289 matches found
CVE-2025-12893
Clients may successfully perform a TLS handshake with a MongoDB server despite presenting a client certificate not aligning with the documented Extended Key Usage EKU requirements. A certificate that specifies extendedKeyUsage but is missing extendedKeyUsage = clientAuth may still be successfully...
CVE-2025-12893
Clients may successfully perform a TLS handshake with a MongoDB server despite presenting a client certificate not aligning with the documented Extended Key Usage EKU requirements. A certificate that specifies extendedKeyUsage but is missing extendedKeyUsage = clientAuth may still be successfully...
EUVD-2025-199532
Clients may successfully perform a TLS handshake with a MongoDB server despite presenting a client certificate not aligning with the documented Extended Key Usage EKU requirements. A certificate that specifies extendedKeyUsage but is missing extendedKeyUsage = clientAuth may still be successfully...
opensourcepos 安全漏洞
opensourcepos is a point-of-sale system from opensourcepos open source. A security vulnerability exists in opensourcepos version 3.4.1, which stems from a lack of server-side authentication and could lead to the setting of empty passwords and unauthorized access...
PT-2025-47026
Name of the Vulnerable Software and Affected Versions General Industrial Controls Lynx+ Gateway affected versions not specified Description The embedded web server lacks critical authentication, potentially allowing a remote attacker to reset the device. This could lead to a complete remote...
CVE-2025-64180
Manager-io/Manager is accounting software. In Manager Desktop and Server versions 25.11.1.3085 and below, a critical vulnerability permits unauthorized access to internal network resources. The flaw lies in the fundamental design of the DNS validation mechanism. A Time-of-Check Time-of-Use TOCTOU...
CVE-2025-64180 Manager-io/Manager: Complete Bypass of SSRF Protection via Time-of-Check Time-of-Use (TOCTOU)
Manager-io/Manager is accounting software. In Manager Desktop and Server versions 25.11.1.3085 and below, a critical vulnerability permits unauthorized access to internal network resources. The flaw lies in the fundamental design of the DNS validation mechanism. A Time-of-Check Time-of-Use TOCTOU...
CVE-2025-64180 Manager-io/Manager: Complete Bypass of SSRF Protection via Time-of-Check Time-of-Use (TOCTOU)
Manager-io/Manager is accounting software. In Manager Desktop and Server versions 25.11.1.3085 and below, a critical vulnerability permits unauthorized access to internal network resources. The flaw lies in the fundamental design of the DNS validation mechanism. A Time-of-Check Time-of-Use TOCTOU...
PT-2025-45510
Name of the Vulnerable Software and Affected Versions Ruijie Gateway EG and NBR models versions 11.16B9P1 through 11.94B12P1 Description The EWEB management system in various Ruijie Gateway EG and NBR models contains a code execution issue. Attackers can exploit front-end code when features like...
VulnCheck KEV: CVE-2020-36870
Various Ruijie Gateway EG and NBR models firmware versions 11.16B9P1 11.94B12P1 contain a code execution vulnerability in the EWEB management system that can be abused via front-end functionality. Attackers can exploit front-end code when features such as guest authentication, local server...
CVE-2025-20358
A vulnerability in the Contact Center Express CCX Editor application of Cisco Unified CCX could allow an unauthenticated, remote attacker to bypass authentication and obtain administrative permissions pertaining to script creation and execution. This vulnerability is due to improper authenticatio...
CVE-2025-10640
An unauthenticated attacker with access to TCP port 12306 of the WorkExaminer server can exploit missing server-side authentication checks to bypass the login prompt in the WorkExaminer Professional console to gain administrative access to the WorkExaminer server and therefore all sensitive...
Perfex CRM 安全漏洞
Perfex CRM is a customer relationship management software from Perfex CRM open source. It is used to manage customers, projects and create invoices in the cloud. A security vulnerability exists in Perfex CRM versions prior to 3.3.1, which stems from insufficient server-side authentication and cou...
EUVD-2020-28120
Malware in sbrugna...
EUVD-2015-4194
Malware in sbrugna...
EUVD-2021-24826
Malware in sbrugna...
EUVD-2002-0621
Malware in sbrugna...
EUVD-2017-1387
Malware in sbrugna...
EUVD-2021-19641
Malware in sbrugna...
EUVD-2004-2155
Malware in sbrugna...