Lucene search
K

33 matches found

RedhatCVE
RedhatCVE
added 2026/01/09 8:34 a.m.14 views

CVE-2024-41659

memos is a privacy-first, lightweight note-taking service. A CORS misconfiguration exists in memos 0.20.1 and earlier where an arbitrary origin is reflected with Access-Control-Allow-Credentials set to true. This may allow an attacking website to make a cross-origin request, allowing the attacker...

8.1CVSS6.4AI score0.00607EPSS
Exploits1References1
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2018-20711

Malware in sbrugna...

5.4CVSS5.5AI score0.00531EPSS
Exploits1References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2020-22951

Malware in sbrugna...

8CVSS7.8AI score0.00558EPSS
Exploits1References3
EUVD
EUVD
added 2025/10/07 12:30 a.m.3 views

EUVD-2019-7981

Malware in sbrugna...

8.8CVSS8.6AI score0.00598EPSS
Exploits1References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2000-1124

Malware in sbrugna...

7.5CVSS6.4AI score0.05022EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2017-0107

Malware in sbrugna...

7.8CVSS7.6AI score0.00734EPSS
Exploits0References7
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2007-6364

Malware in sbrugna...

5CVSS6.4AI score0.02447EPSS
Exploits0References5
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2003-1447

Malware in sbrugna...

4.6CVSS6.4AI score0.00529EPSS
Exploits0References5
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2021-20230

Malware in sbrugna...

9CVSS8.7AI score0.01048EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2022-27156

Malicious code in bioql PyPI...

5.5CVSS6.5AI score0.01282EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/08/06 10:51 a.m.3 views

CVE-2025-46389

CWE-620: Unverified Password Change...

6.5CVSS6.6AI score0.00222EPSS
Exploits0References1
Veracode
Veracode
added 2025/07/02 6:31 a.m.7 views

Insecure Password Handling

github.com/filebrowser/filebrowser is vulnerable to Insecure Password Handling. The vulnerability is due to a missing password policy and lack of brute-force protection, which allows an attacker to perform brute-force attacks to retrieve user account passwords...

7.5CVSS7.2AI score0.00472EPSS
Exploits1References4Affected Software2
Cvelist
Cvelist
added 2025/06/10 11:8 p.m.40 views

CVE-2025-26521 Apache CloudStack: CKS cluster in project exposes user API keys

When an Apache CloudStack user-account creates a CKS-based Kubernetes cluster in a project, the API key and the secret key of the 'kubeadmin' user of the caller account are used to create the secret config in the CKS-based Kubernetes cluster. A member of the project who can access the CKS-based...

0.00596EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/05/22 7:27 p.m.6 views

CVE-2021-26024

The Favorites component before 1.0.2 for Nagios XI 5.8.0 is vulnerable to Insecure Direct Object Reference: it is possible to create favorites for any other user account...

5.3CVSS6.9AI score0.19017EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 10:23 a.m.8 views

CVE-2019-9957

Stored XSS within Quadbase EspressReport ES ERES v7.0 update 7 allows remote attackers to execute malicious JavaScript and inject arbitrary source code into the target pages. The XSS payload is stored by creating a new user account, and setting the username to an XSS payload. The stored payload c...

5.4CVSS6.2AI score0.00821EPSS
Exploits1References1
NVD
NVD
added 2025/04/17 7:15 a.m.16 views

CVE-2025-2903

An attacker with knowledge of creating user accounts during VM deployment on Google Cloud Platform GCP using the OS Login feature, can login via SSH gaining command-line control of the operating system. This allows an attacker to gain access to sensitive data stored on the VM, install malicious...

8.5CVSS0.00181EPSS
Exploits0References1
CVE
CVE
added 2025/03/01 2:22 p.m.57 views

CVE-2024-41778

CVE-2024-41778 affects IBM Controller 11.0.0–11.0.1 and 11.1.0, where default weak password requirements may allow attackers to compromise user accounts. Connected sources corroborate weak password handling across the affected versions. The IBM Security Bulletin lists remediation by upgrading to ...

6.5CVSS6.7AI score0.00251EPSS
Exploits0References1Affected Software1
RedhatCVE
RedhatCVE
added 2025/02/05 7:58 p.m.7 views

CVE-2022-22110

In Daybyday CRM, versions 1.1 through 2.2.0 enforce weak password requirements in the user update functionality. A user with privileges to update his password could change it to a weak password, such as those with a length of a single character. This may allow an attacker to brute-force users’...

7.5CVSS6.8AI score0.01122EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/02/05 7:6 p.m.9 views

CVE-2022-26303

An external config control vulnerability exists in the OAS Engine SecureAddUser functionality of Open Automation Software OAS Platform V16.00.0112. A specially-crafted series of network requests can lead to the creation of an OAS user account. An attacker can send a sequence of requests to trigge...

7.5CVSS6.6AI score0.01208EPSS
Exploits1References1
CVE
CVE
added 2025/01/29 4:37 p.m.56 views

CVE-2023-35907

CVE-2023-35907 affects IBM Aspera Faspex versions 5.0.0–5.0.10, where default weak password requirements can allow attacker compromise of user accounts. The cited sources also show remediation: upgrade to Faspex 5.0.11 (IBM) to address the vulnerability. No exploitation details are provided in th...

9.8CVSS5.7AI score0.00314EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder