Lucene search
+L

369 matches found

bdu_fstec
bdu_fstec
added 2025/06/20 12:0 a.m.10 views

The vulnerability of the Power Automate for Desktop automation platform, related to insufficient protection of operational data, allows attackers to escalate their privileges.

The vulnerability of the Power Automate for Desktop automation platform is related to insufficient protection for operational data. Exploiting this vulnerability can allow a malicious actor to enhance their privileges remotely...

10CVSS7.9AI score0.01059EPSS
Exploits0References3
bdu_fstec
bdu_fstec
added 2025/06/18 12:0 a.m.8 views

The vulnerability of the Booco business automation platform, related to insufficient protection of operational data, allows a perpetrator to gain unauthorized access to the system and compromise the confidentiality, integrity, and accessibility of the protected information.

The vulnerability of the Booco business automation platform is related to insufficient protection of operational data. Exploiting this vulnerability can allow a malicious actor, operating remotely, to gain unauthorized access to the system and compromise the confidentiality, integrity, and...

10CVSS5.5AI score
Exploits0References1Affected Software1
bdu_fstec
bdu_fstec
added 2025/06/05 12:0 a.m.9 views

The vulnerability of the Service Diagnostics Scripts component of the OracleTeleservice module in the Oracle E-Business Suite automation system allows a perpetrator to disclose protected information.

The vulnerability of the Service Diagnostics Scripts component of the Oracle Teleservice module in the Oracle E-Business Suite system relates to insufficient protection of operational data. Exploiting this vulnerability could allow an attacker, operating remotely, to disclose protected informatio...

6.8CVSS7.1AI score0.0044EPSS
Exploits0References3Affected Software2
bdu_fstec
bdu_fstec
added 2025/06/03 12:0 a.m.8 views

The vulnerability of the umatiGateway firewall interface allows a perpetrator to gain read and edit access to the protected information.

The vulnerability of the umatiGateway firewall interface is related to insufficient protection of operational data. Exploiting this vulnerability can allow a malicious actor to gain read access and modify the protected information...

8.5CVSS5.5AI score0.00486EPSS
Exploits0References5
bdu_fstec
bdu_fstec
added 2025/06/03 12:0 a.m.11 views

The vulnerability of the Git Utilities module for Drupal CMS systems lies in the insufficient protection of operational data, allowing attackers to gain access to read, modify, or delete data, or execute arbitrary code.

The vulnerability of the Git Utilities module for Drupal CMS systems is related to insufficient protection of operational data. Exploiting this vulnerability can allow an attacker, operating remotely, to gain access to read, modify, or delete data, or execute arbitrary code...

9CVSS5.8AI score0.00372EPSS
Exploits0References5Affected Software1
bdu_fstec
bdu_fstec
added 2025/06/02 12:0 a.m.9 views

The vulnerability of the platform for managing and monitoring Vynamic View terminals lies in the insufficient protection of operational data, which allows attackers to disclose the protected information.

The vulnerability of the platform for managing and monitoring Vynamic View terminals is related to insufficient protection of operational data. Exploiting this vulnerability could allow an attacker to disclose the protected information...

7.8CVSS5.4AI score0.00166EPSS
Exploits0References3Affected Software1
bdu_fstec
bdu_fstec
added 2025/05/28 12:0 a.m.23 views

The vulnerability of the reNgine software tool for automated web application reconnaissance, related to insufficient protection of operational data, allows a perpetrator to disclose protected information.

The vulnerability of the reNgine software tool for automated web application reconnaissance is related to insufficient protection of operational data. Exploiting this vulnerability can allow a malicious actor, operating remotely, to disclose the protected information...

6.8CVSS5.4AI score0.00517EPSS
Exploits1References4Affected Software1
bdu_fstec
bdu_fstec
added 2025/05/05 12:0 a.m.7 views

The vulnerability of the software for interacting with servers via cURL, related to insufficient protection of operational data, allows a perpetrator to gain unauthorized access to protected information.

The vulnerability of the software for interacting with servers via cURL is related to insufficient protection of operational data. Exploiting this vulnerability can allow a malicious actor, operating remotely, to gain unauthorized access to protected information...

3.4CVSS6.7AI score0.00663EPSS
Exploits1References12Affected Software9
bdu_fstec
bdu_fstec
added 2025/04/30 12:0 a.m.8 views

The vulnerability of Microprogramming Software in Cisco SIP IP Phones like Cisco Video Phone 8875 and Cisco Desk Phone 9800 Series arises from insufficient protection for operational data, allowing unauthorized access to protected information by attackers.

The vulnerability of the microprogramming software used in Cisco SIP IP phones and Cisco Video Phone 8875 and Cisco Desk Phone 9800 Series lies in the insufficient protection of operational data. Exploiting this vulnerability can allow attackers to gain unauthorized access to protected informatio...

4.6CVSS5.5AI score0.00146EPSS
Exploits0References2
bdu_fstec
bdu_fstec
added 2025/04/30 12:0 a.m.7 views

The vulnerability of Cisco Meraki network devices’ microprogramming software, related to insufficient protection of operational data, allows attackers to gain unauthorized access to protected information.

The vulnerability of Cisco Meraki network devices’ microprogramming software is related to insufficient protection for operational data. Exploiting this vulnerability can allow an attacker, operating remotely, to gain unauthorized access to protected information...

