Lucene search
K

28055 matches found

NVD
NVD
added 2026/02/09 8:15 p.m.8 views

CVE-2026-25231

FileRise is a self-hosted web file manager / WebDAV server. Versions prior to 3.3.0, the application contains an unauthenticated file read vulnerability due to the lack of access control on the /uploads directory. Files uploaded to this directory can be accessed directly by any user who knows or...

7.5CVSS0.00373EPSS
Exploits1References2
Cvelist
Cvelist
added 2026/02/09 12:49 p.m.27 views

CVE-2025-10464 Cleartext password storage in Birtech Information Technologies' Sensaway

Insecure Storage of Sensitive Information vulnerability in Birtech Information Technologies Industry and Trade Ltd. Co. Senseway allows Retrieve Embedded Sensitive Data. This issue affects Senseway: through 09022026. NOTE: Because the product was developed using outdated technology, the...

6.5CVSS0.00249EPSS
Exploits0References2
CVE
CVE
added 2026/02/09 12:49 p.m.11 views

CVE-2025-10464

The CVE-2025-10464 entry concerns Birtech Information Technologies’ Senseway application, describing an Insecure Storage of Sensitive Information vulnerability that enables retrieval of embedded sensitive data (explicitly noted as cleartext password storage in the CVE listing). Affected release a...

6.5CVSS5.5AI score0.00249EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/02/09 12:49 p.m.6 views

CVE-2025-10464 Cleartext password storage in Birtech Information Technologies' Sensaway

Insecure Storage of Sensitive Information vulnerability in Birtech Information Technologies Industry and Trade Ltd. Co. Senseway allows Retrieve Embedded Sensitive Data. This issue affects Senseway: through 09022026. NOTE: Because the product was developed using outdated technology, the...

6.5CVSS5.5AI score0.00249EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/02/09 12:49 p.m.9 views

CVE-2025-10464

Insecure Storage of Sensitive Information vulnerability in Birtech Information Technologies Industry and Trade Ltd. Co. Senseway allows Retrieve Embedded Sensitive Data. This issue affects Senseway: through 09022026. NOTE: Because the product was developed using outdated technology, the...

6.5CVSS5.5AI score0.00249EPSS
Exploits0References3
NVD
NVD
added 2026/02/09 12:15 p.m.4 views

CVE-2025-7708

Insertion of Sensitive Information Into Sent Data vulnerability in Atlas Educational Software Industry Ltd. Co. K12net allows Communication Channel Manipulation. This issue affects k12net: through 09022026. NOTE: The vendor was contacted early about this disclosure but did not respond in any way...

6.8CVSS0.00253EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/02/09 11:45 a.m.5 views

CVE-2025-7708

Insertion of Sensitive Information Into Sent Data vulnerability in Atlas Educational Software Industry Ltd. Co. K12net allows Communication Channel Manipulation. This issue affects k12net: through 09022026. NOTE: The vendor was contacted early about this disclosure but did not respond in any way...

6.8CVSS5.4AI score0.00253EPSS
Exploits0References3
CVE
CVE
added 2026/02/09 11:45 a.m.12 views

CVE-2025-7708

CVE-2025-7708 describes Insertion of Sensitive Information Into Sent Data in Atlas Educational Software Industry Ltd. Co. K12net, affecting the k12net component up to version 09022026. The underlying issue is that sensitive information can be inserted into data that is sent, enabling potential co...

6.8CVSS5.2AI score0.00253EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/02/09 11:45 a.m.5 views

CVE-2025-7708 Sensitive Data Exposure in Atlas Software's k12net

Insertion of Sensitive Information Into Sent Data vulnerability in Atlas Educational Software Industry Ltd. Co. K12net allows Communication Channel Manipulation. This issue affects k12net: through 09022026. NOTE: The vendor was contacted early about this disclosure but did not respond in any way...

6.8CVSS5.4AI score0.00253EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/02/09 12:0 a.m.7 views

Synology DSM 安全漏洞

Synology DSM is an NAS management operating system developed by the Chinese company Synology. There is a security vulnerability in Synology DSM, where attackers can bypass access restrictions through the Storage Manager to read sensitive information...

