Lucene search
K

20 matches found

RedhatCVE
RedhatCVE
added 2026/04/07 11:1 p.m.4 views

CVE-2026-35408

Directus is a real-time API and App dashboard for managing SQL database content. Prior to 11.17.0, Directus's Single Sign-On SSO login pages lacked a Cross-Origin-Opener-Policy COOP HTTP response header. Without this header, a malicious cross-origin window that opens the Directus login page retai...

9.3CVSS5.9AI score0.00169EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/04/03 12:0 a.m.9 views

Biztalk360 安全漏洞

Biztalk360 is an integrated operation and monitoring platform developed by the British company Biztalk360. Versions of Biztalk360 prior to 11.5 contained security vulnerabilities. These vulnerabilities were due to improper access control; any user could request the loading of DLL files. Attackers...

8.8CVSS6.3AI score0.00459EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/01/08 12:0 a.m.4 views

IGEL OS < 11.0.0 Secure Boot bypass (CVE-2025-47827)

The version of IGEL OS running on the remote host is prior to version 11. It is, therefore, affected by a cryptographic signature verification vulnerability in the igel-flash-driver module. An attacker could exploit this flaw to bypass Secure Boot protections. By leveraging the improper...

4.6CVSS8.6AI score0.03817EPSS
Exploits2References2
The Hacker News
The Hacker News
added 2025/12/18 2:39 p.m.5 views

HPE OneView Flaw Rated CVSS 10.0 Allows Unauthenticated Remote Code Execution

Hewlett Packard Enterprise HPE has resolved a maximum-severity security flaw in OneView Software that, if successfully exploited, could result in remote code execution. The critical vulnerability, assigned the CVE identifier CVE-2025-37164 , carries a CVSS score of 10.0. HPE OneView is an IT...

10CVSS8.4AI score0.89733EPSS
Exploits8
OSV
OSV
added 2025/11/13 9:13 p.m.4 views

CVE-2025-64747 Directus Vulnerable to Stored Cross-site Scripting

Directus is a real-time API and App dashboard for managing SQL database content. A stored cross-site scripting XSS vulnerability exists in versions prior to 11.13.0 that allows users with upload files and edit item permissions to inject malicious JavaScript through the Block Editor interface...

5.5CVSS5.9AI score0.00215EPSS
Exploits1References4
ATTACKERKB
ATTACKERKB
added 2025/07/08 10:35 a.m.6 views

CVE-2025-40742

A vulnerability has been identified in SIPROTEC 5 6MD84 CP300 All versions V11.0, SIPROTEC 5 6MD85 CP200 All versions, SIPROTEC 5 6MD85 CP300 All versions V11.0, SIPROTEC 5 6MD86 CP200 All versions, SIPROTEC 5 6MD86 CP300 All versions V11.0, SIPROTEC 5 6MD89 CP300 All versions V11.0, SIPROTEC 5...

6CVSS5.7AI score0.00277EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2023/07/18 12:0 a.m.7 views

PT-2023-25670 · Kratos · Kratos Ngc Indoor Unit

Name of the Vulnerable Software and Affected Versions: Kratos NGC Indoor Unit IDU versions prior to 11.4 Description: The issue allows remote attackers to obtain arbitrary control of the IDU/ODU system due to missing authentication for a critical function. Attackers with layer-3 network access to...

9.8CVSS9.6AI score0.00658EPSS
Exploits0References4
OSV
OSV
added 2023/03/21 11:15 p.m.7 views

CVE-2022-45468

Versions of VISAM VBASE Automation Base prior to 11.7.5 may disclose information if a valid user opens a specially crafted file...

5.5CVSS5.7AI score0.01761EPSS
Exploits0References1
CNNVD
CNNVD
added 2022/03/04 12:0 a.m.6 views

Netapp StorageGRID 授权问题漏洞

Netapp StorageGRID is a suite of object storage solutions from US-based NetApp Netapp. A security vulnerability exists in versions of StorageGRID formerly known as StorageGRID Webscale prior to 11.6.0 that could allow disabled, expired, or locked external user accounts to access S3 data to which...

4.9CVSS5.3AI score0.00753EPSS
Exploits0References2
CNNVD
CNNVD
added 2021/02/25 12:0 a.m.7 views

Micro Focus Solutions Business Manager 授权问题漏洞

Micro Focus Solutions Business Manager SBM, Serena Business Manager is a suite of business process automation management solutions from Micro Focus UK. The product is mainly used for process automation, including software development lifecycle and IT business process management. An authorization...

