Lucene search
K

77 matches found

AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.4 views

Astra Linux – Vulnerability in Ansible

A security flaw was discovered in Ansible Engine. This flaw occurs in Ansible 2.7.x versions prior to 2.7.17, Ansible 2.8.x versions prior to 2.8.11, and Ansible 2.9.x versions prior to 2.9.7 when managing Kubernetes using the k8s module. Sensitive parameters such as passwords and tokens are pass...

5.5CVSS6.7AI score0.00506EPSS
Exploits1References2
RedhatCVE
RedhatCVE
added 2026/06/05 7:14 p.m.9 views

CVE-2026-22315

Incorrect Privilege Assignment vulnerability in Mesalvo Meona Client Launcher Component, Mesalvo Meona Server Component enables the export of user data, including cleartext passwords, via the SQL editor. This issue affects Meona Client Launcher Component: through 19.06.2020 15:11:49; Meona Server...

7.2CVSS5.6AI score0.00349EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/05/10 8:20 p.m.13 views

CVE-2026-7807

SmarterTools SmarterMail builds prior to 9560 contain a local file inclusion vulnerability in the /api/v1/report/summary/type API endpoint that allows authenticated users to read arbitrary .json files on the system. Attackers can exploit this vulnerability combined with weak encryption algorithms...

8.8CVSS5.9AI score0.00296EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/04/30 6:23 p.m.3 views

CVE-2026-40603

Chartbrew is an open-source web application that can connect directly to databases and APIs and use the data to create charts. In version 4.9.0, Chartbrew exposes a legacy dashboard route that returns a project's report data to any authenticated member of the same team, even when that user does n...

6.5CVSS5.3AI score0.00241EPSS
Exploits0References3
GithubExploit
GithubExploit
added 2026/04/20 2:7 p.m.100 views

Exploit for CVE-2025-68999

CVE-2025-68999 Happy Addons for Elementor = 3.20.4 —...

8.5CVSS5.9AI score0.00253EPSS
Exploits2
OSV
OSV
added 2026/03/27 3:16 p.m.3 views

UBUNTU-CVE-2026-27877

When using public dashboards and direct data-sources, all direct data-sources' passwords are exposed despite not being used in dashboards. No passwords of proxied data-sources are exposed. We encourage all direct data-sources to be converted to proxied data-sources as far as possible to improve...

7.5CVSS5.8AI score0.00309EPSS
Exploits0References3
EUVD
EUVD
added 2026/03/27 9:31 a.m.3 views

EUVD-2026-16559

When dovecot has been configured to use per-domain passwd files, and they are placed one path component above /etc, or slash has been added to allowed characters, path traversal can happen if the domain component is directory partial. This allows inadvertently reading /etc/passwd or some other pa...

5.3CVSS5.7AI score0.00427EPSS
Exploits1References2
CNNVD
CNNVD
added 2026/03/27 12:0 a.m.8 views

Grafana 安全漏洞

Grafana is a set of open-source monitoring tools developed by Grafana Open Source, which provide a visual monitoring interface. This tool is primarily used for monitoring and analyzing Graphite, InfluxDB, and Prometheus. Grafana has security vulnerabilities; these vulnerabilities arise from...

7.5CVSS5.8AI score0.00309EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/03/26 12:0 a.m.3 views

Linux Distros Unpatched Vulnerability : CVE-2026-33216

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - NATS-Server is a High-Performance server for NATS.io, a cloud and edge native messaging system. Prior to versions 2.11.15 and 2.12.6, for MQTT deployments using...

8.6CVSS6.3AI score0.00365EPSS
Exploits0References3
NVD
NVD
added 2026/03/25 8:16 p.m.4 views

CVE-2026-33216

NATS-Server is a High-Performance server for NATS.io, a cloud and edge native messaging system. Prior to versions 2.11.15 and 2.12.6, for MQTT deployments using usercodes/passwords: MQTT passwords are incorrectly classified as a non-authenticating identity statement JWT and exposed via monitoring...

