Lucene search
+L

314 matches found

redhatcve
redhatcve
added 2026/01/21 3:27 p.m.8 views

CVE-2025-36058

IBM Business Automation Workflow containers 25.0.0 through 25.0.0 Interim Fix 002, 24.0.1 through 24.0.1 Interim Fix 005, and 24.0.0 through 24.0.0 Interim Fix 006. IBM Cloud Pak for Business Automation and IBM Business Automation Workflow containers may disclose sensitve configuration informatio...

5.5CVSS5.3AI score0.0011EPSS
Exploits0References1
osv
osv
added 2026/01/20 4:16 p.m.5 views

CVE-2025-36058

IBM Business Automation Workflow containers 25.0.0 through 25.0.0 Interim Fix 002, 24.0.1 through 24.0.1 Interim Fix 005, and 24.0.0 through 24.0.0 Interim Fix 006. IBM Cloud Pak for Business Automation and IBM Business Automation Workflow containers may disclose sensitve configuration informatio...

5.5CVSS7.3AI score0.0011EPSS
Exploits0References1
nvd
nvd
added 2026/01/20 4:16 p.m.7 views

CVE-2025-36058

IBM Business Automation Workflow containers 25.0.0 through 25.0.0 Interim Fix 002, 24.0.1 through 24.0.1 Interim Fix 005, and 24.0.0 through 24.0.0 Interim Fix 006. IBM Cloud Pak for Business Automation and IBM Business Automation Workflow containers may disclose sensitve configuration informatio...

5.5CVSS0.0011EPSS
Exploits0References1
attackerkb
attackerkb
added 2026/01/20 3:9 p.m.4 views

CVE-2025-36058

IBM Business Automation Workflow containers 25.0.0 through 25.0.0 Interim Fix 002, 24.0.1 through 24.0.1 Interim Fix 005, and 24.0.0 through 24.0.0 Interim Fix 006. IBM Cloud Pak for Business Automation and IBM Business Automation Workflow containers may disclose sensitve configuration informatio...

5.5CVSS8.3AI score0.0011EPSS
Exploits0References2Affected Software1
ptsecurity
ptsecurity
added 2026/01/20 12:0 a.m.9 views

PT-2026-3585

IBM Business Automation Workflow containers 25.0.0 through 25.0.0 Interim Fix 002, 24.0.1 through 24.0.1 Interim Fix 005, and 24.0.0 through 24.0.0 Interim Fix 006. IBM Cloud Pak for Business Automation and IBM Business Automation Workflow containers may disclose sensitve configuration informatio...

5.5CVSS8.4AI score0.0011EPSS
Exploits0References1
attackerkb
attackerkb
added 2026/01/15 4:52 p.m.4 views

CVE-2026-23494

Pimcore is an Open Source Data & Experience Management Platform. Prior to 12.3.1 and 11.5.14, the application fails to enforce proper server-side authorization checks on the API endpoint responsible for reading or listing static routes. In Pimcore, static routes are custom URL patterns defined vi...

6.5CVSS5.5AI score0.00319EPSS
Exploits1References5Affected Software1
redhatcve
redhatcve
added 2026/01/09 8:45 a.m.10 views

CVE-2022-38202

There is a path traversal vulnerability in Esri ArcGIS Server versions 10.9.1 and below. Successful exploitation may allow a remote, unauthenticated attacker traverse the file system to access files outside of the intended directory on ArcGIS Server. This could lead to the disclosure of sensitive...

7.5CVSS6.4AI score0.01333EPSS
Exploits0References1
nessus
nessus
added 2026/01/08 12:0 a.m.6 views

Sitecore Debug Page Detected

Sitecore is a popular web content management system WCMS used for building and managing websites. When the debug page is accessible, it can expose sensitive information about the application's configuration, environment, and code structure. This information can be exploited by attackers to identi...

6.9AI score
Exploits0References1
vulnrichment
vulnrichment
added 2026/01/07 7:17 a.m.3 views

CVE-2025-12449 aBlocks – WordPress Gutenberg Blocks <= 2.4.0 - Missing Authorization to Authenticated (Subscriber+) Settings Modification

The aBlocks – WordPress Gutenberg Blocks plugin for WordPress is vulnerable to unauthorized modification of data and disclosure of sensitive information due to missing capability checks on multiple AJAX actions in all versions up to, and including, 2.4.0. This makes it possible for authenticated...

5.4CVSS4.7AI score0.00227EPSS
Exploits0References4
redhatcve
redhatcve
added 2026/01/04 10:5 p.m.9 views

CVE-2025-34171

CasaOS versions up to and including 0.4.15 expose multiple unauthenticated endpoints that allow remote attackers to retrieve sensitive configuration files and system debug information. The /v1/users/image endpoint can be abused with a user-controlled path parameter to access files under...

