Lucene search
K

8 matches found

CVE
CVE
added 2026/02/13 8:51 p.m.35 views

CVE-2026-26335

CVE-2026-26335 affects Calero VeraSMART web applications running on IIS where VeraSMART versions prior to 2022 R1 store static machineKey values in web.config. The static keys allow an attacker to craft a valid ASP.NET ViewState payload, bypassing integrity checks and enabling server-side deseria...

9.8CVSS6.6AI score0.02806EPSS
Exploits3References2Affected Software1
Cvelist
Cvelist
added 2025/10/28 12:0 a.m.18 views

CVE-2025-60805

An issue was discovered in BESSystem BES Application Server thru 9.5.x allowing unauthorized attackers to gain sensitive information via the "pre-resource" option in bes-web.xml...

0.00339EPSS
Exploits0References4
CNNVD
CNNVD
added 2025/08/19 12:0 a.m.2 views

ThriveX-Blog 安全漏洞

ThriveX-Blog is a blog management system by the individual developer LiuYuYang01. A security vulnerability exists in ThriveX-Blog 3.1.7 and earlier versions, which originates from an improper authorization issue in the function updateJsonValueByName in the file /webconfig/json/name/web...

6.5CVSS6.8AI score0.0026EPSS
Exploits0References6
Prion
Prion
added 2021/07/01 4:15 p.m.13 views

Code injection

An issue exists within the SSH console of Akkadian Provisioning Manager 4.50.02 which allows a low-level privileged user to escape the web configuration file editor and escalate privileges...

9CVSS8.7AI score0.01321EPSS
Exploits1References1Affected Software1
Hacker One
Hacker One
added 2019/08/30 4:27 a.m.8 views

U.S. Dept Of Defense: Local File Disclosure on the █████ (https://████████.edu/) leads to the full source code disclosure and credentials leak

A local file disclosure vulnerability was discovered on the █████ website https://████████.edu/. The vulnerability allowed an attacker to download the website's configuration file, which exposed the database credentials. Additionally, the source code for certain server-side resources was also...

7AI score
Exploits0
CNVD
CNVD
added 2018/05/04 12:0 a.m.3 views

Combodo iTop Command Injection Vulnerability

Combodo iTop also known as IT Operations Portal, IT Operations Portal is a French company Combodo ITIL-based development and for the daily operation of the IT environment of open source Web applications. The tool provides incident management, configuration management and problem management and...

7.2CVSS8.1AI score0.07495EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2015/06/08 12:0 a.m.3 views

PT-2015-6092 · Unknown · Thermostat

Name of the Vulnerable Software and Affected Versions: Thermostat versions prior to 2.0.0 Description: The issue allows local users to obtain user credentials by reading the web.xml configuration file due to world-readable permissions. Recommendations: For versions prior to 2.0.0, update to versi...

2.1CVSS6AI score0.00507EPSS
Exploits1References7
Positive Technologies
Positive Technologies
added 2011/04/06 12:0 a.m.5 views

PT-2011-2925 · Apache · Apache Tomcat

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided description. Description: A regression in a previous fix caused security constraints to be ignored under certain conditions. Specifically, this occurred when there was no login...

5.8CVSS4AI score0.06156EPSS
Exploits0References16
Rows per page
Query Builder