8.6CVSS0.00365EPSS
Exploits0References9
CVE
CVE
added 2026/03/11 4:18 p.m.20 views

CVE-2026-20164

CVE-2026-20164 affects Splunk Enterprise and Splunk Cloud Platform. A low-privileged user not in admin/power roles can access the REST endpoint /splunkd/__raw/servicesNS/-/-/configs/conf-passwords, exposing hashed or plaintext passwords from passwords.conf due to improper access control. Impact i...

6.5CVSS5.8AI score0.00228EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2026/03/11 12:0 a.m.3 views

PT-2026-24736

In Splunk Enterprise versions below 10.2.0, 10.0.3, 9.4.9, and 9.3.10, and Splunk Cloud Platform versions below 10.2.2510.5, 10.1.2507.16, 10.0.2503.11, and 9.3.2411.123, a low-privileged user that does not hold the "admin" or "power" Splunk roles could access the /splunkd/...

6.5CVSS5.8AI score0.00228EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/02/23 12:0 a.m.7 views

PT-2026-21532

Name of the Vulnerable Software and Affected Versions Shenzhen Tenda F3 Wireless Router firmware version V12.01.01.55 multi Description The router firmware contains a flaw where the configuration download feature reveals the router password and administrative password in plaintext. The response...

7.1CVSS5.2AI score0.00216EPSS
Exploits0References4
OSV
OSV
added 2026/02/03 2:16 a.m.6 views

CVE-2025-12774

A vulnerability in the migration script for Brocade SANnav before 3.0 could allow the collection of database sql queries in the SANnav support save file. An attacker with access to Brocade SANnav supportsave file, could open the file and then obtain sensitive information such as details of databa...

7.5CVSS5.8AI score0.00178EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/12/24 7:27 p.m.22 views

CVE-2018-25145 Microhard Systems IPn4G 1.1.0 Configuration Disclosure via Authenticated Download

Microhard Systems IPn4G 1.1.0 contains a configuration file disclosure vulnerability that allows authenticated attackers to download sensitive system configuration files. Attackers can retrieve configuration files from multiple directories including '/www', '/etc/mcli/', and '/tmp' to access syst...

7.1CVSS0.00396EPSS
Exploits2References3
Tenable Nessus
Tenable Nessus
added 2025/12/19 12:0 a.m.4 views

Konica Bizhub Multifunction Printers Insertion of Sensitive Information into Externally-Accessible File or Directory (CVE-2025-8452)

Through the use of eSCL or SNMP protocols, an attacker can retrieve the serial number of a printer. By applying the attack technique described in CVE-2024-51978, the default administrator password can be derived from the obtained serial number. Consequently, if the administrator password has not...

9.8CVSS7.9AI score0.23635EPSS
Exploits0References3
OSV
OSV
added 2025/11/26 8:15 p.m.4 views

CVE-2025-65278

An issue was discovered in file users.json in GroceryMart commit 21934e6 2020-10-23 allowing unauthenticated attackers to gain sensitive information including plaintext usernames and passwords...

7.5CVSS5.8AI score0.0021EPSS
Exploits1References1
EUVD
EUVD
added 2025/11/18 5:1 p.m.5 views

EUVD-2025-198016

An exposure of sensitive information to an unauthorized actor vulnerability in Fortinet FortiADC 7.4.0, FortiADC 7.2 all versions, FortiADC 7.1 all versions, FortiADC 7.0 all versions, FortiADC 6.2 all versions may allow an admin with read-only permission to get the external resources password vi...

4.3CVSS6.1AI score0.00202EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/11/06 7:58 p.m.3 views

CVE-2022-50591 Advantech iView < v5.7.04 Build 6425 ztp_config_id Parameter SQL Injection Information Disclosure

Advantech iView versions prior to v5.7.04 build 6425 contain a vulnerability within the SNMP management tool that allows for remote attackers to bypass authentication checks and reach a SQL injection vulnerability within the ‘ztpconfigid’ parameter to the ‘NetworkServlet’ endpoint. Successful...

8.8CVSS7.8AI score0.00459EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2020-6648

Malware in sbrugna...

8.1CVSS7.5AI score0.00823EPSS
Exploits0References2
Rows per page
Query Builder