Lucene search
K

750 matches found

RedhatCVE
RedhatCVE
added 2026/02/12 1:43 p.m.5 views

CVE-2025-57713

A weak authentication vulnerability has been reported to affect File Station 5. The remote attackers can then exploit the vulnerability to gain sensitive information. We have already fixed the vulnerability in the following version: File Station 5 5.5.6.5166 and later...

7.5CVSS5.5AI score0.00512EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
added 2026/02/12 12:0 a.m.5 views

Ivanti Endpoint Manager AuthHelper Authentication Bypass Vulnerability

This vulnerability allows remote attackers to bypass authentication on affected installations of Ivanti Endpoint Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within the AuthHelper class. The issue results from using an alternative, weak...

8.6CVSS5.8AI score0.8056EPSS
Exploits0References1
OSV
OSV
added 2026/02/11 7:49 p.m.5 views

GHSA-7PPG-37FH-VCR6 Milvus: Unauthenticated Access to Restful API on Metrics Port (9091) Leads to Critical System Compromise

Summary Milvus exposes TCP port 9091 by default with two critical authentication bypass vulnerabilities: 1. The /expr debug endpoint uses a weak, predictable default authentication token derived from etcd.rootPath default: by-dev, enabling arbitrary expression evaluation. 2. The full REST API...

9.8CVSS6.8AI score0.34346EPSS
Exploits1References5
NVD
NVD
added 2026/02/11 1:15 p.m.10 views

CVE-2025-57713

A weak authentication vulnerability has been reported to affect File Station 5. The remote attackers can then exploit the vulnerability to gain sensitive information. We have already fixed the vulnerability in the following version: File Station 5 5.5.6.5166 and later...

7.5CVSS0.00512EPSS
Exploits0References1
OSV
OSV
added 2026/02/11 1:15 p.m.4 views

CVE-2025-57713

A weak authentication vulnerability has been reported to affect File Station 5. The remote attackers can then exploit the vulnerability to gain sensitive information. We have already fixed the vulnerability in the following version: File Station 5 5.5.6.5166 and later...

7.5CVSS5.8AI score0.00512EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/02/11 12:17 p.m.3 views

CVE-2025-57713

A weak authentication vulnerability has been reported to affect File Station 5. The remote attackers can then exploit the vulnerability to gain sensitive information. We have already fixed the vulnerability in the following version: File Station 5 5.5.6.5166 and later...

5.3CVSS5.5AI score0.00512EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2026/02/11 12:17 p.m.2 views

CVE-2025-57713 File Station 5

A weak authentication vulnerability has been reported to affect File Station 5. The remote attackers can then exploit the vulnerability to gain sensitive information. We have already fixed the vulnerability in the following version: File Station 5 5.5.6.5166 and later...

5.3CVSS5.5AI score0.00512EPSS
Exploits0References1
CVE
CVE
added 2026/02/11 12:17 p.m.16 views

CVE-2025-57713

CVE-2025-57713 concerns QNAP File Station 5. The weakness is a weak authentication mechanism that could allow remote attackers to obtain sensitive information. Disclosed across multiple sources, with a fix released in File Station 5 5.5.6.5166 and later; affected versions prior to this may be vul...

7.5CVSS5.5AI score0.00512EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2026/02/11 12:17 p.m.25 views

CVE-2025-57713 File Station 5

A weak authentication vulnerability has been reported to affect File Station 5. The remote attackers can then exploit the vulnerability to gain sensitive information. We have already fixed the vulnerability in the following version: File Station 5 5.5.6.5166 and later...

5.3CVSS0.00512EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/02/11 12:0 a.m.9 views

QNAP Systems File Station 5 安全漏洞

QNAP Systems File Station 5 is a file management system developed by QNAP Systems, a company based in Taiwan, China. Versions of QNAP Systems File Station 5 prior to 5.5.6.5166 contained security vulnerabilities. These vulnerabilities were due to weak authentication mechanisms, which could lead t...

