Lucene search
K

254 matches found

CVE
CVE
added 2025/09/09 8:37 p.m.16 views

CVE-2025-54084

CVE-2025-54084 refers to an OS Command Injection in Calix GigaCenter ONT (Quantenna SoC modules). The vulnerability arises from improper input validation in the OS command pathway, allowing authenticated attackers with super credentials to execute arbitrary OS commands, potentially leading to ful...

8.5CVSS7.1AI score0.00818EPSS
Exploits0References3
CNNVD
CNNVD
added 2025/07/20 12:0 a.m.3 views

idnovate Super User 安全漏洞

idnovate Super User is a customer login module for PrestaShop by idnovate. A security vulnerability exists in idnovate Super User version 9.6.0 and earlier, which stems from improper export of the AndroidManifest.xml file component de.idnow...

5.5CVSS5.5AI score0.00278EPSS
Exploits1References6
OSV
OSV
added 2025/06/10 11:48 a.m.5 views

BIT-MARIADB-MIN-2021-27928

A remote code execution issue was discovered in MariaDB 10.2 before 10.2.37, 10.3 before 10.3.28, 10.4 before 10.4.18, and 10.5 before 10.5.9; Percona Server through 2021-03-03; and the wsrep patch through 2021-03-03 for MySQL. An untrusted search path leads to eval injection, in which a database...

9CVSS7.3AI score0.38179EPSS
Exploits9References10
RedhatCVE
RedhatCVE
added 2025/05/22 7:6 p.m.13 views

CVE-2021-20122

The Telus Wi-Fi Hub PRV65B444A-S-TS with firmware version 3.00.20 is affected by an authenticated command injection vulnerability in multiple parameters passed to tr69cmd.cgi. A remote attacker connected to the router's LAN and authenticated with a super user account, or using a bypass...

9.8CVSS7.6AI score0.99983EPSS
Exploits6References1
RedhatCVE
RedhatCVE
added 2025/05/22 4:8 a.m.6 views

CVE-2011-4144

Unspecified vulnerability in EMC Documentum Content Server 6.0, 6.5 before SP2 P02, 6.5 SP3 before SP3 P02, and 6.6 before P02 allows local users to obtain "highest super user privileges" by leveraging system administrator privileges...

6.8CVSS6.5AI score0.00303EPSS
Exploits2References1
Grafana
Grafana
added 2025/05/22 12:0 a.m.13 views

Organization admin can delete server admin in Grafana

An access control vulnerability was discovered in Grafana where an Organization administrator could permanently delete the Server administrator account. This vulnerability exists in the DELETE /api/org/users/ endpoint. The vulnerability can be exploited when: An Organization administrator exists...

5.5CVSS6.9AI score0.00378EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/02/05 2:23 a.m.7 views

CVE-2024-24573

facileManager is a modular suite of web apps built with the sysadmin in mind. In versions 4.5.0 and earlier, when a user updates their profile, a POST request containing user information is sent to the endpoint server/fm-modules/facileManager/ajax/processPost.php. It was found that non-admins can...

8.8CVSS8.5AI score0.00817EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/02/05 2:19 a.m.11 views

CVE-2024-24767

CasaOS-UserService provides user management functionalities to CasaOS. Starting in version 0.4.4.3 and prior to version 0.4.7, CasaOS doesn't defend against password brute force attacks, which leads to having full access to the server. The web application lacks control over the login attempts. Th...

9.8CVSS6.9AI score0.00977EPSS
Exploits1References1
OSV
OSV
added 2024/09/09 7:25 a.m.21 views

SUSE-SU-2024:3165-1 Security update for wireshark

This update for wireshark fixes the following issues: wireshark was updated from version 3.6.23 to version 4.2.6 jscPED-8517: - Security issues fixed with this update: CVE-2024-0207: HTTP3 dissector crash bsc1218503 CVE-2024-0210: Zigbee TLV dissector crash bsc1218506 CVE-2024-0211: DOCSIS...

7.8CVSS6.5AI score0.03456EPSS
Exploits7References23
Citrix
Citrix
added 2024/07/13 12:0 a.m.8 views

How to Configure Extended Logging on a QLogic Fiber Channel Host Bus Adapter

This article describes how to configure extended logging on QLogic Fiber Channel FC Host Bus Adapter HBA. You may find that a similar procedure applies to other HBAs. Requirements Super user credentials root on Xen hosts Knowledge of vi or Nano text editor this article uses the vi editor...

