Lucene search
+L

175 matches found

EUVD
EUVD
added 2025/10/03 8:7 p.m.8 views

EUVD-2024-0264

Malicious code in bioql PyPI...

7.5CVSS7.5AI score0.00716EPSS
Exploits1References5
NVD
NVD
added 2025/07/10 9:15 p.m.13 views

CVE-2025-4662

Brocade SANnav before SANnav 2.4.0a logs plaintext passphrases in the Brocade SANnav host server audit logs while executing OpenSSL command using a passphrase from the command line or while providing the passphrase through a temporary file. These audit logs are the local server VM’s audit logs an...

5.1CVSS0.00136EPSS
Exploits0References1
NVD
NVD
added 2025/06/02 12:15 p.m.17 views

CVE-2025-48958

Froxlor is open source server administration software. Prior to version 2.2.6, an HTML Injection vulnerability in the customer account portal allows an attacker to inject malicious HTML payloads in the email section. This can lead to phishing attacks, credential theft, and reputational damage by...

5.5CVSS0.00286EPSS
Exploits1References3
RedhatCVE
RedhatCVE
added 2025/05/23 12:40 a.m.6 views

CVE-2022-40139

Improper validation of some components used by the rollback mechanism in Trend Micro Apex One and Trend Micro Apex One as a Service clients could allow a Apex One server administrator to instruct affected clients to download an unverified rollback package, which could lead to remote code executio...

7.2CVSS7.6AI score0.03054EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 8:39 p.m.9 views

CVE-2021-26795

A SQL Injection vulnerability in /appliance/shiftmgn.php in TalariaX sendQuick Alert Plus Server Admin 4.3 before 8HF11 allows attackers to obtain sensitive information via a Roster Time to Roster Management...

8.8CVSS7.3AI score0.01478EPSS
Exploits3References1
CVE
CVE
added 2025/01/21 7:21 p.m.54 views

CVE-2025-24024

Mjolnir v1.9.0 contains a design flaw that makes the bot respond to management commands from any room it is a member of, enabling non-operators to access bot functions (including server administration components if enabled). The issue is addressed in v1.9.1 (reverting the buggy behavior) and rein...

9.1CVSS9.4AI score0.00573EPSS
Exploits0References3
Cvelist
Cvelist
added 2025/01/21 7:21 p.m.49 views

CVE-2025-24024 Mjolnir v1.9.0 accepts commands from any room

Mjolnir is a moderation tool for Matrix. Mjolnir v1.9.0 responds to management commands from any room the bot is member of. This can allow users who aren't operators of the bot to use the bot's functions, including server administration components if enabled. Version 1.9.1 reverts the feature tha...

9.1CVSS0.00573EPSS
Exploits0References3
OSV
OSV
added 2025/01/21 7:21 p.m.15 views

CVE-2025-24024 Mjolnir v1.9.0 accepts commands from any room

Mjolnir is a moderation tool for Matrix. Mjolnir v1.9.0 responds to management commands from any room the bot is member of. This can allow users who aren't operators of the bot to use the bot's functions, including server administration components if enabled. Version 1.9.1 reverts the feature tha...

9.1CVSS7AI score0.00573EPSS
Exploits0References5
Pen Test Partners Blog
Pen Test Partners Blog
added 2024/09/12 5:16 a.m.13 views

Living off the land, GPO style

TL;DR The ability to edit Group Policy Object GPOs from non-domain joined computers using the native Group Policy editor has been on my list for a long time. This blog post takes a deep dive into what steps were taken to find out why domain joined machines are needed in the first place and what...

7.4AI score
Exploits0
Fedora
Fedora
added 2024/08/15 2:34 a.m.25 views

[SECURITY] Fedora 40 Update: 389-ds-base-3.0.4-2.fc40

389 Directory Server is an LDAPv3 compliant server. The base package includes the LDAP server and command line utilities for server administration...

7.5CVSS7.5AI score0.01256EPSS
Exploits0
IBM Security Bulletins
IBM Security Bulletins
added 2024/08/12 4:26 a.m.39 views

Security Bulletin: Multiple Security Vulnerabilities in IBM Java Runtime affect IBM License Key Server Administration and Reporting Tool and its Agent

Summary Multiple vulnerabilities affect IBM® SDK, Java™ Technology Edition in IBM License Key Server Administration and Reporting Tool ART and Administration Agent. For more information please refer to Oracle's CPU Advisory and the X-Force database entries referenced below. Vulnerability Details...

