Lucene search
K

309 matches found

NVD
NVD
added 2025/03/14 1:15 p.m.7 views

CVE-2025-27594

The device uses an unencrypted, proprietary protocol for communication. Through this protocol, configuration data is transmitted and device authentication is performed. An attacker can thereby intercept the authentication hash and use it to log into the device using a pass-the-hash attack...

7.5CVSS0.00434EPSS
Exploits0References7
CVE
CVE
added 2025/03/14 12:50 p.m.52 views

CVE-2025-27594

The CVE-2025-27594 entry concerns the SICK DL100-2xxxxxxx series where a proprietary protocol transmits configuration data and authenticates devices without encryption. The underlying issue is the unencrypted protocol, which can allow an attacker to intercept the authentication hash and perform a...

7.5CVSS7.6AI score0.00434EPSS
Exploits0References7
Cvelist
Cvelist
added 2025/03/14 12:50 p.m.14 views

CVE-2025-27594 Unencrypted transmission of password hash

The device uses an unencrypted, proprietary protocol for communication. Through this protocol, configuration data is transmitted and device authentication is performed. An attacker can thereby intercept the authentication hash and use it to log into the device using a pass-the-hash attack...

7.5CVSS0.00434EPSS
Exploits0References7
Redos
Redos
added 2025/03/07 12:0 a.m.20 views

ROS-20250307-14

Moodle virtual learning environment vulnerability is related to access control weaknesses. Exploitation The vulnerability could allow a remote attacker to gain unauthorized access to the protected information. protected information A vulnerability in the Moodle virtual learning environment is...

8.6CVSS6.7AI score0.00478EPSS
Exploits1
RedhatCVE
RedhatCVE
added 2025/02/15 12:29 a.m.8 views

CVE-2023-34401

Mercedes-Benz head-unit NTG6 contains functions to import or export profile settings over USB. Inside profile folder there is a file, which is encoded with proprietary UD2 codec. Due to missed size checks in the enapsulate file, attacker can achieve Out-of-Bound Read in heap memory...

3.7CVSS6.8AI score0.00264EPSS
Exploits0References3
Cvelist
Cvelist
added 2025/02/13 12:0 a.m.11 views

CVE-2023-34401

Mercedes-Benz head-unit NTG6 contains functions to import or export profile settings over USB. Inside profile folder there is a file, which is encoded with proprietary UD2 codec. Due to missed size checks in the enapsulate file, attacker can achieve Out-of-Bound Read in heap memory...

0.00264EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/02/06 12:6 a.m.21 views

CVE-2022-47311

A proprietary protocol for iBoot devices is used for control and keepalive commands. The function compares the username and password; it also contains the configuration data for the user specified. If the user does not exist, then it sends a value for username and password, which allows successfu...

8.8CVSS7.1AI score0.00517EPSS
Exploits0
OSV
OSV
added 2024/10/10 9:48 p.m.17 views

CVE-2024-47166 One-level read path traversal in `/custom_component` in Gradio

Gradio is an open-source Python package designed for quick prototyping. This vulnerability involves a one-level read path traversal in the /customcomponent endpoint. Attackers can exploit this flaw to access and leak source code from custom Gradio components by manipulating the file path in the...

2.3CVSS6.4AI score0.00421EPSS
Exploits0References3
CVE
CVE
added 2024/10/10 9:48 p.m.75 views

CVE-2024-47166

Gradio CVE-2024-47166 is a one-level read path traversal in the /custom_component endpoint. An attacker can leak source code from custom Gradio components by manipulating the file path, potentially exposing proprietary or private code on publicly accessible servers. Affected: Gradio (Python packa...

5.3CVSS5.2AI score0.00421EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2024/10/10 9:48 p.m.14 views

CVE-2024-47166 One-level read path traversal in `/custom_component` in Gradio

Gradio is an open-source Python package designed for quick prototyping. This vulnerability involves a one-level read path traversal in the /customcomponent endpoint. Attackers can exploit this flaw to access and leak source code from custom Gradio components by manipulating the file path in the...

