Lucene search
+L

223 matches found

Cvelist
Cvelist
added 2025/09/03 8:19 p.m.10 views

CVE-2025-55748 XWiki Platform's configuration files can be accessed through jsx and sx endpoints

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In versions 4.2-milestone-2 through 16.10.6, configuration files are accessible through jsx and sx endpoints. It's possible to access and read configuration files by using URLs such as...

9.3CVSS0.01652EPSS
Exploits0References3
CVE
CVE
added 2025/09/03 8:19 p.m.51 views

CVE-2025-55748

Affected product : XWiki Platform. Vulnerability : path traversal through the jsx and sx endpoints that allows remote attackers to read configuration files. Root cause : improper access control enabling traversal to read files like WEB-INF/xwiki.cfg. Versions affected : 4.2-milestone-2 through 16...

9.3CVSS6.2AI score0.01652EPSS
In wildExploits0References3Affected Software1
CVE
CVE
added 2025/09/03 8:12 p.m.29 views

CVE-2025-55747

CVE-2025-55747 — XWiki Platform Information Disclosure . Affected: XWiki Platform versions 6.1-milestone-2 through 16.10.6. Root cause: configuration files are exposed via the webjars API, enabling remote access to sensitive configuration data. Evidence across connected sources confirms this is a...

9.3CVSS6.3AI score0.01557EPSS
In wildExploits0References3Affected Software1
Positive Technologies
Positive Technologies
added 2025/09/03 12:0 a.m.5 views

PT-2025-35831

Name of the Vulnerable Software and Affected Versions: XWiki Platform versions 6.1-milestone-2 through 16.10.6 Description: The XWiki Platform is a generic wiki platform. Affected versions allow access to configuration files through the webjars API. This issue is resolved in version 16.10.7...

9.3CVSS6.4AI score0.01557EPSS
Exploits0References9
Positive Technologies
Positive Technologies
added 2025/09/03 12:0 a.m.11 views

PT-2025-35832

Name of the Vulnerable Software and Affected Versions XWiki Platform versions 4.2-milestone-2 through 16.10.6 Description The XWiki Platform is a generic wiki platform. Configuration files are accessible through jsx and sx endpoints. An attacker can access and read configuration files using URLs...

9.3CVSS6.5AI score0.01652EPSS
Exploits0References17
Tenable Nessus
Tenable Nessus
added 2025/08/30 12:0 a.m.4 views

Linux Distros Unpatched Vulnerability : CVE-2022-1190

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Improper handling of user input in GitLab CE/EE versions 8.3 prior to 14.7.7, 14.8 prior to 14.8.5, and 14.9 prior to 14.9.2 allowed an attacker to exploit a...

8.7CVSS7.1AI score0.87369EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/08/18 12:0 a.m.5 views

Linux Distros Unpatched Vulnerability : CVE-2022-0172

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue has been discovered in GitLab CE/EE affecting all versions starting with 12.3. Under certain conditions it was possible to bypass the IP restriction fo...

6.5CVSS6.3AI score0.00765EPSS
Exploits0References2
BDU FSTEC
BDU FSTEC
added 2025/06/14 12:0 a.m.6 views

The vulnerability of the Milestone XProtect software installer allows a intruder to disclose protected information.

The vulnerability of the Milestone XProtect video surveillance software installer is related to the lack of data encryption measures. Exploiting this vulnerability could allow a remote attacker to disclose the protected information...

5.5CVSS5.5AI score0.00229EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/05/22 8:27 a.m.9 views

CVE-2019-12431

An issue was discovered in GitLab Community and Enterprise Edition 8.13 through 11.11. Restricted users could access the metadata of private milestones through the Search API. It has Improper Access Control...

4.3CVSS6.5AI score0.00751EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/04/20 12:0 a.m.1 views

PT-2025-17403 · Undefined · Undefined

One year ago, I was hoping to get a CVE Today, it’s real — CVE-2025-43927. 🚀 It might seem small, but for me, it’s so much. Showing up every day got me here. This is just the start. BugBounty CVE bugbountytips...