5.3CVSS5.9AI score0.00343EPSS
Exploits0References2Affected Software2
bdu_fstec
bdu_fstec
added 2025/04/29 12:0 a.m.10 views

The vulnerability of the FreeIpa server, related to insufficient protection of service data, allows attackers to circumvent existing security restrictions and disclose the protected information.

The vulnerability of the FreeIpa server is related to insufficient protection of operational data. Exploiting this vulnerability allows a malicious actor to bypass existing security restrictions and disclose the protected information...

7.8CVSS7.1AI score0.01925EPSS
Exploits0References3Affected Software1
bdu_fstec
bdu_fstec
added 2025/04/15 12:0 a.m.8 views

The vulnerability of the GLPI system for managing requests, incidents, and inventory of computer equipment, related to insufficient protection of operational data, allows a perpetrator to gain unauthorized access to protected information.

The vulnerability of the GLPI system for requests, incidents, and inventory management is related to insufficient protection of operational data. Exploiting this vulnerability can allow unauthorized actors to gain unauthorized access to protected information...

6.8CVSS5.4AI score0.00598EPSS
Exploits0References4Affected Software2
bdu_fstec
bdu_fstec
added 2025/04/14 12:0 a.m.9 views

The vulnerability of the OpenSearch software package, related to insufficient protection of operational data, allows a intruder to gain unauthorized access to protected information.

Vulnerability of the OpenSearch software package, related to insufficient protection of operational data. Exploiting this vulnerability may allow a malicious actor to gain unauthorized access to protected information...

6.8CVSS6.5AI score0.00821EPSS
Exploits0References4Affected Software2
bdu_fstec
bdu_fstec
added 2025/04/12 12:0 a.m.8 views

The vulnerability of the ColdFusion software platform, related to insufficient protection of operational data, allows attackers to circumvent security restrictions.

The vulnerability of the ColdFusion software platform is related to insufficient protection for operational data. Exploiting this vulnerability can allow attackers to circumvent security restrictions...

6.2CVSS5.5AI score0.00219EPSS
Exploits0References2
bdu_fstec
bdu_fstec
added 2025/04/10 12:0 a.m.6 views

The vulnerability of the Microsoft Outlook for Android client, related to insufficient protection of administrative data, allows a perpetrator to gain unauthorized access to protected information.

The vulnerability of the Microsoft Outlook for Android client is related to insufficient protection of operational data. Exploiting this vulnerability can allow an attacker, operating remotely, to gain unauthorized access to protected information...

7.8CVSS7.6AI score0.01409EPSS
Exploits0References2Affected Software1
bdu_fstec
bdu_fstec
added 2025/04/09 12:0 a.m.7 views

The vulnerability of the GLPI system for managing requests, incidents, and inventory of computer equipment, related to insufficient protection of operational data, allows a perpetrator to gain unauthorized access to protected information.

The vulnerability of the GLPI system for requests, incidents, and inventory management is related to insufficient protection of operational data. Exploiting this vulnerability can allow unauthorized actors to gain unauthorized access to protected information...

5.8CVSS5.8AI score0.00403EPSS
Exploits0References4Affected Software2
bdu_fstec
bdu_fstec
added 2025/04/07 12:0 a.m.7 views

The vulnerability of the FortiSIEM security management system, related to insufficient protection of operational data, allows a attacker to obtain the database password.

The vulnerability of the FortiSIEM security management system is related to insufficient protection of operational data. Exploiting this vulnerability can allow a malicious actor, operating remotely, to obtain database passwords through specially created API requests...

8.1CVSS5.4AI score0.00335EPSS
Exploits0References2Affected Software1
osv
osv
added 2025/03/26 8:8 p.m.97 views

GHSA-FM3H-P9WM-H74H Directus's webhook trigger flows can leak sensitive data

Describe the Bug In Directus, when a Flow with the "Webhook" trigger and the "Data of Last Operation" response body encounters a ValidationError thrown by a failed condition operation, the API response includes sensitive data. This includes environmental variables, sensitive API keys, user...

8.6CVSS6.4AI score0.00505EPSS
Exploits1References3
osv
osv
added 2025/03/26 5:26 p.m.5 views

CVE-2025-30353 Directus's webhook trigger flows can leak sensitive data

Directus is a real-time API and App dashboard for managing SQL database content. Starting in version 9.12.0 and prior to version 11.5.0, when a Flow with the "Webhook" trigger and the "Data of Last Operation" response body encounters a ValidationError thrown by a failed condition operation, the A...

8.6CVSS6.8AI score0.00505EPSS
Exploits1References3
bdu_fstec
bdu_fstec
added 2025/03/17 12:0 a.m.13 views

The vulnerability of the corporate messaging system ROSSAT, related to insufficient protection of operational data, allows a perpetrator to gain unauthorized access to read, modify, or delete data.

The vulnerability of the corporate messaging system ROSSAT is related to insufficient protection of operational data. Exploiting this vulnerability allows a malicious actor, operating remotely, to gain unauthorized access to read, modify, or delete data by sending a specially crafted GET request...

10CVSS5.5AI score
Exploits0Affected Software1
Rows per page
Query Builder