7.5CVSS5.8AI score0.00512EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/02/11 12:0 a.m.8 views

PT-2026-7562

A weak authentication vulnerability has been reported to affect File Station 5. The remote attackers can then exploit the vulnerability to gain sensitive information. We have already fixed the vulnerability in the following version: File Station 5 5.5.6.5166 and later...

5.3CVSS5.5AI score0.00512EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/01/27 3:23 p.m.5 views

CVE-2025-59102

The web server of the Access Manager offers a functionality to download a backup of the local database stored on the device. This database contains the whole configuration. This includes encrypted MIFARE keys, card data, user PINs and much more. The PINs are even stored unencrypted. Combined with...

9.3CVSS5.9AI score0.00572EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/01/16 12:0 a.m.3 views

MiracleLinux 7 : samba-4.8.3-4.el7 (AXSA:2019-3544:01)

The remote MiracleLinux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2019-3544:01 advisory. samba: Weak authentication protocol regression CVE-2018-1139 samba: Insufficient input validation in libsmbclient CVE-2018-10858 samba: NULL pointer...

8.8CVSS7AI score0.06691EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/01/14 12:0 a.m.10 views

WordPress plugin PayHere Payment Gateway Plugin for WooCommerce 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerabili...

5.3CVSS6.6AI score0.00225EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/01/09 10:18 a.m.9 views

CVE-2019-18261

In Omron PLC CS series, all versions, Omron PLC CJ series, all versions, and Omron PLC NJ series, all versions, the software does not implement sufficient measures to prevent multiple failed authentication attempts within in a short time frame, making it more susceptible to brute force attacks...

9.8CVSS7AI score0.01307EPSS
Exploits0References1
NVD
NVD
added 2025/12/28 12:15 p.m.10 views

CVE-2025-15135

A weakness has been identified in joey-zhou xiaozhi-esp32-server-java up to 3.0.0. This impacts the function tryAuthenticateWithCookies of the file AuthenticationInterceptor.java of the component Cookie Handler. Executing manipulation can lead to improper authentication. The attack can be launche...

6.5CVSS0.00289EPSS
Exploits0References7
Packet Storm News
Packet Storm News
added 2025/12/24 12:0 a.m.13 views

Security Risks Introduced by Weak Authentication in Smart Home IoT Systems

Smart home IoT systems rely on authentication mechanisms to ensure that only authorized entities can control devices and access sensitive functionality. In practice, these mechanisms must balance security with usability, often favoring persistent connectivity and minimal user interaction. This...

6.9AI score
Exploits0
Positive Technologies
Positive Technologies
added 2025/12/21 12:0 a.m.6 views

PT-2025-52578

Name of the Vulnerable Software and Affected Versions Yealink RPS versions prior to 2025-06-27 Description The Yealink RPS software contains a flaw that allows unauthorized access to information, including AutoP URL addresses. The issue was addressed by implementing a more robust authentication...

7.4CVSS6.7AI score0.00269EPSS
Exploits0References7
Rapid7 Blog
Rapid7 Blog
added 2025/12/11 10:57 a.m.9 views

New Research: Multifunction Printer (MFP) Security Concerns within the Enterprise Business Environment

Multifunction printers MFPs do far more than print. They scan, email, fax, store, and authenticate. That convenience comes with risk. Our latest report, Understanding Multifunction Printer MFP Security within the Enterprise Business Environment, from Rapid7’s Deral Heiland, Principal Security...

7AI score
Exploits0
RedhatCVE
RedhatCVE
added 2025/12/11 5:3 a.m.6 views

CVE-2025-65289

A stored Cross site scripting XSS vulnerability in the Mercury MR816v2 081C3114 4.8.7 Build 110427 Rel 36550n router allows a remote attacker on the LAN to inject JavaScript into the router's management UI by submitting a malicious hostname. The injected script is stored and later executed in the...

6.1CVSS5.6AI score0.00317EPSS
Exploits1References1
Rows per page
Query Builder