2.3CVSS6.5AI score0.00421EPSS
Exploits0References1
OSV
OSV
added 2024/10/10 9:36 p.m.8 views

GHSA-37QC-QGX6-9XJV Gradio has a one-level read path traversal in `/custom_component`

Impact What kind of vulnerability is it? Who is impacted? This vulnerability involves a one-level read path traversal in the /customcomponent endpoint. Attackers can exploit this flaw to access and leak source code from custom Gradio components by manipulating the file path in the request. Althou...

6.9CVSS5.1AI score0.00421EPSS
Exploits0References4
Redos
Redos
added 2024/07/24 12:0 a.m.29 views

ROS-20240723-05

A vulnerability in the Core component of the Oracle VM VirtualBox virtualization software tool is related to an insecure privilege management vulnerability. insecure privilege management. Exploitation of the vulnerability could allow an attacker to escalate their privileges A vulnerability in the...

8.8CVSS7.9AI score0.01094EPSS
Exploits0
Microsoft CVE
Microsoft CVE
added 2024/07/09 7:0 a.m.31 views

Windows Kernel Information Disclosure Vulnerability

...

5.9CVSS7.2AI score0.00657EPSS
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2024/06/25 1:51 p.m.4 views

Malicious code in kevins-propietary_brain (RubyGems)

--- -= Per source details. Do not edit below this line.=-...

7AI score
Exploits0References1
The Hacker News
The Hacker News
added 2024/05/25 9:11 a.m.17 views

Experts Find Flaw in Replicate AI Service Exposing Customers' Models and Data

Cybersecurity researchers have discovered a critical security flaw in an artificial intelligence AI-as-a-service provider Replicate that could have allowed threat actors to gain access to proprietary AI models and sensitive information. "Exploitation of this vulnerability would have allowed...

8.2AI score
Exploits0
NVD
NVD
added 2024/05/21 3:15 p.m.28 views

CVE-2021-47269

In the Linux kernel, the following vulnerability has been resolved: usb: dwc3: ep0: fix NULL pointer exception There is no validation of the index from dwc3wIndextodep and we might be referring a non-existing ep and trigger a NULL pointer exception. In certain configurations we might use fewer ep...

5.5CVSS6.4AI score0.0026EPSS
Exploits0References8
Vulnrichment
Vulnrichment
added 2024/05/21 2:19 p.m.14 views

CVE-2021-47269 usb: dwc3: ep0: fix NULL pointer exception

In the Linux kernel, the following vulnerability has been resolved: usb: dwc3: ep0: fix NULL pointer exception There is no validation of the index from dwc3wIndextodep and we might be referring a non-existing ep and trigger a NULL pointer exception. In certain configurations we might use fewer ep...

6.7AI score0.0026EPSS
Exploits0References8
Debian CVE
Debian CVE
added 2024/05/21 2:19 p.m.14 views

CVE-2021-47269

In the Linux kernel, the following vulnerability has been resolved: usb: dwc3: ep0: fix NULL pointer exception There is no validation of the index from dwc3wIndextodep and we might be referring a non-existing ep and trigger a NULL pointer exception. In certain configurations we might use fewer ep...

5.5CVSS6.7AI score0.0026EPSS
Exploits0
GithubExploit
GithubExploit
added 2024/04/29 10:21 a.m.411 views

Exploit for Code Injection in Crushftp

CVE-2024-4040-CrushFTP-server CrushFTP is a proprietary multi...

10CVSS10AI score0.99539EPSS
Exploits22
Exploit DB
Exploit DB
added 2024/03/05 12:0 a.m.342 views

Solar-Log 200 PM+ 3.6.0 Build 99 - 15.10.2019 - Stored XSS

Exploit Title: Stored XSS in Solar-Log 200 3.6.0 web panel Date: 10-30-23 Exploit Author: Vincent McRae, Mesut Cetin - Redteamer IT Security Vendor Homepage: https://www.solar-log.com/en/ Version: Solar-Log 200 PM+ 3.6.0 Build 99 - 15.10.2019 Tested on: Proprietary devices:...

5.4CVSS5.6AI score0.00446EPSS
Exploits4
Rows per page
Query Builder