6.8AI score
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/04/17 2:49 p.m.7 views

CVE-2025-1688

Milestone Systems has discovered a security vulnerability in Milestone XProtect installer that resets system configuration password after the upgrading from older versions using specific installers. The system configuration password is an additional, optional protection that is enabled on the...

5.5CVSS7.1AI score0.00229EPSS
Exploits0References3
NVD
NVD
added 2025/04/15 11:15 a.m.16 views

CVE-2025-1688

Milestone Systems has discovered a security vulnerability in Milestone XProtect installer that resets system configuration password after the upgrading from older versions using specific installers. The system configuration password is an additional, optional protection that is enabled on the...

5.5CVSS0.00229EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/04/15 10:13 a.m.17 views

CVE-2025-1688 System configuration password reset

Milestone Systems has discovered a security vulnerability in Milestone XProtect installer that resets system configuration password after the upgrading from older versions using specific installers. The system configuration password is an additional, optional protection that is enabled on the...

5.5CVSS0.00229EPSS
Exploits0References1
CVE
CVE
added 2025/04/15 10:13 a.m.82 views

CVE-2025-1688

CVE-2025-1688 affects Milestone XProtect installer behavior where upgrading from older versions using 2024 R1/R2 installers resets the Management Server’s system configuration password. The vulnerability is triggered during upgrade processes and could bypass password protection, potentially impac...

5.5CVSS7AI score0.00229EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/04/15 10:13 a.m.5 views

CVE-2025-1688 System configuration password reset

Milestone Systems has discovered a security vulnerability in Milestone XProtect installer that resets system configuration password after the upgrading from older versions using specific installers. The system configuration password is an additional, optional protection that is enabled on the...

5.5CVSS7.2AI score0.00229EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/04/15 12:0 a.m.7 views

Milestone XProtect 安全漏洞

Milestone XProtect is a video management software from Milestone. A security vulnerability exists in Milestone XProtect versions 2024 R1 through 2024 R2, which originates from resetting the system configuration password during the upgrade process, which could lead to a security configuration...

5.5CVSS6.6AI score0.00229EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/03/12 8:59 a.m.4 views

CVE-2024-43107

Improper Certificate Validation CWE-295 in the Gallagher Milestone Integration Plugin MIP permits unauthenticated messages e.g. alarm events to be sent to the Plugin. This issue effects Gallagher MIPS Plugin v4.0 prior to v4.0.32, all versions of v3.0 and prior...

7.2CVSS6.8AI score0.00178EPSS
Exploits0
NVD
NVD
added 2025/03/10 3:15 a.m.6 views

CVE-2024-43107

Improper Certificate Validation CWE-295 in the Gallagher Milestone Integration Plugin MIP permits unauthenticated messages e.g. alarm events to be sent to the Plugin. This issue effects Gallagher MIPS Plugin v4.0 prior to v4.0.32, all versions of v3.0 and prior...

7.2CVSS0.00178EPSS
Exploits0References1
CVE
CVE
added 2025/03/10 2:44 a.m.39 views

CVE-2024-43107

CVE-2024-43107 concerns the Gallagher Milestone Integration Plugin (MIP). The issue arises from improper certificate validation (CWE-295) in MIP, allowing unauthenticated messages (such as alarm events) to be sent to the plugin. Affected products include Gallagher MIP versions prior to 4.0.32 and...

7.2CVSS7.1AI score0.00178EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/03/10 2:44 a.m.5 views

CVE-2024-43107

Improper Certificate Validation CWE-295 in the Gallagher Milestone Integration Plugin MIP permits unauthenticated messages e.g. alarm events to be sent to the Plugin. This issue effects Gallagher MIPS Plugin v4.0 prior to v4.0.32, all versions of v3.0 and prior...

7.2CVSS7.1AI score0.00178EPSS
Exploits0References1
Rows per page
Query Builder