Lucene search
K

128 matches found

NVD
NVD
added 2025/03/10 9:15 a.m.6 views

CVE-2025-27253

A CWE-15 "External Control of System or Configuration Setting" in GE Vernova UR IED family devices from version 7.0 up to 8.60 allows an attacker to provide input that establishes a TCP connection through a port forwarding. The lack of the IP address and port validation may allow the attacker to...

6.1CVSS0.0022EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/03/10 9:5 a.m.5 views

CVE-2025-27256

Missing Authentication for Critical Function vulnerability in GE Vernova Enervista UR Setup application allows Authentication Bypass due to a missing SSH server authentication. Since the client connection is not authenticated, an attacker may perform a man-in-the-middle attack on the network...

8.3CVSS7AI score0.00266EPSS
Exploits0References2
CVE
CVE
added 2025/03/10 9:5 a.m.65 views

CVE-2025-27255

This CVE concerns GE Vernova EnerVista UR Setup. The vulnerability arises from hard-coded credentials used to encrypt the local user database, with the credential password retrievable by analyzing the application code. A local attacker could leverage this to escalate privileges on the affected sy...

8CVSS7.2AI score0.00143EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/03/10 9:5 a.m.16 views

CVE-2025-27255

Use of Hard-coded Credentials vulnerability in GE Vernova EnerVista UR Setup allows Privilege Escalation. The local user database is encrypted using an hardcoded password retrievable by an attacker analyzing the application code...

8CVSS0.00143EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/03/10 12:0 a.m.3 views

GE Vernova EnerVista UR 访问控制错误漏洞

GE Vernova EnerVista UR is a device configuration tool from GE Vernova USA that is compatible with all UR relay applications. An access control error vulnerability exists in the GE Vernova EnerVista UR that stems from a lack of critical function authentication, which could lead to authentication...

8.3CVSS6.9AI score0.00266EPSS
Exploits0References3
Pen Test Partners Blog
Pen Test Partners Blog
added 2024/11/05 6:35 a.m.13 views

Maritime lawyers assemble!

Maritime cyber insurance has been playing catch-up with maritime cyber security for a while now. It was all pretty good until the availability of cheap VSAT meant that ships became constantly connected. Vessels were mostly not connected at sea, other than Fleet Broadband connections, rarely used...

7.4AI score
Exploits0
Pen Test Partners Blog
Pen Test Partners Blog
added 2024/11/05 6:14 a.m.11 views

What goes into testing a ship?

TL;DR Testing a ship involves identifying and mitigating cybersecurity risks using the "Identify, Prevent, Detect, Respond, Recover" framework. Guidelines include MSC.42898, BIMCO, IACS UR E26/E27, and ISO standards. New builds and existing vessels require proper documentation and network securit...

8AI score
Exploits0
Pen Test Partners Blog
Pen Test Partners Blog
added 2024/07/08 5:11 a.m.11 views

Pen testing cruise ships

New build ships contracted for build from 1st July 2024 must comply with IACS UR E26 & 27. What does this mean for assessing the cyber security of a cruise ship? What’s the risk profile? Cruise ships have a unique risk profile. This is due to the huge number of guests on board, highly complex...

7.8AI score
Exploits0
Openbugbounty
Openbugbounty
added 2024/06/14 11:37 a.m.7 views

ur-lr.or.jp Cross Site Scripting vulnerability OBB-3935179

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

6.2AI score
Exploits0
Openbugbounty
Openbugbounty
added 2023/12/14 10:59 p.m.4 views

ur-alde.com Improper Access Control vulnerability OBB-3814271

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

7AI score
Exploits0
Openbugbounty
Openbugbounty
added 2023/11/20 2:34 a.m.6 views

chefgourmet.ch Cross Site Scripting vulnerability OBB-3786939

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

6.3AI score
Exploits0
Openbugbounty
Openbugbounty
added 2023/10/12 9:53 p.m.8 views

ur-bar.de Cross Site Scripting vulnerability OBB-3743978

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

6.1AI score
Exploits0
OSV
OSV
added 2023/10/05 7:15 p.m.4 views

CVE-2023-43260

Milesight UR5X, UR32L, UR32, UR35, UR41 before v35.3.0.7 was discovered to contain a cross-site scripting XSS vulnerability via the admin panel...

6.1CVSS5.7AI score0.0037EPSS
Exploits1References1
CNNVD
CNNVD
added 2023/10/05 12:0 a.m.6 views

Milesight Cross-Site Scripting Vulnerability

Milesight is a complete Artificial Intelligence Video Surveillance solution from China's StarZone IOT Milesight. A cross-site scripting vulnerability exists in Ursalink Milesight UR5X, UR32L, UR32, UR35, UR41 , Industrial Cellular Routers prior to v35.3.0.7, which stems from the admin panel being...

6.1CVSS6AI score0.0037EPSS
Exploits1References2
Openbugbounty
Openbugbounty
added 2023/09/12 7:54 a.m.8 views

ur-bane.com Cross Site Scripting vulnerability OBB-3673807

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

6.1AI score
Exploits0
Openbugbounty
Openbugbounty
added 2023/07/08 10:52 a.m.14 views

ur-biowooeb.cirad.fr Cross Site Scripting vulnerability OBB-3490326

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

6.1AI score
Exploits0
Openbugbounty
Openbugbounty
added 2023/07/08 10:47 a.m.18 views

ur-aida.cirad.fr Cross Site Scripting vulnerability OBB-3490318

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

6.1AI score
Exploits0
NVD
NVD
added 2023/05/10 9:15 a.m.19 views

CVE-2023-24406

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Muneeb ur Rehman Simple PopUp plugin = 1.8.6 versions...

5.9CVSS5.4AI score0.00369EPSS
Exploits0References1
Cvelist
Cvelist
added 2023/05/10 8:1 a.m.25 views

CVE-2023-24406 WordPress Simple Popup Images Plugin <= 1.8.6 is vulnerable to Cross Site Scripting (XSS)

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Muneeb ur Rehman Simple PopUp plugin = 1.8.6 versions...

5.9CVSS5.5AI score0.00369EPSS
Exploits0References1
CVE
CVE
added 2023/05/10 8:1 a.m.49 views

CVE-2023-24406

The CVE-2023-24406 entry describes a Stored XSS in WordPress Simple Popup Images Plugin (admin+). Affected: Simple Popup plugin, versions

5.9CVSS5.1AI score0.00369EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder