Lucene search
K

27 matches found

NVD
NVD
added 2026/07/06 10:16 p.m.6 views

CVE-2026-34599

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.471, there is an authenticated command injection vulnerability in the GetLogs Livewire component which allows users with team membership lowest privilege member role to execute...

8.8CVSS0.01385EPSS
Exploits0References4
CVE
CVE
added 2026/06/29 4:24 p.m.18 views

CVE-2026-13752

CVE-2026-13752 affects Snowflake CLI prior to 3.19. Improper neutralization of parameters in certain CLI paths allows unintended SQL execution within the user’s Snowflake session when crafted values reach vulnerable parameters (e.g., via socially engineered input, malicious repository configurati...

8CVSS5.9AI score0.00188EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2026/06/29 4:24 p.m.36 views

CVE-2026-13752 Snowflake CLI SQL Injection Through Improper Neutralization of Parameters in Secret Creation and SPCS Service Log Commands

Improper neutralization of parameters in Snowflake CLI versions prior to 3.19 allowed unintended SQL execution. An attacker could exploit this by supplying crafted values to vulnerable command paths, causing Snowflake CLI to execute unintended SQL in the context of the user’s Snowflake session...

6CVSS0.00188EPSS
Exploits0References1
EUVD
EUVD
added 2026/03/06 3:31 p.m.5 views

EUVD-2026-10039

Navtor NavBox exposes sensitive configuration and operational data due to missing authentication on HTTP API endpoints. An unauthenticated remote attacker with network access to the device can execute HTTP GET requests to TCP port 8080 to retrieve internal network parameters including ECDIS & OT...

7.5CVSS5.9AI score0.00505EPSS
Exploits0References2
NVD
NVD
added 2026/03/06 3:16 p.m.6 views

CVE-2026-2754

Navtor NavBox exposes sensitive configuration and operational data due to missing authentication on HTTP API endpoints. An unauthenticated remote attacker with network access to the device can execute HTTP GET requests to TCP port 8080 to retrieve internal network parameters including ECDIS & OT...

7.5CVSS0.00505EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/03/06 3:5 p.m.6 views

CVE-2026-2754

Navtor NavBox exposes sensitive configuration and operational data due to missing authentication on HTTP API endpoints. An unauthenticated remote attacker with network access to the device can execute HTTP GET requests to TCP port 8080 to retrieve internal network parameters including ECDIS & OT...

7.5CVSS5.9AI score0.00505EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2026/03/06 3:5 p.m.31 views

CVE-2026-2754

Navtor NavBox exposes sensitive configuration and operational data due to missing authentication on HTTP API endpoints. An unauthenticated remote attacker with network access to the device can execute HTTP GET requests to TCP port 8080 to retrieve internal network parameters including ECDIS & OT...

7.5CVSS0.00505EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/03/06 3:5 p.m.5 views

CVE-2026-2754

Navtor NavBox exposes sensitive configuration and operational data due to missing authentication on HTTP API endpoints. An unauthenticated remote attacker with network access to the device can execute HTTP GET requests to TCP port 8080 to retrieve internal network parameters including ECDIS & OT...

7.5CVSS5.9AI score0.00505EPSS
Exploits0References2
CVE
CVE
added 2026/03/06 3:5 p.m.32 views

CVE-2026-2754

Navtor NavBox exposes sensitive configuration and operational data due to missing authentication on HTTP API endpoints. An unauthenticated remote attacker can retrieve internal network parameters, including ECDIS & OT information, device identifiers, and service status logs by issuing HTTP GET re...

7.5CVSS5.9AI score0.00505EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2026/03/06 12:0 a.m.12 views

PT-2026-23718

Name of the Vulnerable Software and Affected Versions Navtor NavBox affected versions not specified Description The software exposes sensitive configuration and operational data because of a lack of authentication on HTTP API endpoints. A remote attacker with network access can send HTTP GET...

7.5CVSS5.6AI score0.00505EPSS
Exploits0References5
EUVD
EUVD
added 2025/10/03 8:7 p.m.8 views

EUVD-2025-10551

Malicious code in bioql PyPI...

