Lucene search
K

249 matches found

Debian CVE
Debian CVE
added 2025/12/05 10:17 a.m.4 views

CVE-2025-59775

Server-Side Request Forgery SSRF vulnerability in Apache HTTP Server on Windows with AllowEncodedSlashes On and MergeSlashes Off allows to potentially leak NTLM hashes to a malicious server via SSRF and malicious requests or content Users are recommended to upgrade to version 2.4.66, which fixes...

7.5CVSS7.5AI score0.00784EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/12/03 10:2 p.m.4 views

CVE-2025-61940

NMIS/BioDose V22.02 and previous versions rely on a common SQL Server user account to access data in the database. User access in the client application is restricted by a password authentication check in the client software but the underlying database connection always has access. The latest...

8.8CVSS7.7AI score0.00293EPSS
Exploits0References1
EUVD
EUVD
added 2025/12/02 9:31 p.m.7 views

EUVD-2025-200322

NMIS/BioDose V22.02 and previous versions rely on a common SQL Server user account to access data in the database. User access in the client application is restricted by a password authentication check in the client software but the underlying database connection always has access. The latest...

8.7CVSS7.2AI score0.00293EPSS
Exploits0References2
OSV
OSV
added 2025/12/02 9:15 p.m.2 views

CVE-2025-61940

NMIS/BioDose V22.02 and previous versions rely on a common SQL Server user account to access data in the database. User access in the client application is restricted by a password authentication check in the client software but the underlying database connection always has access. The latest...

8.8CVSS5.8AI score0.00293EPSS
Exploits0References1
NVD
NVD
added 2025/12/02 9:15 p.m.4 views

CVE-2025-61940

NMIS/BioDose V22.02 and previous versions rely on a common SQL Server user account to access data in the database. User access in the client application is restricted by a password authentication check in the client software but the underlying database connection always has access. The latest...

8.8CVSS0.00293EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/12/02 9:7 p.m.2 views

CVE-2025-61940 Mirion Medical EC2 Software NMIS BioDose Use of Client-Side Authentication

NMIS/BioDose V22.02 and previous versions rely on a common SQL Server user account to access data in the database. User access in the client application is restricted by a password authentication check in the client software but the underlying database connection always has access. The latest...

8.7CVSS7.3AI score0.00293EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/12/02 9:7 p.m.7 views

CVE-2025-61940 Mirion Medical EC2 Software NMIS BioDose Use of Client-Side Authentication

NMIS/BioDose V22.02 and previous versions rely on a common SQL Server user account to access data in the database. User access in the client application is restricted by a password authentication check in the client software but the underlying database connection always has access. The latest...

8.7CVSS0.00293EPSS
Exploits0References1
CVE
CVE
added 2025/12/02 9:7 p.m.10 views

CVE-2025-61940

NMIS/BioDose (versions before V22.02) uses a common SQL Server user account for database access, while the client app performs password authentication but the underlying DB connection maintains access. The latest release adds Windows authentication to the database, which would restrict the connec...

8.8CVSS7.3AI score0.00293EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2025/12/02 12:0 a.m.5 views

PT-2025-48777

Name of the Vulnerable Software and Affected Versions NMIS/BioDose versions prior to V22.02 Description NMIS/BioDose versions prior to V22.02 utilize a shared SQL Server user account for database access. Client application user access is controlled by password authentication within the client...

8.7CVSS7.4AI score0.00293EPSS
Exploits0References4
Securelist
Securelist
added 2025/11/26 10:0 a.m.12 views

Old tech, new vulnerabilities: NTLM abuse, ongoing exploitation in 2025

Just like the 2000s Flip phones grew popular, Windows XP debuted on personal computers, Apple introduced the iPod, peer-to-peer file sharing via torrents was taking off, and MSN Messenger dominated online chat. That was the tech scene in 2001, the same year when Sir Dystic of Cult of the Dead Cow...

8.8CVSS8.5AI score0.97798EPSS
Exploits90
Cvelist
Cvelist
added 2025/10/24 9:35 a.m.9 views

CVE-2025-36361 IBM App Connect Enterprise runtime is vulnerable to a lack of authorization on windows environments using IWA

IBM App Connect Enterprise 13.0.1.0 through 13.0.4.2, and 12.0.1.0 through 12.0.12.17 could allow an authenticated user to perform unauthorized actions on customer defined resources due to missing authorization...

6.3CVSS0.002EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/10/24 9:35 a.m.6 views

CVE-2025-36361 IBM App Connect Enterprise runtime is vulnerable to a lack of authorization on windows environments using IWA

IBM App Connect Enterprise 13.0.1.0 through 13.0.4.2, and 12.0.1.0 through 12.0.12.17 could allow an authenticated user to perform unauthorized actions on customer defined resources due to missing authorization...

6.3CVSS6.1AI score0.002EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/10/15 5:44 p.m.4 views

CVE-2025-59275

Improper validation of specified type of input in Windows Authentication Methods allows an authorized attacker to elevate privileges locally...

7.8CVSS6.9AI score0.00249EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/10/15 5:44 p.m.3 views

CVE-2025-59277

Improper validation of specified type of input in Windows Authentication Methods allows an authorized attacker to elevate privileges locally...

7.8CVSS6.9AI score0.00344EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/10/15 5:44 p.m.5 views

CVE-2025-59278

Improper validation of specified type of input in Windows Authentication Methods allows an authorized attacker to elevate privileges locally...

7.8CVSS6.9AI score0.00249EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/14 6:30 p.m.4 views

EUVD-2025-34271

Improper validation of specified type of input in Windows Authentication Methods allows an authorized attacker to elevate privileges locally...

7.8CVSS9.1AI score0.00249EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/14 6:30 p.m.6 views

EUVD-2025-34369

Improper validation of specified type of input in Windows Authentication Methods allows an authorized attacker to elevate privileges locally...

7.8CVSS9.1AI score0.00344EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/14 6:30 p.m.4 views

EUVD-2025-34364

Exposure of sensitive information to an unauthorized actor in Windows NTLM allows an unauthorized attacker to perform spoofing locally...

3.3CVSS8.9AI score0.00944EPSS
Exploits1References2
EUVD
EUVD
added 2025/10/14 6:30 p.m.5 views

EUVD-2025-34270

Improper validation of specified type of input in Windows Authentication Methods allows an authorized attacker to elevate privileges locally...

7.8CVSS9.1AI score0.00249EPSS
Exploits0References2
OSV
OSV
added 2025/10/14 5:16 p.m.2 views

CVE-2025-59284

Exposure of sensitive information to an unauthorized actor in Windows NTLM allows an unauthorized attacker to perform spoofing locally...

5.5CVSS5.8AI score0.00944EPSS
Exploits1References1
Rows per page
Query Builder