6.2CVSS5.8AI score0.00092EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/02/09 12:0 a.m.8 views

PT-2026-7134

FileRise is a self-hosted web file manager / WebDAV server. Versions prior to 3.3.0, the application contains an unauthenticated file read vulnerability due to the lack of access control on the /uploads directory. Files uploaded to this directory can be accessed directly by any user who knows or...

7.5CVSS5.5AI score0.00373EPSS
Exploits1References3
CNNVD
CNNVD
added 2026/02/09 12:0 a.m.6 views

Birtech Senseway 安全漏洞

Birtech Senseway is an environmental data monitoring platform developed by the Turkish company Birtech. Versions of Birtech Senseway from 09022026 onward contain security vulnerabilities. These vulnerabilities stem from insecure storage of sensitive information, which may lead to the retrieval of...

6.5CVSS5.8AI score0.00249EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/02/09 12:0 a.m.4 views

PlaciPy 日志信息泄露漏洞

PlaciPy is an open-source employment management system developed by Praskla Technology. It aims to simplify the employment processes for students, trainers, and administrators in educational institutions. Version 1.0.0 of PlaciPy contains a vulnerability related to log information leakage. This...

8.7CVSS5.8AI score0.00256EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/02/09 12:0 a.m.9 views

PT-2026-7159

PlaciPy is a placement management system designed for educational institutions. In version 1.0.0, The application logs highly sensitive data directly to console output without masking or redaction...

8.7CVSS5.5AI score0.00256EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/02/08 1:22 a.m.12 views

CVE-2026-25729

DeepAudit is a multi-agent system for code vulnerability discovery. In 3.0.4 and earlier, there is an improper access control vulnerability in the /api/v1/users/ endpoint allows any authenticated user to enumerate all users in the system and retrieve sensitive information including email addresse...

6.5CVSS5.5AI score0.00209EPSS
Exploits0References1
NVD
NVD
added 2026/02/06 9:16 p.m.12 views

CVE-2026-25729

DeepAudit is a multi-agent system for code vulnerability discovery. In 3.0.4 and earlier, there is an improper access control vulnerability in the /api/v1/users/ endpoint allows any authenticated user to enumerate all users in the system and retrieve sensitive information including email addresse...

6.5CVSS0.00209EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/02/06 8:30 p.m.9 views

CVE-2026-25729

DeepAudit is a multi-agent system for code vulnerability discovery. In 3.0.4 and earlier, there is an improper access control vulnerability in the /api/v1/users/ endpoint allows any authenticated user to enumerate all users in the system and retrieve sensitive information including email addresse...

5.3CVSS5.5AI score0.00209EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2026/02/06 8:30 p.m.28 views

CVE-2026-25729 DeepAudit Affected by User Enumeration via Broken Access Control

DeepAudit is a multi-agent system for code vulnerability discovery. In 3.0.4 and earlier, there is an improper access control vulnerability in the /api/v1/users/ endpoint allows any authenticated user to enumerate all users in the system and retrieve sensitive information including email addresse...

5.3CVSS0.00209EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/02/06 8:30 p.m.4 views

CVE-2026-25729 DeepAudit Affected by User Enumeration via Broken Access Control

DeepAudit is a multi-agent system for code vulnerability discovery. In 3.0.4 and earlier, there is an improper access control vulnerability in the /api/v1/users/ endpoint allows any authenticated user to enumerate all users in the system and retrieve sensitive information including email addresse...

5.3CVSS5.5AI score0.00209EPSS
Exploits0References2
CVE
CVE
added 2026/02/06 8:30 p.m.15 views

CVE-2026-25729

DeepAudit is affected by an improper access control vulnerability in the /api/v1/users/ endpoint present in version 3.0.4 and earlier. An authenticated user can enumerate all users and retrieve sensitive fields (emails, phone numbers, full names, roles). The issue is documented across multiple so...

6.5CVSS5.5AI score0.00209EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder