Lucene search
K

28056 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2026/01/26 10:58 p.m.10 views

Security Bulletin: This Power System update is being released to address CVE-2025-36238

Summary If an attacker is able to gain system administrator access a Virtual TPM can be compromised through the use of a series of PowerVM service procedures. Vulnerability Details CVEID:CVE-2025-36238 DESCRIPTION: IBM PowerVM Hypervisor could allow a local user with administration privileges to...

6CVSS5.9AI score0.00155EPSS
Exploits0
OSV
OSV
added 2026/01/26 8:16 p.m.8 views

AZL-75527 CVE-2025-11065 affecting package moby-cli for versions less than 24.0.9-8

A flaw was found in github.com/go-viper/mapstructure/v2, in the field processing component using mapstructure.WeakDecode. This vulnerability allows information disclosure through detailed error messages that may leak sensitive input values via malformed user-supplied data processed in...

5.3CVSS6.6AI score0.00357EPSS
Exploits0References1
OSV
OSV
added 2026/01/26 8:16 p.m.8 views

AZL-75564 CVE-2025-11065 affecting package rook 1.6.2-27

A flaw was found in github.com/go-viper/mapstructure/v2, in the field processing component using mapstructure.WeakDecode. This vulnerability allows information disclosure through detailed error messages that may leak sensitive input values via malformed user-supplied data processed in...

5.3CVSS6.3AI score0.00357EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/01/26 7:36 p.m.19 views

CVE-2025-11065 Github.com/go-viper/mapstructure/v2: go-viper's mapstructure may leak sensitive information in logs in github.com/go-viper/mapstructure

A flaw was found in github.com/go-viper/mapstructure/v2, in the field processing component using mapstructure.WeakDecode. This vulnerability allows information disclosure through detailed error messages that may leak sensitive input values via malformed user-supplied data processed in...

5.3CVSS0.00357EPSS
Exploits0References4
NVD
NVD
added 2026/01/26 5:16 p.m.5 views

CVE-2025-70982

Incorrect access control in the importUser function of SpringBlade v4.5.0 allows attackers with low-level privileges to arbitrarily import sensitive user data...

9.9CVSS0.00296EPSS
Exploits1References3
Patchstack
Patchstack
added 2026/01/26 2:3 p.m.5 views

WordPress WP FullCalendar plugin <= 1.6 - Sensitive Data Exposure vulnerability

Sensitive Data Exposure vulnerability discovered by Nabil Irawan in WordPress Plugin WP FullCalendar versions = 1.6...

7.5CVSS5.9AI score0.00296EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/01/26 1:47 p.m.6 views

WordPress Nexter Blocks plugin <= 4.6.3 - Sensitive Data Exposure vulnerability

Sensitive Data Exposure vulnerability discovered by Nabil Irawan in WordPress Plugin Nexter Blocks versions = 4.6.3...

7.5CVSS5.9AI score0.0018EPSS
Exploits0Affected Software1
NVD
NVD
added 2026/01/26 10:16 a.m.5 views

CVE-2025-59100

The web interface offers a functionality to export the internal SQLite database. After executing the database export, an automatic download is started and the device reboots. After rebooting, the exported database is deleted and cannot be accessed anymore. However, it was noticed that sometimes t...

5.9CVSS0.00572EPSS
Exploits0References3
CVE
CVE
added 2026/01/26 10:5 a.m.14 views

CVE-2025-59100

CVE-2025-59100 affects dormakaba access manager. The web interface allows exporting the internal SQLite database; after export an automatic download starts and the device reboots, at which point the exported database is deleted. In some cases the device does not reboot or the export is not delete...

5.9CVSS5.8AI score0.00572EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/01/26 10:5 a.m.3 views

CVE-2025-59100

The web interface offers a functionality to export the internal SQLite database. After executing the database export, an automatic download is started and the device reboots. After rebooting, the exported database is deleted and cannot be accessed anymore. However, it was noticed that sometimes t...

