Lucene search
K

26 matches found

Vulnrichment
Vulnrichment
added 2026/05/14 10:35 a.m.10 views

CVE-2025-68420 Privilege Escalation in Comarch ERP Optima

Comarch ERP Optima client connects to a database using a high privileged account regardless of an application account to which a user logs in. It is possible for a local attacker who controls the client process to dump it's memory, extract credentials and use them to gain a privileged access to t...

7.5CVSS5.7AI score0.00114EPSS
Exploits0References2
OSV
OSV
added 2026/05/04 7:21 p.m.4 views

GHSA-62P3-HVXX-FXG4 Gotenberg has an ExifTool Dangerous Tag Blocklist Bypass via Group-Prefixed Tag Names that Allows Arbitrary File Rename and Move

Summary Gotenberg blocks certain ExifTool tag names like FileName and Directory to stop attackers from renaming or moving files on the server. But ExifTool allows a longer form of the same tag — System:FileName — which does the exact same thing. Gotenberg only checks if the tag is exactly FileNam...

8.2CVSS5.8AI score0.00347EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2026/05/04 12:0 a.m.22 views

PT-2026-37106

Name of the Vulnerable Software and Affected Versions Gotenberg versions prior to 8.31.0 Description Gotenberg fails to properly validate metadata tags passed to ExifTool, a tool used for reading and writing image, audio, and video metadata. While the software blocks specific tags like FileName a...

8.2CVSS6AI score0.00347EPSS
Exploits1References6
NVD
NVD
added 2026/04/06 4:16 p.m.3 views

CVE-2026-33727

Pi-hole is a Linux network-level advertisement and Internet tracker blocking application. Version 6.4 has a local privilege-escalation vulnerability allows code execution as root from the low-privilege pihole account. Important context: the pihole account uses nologin, so this is not a direct...

6.7CVSS0.00216EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/03/19 12:0 a.m.5 views

PT-2026-26326

🚨 CVE-2026-30694: Remote code execution in DedeCMS up to 5.7.118, no login required. Lock down your site and watch for a patch. Full advisory ➡️ https://t.co/nUIEoY7rL5 DedeCMS infosec AppSec...

6.2AI score0.0068EPSS
Exploits1References6
RedhatCVE
RedhatCVE
added 2025/12/20 2:22 a.m.4 views

CVE-2025-52692

Successful exploitation of the vulnerability could allow an attacker with local network access to send a specially crafted URL to access certain administration functions without login credentials...

8.8CVSS6.5AI score0.05622EPSS
Exploits3References1
CNNVD
CNNVD
added 2025/12/19 12:0 a.m.7 views

Linksys E9450-SG 安全漏洞

The Linksys E9450-SG is a WiFi router from Linksys USA. A security vulnerability exists in the Linksys E9450-SG that originates from a local network attacker being able to send a specially crafted URL to access certain administrative functions without requiring login credentials...

8.8CVSS6.3AI score0.05622EPSS
Exploits3References1
Vulnrichment
Vulnrichment
added 2025/12/15 12:0 a.m.3 views

CVE-2025-55895

TOTOLINK A3300R V17.0.0cu.557B20221024 and N200RE V9.3.5u.6448B20240521 and V9.3.5u.6437B20230519 are vulnerable to Incorrect Access Control. Attackers can send payloads to the interface without logging in remote...

6.6AI score0.00292EPSS
Exploits1References2
Cvelist
Cvelist
added 2025/12/15 12:0 a.m.19 views

CVE-2025-55895

TOTOLINK A3300R V17.0.0cu.557B20221024 and N200RE V9.3.5u.6448B20240521 and V9.3.5u.6437B20230519 are vulnerable to Incorrect Access Control. Attackers can send payloads to the interface without logging in remote...

0.00292EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2025/12/02 12:0 a.m.12 views

PT-2025-48774

ASUS warns of a critical flaw in AiCloud routers CVE-2025-593656. Attackers can remotely run OS commands no login needed. • Update firmware • Disable AiCloud/Samba/WAN access if no patch • Replace end-of-life devices • Strengthen passwords https://t.co/Dt2oT0g298...

7.2AI score
Exploits0References1
NVD
NVD
added 2025/11/04 7:17 p.m.46 views

CVE-2025-12108

The Survision LPR Camera system does not enforce password protection by default. This allows access to the configuration wizard immediately without a login prompt or credentials check...

9.3CVSS0.0044EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/11/04 12:0 a.m.27 views

PT-2025-45029

Name of the Vulnerable Software and Affected Versions Survision LPR Camera system affected versions not specified Description The Survision LPR Camera system lacks default password protection. This allows immediate access to the configuration wizard without requiring a login or checking...

9.3CVSS6.6AI score0.0044EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2002-1069

Malware in sbrugna...

5CVSS6.4AI score0.01539EPSS
Exploits0References6
GithubExploit
GithubExploit
added 2025/07/10 11:44 a.m.98 views

Complete Insurance Agency Management System

Campcodes Complete Sales and Inventory System V1.0 /pages/rece...

8.3AI score
Exploits0
Positive Technologies
Positive Technologies
added 2024/12/12 12:0 a.m.5 views

PT-2024-22292 · Image Access Gmbh · Scan2Net

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided descriptions. Description: The issue is due to missing input sanitization, allowing an attacker to perform cross-site-scripting attacks and run arbitrary Javascript in the browser...

4.7CVSS6.7AI score0.00452EPSS
Exploits0References6
OSV
OSV
added 2024/02/15 3:15 a.m.4 views

CVE-2024-26261

The functionality for file download in HGiga OAKlouds' certain modules contains an Arbitrary File Read and Delete vulnerability. Attackers can put file path in specific request parameters, allowing them to download the file without login. Furthermore, the file will be deleted after being download...

9.8CVSS5.7AI score0.00679EPSS
Exploits0References2
OSV
OSV
added 2023/09/20 8:15 a.m.5 views

CVE-2022-47561

The web application stores credentials in clear text in the "admin.xml" file, which can be accessed without logging into the website, which could allow an attacker to obtain credentials related to all users, including admin users, in clear text, and use them to subsequently execute malicious...

5.5CVSS5.8AI score0.00165EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2022/07/04 7:15 a.m.2 views

CVE-2022-28713

Improper authentication vulnerability in Scheduler of Cybozu Garoon 4.10.0 to 5.5.1 allows a remote attacker to obtain some data of Facility Information without logging in to the product...

5.3CVSS6.1AI score0.00996EPSS
Exploits0References3Affected Software1
CNNVD
CNNVD
added 2021/10/08 12:0 a.m.4 views

Tad Web 访问控制错误漏洞

Tad Web is a multiplayer web module by the individual developer of Tad in Taiwan, China. An authorization issue vulnerability exists in Tad Web, which can be exploited by attackers to view announcements and upload files without logging in...

6.5CVSS6.6AI score0.00992EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2021/09/30 10:13 a.m.4 views

CVE-2021-41299

ECOA BAS controller is vulnerable to hard-coded credentials within its Linux distribution image, thus remote attackers can obtain administrator’s privilege without logging in...

10CVSS7.4AI score0.01989EPSS
Exploits1References2
Rows per page
Query Builder