Lucene search
K

8 matches found

Cvelist
Cvelist
added 2026/04/22 6:33 p.m.33 views

CVE-2026-34413 Xerte Online Toolkits Missing Authentication via connector.php

Xerte Online Toolkits versions 3.15 and earlier contain a missing authentication vulnerability in the elFinder connector endpoint at /editor/elfinder/php/connector.php where an HTTP redirect to unauthenticated callers does not call exit or die, allowing PHP execution to continue and process the...

8.8CVSS0.02804EPSS
Exploits2References8
Positive Technologies
Positive Technologies
added 2026/04/10 12:0 a.m.5 views

PT-2026-32039

Name of the Vulnerable Software and Affected Versions goshs versions prior to 2.0.0-beta.4 Description goshs, a SimpleHTTPServer written in Go, had an authorization bypass. Prior to version 2.0.0-beta.4, the software enforced ACL/basic-auth mechanisms for directory listings and file reads, but di...

9.8CVSS5.8AI score0.00651EPSS
Exploits1References18
RedhatCVE
RedhatCVE
added 2025/09/04 11:33 a.m.4 views

CVE-2025-52551

E2 Facility Management Systems use a proprietary protocol that allows for unauthenticated file operations on any file in the file system...

9.3CVSS7AI score0.00324EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/09/02 11:30 a.m.2 views

CVE-2025-52551 Proprietary protocol allows for unauthenticated file operations

E2 Facility Management Systems use a proprietary protocol that allows for unauthenticated file operations on any file in the file system...

9.3CVSS6.5AI score0.00324EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/09/02 11:30 a.m.8 views

CVE-2025-52551 Proprietary protocol allows for unauthenticated file operations

E2 Facility Management Systems use a proprietary protocol that allows for unauthenticated file operations on any file in the file system...

9.3CVSS0.00324EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/09/02 12:0 a.m.5 views

PT-2025-35560

Name of the Vulnerable Software and Affected Versions: E2 Facility Management Systems affected versions not specified Description: E2 Facility Management Systems utilizes a proprietary protocol that permits unauthenticated file operations on any file within the file system. Recommendations: At th...

9.3CVSS6.3AI score0.00324EPSS
Exploits0References4
Cvelist
Cvelist
added 2024/05/18 10:2 p.m.31 views

CVE-2024-28064

Kiteworks Totemomail 7.x and 8.x before 8.3.0 allows /responsiveUI/EnvelopeOpenServlet messageId directory traversal for unauthenticated file read and delete operations with displayLoginChunkedImages and write operations with storeLoginChunkedImages...

6.8AI score0.00856EPSS
Exploits0References1
Zero Science Lab
Zero Science Lab
added 2022/02/22 12:0 a.m.439 views

ICL ScadaFlex II SCADA Controllers SC-1/SC-2 1.03.07 Remote File CRUD

Summary Scadaflex II controllers are 100% web based for both configuration and user interface. No applications are required other than any standard web browser. They are easily supported by remote access over the Internet or a cellular link. Scadaflex II controllers support industry standard wire...

9.1CVSS7.6AI score0.37295EPSS
Exploits5
Rows per page
Query Builder