5.9CVSS5.8AI score0.00572EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/01/26 10:5 a.m.3 views

CVE-2025-59100 Unauthenticated Access to the SQLite Database in dormakaba access manager

The web interface offers a functionality to export the internal SQLite database. After executing the database export, an automatic download is started and the device reboots. After rebooting, the exported database is deleted and cannot be accessed anymore. However, it was noticed that sometimes t...

5.9CVSS5.8AI score0.00572EPSS
Exploits0References3
EUVD
EUVD
added 2026/01/26 10:5 a.m.4 views

EUVD-2025-206364

The web interface offers a functionality to export the internal SQLite database. After executing the database export, an automatic download is started and the device reboots. After rebooting, the exported database is deleted and cannot be accessed anymore. However, it was noticed that sometimes t...

5.9CVSS5.8AI score0.00572EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/01/26 10:4 a.m.30 views

CVE-2025-59098 Trace Functionality Leaking Sensitive Data in dormakaba access manager

The Access Manager is offering a trace functionality to debug errors and issues with the device. The trace functionality is implemented as a simple TCP socket. A tool called TraceClient.exe, provided by dormakaba via the Access Manager web interface, is used to connect to the socket and receive...

8.7CVSS0.00339EPSS
Exploits0References3
CVE
CVE
added 2026/01/26 12:0 a.m.15 views

CVE-2025-70982

CVE-2025-70982 affects SpringBlade v4.5.0 and stems from incorrect access control in the importUser function , enabling attackers with low-level privileges to arbitrarily import sensitive user data. The CVE is rated CRITICAL (CVSS 3.1: 9.9) with vectors: AV=N/AC=L/PR=L/UI=N/S=C/C=H/I=H/A=H. Impac...

9.9CVSS5.9AI score0.00296EPSS
Exploits1References3Affected Software1
Vulnrichment
Vulnrichment
added 2026/01/26 12:0 a.m.6 views

CVE-2025-70982

Incorrect access control in the importUser function of SpringBlade v4.5.0 allows attackers with low-level privileges to arbitrarily import sensitive user data...

5.9AI score0.00296EPSS
Exploits1References3
Cvelist
Cvelist
added 2026/01/26 12:0 a.m.29 views

CVE-2025-67274

An issue in continuous.software aangine v.2025.2 allows a remote attacker to obtain sensitive information via the excel-integration-service template download module, integration-persistence-service job listing module, portfolio-item-service data retrieval module endpoints...

0.00361EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/01/26 12:0 a.m.6 views

PT-2026-4750

The web interface offers a functionality to export the internal SQLite database. After executing the database export, an automatic download is started and the device reboots. After rebooting, the exported database is deleted and cannot be accessed anymore. However, it was noticed that sometimes t...

5.9CVSS5.8AI score0.00572EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/01/26 12:0 a.m.8 views

PT-2026-4748

The Access Manager is offering a trace functionality to debug errors and issues with the device. The trace functionality is implemented as a simple TCP socket. A tool called TraceClient.exe, provided by dormakaba via the Access Manager web interface, is used to connect to the socket and receive...

8.7CVSS5.9AI score0.00339EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/01/26 12:0 a.m.5 views

Dormakaba Access Manager security vulnerabilities

Dormakaba Access Manager is a smart hardware controller developed by the American company Dormakaba. There is a security vulnerability in Dormakaba Access Manager. This vulnerability arises from the fact that the exported databases are sometimes not deleted, and the paths can be accessed without...

5.9CVSS5.7AI score0.00572EPSS
Exploits0References4
Redos
Redos
added 2026/01/26 12:0 a.m.6 views

ROS-20260126-73-0013

A vulnerability in the Linux operating system kernel is related to the use of memory after it has been freed. Exploitation of the vulnerability could allow an attacker to gain access to sensitive data...

5.5CVSS7.2AI score0.00219EPSS
Exploits0
Rows per page
Query Builder