Lucene search
K

80 matches found

Positive Technologies
Positive Technologies
added 2025/09/05 12:0 a.m.11 views

PT-2025-36115

Name of the Vulnerable Software and Affected Versions: NMC G2 affected versions not specified Description: An attacker with authenticated and privileged access could modify the contents of a non-sensitive file by traversing the path in the limited shell of the CLI. Recommendations: At the moment,...

4.7CVSS6AI score0.00268EPSS
Exploits0References6
CNNVD
CNNVD
added 2025/09/05 12:0 a.m.5 views

Eaton NMC G2 安全漏洞

Eaton NMC G2 is a network management card from Eaton Corporation USA. A security vulnerability exists in the Eaton NMC G2 that originates from a privileged attacker being able to modify the contents of non-sensitive files via path traversal in a CLI restricted shell...

4.7CVSS6.6AI score0.00268EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/08/06 12:0 a.m.6 views

Eaton Rack PDU G4 安全漏洞

The Eaton Rack PDU G4 is a vertical assembly power unit from Eaton Corporation USA. A security vulnerability exists in Eaton Rack PDU G4 version 3.5.0 and earlier, which stems from privileged access to potentially modify the contents of non-sensitive files via a CLI limited shell...

4.7CVSS6.6AI score0.00287EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/07/10 1:30 a.m.9 views

CVE-2025-42968

SAP NetWeaver allows an authenticated non-administrative user to call the remote-enabled function module which could grants access to non-sensitive information about the SAP system and OS without requiring any specific knowledge or controlled conditions. This leads to a low impact on...

5CVSS6.7AI score0.0023EPSS
Exploits0References1
NVD
NVD
added 2025/06/10 1:15 a.m.11 views

CVE-2025-42996

SAP MDM Server allows an attacker to gain control of existing client sessions and execute certain functions without having to re-authenticate giving the ability to access or modify non-sensitive information or consume sufficient resources which could degrade the performance of the server causing...

5.6CVSS0.00208EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/05/23 4:55 a.m.6 views

CVE-2023-42479

An unauthenticated attacker can embed a hidden access to a Biller Direct URL in a frame which, when loaded by the user, will submit a cross-site scripting request to the Biller Direct system. This can result in the disclosure or modification of non-sensitive information...

6.1CVSS6.4AI score0.00446EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/22 11:20 p.m.6 views

CVE-2022-3866

HashiCorp Nomad and Nomad Enterprise 1.4.0 up to 1.4.1 workload identity token can list non-sensitive metadata for paths under nomad/ that belong to other jobs in the same namespace. Fixed in 1.4.2...

5CVSS6.8AI score0.00508EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 11:9 p.m.11 views

CVE-2022-3711

A post-auth read-only SQL injection vulnerability allows users to read non-sensitive configuration database contents in the User Portal of Sophos Firewall releases older than version 19.5 GA...

4.3CVSS7.7AI score0.00698EPSS
Exploits0References1
Packet Storm News
Packet Storm News
added 2025/05/01 12:0 a.m.7 views

Preserving Privacy and Utility in LLM-Based Product Recommendations

Large Language Model LLM-based recommendation systems leverage powerful language models to generate personalized suggestions by processing user interactions and preferences. Unlike traditional recommendation systems that rely on structured data and collaborative filtering, LLM-based models proces...

7.2AI score
Exploits0
CVE
CVE
added 2025/04/08 7:13 a.m.68 views

CVE-2025-27437

CVE-2025-27437 affects SAP NetWeaver Application Server ABAP, specifically the Virus Scanner Interface. The vulnerability is a missing authorization check that allows an attacker authenticated as a non-administrative user to initiate a transaction and access but not modify non-sensitive data, wit...

4.3CVSS6.9AI score0.00261EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/04/08 7:13 a.m.18 views

CVE-2025-27437 Missing Authorization check in SAP NetWeaver Application Server ABAP (Virus Scan Interface)

A Missing Authorization Check vulnerability exists in the Virus Scanner Interface of SAP NetWeaver Application Server ABAP. Because of this, an attacker authenticated as a non-administrative user can initiate a transaction, allowing them to access but not modify non-sensitive data without further...

4.3CVSS0.00261EPSS
Exploits0References2
OSV
OSV
added 2025/02/25 2:15 p.m.4 views

CVE-2024-51539

The Dell Secure Connect Gateway SCG Application and Appliance, versions prior to 5.28, contains a SQL injection vulnerability due to improper neutralization of special elements used in an SQL command. This vulnerability can only be exploited locally on the affected system. A high-privilege attack...

2.3CVSS5.8AI score0.00182EPSS
Exploits0References1
NVD
NVD
added 2025/02/25 2:15 p.m.14 views

CVE-2024-51539

The Dell Secure Connect Gateway SCG Application and Appliance, versions prior to 5.28, contains a SQL injection vulnerability due to improper neutralization of special elements used in an SQL command. This vulnerability can only be exploited locally on the affected system. A high-privilege attack...

2.3CVSS0.00182EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/02/25 1:45 p.m.10 views

CVE-2024-51539

The Dell Secure Connect Gateway SCG Application and Appliance, versions prior to 5.28, contains a SQL injection vulnerability due to improper neutralization of special elements used in an SQL command. This vulnerability can only be exploited locally on the affected system. A high-privilege attack...

2.3CVSS0.00182EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/02/25 1:45 p.m.6 views

CVE-2024-51539

The Dell Secure Connect Gateway SCG Application and Appliance, versions prior to 5.28, contains a SQL injection vulnerability due to improper neutralization of special elements used in an SQL command. This vulnerability can only be exploited locally on the affected system. A high-privilege attack...

2.3CVSS4AI score0.00182EPSS
Exploits0References1
OSV
OSV
added 2025/02/20 12:15 p.m.3 views

CVE-2025-21106

Dell Recover Point for Virtual Machines 6.0.X contains a Weak file system permission vulnerability. A low privileged Local attacker could potentially exploit this vulnerability, leading to impacting only non-sensitive resources in the system...

5.5CVSS5.8AI score0.00129EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/02/13 12:0 a.m.4 views

Synology Active Backup for Business 路径遍历漏洞

Synology Active Backup for Business is a backup program from Synology, a Chinese company. A path traversal vulnerability exists in Synology Active Backup for Business, which can be exploited to allow a remote authenticated user with administrator privileges to read specific files containing...

2.7CVSS6.4AI score0.00459EPSS
Exploits0References1
OSV
OSV
added 2025/02/12 4:15 p.m.7 views

CVE-2025-0556

In Progress® Telerik® Report Server, versions prior to 2025 Q1 11.0.25.211 when using the older .NET Framework implementation, communication of non-sensitive information between the service agent process and app host process occurs over an unencrypted tunnel, which can be subjected to local netwo...

6.5CVSS5.8AI score0.00298EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/02/05 1:0 a.m.14 views

CVE-2024-28134

An unauthenticated remote attacker can extract a session token with a MitM attack and gain web-based management access with the privileges of the currently logged in user due to cleartext transmission of sensitive information. No additional user interaction is required. The access is limited as...

7CVSS6.9AI score0.00492EPSS
Exploits0References1
OSV
OSV
added 2024/12/10 7:15 p.m.2 views

CVE-2024-55550

Mitel MiCollab through 9.8 SP2 could allow an authenticated attacker with administrative privilege to conduct a local file read, due to insufficient input sanitization. A successful exploit could allow the authenticated admin attacker to access resources that are constrained to the admin access...

2.7CVSS5.8AI score0.38104EPSS
Exploits0References3
Rows per page
Query Builder