7.5CVSS5.1AI score0.01361EPSS
Exploits0Affected Software1
Vulnrichment
Vulnrichment
added 2024/05/10 3:21 p.m.362 views

CVE-2024-34070 Froxlor Vulnerable to Blind XSS Leading to Froxlor Application Compromise

Froxlor is open source server administration software. Prior to 2.1.9, a Stored Blind Cross-Site Scripting XSS vulnerability was identified in the Failed Login Attempts Logging Feature of the Froxlor Application. An unauthenticated User can inject malicious scripts in the loginname parameter on t...

9.6CVSS7.9AI score0.00963EPSS
Exploits2References2
CVE
CVE
added 2024/05/10 3:21 p.m.311 views

CVE-2024-34070

CVE-2024-34070 affects Froxlor prior to 2.1.9. A Stored Blind XSS exists in the Failed Login Attempts Logging feature: an unauthenticated user can inject script into the loginname during a login attempt, which runs when an Administrator views System Logs. The vulnerability can be exploited to cau...

9.6CVSS5.6AI score0.00963EPSS
Exploits2References2
Cvelist
Cvelist
added 2024/05/10 3:21 p.m.64 views

CVE-2024-34070 Froxlor Vulnerable to Blind XSS Leading to Froxlor Application Compromise

Froxlor is open source server administration software. Prior to 2.1.9, a Stored Blind Cross-Site Scripting XSS vulnerability was identified in the Failed Login Attempts Logging Feature of the Froxlor Application. An unauthenticated User can inject malicious scripts in the loginname parameter on t...

9.6CVSS8.1AI score0.00963EPSS
Exploits2References2
Fedora
Fedora
added 2024/03/31 12:20 a.m.22 views

[SECURITY] Fedora 40 Update: cockpit-314-1.fc40

The Cockpit Web Console enables users to administer GNU/Linux servers using a web browser. It offers network configuration, log inspection, diagnostic reports, SELinux troubleshooting, interactive command-line sessions, and more...

7.3CVSS7.1AI score0.01181EPSS
Exploits0
Fedora
Fedora
added 2024/03/30 1:11 a.m.25 views

[SECURITY] Fedora 39 Update: cockpit-314-1.fc39

The Cockpit Web Console enables users to administer GNU/Linux servers using a web browser. It offers network configuration, log inspection, diagnostic reports, SELinux troubleshooting, interactive command-line sessions, and more...

7.3CVSS7.1AI score0.01181EPSS
Exploits0
RedHat Linux
RedHat Linux
added 2024/03/19 11:30 a.m.32 views

Moderate: Red Hat Security Advisory: redhat-ds:11 security, bug fix, and enhancement update

An update for the redhat-ds:11 module is now available for Red Hat Directory Server 11.7 for RHEL 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available...

5.5CVSS6.1AI score0.00304EPSS
Exploits0References13
IBM Security Bulletins
IBM Security Bulletins
added 2024/02/28 2:41 p.m.24 views

Security Bulletin: IBM Common Licensing using IBM® SDK, Java™ Technology Edition vulnerable to CVEs

Summary Multiple vulnerabilities affect IBM® SDK, Java™ Technology Edition in IBM License Key Server Administration and Reporting Tool ART and Administration Agent. For more information please refer to Oracle's CPU Advisory and the X-Force database entries referenced below. Vulnerability Details...

7.5CVSS10AI score0.03203EPSS
Exploits0Affected Software1
NVD
NVD
added 2024/01/03 11:15 p.m.16 views

CVE-2023-50256

Froxlor is open source server administration software. Prior to version 2.1.2, it was possible to submit the registration form with the essential fields, such as the username and password, left intentionally blank. This inadvertent omission allowed for a bypass of the mandatory field requirements...

7.5CVSS7.5AI score0.00716EPSS
Exploits1References3
Prion
Prion
added 2024/01/03 11:15 p.m.13 views

Design/Logic Flaw

Froxlor is open source server administration software. Prior to version 2.1.2, it was possible to submit the registration form with the essential fields, such as the username and password, left intentionally blank. This inadvertent omission allowed for a bypass of the mandatory field requirements...

5CVSS7AI score0.00716EPSS
Exploits1References3Affected Software1
Rows per page
Query Builder