Lucene search
K

289 matches found

RedhatCVE
RedhatCVE
added 2025/11/26 5:57 p.m.8 views

CVE-2025-12893

Clients may successfully perform a TLS handshake with a MongoDB server despite presenting a client certificate not aligning with the documented Extended Key Usage EKU requirements. A certificate that specifies extendedKeyUsage but is missing extendedKeyUsage = clientAuth may still be successfully...

5.4CVSS6.4AI score0.00084EPSS
Exploits0References1
NVD
NVD
added 2025/11/25 5:15 a.m.9 views

CVE-2025-12893

Clients may successfully perform a TLS handshake with a MongoDB server despite presenting a client certificate not aligning with the documented Extended Key Usage EKU requirements. A certificate that specifies extendedKeyUsage but is missing extendedKeyUsage = clientAuth may still be successfully...

5.4CVSS0.00084EPSS
Exploits0References1
EUVD
EUVD
added 2025/11/25 5:7 a.m.4 views

EUVD-2025-199532

Clients may successfully perform a TLS handshake with a MongoDB server despite presenting a client certificate not aligning with the documented Extended Key Usage EKU requirements. A certificate that specifies extendedKeyUsage but is missing extendedKeyUsage = clientAuth may still be successfully...

4.2CVSS5.9AI score0.00084EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/11/18 12:0 a.m.4 views

opensourcepos 安全漏洞

opensourcepos is a point-of-sale system from opensourcepos open source. A security vulnerability exists in opensourcepos version 3.4.1, which stems from a lack of server-side authentication and could lead to the setting of empty passwords and unauthorized access...

7.5CVSS6.8AI score0.00408EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2025/11/14 12:0 a.m.6 views

PT-2025-47026

Name of the Vulnerable Software and Affected Versions General Industrial Controls Lynx+ Gateway affected versions not specified Description The embedded web server lacks critical authentication, potentially allowing a remote attacker to reset the device. This could lead to a complete remote...

10CVSS6.6AI score0.00644EPSS
Exploits0References13
NVD
NVD
added 2025/11/07 4:15 a.m.5 views

CVE-2025-64180

Manager-io/Manager is accounting software. In Manager Desktop and Server versions 25.11.1.3085 and below, a critical vulnerability permits unauthorized access to internal network resources. The flaw lies in the fundamental design of the DNS validation mechanism. A Time-of-Check Time-of-Use TOCTOU...

10CVSS0.00315EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/11/07 2:58 a.m.4 views

CVE-2025-64180 Manager-io/Manager: Complete Bypass of SSRF Protection via Time-of-Check Time-of-Use (TOCTOU)

Manager-io/Manager is accounting software. In Manager Desktop and Server versions 25.11.1.3085 and below, a critical vulnerability permits unauthorized access to internal network resources. The flaw lies in the fundamental design of the DNS validation mechanism. A Time-of-Check Time-of-Use TOCTOU...

10CVSS6.3AI score0.00315EPSS
Exploits0References1
OSV
OSV
added 2025/11/07 2:58 a.m.6 views

CVE-2025-64180 Manager-io/Manager: Complete Bypass of SSRF Protection via Time-of-Check Time-of-Use (TOCTOU)

Manager-io/Manager is accounting software. In Manager Desktop and Server versions 25.11.1.3085 and below, a critical vulnerability permits unauthorized access to internal network resources. The flaw lies in the fundamental design of the DNS validation mechanism. A Time-of-Check Time-of-Use TOCTOU...

10CVSS6.8AI score0.00315EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2025/11/07 12:0 a.m.5 views

PT-2025-45510

Name of the Vulnerable Software and Affected Versions Ruijie Gateway EG and NBR models versions 11.16B9P1 through 11.94B12P1 Description The EWEB management system in various Ruijie Gateway EG and NBR models contains a code execution issue. Attackers can exploit front-end code when features like...

9.2CVSS7.5AI score0.00762EPSS
Exploits0References9
VulnCheck KEV
VulnCheck KEV
added 2025/11/07 12:0 a.m.3 views

VulnCheck KEV: CVE-2020-36870

Various Ruijie Gateway EG and NBR models firmware versions 11.16B9P1 11.94B12P1 contain a code execution vulnerability in the EWEB management system that can be abused via front-end functionality. Attackers can exploit front-end code when features such as guest authentication, local server...

9.2CVSS6.3AI score0.00762EPSS
In wildExploits0References89
OSV
OSV
added 2025/11/05 5:15 p.m.5 views

CVE-2025-20358

A vulnerability in the Contact Center Express CCX Editor application of Cisco Unified CCX could allow an unauthenticated, remote attacker to bypass authentication and obtain administrative permissions pertaining to script creation and execution. This vulnerability is due to improper authenticatio...

9.8CVSS6AI score
Exploits0References1
NVD
NVD
added 2025/10/21 12:15 p.m.5 views

CVE-2025-10640

An unauthenticated attacker with access to TCP port 12306 of the WorkExaminer server can exploit missing server-side authentication checks to bypass the login prompt in the WorkExaminer Professional console to gain administrative access to the WorkExaminer server and therefore all sensitive...

9.8CVSS0.00887EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/10/09 12:0 a.m.11 views

Perfex CRM 安全漏洞

Perfex CRM is a customer relationship management software from Perfex CRM open source. It is used to manage customers, projects and create invoices in the cloud. A security vulnerability exists in Perfex CRM versions prior to 3.3.1, which stems from insufficient server-side authentication and cou...

7.3CVSS6.6AI score0.00263EPSS
Exploits1References1
EUVD
EUVD
added 2025/10/07 12:30 a.m.3 views

EUVD-2020-28120

Malware in sbrugna...

3.3CVSS4.3AI score0.00415EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.3 views

EUVD-2015-4194

Malware in sbrugna...

2.6CVSS8.2AI score0.02028EPSS
Exploits0References15
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2021-24826

Malware in sbrugna...

5.3CVSS5.3AI score0.00527EPSS
Exploits0References5
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2002-0621

Malware in sbrugna...

7.5CVSS6.4AI score0.01635EPSS
Exploits0References7
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2017-1387

Malware in sbrugna...

7.5CVSS7.5AI score0.01809EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2021-19641

Malware in sbrugna...

7.5CVSS7.4AI score0.01398EPSS
Exploits0References11
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2004-2155

Malware in sbrugna...

7.5CVSS6.4AI score0.01699EPSS
Exploits0References8
Rows per page
Query Builder