Lucene search
K

35 matches found

RedhatCVE
RedhatCVE
added 2026/01/09 11:28 a.m.30 views

CVE-2021-33107

Insufficiently protected credentials in USB provisioning for IntelR AMT SDK before version 16.0.3, IntelR SCS before version 12.2 and IntelR MEBx before versions 11.0.0.0012, 12.0.0.0011, 14.0.0.0004 and 15.0.0.0004 may allow an unauthenticated user to potentially enable information disclosure vi...

4.6CVSS6.3AI score0.00251EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/07 9:16 a.m.9 views

CVE-2025-1101

A CWE-204 "Observable Response Discrepancy" in the login page in Q-Free MaxTime less than or equal to version 2.11.0 allows an unauthenticated remote attacker to enumerate valid usernames via crafted HTTP requests...

5.3CVSS7AI score0.0068EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/07 12:30 a.m.9 views

EUVD-2021-11890

Malware in sbrugna...

5.3CVSS5.3AI score0.00519EPSS
Exploits2References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.8 views

EUVD-2019-18380

Malware in sbrugna...

9.8CVSS8.7AI score0.02531EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2018-19715

Malware in sbrugna...

5.3CVSS5.8AI score0.04456EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2024-34064

Malicious code in bioql PyPI...

8.2CVSS6.4AI score0.00461EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2022-40955

Malicious code in bioql PyPI...

5.3CVSS5.7AI score0.00423EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2024-25296

Malicious code in bioql PyPI...

5.3CVSS6.6AI score0.00326EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2024-50357

Malicious code in bioql PyPI...

8.5CVSS6.6AI score0.00302EPSS
Exploits1References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.3 views

EUVD-2024-44435

Malicious code in bioql PyPI...

6.1CVSS6.4AI score0.00408EPSS
Exploits2References2
RedhatCVE
RedhatCVE
added 2025/05/23 1:19 a.m.6 views

CVE-2022-3124

The Frontend File Manager Plugin WordPress plugin before 21.3 allows any unauthenticated user to rename uploaded files from users. Furthermore, due to the lack of validation in the destination filename, this could allow allow them to change the content of arbitrary files on the web server...

5.3CVSS6.9AI score0.06199EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2025/05/22 10:4 p.m.11 views

CVE-2022-0656

The Web To Print Shop : uDraw WordPress plugin before 3.3.3 does not validate the url parameter in its udrawconverturltobase64 AJAX action available to both unauthenticated and authenticated users before using it in the filegetcontents function and returning its content base64 encoded in the...

7.5CVSS6.7AI score0.07736EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2025/05/22 3:42 p.m.7 views

CVE-2020-8751

Insufficient control flow management in subsystem for IntelR CSME versions before 11.8.80, IntelR TXE versions before 3.1.80 may allow an unauthenticated user to potentially enable information disclosure via physical access...

4.6CVSS6.3AI score0.00408EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 3:25 p.m.8 views

CVE-2020-27481

An unauthenticated SQL Injection vulnerability in Good Layers LMS Plugin = 2.1.4 exists due to the usage of "wpajaxnopriv" call in WordPress, which allows any unauthenticated user to get access to the function "gdlrlmscancelbooking" where POST Parameter "id" was sent straight into SQL query witho...

9.8CVSS8AI score0.1064EPSS
Exploits2
RedhatCVE
RedhatCVE
added 2025/05/22 4:43 a.m.7 views

CVE-2019-17270

Yachtcontrol through 2019-10-06: It's possible to perform direct Operating System commands as an unauthenticated user via the "/pages/systemcall.php?command=COMMAND" page and parameter, where COMMAND will be executed and returning the results to the client. Affects Yachtcontrol webservers disclos...

10CVSS7.2AI score0.58879EPSS
Exploits3References1
Positive Technologies
Positive Technologies
added 2025/05/05 12:0 a.m.9 views

PT-2025-19796 · Discourse · Discourse

Name of the Vulnerable Software and Affected Versions: Discourse versions 3.5.0.beta4 before commit 82d84af6b0efbd9fa2aeec3e91ce7be1a768511b Description: A data leak issue affects Discourse, an open-source community platform, allowing some content on the site's homepage to be visible to...

5.8CVSS6.3AI score0.0034EPSS
Exploits0References9
Packet Storm
Packet Storm
added 2025/04/16 12:0 a.m.645 views

📄 BentoML 1.4.2 Remote Code Execution

A remote code execution vulnerability caused by insecure deserialization has been identified in version 1.4.2 of BentoML. It allows any unauthenticated user to execute arbitrary code on the server. This module requires Metasploit: https://metasploit.com/download Current source:...

9.8CVSS10AI score0.44358EPSS
Exploits5
Vulnrichment
Vulnrichment
added 2025/04/08 4:14 p.m.8 views

CVE-2025-27442 Zoom Workplace Apps - Cross Site Scripting

Cross site scripting in some Zoom Workplace Apps may allow an unauthenticated user to conduct a loss of integrity via adjacent network access...

4.6CVSS6.8AI score0.00217EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/03/12 12:0 a.m.6 views

CVE-2025-25683

AlekSIS-Core is vulnerable to Incorrect Access Control. Unauthenticated users can access all PDF files. This affects AlekSIS-Core 3.0, 3.1, 3.1.1, 3.1.2, 3.1.3, 3.1.4, 3.1.5, 3.1.6, 3.2.0 and 3.2.1...

5.6AI score0.00231EPSS
Exploits0References2
CVE
CVE
added 2025/03/12 12:0 a.m.55 views

CVE-2025-25683

CVE-2025-25683 affects AlekSIS-Core versions 3.0–3.2.1, with an underlying Incorrect Access Control that allows unauthenticated users to access all PDF files. Exploitation details are not provided in the documents, but multiple sources confirm the vulnerability and affected ranges. Remediation (w...

5.6CVSS7AI score0.00231EPSS
Exploits0References2
Rows per page
Query Builder