BDU FSTEC
added 2021/02/02 12:0 a.m.6 views

The vulnerability of the detection mechanism for applications in the Snort intrusion detection system allows attackers to increase their privileges.

The vulnerability of the detection mechanism of the Snort intrusion detection system is related to the implementation of an incorrect control flow. Exploiting this vulnerability can allow a malicious actor, operating remotely, to increase their privileges...

4CVSS5.8AI score0.02146EPSS
Exploits0References3Affected Software5
NVD
NVD
added 2020/10/01 8:15 p.m.29 views

CVE-2020-9487

In Apache NiFi 1.0.0 to 1.11.4, the NiFi download token one-time password mechanism used a fixed cache size and did not authenticate a request to create a download token, only when attempting to use the token to access the content. An unauthenticated user could repeatedly request download tokens,...

7.5CVSS0.0305EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2019/10/16 12:0 a.m.47 views

Adobe Acrobat < 2015.006.30504 / 2017.011.30150 / 2019.021.20047 Multiple Vulnerabilities (APSB19-49) (macOS)

The version of Adobe Acrobat installed on the remote macOS host is a version prior to 2015.006.30504, 2017.011.30150, or 2019.021.20047. It is, therefore, affected by multiple vulnerabilities. - Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.011.30148 and earlier,...

10CVSS7.6AI score0.22886EPSS
Exploits9References69
Rows per page
Query Builder