Lucene search
K

14 matches found

NVD
NVD
added 2026/06/22 4:16 p.m.11 views

CVE-2026-41047

Lack of authentication when using the "snapshot diff" functions in qSnapper before version 1.3.3 allowed a local attacker to see otherwise read protected information...

6.9CVSS0.0015EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/22 3:25 p.m.9 views

EUVD-2026-38267

Lack of authentication when using the "snapshot diff" functions in qSnapper before version 1.3.3 allowed a local attacker to see otherwise read protected information...

6.9CVSS5.9AI score0.0015EPSS
Exploits0References3
CVE
CVE
added 2026/06/22 3:25 p.m.18 views

CVE-2026-41047

The CVE affects qSnapper prior to version 1.3.3, where the snapshot diff functionality permits a local attacker to access information that should be protected due to lack of authentication. This is a local-privilege-related information leak (confidentiality impact). The baseline CVSS measures a M...

6.9CVSS5.9AI score0.0015EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2026/06/22 3:25 p.m.34 views

CVE-2026-41047 Information leak via “diff” methods in qSnapper

Lack of authentication when using the "snapshot diff" functions in qSnapper before version 1.3.3 allowed a local attacker to see otherwise read protected information...

6.9CVSS0.0015EPSS
Exploits0References3
OSV
OSV
added 2026/06/22 3:25 p.m.4 views

CVE-2026-41047 Information leak via “diff” methods in qSnapper

Lack of authentication when using the "snapshot diff" functions in qSnapper before version 1.3.3 allowed a local attacker to see otherwise read protected information...

6.9CVSS6AI score0.0015EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/06/22 12:0 a.m.9 views

PT-2026-51334

Name of the Vulnerable Software and Affected Versions qSnapper versions prior to 1.3.3 Description Lack of authentication when using the snapshot diff functions allows a local attacker to access information that is otherwise read protected. Recommendations Update to version 1.3.3 or later...

6.9CVSS5.8AI score0.0015EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2025/12/19 2:9 p.m.5 views

CVE-2025-40891

A Stored HTML Injection vulnerability was discovered in the Time Machine Snapshot Diff functionality due to improper validation of network traffic data. An unauthenticated attacker can send specially crafted network packets at two different times to inject HTML tags into asset attributes across t...

4.7CVSS6.5AI score0.00143EPSS
Exploits0References1
NVD
NVD
added 2025/12/18 2:15 p.m.4 views

CVE-2025-40891

A Stored HTML Injection vulnerability was discovered in the Time Machine Snapshot Diff functionality due to improper validation of network traffic data. An unauthenticated attacker can send specially crafted network packets at two different times to inject HTML tags into asset attributes across t...

4.7CVSS0.00143EPSS
Exploits0References2
OSV
OSV
added 2025/12/18 2:15 p.m.5 views

CVE-2025-40891

A Stored HTML Injection vulnerability was discovered in the Time Machine Snapshot Diff functionality due to improper validation of network traffic data. An unauthenticated attacker can send specially crafted network packets at two different times to inject HTML tags into asset attributes across t...

4.7CVSS5.7AI score0.00143EPSS
Exploits0References1
EUVD
EUVD
added 2025/12/18 1:14 p.m.4 views

EUVD-2025-204261

A Stored HTML Injection vulnerability was discovered in the Time Machine Snapshot Diff functionality due to improper validation of network traffic data. An unauthenticated attacker can send specially crafted network packets at two different times to inject HTML tags into asset attributes across t...

4.7CVSS6AI score0.00143EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/12/18 1:14 p.m.25 views

CVE-2025-40891 HTML injection in in Time Machine functionality in Guardian/CMC before 25.5.0

A Stored HTML Injection vulnerability was discovered in the Time Machine Snapshot Diff functionality due to improper validation of network traffic data. An unauthenticated attacker can send specially crafted network packets at two different times to inject HTML tags into asset attributes across t...

4.7CVSS0.00143EPSS
Exploits0References1
CVE
CVE
added 2025/12/18 1:14 p.m.18 views

CVE-2025-40891

The CVE-2025-40891 issue affects Nozomi Networks Guardian/CMC Time Machine Snapshot Diff functionality. An unauthenticated attacker can send crafted network packets at two different times to inject HTML into asset attributes across two snapshots. When a user interacts with the affected snapshots ...

4.7CVSS6.1AI score0.00143EPSS
Exploits0References2Affected Software2
Positive Technologies
Positive Technologies
added 2025/12/18 12:0 a.m.4 views

PT-2025-52219

A Stored HTML Injection vulnerability was discovered in the Time Machine Snapshot Diff functionality due to improper validation of network traffic data. An unauthenticated attacker can send specially crafted network packets at two different times to inject HTML tags into asset attributes across t...

4.7CVSS6.5AI score0.00143EPSS
Exploits0References1
NOZOMI
NOZOMI
added 2025/12/18 12:0 a.m.7 views

HTML injection in in Time Machine functionality in Guardian/CMC before 25.5.0

Summary A Stored HTML Injection vulnerability was discovered in the Time Machine Snapshot Diff functionality due to improper validation of network traffic data. Impact An unauthenticated attacker can send specially crafted network packets at two different times to inject HTML tags into asset...

4.7CVSS6.5AI score0.00143EPSS
Exploits0Affected Software2
Rows per page
Query Builder