4.7CVSS6.4AI score0.0009EPSS
Exploits0References3
NVD
NVD
added 2025/08/12 5:15 p.m.8 views

CVE-2025-24520

Insertion of sensitive information into log file for some IntelR Local Manageability Service software before version 2514.7.16.0 may allow an authenticated user to potentially enable information disclosure via local access...

4.8CVSS0.00143EPSS
Exploits0References1
NVD
NVD
added 2025/07/15 3:15 p.m.9 views

CVE-2025-48795

Apache CXF stores large stream based messages as temporary files on the local filesystem. A bug was introduced which means that the entire temporary file is read into memory and then logged. An attacker might be able to exploit this to cause a denial of service attack by causing an out of memory...

5.6CVSS0.00624EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/04/11 4:3 p.m.18 views

CVE-2025-32016

Microsoft Identity Web is a library which contains a set of reusable classes used in conjunction with ASP.NET Core for integrating with the Microsoft identity platform formerly Azure AD v2.0 endpoint and AAD B2C. This vulnerability affects confidential client applications, including daemons, web...

4.7CVSS6.5AI score0.0009EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2025/04/09 6:58 p.m.18 views

Microsoft Identity Web Exposes Client Secrets and Certificate Information in Service Logs

Impact What kind of vulnerability is it? Who is impacted? Description: This vulnerability affects confidential client applications, including daemons, web apps, and web APIs. Under specific circumstances, sensitive information such as client secrets or certificate details may be exposed in the...

4.7CVSS6.6AI score0.0009EPSS
Exploits0References3Affected Software2
OSV
OSV
added 2025/04/09 6:58 p.m.8 views

GHSA-RPQ8-Q44M-2RPG Microsoft Identity Web Exposes Client Secrets and Certificate Information in Service Logs

Impact What kind of vulnerability is it? Who is impacted? Description: This vulnerability affects confidential client applications, including daemons, web apps, and web APIs. Under specific circumstances, sensitive information such as client secrets or certificate details may be exposed in the...

4.7CVSS6.9AI score0.0009EPSS
Exploits0References3
NVD
NVD
added 2025/04/09 4:15 p.m.12 views

CVE-2025-32016

Microsoft Identity Web is a library which contains a set of reusable classes used in conjunction with ASP.NET Core for integrating with the Microsoft identity platform formerly Azure AD v2.0 endpoint and AAD B2C. This vulnerability affects confidential client applications, including daemons, web...

4.7CVSS0.0009EPSS
Exploits0References1
CVE
CVE
added 2025/04/09 3:48 p.m.73 views

CVE-2025-32016

This CVE affects Microsoft Identity Web (and related Microsoft.Identity.Abstractions) used with ASP.NET Core for Azure AD v2.0 / AAD B2C integrations. Under certain conditions, service logs can expose sensitive credentials, including local file paths with passwords, Base64-encoded values, and Cli...

4.7CVSS4.7AI score0.0009EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/04/09 3:48 p.m.8 views

CVE-2025-32016 Microsoft Identity Web Exposes Client Secrets and Certificate Information in Service Logs

Microsoft Identity Web is a library which contains a set of reusable classes used in conjunction with ASP.NET Core for integrating with the Microsoft identity platform formerly Azure AD v2.0 endpoint and AAD B2C. This vulnerability affects confidential client applications, including daemons, web...

4.7CVSS6.5AI score0.0009EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/04/09 3:48 p.m.18 views

CVE-2025-32016 Microsoft Identity Web Exposes Client Secrets and Certificate Information in Service Logs

Microsoft Identity Web is a library which contains a set of reusable classes used in conjunction with ASP.NET Core for integrating with the Microsoft identity platform formerly Azure AD v2.0 endpoint and AAD B2C. This vulnerability affects confidential client applications, including daemons, web...

4.7CVSS0.0009EPSS
Exploits0References1
Rows per page
Query Builder