Lucene search
K

146 matches found

CVE
CVE
added 2025/12/12 9:20 a.m.16 views

CVE-2025-58130

Apache Fineract is affected by an Insufficiently Protected Credentials vulnerability up to version 1.11.0. The issue is fixed in 1.12.1, and users are advised to upgrade to 1.13.0 (latest release). The primary public details indicate credential exposure risk but do not describe specific exploitat...

9.1CVSS6.5AI score0.00372EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2025/12/12 9:20 a.m.6 views

CVE-2025-58130 Apache Fineract: Server Key not masked

Insufficiently Protected Credentials vulnerability in Apache Fineract. This issue affects Apache Fineract: through 1.11.0. The issue is fixed in version 1.12.1. Users are encouraged to upgrade to version 1.13.0, the latest release...

6.5AI score0.00372EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/12/12 9:20 a.m.29 views

CVE-2025-58130 Apache Fineract: Server Key not masked

Insufficiently Protected Credentials vulnerability in Apache Fineract. This issue affects Apache Fineract: through 1.11.0. The issue is fixed in version 1.12.1. Users are encouraged to upgrade to version 1.13.0, the latest release...

0.00372EPSS
Exploits0References1
OSV
OSV
added 2025/12/09 4:17 p.m.4 views

CVE-2025-40818

A vulnerability has been identified in SINEMA Remote Connect Server All versions V3.2 SP4. Affected applications contain private SSL/TLS keys on the server that are not properly protected allowing any user with server access to read these keys. This could allow an authenticated attacker to...

3.3CVSS5.8AI score0.00093EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/11/12 3:46 a.m.6 views

CVE-2025-11894

The Shelf Planner plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on several REST API endpoints in all versions up to, and including, 2.8.1. This makes it possible for unauthenticated attackers to modify several of the plugin's settings li...

5.3CVSS5.9AI score0.00269EPSS
Exploits0References1
NVD
NVD
added 2025/11/11 4:15 a.m.5 views

CVE-2025-11894

The Shelf Planner plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on several REST API endpoints in all versions up to, and including, 2.8.1. This makes it possible for unauthenticated attackers to modify several of the plugin's settings li...

5.3CVSS0.00269EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/11/11 3:30 a.m.10 views

CVE-2025-11894 Shelf Planner <= 2.8.1 - Missing Authorization to Unauthenticated Settings Update

The Shelf Planner plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on several REST API endpoints in all versions up to, and including, 2.8.1. This makes it possible for unauthenticated attackers to modify several of the plugin's settings li...

5.3CVSS0.00269EPSS
Exploits0References2
CVE
CVE
added 2025/11/11 3:30 a.m.17 views

CVE-2025-11894

CVE-2025-11894 : The Shelf Planner WordPress plugin (versions

5.3CVSS5.9AI score0.00269EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/10/22 10:19 p.m.3 views

CVE-2025-62710 Sakai kernel-impl: predictable PRNG used to generate server‑side encryption key in EncryptionUtilityServiceImpl

Sakai is a Collaboration and Learning Environment. Prior to versions 23.5 and 25.0, EncryptionUtilityServiceImpl initialized an AES256TextEncryptor password serverSecretKey using RandomStringUtils with the default java.util.Random. java.util.Random is a non‑cryptographic PRNG and can be predicted...

2.6CVSS6.3AI score0.00182EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/10/16 12:0 a.m.6 views

WSO2多款产品 安全漏洞

WSO2 API Manager is an API lifecycle management solution, WSO2 API Manager Analytics is an analytics component, and WSO2 API Control Plane is a control panel. A security vulnerability exists in a number of WSO2 products. The vulnerability stems from insufficient enforcement of permissions in the...

9.6CVSS6.5AI score0.00521EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2014-4668

Malware in sbrugna...

4.3CVSS6.4AI score0.00856EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2023-43880

Malicious code in bioql PyPI...

4.3CVSS6.1AI score0.00296EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2025-16874

Malicious code in bioql PyPI...

5.9CVSS6AI score0.00065EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/08/09 12:0 a.m.5 views

Linux Distros Unpatched Vulnerability : CVE-2018-9988

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - ARM mbed TLS before 2.1.11, before 2.7.2, and before 2.8.0 has a buffer over-read in sslparseserverkeyexchange that could cause a crash on invalid input...

7.5CVSS6.9AI score0.02114EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/06/06 2:7 p.m.22 views

CVE-2025-48960

Weak server key used for TLS encryption. The following products are affected: Acronis Cyber Protect 16 Linux, macOS, Windows before build 39938...

5.9CVSS7.3AI score0.00065EPSS
Exploits0References1
CVE
CVE
added 2025/06/04 1:26 p.m.59 views

CVE-2025-48960

CVE-2025-48960 concerns a weak server key used for TLS encryption affecting Acronis Cyber Protect 16 on Linux, macOS, and Windows before build 39938 . The vulnerability is caused by inadequate key material in the TLS setup, leading to low confidentiality (C) and partial integrity issues (I) per t...

5.9CVSS7.2AI score0.00065EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/06/04 1:26 p.m.11 views

CVE-2025-48960

Weak server key used for TLS encryption. The following products are affected: Acronis Cyber Protect 16 Linux, macOS, Windows before build 39938...

5.9CVSS7.2AI score0.00065EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/06/04 1:26 p.m.19 views

CVE-2025-48960

Weak server key used for TLS encryption. The following products are affected: Acronis Cyber Protect 16 Linux, macOS, Windows before build 39938...

5.9CVSS0.00065EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 2:30 a.m.5 views

CVE-2023-3202

The MStore API plugin for WordPress is vulnerable to Cross-Site Request Forgery due to missing nonce validation on the mstoreupdatefirebaseserverkey function. This makes it possible for unauthenticated attackers to update the firebase server key to push notification when order status changed via ...

4.3CVSS5.8AI score0.00296EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2025/05/13 8:5 a.m.2 views

openssl: RFC7250 handshakes with unauthenticated servers don't abort as expected

A flaw was found in OpenSSL's RFC7250 Raw Public Key RPK authentication. This vulnerability allows man-in-the-middle MITM attacks via failure to abort TLS/DTLS handshakes when the server's RPK does not match the expected key despite the SSLVERIFYPEER verification mode being set...

6.3CVSS7.1AI score0.02439EPSS
Exploits0References5
Rows per page
Query Builder