Lucene search
K

4 matches found

NVD
NVD
added 2026/04/21 5:16 p.m.6 views

CVE-2026-40589

FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.214, a low-privileged agent can edit a visible customer and add an email address already owned by a hidden customer in another mailbox. The server discloses the hidden customer’s name and profile URL in the success...

7.6CVSS0.00236EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2025/10/21 9:46 p.m.10 views

Nautobot Single Source of Truth (SSoT) has an unauthenticated ServiceNow configuration URL

The servicenow config URL is using a generic django View with no authentication. URL: /plugins/ssot/servicenow/config/ Impact What kind of vulnerability is it? Who is impacted? An Unauthenticated attacker could access this page to view the Service Now public instance name e.g...

5.3CVSS7AI score0.00268EPSS
Exploits0References5Affected Software1
NVD
NVD
added 2025/09/22 6:15 p.m.24 views

CVE-2025-57437

The Blackmagic Web Presenter HD firmware version 3.3 exposes sensitive information via an unauthenticated Telnet service on port 9977. When connected, the service reveals extensive device configuration data including: - Model, version, and unique identifiers - Network settings including IP, MAC,...

9.8CVSS0.00497EPSS
Exploits1References2
Atlassian
Atlassian
added 2020/09/23 5:14 p.m.51 views

Embedded Crowd passes sensitive paramaters in the URL when adding a new or editing an existing user directory.

h3. Issue Summary While adding a new directory or editing an existing one the embedded crowd passes directoryId, xsrfTokenName and xsrfTokenValue parameters to the URL. h3. Environment Bitbucket 6.9.X, 7.4.X, 7.5.X, 7.6.X h3. Steps to Reproduce In Bitbucket navigate to Gear Icon User Directories;...

2AI score
Exploits0Affected Software1
Rows per page
Query Builder