7AI score
Exploits0
0day.today
0day.today
added 2024/04/22 12:0 a.m.267 views

Elber Signum DVB-S/S2 IRD For Radio Networks 1.999 Authentication Bypass Vulnerability

Elber Signum DVB-S/S2 IRD for Radio Networks version 1.999 suffers from an authentication bypass vulnerability through a direct and unauthorized access to the password management functionality. The issue allows attackers to bypass authentication by manipulating the setpwd endpoint that enables th...

7.8AI score
Exploits0
0day.today
0day.today
added 2024/04/22 12:0 a.m.241 views

Elber Reble610 M/ODU XPIC IP-ASI-SDH Microwave Link Authentication Bypass Vulnerability

Elber Reble610 M/ODU XPIC IP-ASI-SDH Microwave Link suffers from an authentication bypass vulnerability through a direct and unauthorized access to the password management functionality. The issue allows attackers to bypass authentication by manipulating the setpwd endpoint that enables them to...

7.7AI score
Exploits0
CVE
CVE
added 2024/04/12 2:55 p.m.92 views

CVE-2024-21615

CVE-2024-21615 concerns Juniper Networks Junos OS and Junos OS Evolved. The root cause is an Incorrect Default Privileges condition that, when NETCONF traceoptions are configured, can allow a local, low-privileged user to access confidential information after a super-user performs certain NETCONF...

5.1CVSS6.3AI score0.00152EPSS
Exploits0References2Affected Software2
Veracode
Veracode
added 2024/03/14 9:28 a.m.20 views

Incorrect Authorization

org.apache.pulsar, pulsar-broker is vulnerable to Incorrect Authorization. The vulnerability exists due to inadequate access controls to modify topic-level policies. Only users with the tenant admin or super user role should be permitted to perform such management operations, allowing authenticat...

6.4CVSS6.9AI score0.01701EPSS
Exploits0References5Affected Software1
Positive Technologies
Positive Technologies
added 2024/03/12 12:0 a.m.6 views

PT-2024-2614 · Apache · Apache Pulsar

Name of the Vulnerable Software and Affected Versions: Apache Pulsar versions 2.7.1 through 2.10.5 Apache Pulsar versions 2.11.0 through 2.11.3 Apache Pulsar versions 3.0.0 through 3.0.2 Apache Pulsar versions 3.1.0 through 3.1.2 Apache Pulsar version 3.2.0 Description: The issue is related to...

6.4CVSS6.9AI score0.01701EPSS
Exploits0References15
Veracode
Veracode
added 2024/03/07 7:23 a.m.22 views

Password Brute Force Attack

github.com/icewhaletech/casaos-userservice is vulnerable to Password Brute Force Attack. The vulnerability is due to a lack of control on login attempts missing a rate limit on login. This enables attackers to gain super user-level access to the server, allowing unauthorized access to the server...

9.8CVSS6.9AI score0.00977EPSS
Exploits1References3Affected Software1
NVD
NVD
added 2024/03/06 6:15 p.m.45 views

CVE-2024-24767

CasaOS-UserService provides user management functionalities to CasaOS. Starting in version 0.4.4.3 and prior to version 0.4.7, CasaOS doesn't defend against password brute force attacks, which leads to having full access to the server. The web application lacks control over the login attempts. Th...

9.8CVSS9.3AI score0.00977EPSS
Exploits1References3
OSV
OSV
added 2024/03/06 6:6 p.m.37 views

CVE-2024-24767 CasaOS Improper Restriction of Excessive Authentication Attempts vulnerability

CasaOS-UserService provides user management functionalities to CasaOS. Starting in version 0.4.4.3 and prior to version 0.4.7, CasaOS doesn't defend against password brute force attacks, which leads to having full access to the server. The web application lacks control over the login attempts. Th...

9.1CVSS9AI score0.00977EPSS
Exploits1References5
Github Security Blog
Github Security Blog
added 2024/03/06 3:25 p.m.43 views

CasaOS Improper Restriction of Excessive Authentication Attempts vulnerability

Summary Here it is observed that the CasaOS doesn't defend against password brute force attacks, which leads to having full access to the server. Details The web application lacks control over the login attempts i.e. why attacker can use a password brute force attack to find and get full access...

9.8CVSS9.4AI score0.00977EPSS
Exploits1References6Affected Software1
OSV
OSV
added 2024/03/06 11:7 a.m.31 views

BIT-MYSQL-CLIENT-2021-27928

A remote code execution issue was discovered in MariaDB 10.2 before 10.2.37, 10.3 before 10.3.28, 10.4 before 10.4.18, and 10.5 before 10.5.9; Percona Server through 2021-03-03; and the wsrep patch through 2021-03-03 for MySQL. An untrusted search path leads to eval injection, in which a database...

9CVSS7.5AI score0.38179EPSS
Exploits9References10
Rows per page
Query Builder