Lucene search
K

14 matches found

Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.8 views

PT-2026-52068

Name of the Vulnerable Software and Affected Versions Ghost versions 6.0.9 through 6.21.0 Description Ghost is a Node.js content management system. An issue exists where the IP filter designed to prevent external requests from reaching internal services can be bypassed. This is achieved by using ...

5.8CVSS5.8AI score0.00197EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2026/05/05 9:26 p.m.11 views

Grav Vulnerable to Sensitive Information Disclosure via Accounts Service Bypass

Summary Information disclosure exists in Grav CMS v1.8.0-beta.29. Despite previous security patches notably in v1.8.0-beta.27/28 aimed at restricting sensitive object access within the Twig environment, the Accounts Service remains exposed. A low-privileged user EX: Content Editor with only...

6.5CVSS5.8AI score0.0029EPSS
Exploits1References4Affected Software1
Tenable Nessus
Tenable Nessus
added 2026/04/21 12:0 a.m.11 views

Linux Distros Unpatched Vulnerability : CVE-2026-40606

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - mitmproxy is a interactive TLS-capable intercepting HTTP proxy for penetration testers and software developers and mitmweb is a web-based interface for mitmprox...

4.8CVSS5.8AI score0.00166EPSS
Exploits1References3
OSV
OSV
added 2026/04/07 2:5 p.m.7 views

USN-8153-1 salt vulnerabilities

Zach Malone discovered that Salt did not properly handle permissions to cache data. A local attacker could possibly use this issue to obtain sensitive information. CVE-2015-8034 Dylan Frese discovered that Salt incorrectly allowed users to specify PAM service. An attacker could possibly use this...

5.6CVSS5.8AI score0.00873EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/01/09 11:17 a.m.7 views

CVE-2021-0705

In sanitizeSbn of NotificationManagerService.java, there is a possible way to keep service running in foreground and keep granted permissions due to Bypass of Background Service Restrictions. This could lead to local escalation of privilege with no additional execution privileges needed. User...

7.8CVSS7AI score0.00251EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2024/02/26 12:0 a.m.4 views

PT-2024-1844 · Unknown · Eds-4000/G4000 Series

Name of the Vulnerable Software and Affected Versions: EDS-4000/G4000 Series versions prior to 3.2 Description: The issue is related to a bypass of access control mechanisms in the web service of the EDS-4000/G4000 Series managed switch firmware. This could allow a remote attacker to send request...

7.7CVSS7.3AI score0.00538EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2023/08/13 12:0 a.m.5 views

PT-2023-23928 · Dataprobe · Dataprobe Iboot Pdu

Name of the Vulnerable Software and Affected Versions: Dataprobe iBoot PDU version 1.43.03312023 or earlier Description: The issue concerns the use of hard-coded credentials for interactions with the internal Postgres database and an authentication bypass vulnerability in the REST API due to the...

9.8CVSS9.3AI score0.00469EPSS
Exploits0References9
OSV
OSV
added 2023/06/14 12:15 a.m.0 views

CVE-2023-32022

Windows Server Service Security Feature Bypass Vulnerability...

7.6CVSS7.3AI score0.00773EPSS
Exploits0References1
IBM Security Bulletins
IBM Security Bulletins
added 2023/05/10 4:23 a.m.65 views

Security Bulletin: Multiple vulnerabilities in Spring Framework affects IBM Tivoli Application Dependency Discovery Manager (CVE-2023-20860, CVE-2023-20861).

Summary Vulnerabilities in Spring Framework affects IBM Tivoli Application Dependency Discovery Manager CVE-2023-20860, CVE-2023-20861. IBM has addressed the vulnerabilities. Vulnerability Details CVEID:CVE-2023-20861 DESCRIPTION: VMware Tanzu Spring Framework is vulnerable to a denial of service...

7.5CVSS7.5AI score0.03514EPSS
Exploits1Affected Software1
NVD
NVD
added 2022/01/11 9:15 p.m.24 views

CVE-2022-21924

Workstation Service Remote Protocol Security Feature Bypass Vulnerability...

5.4CVSS0.02905EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2020/08/18 12:0 a.m.52 views

Cisco NX-OS Software CLI to Internal Service Bypass (cisco-sa-20190515-nxos-cli-bypass)

According to its self-reported version, Cisco Unified Computing System Managed is affected by following vulnerability - A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated, local attacker to access internal services that should be restricted on an affected device, such...

7.8CVSS6.3AI score0.00423EPSS
Exploits0References10
CNVD
CNVD
added 2017/03/16 12:0 a.m.1 views

SAP Cloud Commerce Platform HANA System Authentication Vulnerability

The SAP Cloud Commerce Platform HANA system is a real-time data computing platform based on in-memory computing technology. There are multiple vulnerabilities in the SAP Cloud Commerce Platform HANA system, one of the critical vulnerabilities is an authentication vulnerability that can be exploit...

7.2AI score
Exploits0References1
RedHat Linux
RedHat Linux
added 2013/03/20 3:48 p.m.6 views

JBoss: allows empty password to authenticate against LDAP

The default configuration of the 1 LdapLoginModule and 2 LdapExtLoginModule modules in JBoss Enterprise Application Platform EAP 4.3.0 CP10, 5.2.0, and 6.0.1, and Enterprise Web Platform EWP 5.2.0 allow remote attackers to bypass authentication via an empty password...

7.5CVSS5.9AI score0.02344EPSS
Exploits0References4
Debian CVE
Debian CVE
added 2012/06/04 8:0 p.m.15 views

CVE-2012-0862

builtins.c in Xinetd before 2.3.15 does not check the service type when the tcpmux-server service is enabled, which exposes all enabled services and allows remote attackers to bypass intended access restrictions via a request to tcpmux port 1...

4.3CVSS5.5AI score0.02779EPSS
Exploits1
Rows per page
Query Builder