4.8CVSS5.8AI score0.00255EPSS
Exploits0References2
CNNVD
CNNVD
added 2021/01/20 12:0 a.m.5 views

Cisco Data Center Network Manager SQL注入漏洞

Cisco Data Center Network Manager DCNM is a suite of data center network managers from Cisco that provides multiprotocol management of the network and troubleshooting of switch operating conditions and performance. A SQL injection vulnerability exists in the REST API endpoint of Cisco Data Center...

8.8CVSS7.2AI score0.01885EPSS
Exploits0References5
OSV
OSV
added 2021/01/13 8:15 p.m.3 views

CVE-2020-27488

Loxone Miniserver devices with firmware before 11.1 aka 11.1.9.3 are unable to use an authentication method that is based on the "signature of the update package." Therefore, these devices or attackers who are spoofing these devices can continue to use an unauthenticated cloud service for an...

9.8CVSS7.3AI score0.01962EPSS
Exploits1References4
CNVD
CNVD
added 2019/03/26 12:0 a.m.3 views

GitLab Directory Traversal Vulnerability (CNVD-2019-08323)

GitLab is a Ruby on Rails-developed, self-hosted, Git version control system project repository application from the American company GitLab. The program can be used to access a project's file contents, commit history, bug lists, and more. A security vulnerability exists in GitLab community and...

7.5CVSS6.6AI score0.02173EPSS
Exploits0References1
CNVD
CNVD
added 2018/11/28 12:0 a.m.2 views

FreeBSD NFS Server Code Flaw Vulnerability (CNVD-2018-26669)

FreeBSD is a set of Unix-like free operating systems in the FreeBSD project run by the Core Team, and is an important branch of Unix-like operating systems developed through BSD, 386BSD, and 4.4BSD.NFS server is one of the network file system servers. A security vulnerability exists in the NFS...

7.8CVSS7.7AI score0.04414EPSS
Exploits0References1
CNVD
CNVD
added 2018/08/01 12:0 a.m.3 views

Apple Safari and iOS WebKit Page Loading Address Bar Spoofing Vulnerability

Apple Safari and iOS are both products of Apple Inc. Apple Safari is a web browser that is the default browser that comes with Mac OS X and iOS operating systems; iOS is a set of operating systems developed for mobile devices. WebKit is an open source web browser engine developed by the KDE...

6.5CVSS6.7AI score0.00785EPSS
Exploits0References1
CNVD
CNVD
added 2018/04/23 12:0 a.m.1 views

Apple iOS and tvOS App Store Man-in-the-Middle Attack Vulnerability

Apple iOS and tvOS are both products of Apple Inc. Apple iOS is an operating system developed for mobile devices. tvOS is an operating system for smart TVs. app Store is an application store component. A security vulnerability exists in the App Store component of Apple iOS before 11.2 and tvOS...

5.9CVSS6.3AI score0.00825EPSS
Exploits0References1
CNVD
CNVD
added 2018/04/23 12:0 a.m.2 views

Apple Safari Address Forgery Vulnerability

Apple Safari is a web browser developed by Apple Inc. and is the default browser that comes with the Mac OS X and iOS operating systems.Safari is one of the specialized components used for the Safari browser.... A security vulnerability exists in the Safari component of Apple Safari versions prio...

6.5CVSS6.4AI score0.01275EPSS
Exploits0References1
CNVD
CNVD
added 2017/12/18 12:0 a.m.1 views

Apple iOS and tvOS HomeKit Security Bypass Vulnerability

Apple iOS and tvOS are both products of the American company Apple. The former is an operating system for mobile devices; the latter is an operating system for smart TVs, of which HomeKit is a smart home platform component. A security bypass vulnerability exists in the HomeKit component in Apple...

7.5CVSS6.5AI score0.01059EPSS
Exploits0References1
CNVD
CNVD
added 2017/09/20 12:0 a.m.3 views

Apple iOS Mail MessageUI Memory Corruption Vulnerability

Apple iOS is an operating system developed by Apple for mobile devices.Mail MessageUI component is one of the mail and SMS components. A memory corruption vulnerability exists in the Mail MessageUI component in Apple iOS versions prior to 11. A remote attacker can exploit this vulnerability to...

5.5CVSS6.9AI score0.00853EPSS
Exploits0References1
OSV
OSV
added 2017/05/22 1:29 a.m.5 views

CVE-2017-6636

A vulnerability in the web interface of Cisco Prime Collaboration Provisioning Software prior to Release 11.1 could allow an authenticated, remote attacker to view any file on an affected system. The vulnerability exists because the affected software does not perform proper input validation of HT...

6.5CVSS5.8AI score0.05883EPSS
Exploits0References3
Rows per page
Query Builder