CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

CVE•added 2025/12/21 3:1 a.m.•14 views

CVE-2025-68644

Yealink RPS before 2025-06-27 allows unauthorized access to information (including AutoP URL addresses) due to an inadequate authentication mechanism. A security update deploying an enhanced authentication mechanism to all cloud instances fixes the issue. Affected product: Yealink RPS prior to 20...

7.4CVSS6.7AI score0.00269EPSS

NVD•added 2025/11/11 6:15 p.m.•1 views

CVE-2025-62219

Double free in Microsoft Wireless Provisioning System allows an authorized attacker to elevate privileges locally...

7CVSS0.00228EPSS

EUVD•added 2025/10/07 12:30 a.m.•3 views

EUVD-2021-18873

Malware in sbrugna...

8CVSS5.6AI score0.00228EPSS

EUVD•added 2025/10/07 12:30 a.m.•3 views

EUVD-2015-0538

Malware in sbrugna...

7.5CVSS6.3AI score0.03682EPSS

Exploits2References7

EUVD•added 2025/10/03 8:7 p.m.•2 views

EUVD-2022-48454

Malicious code in bioql PyPI...

7.8CVSS7AI score0.00636EPSS

EUVD•added 2025/10/03 8:7 p.m.•3 views

EUVD-2024-30747

Malicious code in bioql PyPI...

6.1CVSS6.6AI score0.0033EPSS

CISA•added 2025/08/07 12:0 p.m.•3 views

CISA Releases Ten Industrial Control Systems Advisories

CISA released ten Industrial Control Systems ICS advisories on August 7, 2025. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-25-219-01 Delta Electronics DIAView ICSA-25-219-02 Johnson Controls FX80 and FX90...

6.8AI score

Exploits0References10

ICS•added 2025/08/07 6:0 a.m.•8 views

Yealink IP Phones and RPS (Redirect and Provisioning Service)

RISK EVALUATION Successful exploitation of these vulnerabilities could result in an information disclosure. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability, such as: Minimize network exposure for all control system...

7.3AI score

Exploits0References10

RedhatCVE•added 2025/05/23 7:56 a.m.•8 views

CVE-2024-33002

Document Service handler obsolete in Data Provisioning Service does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting XSS vulnerability with low impact on Confidentiality and Integrity of the application...

6.1CVSS6AI score0.0033EPSS

RedhatCVE•added 2025/05/23 12:18 a.m.•4 views

CVE-2022-45589

All versions before 8.0.1-R2022-10-RT and 7.3.1-R2022-09-RT of the Talend ESB Runtime are potentially vulnerable to SQL Injection attacks in the provisioning service only. Users of the provisioning service should upgrade to either 8.0.1-R2022-10-RT or 7.3.1-R2022-09-RT or a later release and use ...

7.2CVSS8.1AI score0.00636EPSS

RedhatCVE•added 2025/05/22 9:19 p.m.•4 views

CVE-2021-32003

Unprotected Transport of Credentials vulnerability in SiteManager provisioning service allows local attacker to capture credentials if the service is used after provisioning. This issue affects: Secomea SiteManager All versions prior to 9.5 on Hardware...

8CVSS6.6AI score0.00228EPSS

Citrix•added 2025/03/31 12:0 a.m.•5 views

Citrix Director: Infrastructure Monitoring - Incorrect PVS Site Name displayed

Wen admin checks Director Infrastructure Monitoring Provisioning Service; incorrect PVS Site Name maight be displayed in multi-site environemnts. Director displays the same Site Name and Site ID for all servers from the same PVS Farm and different PVS Sites. You cannot select other correct PVS...

7.2AI score

OSV•added 2024/09/11 12:15 a.m.•2 views

CVE-2024-40659

In getRegistration of RemoteProvisioningService.java, there is a possible way to permanently disable the AndroidKeyStore key generation feature by updating the attestation keys of all installed apps due to improper input validation. This could lead to local denial of service with no additional...

5.5CVSS5.9AI score0.00082EPSS

CNNVD•added 2024/09/10 12:0 a.m.•4 views

Google Android 安全漏洞

Google Android is a Linux-based open source operating system from Google, Inc. in the United States. A security vulnerability exists in Google Android that stems from the getRegistration method in the RemoteProvisioningService.java file containing an improperly validated input, and there is a...

5.5CVSS6.5AI score0.00082EPSS

Exploits0References3

Citrix•added 2024/07/13 12:0 a.m.•6 views

Provisioning Services Database Unable to Configure

Provisioning Service database cannot be configured. When configuring the SQL server settings, the following error might appear in the Configuration Wizard log located in C:\ProgramData\Citrix\Provisioning Services\Log: 2013-07-29 14:44:37,864 1 INFO ConfigWizard - ConfigureServices: encrypt the...

7.8AI score

Citrix•added 2024/07/13 12:0 a.m.•7 views

Desktops Do Not Register using XenDesktop and Provisioning Server

When using XenDesktop with Provisioning Service, the desktops do not register. Note : XenDesktop might try starting all the machines in your desktop group on the VDA Event Viewer: Under Application: Desktop Service - Failed to start WCF services. Exception Log on Failure due to unknown user name...

7.3AI score

Citrix•added 2024/07/13 12:0 a.m.•7 views

Target Device Fails to Boot on Hyper-V V2

Provisioning Service Target Devices fails to boot when launched from a HyperV v2 host other than the host where the Provisioning Service Server is located...

7AI score

Citrix•added 2024/07/13 12:0 a.m.•6 views

Failure to Store Cache on Local Hard Drive

Even after selecting “cache is on device hard drive”, cache is getting stored on the Provisioning Service PVS server. The following screen shot shows the virtual disk status:...

6.9AI score