6.9CVSS6.5AI score0.00548EPSS
Exploits0References1
osv
osv
added 2025/12/18 4:15 p.m.5 views

CVE-2025-63391

An authentication bypass vulnerability exists in Open-WebUI =0.6.32 in the /api/config endpoint. The endpoint lacks proper authentication and authorization controls, exposing sensitive system configuration data to unauthenticated remote attackers...

7.5CVSS7.2AI score
Exploits0References3
snyk
snyk
added 2025/12/18 3:45 p.m.4 views

Missing Authentication for Critical Function

Overview open-webui is an Open WebUI Affected versions of this package are vulnerable to Missing Authentication for Critical Function via the /api/config endpoint. An attacker can access sensitive system configuration data by sending unauthenticated GET requests to this endpoint. Remediation Ther...

8.7CVSS5.6AI score0.00548EPSS
Exploits0References2
cve
cve
added 2025/12/18 12:0 a.m.54 views

CVE-2025-63391

Open-WebUI contains an authentication bypass in the /api/config endpoint present in versions up to 0.6.32, allowing unauthenticated remote attackers to access sensitive system configuration data. This is documented across multiple sources (RH/CVE-2025-63391, ENISA EUVD, CNNVD) and corroborated by...

6.9AI score0.00548EPSS
Exploits0
osv
osv
added 2025/12/18 12:0 a.m.6 views

CVE-2025-63387

Dify v1.9.1 is vulnerable to Insecure Permissions. An unauthenticated attacker can directly send HTTP GET requests to the /console/api/system-features endpoint without any authentication credentials or session tokens. The endpoint fails to implement proper authorization checks, allowing anonymous...

7.5CVSS5.6AI score0.28042EPSS
Exploits0References8
redhatcve
redhatcve
added 2025/11/19 7:19 p.m.6 views

CVE-2025-37159

A vulnerability in the web management interface of the AOS-CX OS user authentication service could allow an authenticated remote attacker to hijack an active user session. Successful exploitation may enable the attacker to maintain unauthorized access to the session, potentially leading to the vi...

7.3CVSS6.9AI score0.00261EPSS
Exploits0References1
cvelist
cvelist
added 2025/11/18 6:52 p.m.15 views

CVE-2025-37159 Authenticated Session Hijacking Allows Unauthorized Access in Network Switching Software

A vulnerability in the web management interface of the AOS-CX OS user authentication service could allow an authenticated remote attacker to hijack an active user session. Successful exploitation may enable the attacker to maintain unauthorized access to the session, potentially leading to the vi...

5.8CVSS0.00261EPSS
Exploits0References1
vulnrichment
vulnrichment
added 2025/11/18 6:52 p.m.3 views

CVE-2025-37159 Authenticated Session Hijacking Allows Unauthorized Access in Network Switching Software

A vulnerability in the web management interface of the AOS-CX OS user authentication service could allow an authenticated remote attacker to hijack an active user session. Successful exploitation may enable the attacker to maintain unauthorized access to the session, potentially leading to the vi...

5.8CVSS6.5AI score0.00261EPSS
Exploits0References1
cnnvd
cnnvd
added 2025/11/07 12:0 a.m.6 views

kgateway 安全漏洞

kgateway is a cloud-native API gateway and AI gateway open-sourced by kgateway-dev. A security vulnerability exists in kgateway version 2.0.4 and earlier and versions 2.1.0-agw-cel-rbac through 2.1.0-rc.2, which stems from a lack of authentication and could lead to unauthorized clients obtaining...

5.3CVSS6.4AI score0.00154EPSS
Exploits0References5
cnnvd
cnnvd
added 2025/10/30 12:0 a.m.5 views

NeuVector 安全漏洞

NeuVector is an end-to-end container security platform from US-based NeuVector. The platform includes features such as image vulnerability management, access control and container process/filesystem protection. NeuVector suffers from a security vulnerability that stems from the use of hard-coded...

6.5CVSS6.1AI score0.00242EPSS
Exploits0References2
cnnvd
cnnvd
added 2025/10/29 12:0 a.m.5 views

Arista DANZ Monitoring Fabric 安全漏洞

Arista DANZ Monitoring Fabric is a traffic monitoring, security, and performance analytics platform from Arista USA. A security vulnerability exists in Arista DANZ Monitoring Fabric that originates from a restricted user being able to view sensitive portions of the configuration database via the...

4.3CVSS6.4AI score0.00205EPSS
Exploits0References1
Rows per page
Query Builder