Lucene search
K

1453 matches found

OSSF Malicious Packages
OSSF Malicious Packages
added 2025/11/24 4:31 p.m.6 views

Malicious code in @posthog/wizard (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 43ed05e891884ed2cf2d6f1790352cd3d07f97a03c6fb152561eb2e8b9d938c2 The package @posthog/wizard was found to contain malicious code. Source: google-open-source-security...

6.9AI score
Exploits0References3
EUVD
EUVD
added 2025/11/24 4:31 p.m.4 views

EUVD-2025-198925

Malicious code in @posthog/wizard npm...

6.6AI score
Exploits0
OSV
OSV
added 2025/11/24 4:31 p.m.3 views

MAL-2025-190900 Malicious code in @posthog/wizard (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 43ed05e891884ed2cf2d6f1790352cd3d07f97a03c6fb152561eb2e8b9d938c2 The package @posthog/wizard was found to contain malicious code. Source: google-open-source-security...

6.8AI score
Exploits0References3
Snyk
Snyk
added 2025/11/24 4:24 p.m.1 views

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code. This package contains malicious code associated with the Sha1-hulud supply chain attack, and its content was removed from the official package manager. The malware functions as a self-replicating worm capable of...

9.8CVSS6.8AI score
Exploits0References3
OpenVAS
OpenVAS
added 2025/11/20 12:0 a.m.4 views

RaidenFTPD Server <= 2.4.4005 Buffer Overflow Vulnerability

RaidenFTPD v.2.4 build 4005 allows a local attacker to execute arbitrary code via the Server name field of the step by step setup wizard. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right...

7.8CVSS7.5AI score0.00433EPSS
Exploits2References2
RedhatCVE
RedhatCVE
added 2025/11/19 10:23 a.m.4 views

CVE-2025-41733

The commissioning wizard on the affected devices does not validate if the device is already initialized. An unauthenticated remote attacker can construct POST requests to set root credentials...

9.8CVSS7.1AI score0.00576EPSS
Exploits0References1
EUVD
EUVD
added 2025/11/18 12:30 p.m.4 views

EUVD-2025-197985

The commissioning wizard on the affected devices does not validate if the device is already initialized. An unauthenticated remote attacker can construct POST requests to set root credentials...

9.8CVSS6.7AI score0.00576EPSS
Exploits0References2
NVD
NVD
added 2025/11/18 11:15 a.m.6 views

CVE-2025-41733

The commissioning wizard on the affected devices does not validate if the device is already initialized. An unauthenticated remote attacker can construct POST requests to set root credentials...

9.8CVSS0.00576EPSS
Exploits0References1
CVE
CVE
added 2025/11/18 10:17 a.m.16 views

CVE-2025-41733

The CVE-2025-41733 issue affects METZ CONNECT EWIO2-M, EWIO2-M-BM, and EWIO2-BM devices. The commissioning wizard does not validate whether the device is already initialized, enabling an unauthenticated remote attacker to construct HTTP POST requests to set root credentials, potentially gaining f...

9.8CVSS6.8AI score0.00576EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2025/11/18 10:17 a.m.3 views

CVE-2025-41733 Possible malfunction credential injection

The commissioning wizard on the affected devices does not validate if the device is already initialized. An unauthenticated remote attacker can construct POST requests to set root credentials...

9.8CVSS6.8AI score0.00576EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/11/18 12:0 a.m.5 views

PT-2025-47290

Name of the Vulnerable Software and Affected Versions versions prior to 2.3 Description The commissioning wizard does not validate if the device is already initialized. This allows an unauthenticated remote attacker to construct HTTP POST requests to set or modify root credentials without...

9.8CVSS7AI score0.00576EPSS
Exploits0References7
CNNVD
CNNVD
added 2025/11/18 12:0 a.m.1 views

METZ CONNECT多款产品 安全漏洞

METZ CONNECT Energy-Controlling EWIO2-M and others are products of METZ CONNECT, Germany.METZ CONNECT Energy-Controlling EWIO2-M is a high performance data logger.METZ CONNECT Energy- Controlling EWIO2-M-BM is a high performance data logger.METZ CONNECT Ethernet-IO EWIO2-BM is a sensor and actuat...

9.8CVSS6.7AI score0.00576EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/11/18 12:0 a.m.2 views

RHEL 8 / 9 : Red Hat Ansible Automation Platform 2.4 Product Security and Bug Fix Update (Moderate) (RHSA-2025:21706)

The remote Redhat Enterprise Linux 8 / 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2025:21706 advisory. Red Hat Ansible Automation Platform provides an enterprise framework for building, deploying and managing IT automation at scale. IT Managers ca...

7.5CVSS5.6AI score0.00443EPSS
Exploits0References5
Veeam
Veeam
added 2025/11/13 12:0 a.m.16 views

Impact of Domain name or Hostname Change on Veeam Appliances

Challenge After changing the FQDN of a Veeam Appliance--either by adding it to a domain or changing its hostname--some operations may be impacted. Solution SAML Authentication May Stop Working After the host name of the Veeam Software Appliance is changed, the Service Provider SP information will...

5.8AI score
Exploits0Affected Software1
CNVD
CNVD
added 2025/11/12 12:0 a.m.6 views

WordPress LC Wizard plugin elevation of privilege vulnerability

WordPress LC Wizard plugin is a plugin with security vulnerabilities. WordPress LC Wizard plugin has an elevation of privilege vulnerability that stems from a missing capability check in the ghl-wizard/inc/wpuser.php file, which can be exploited by an attacker to cause an elevation of privilege...

8.1CVSS7.1AI score0.0028EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/11/08 7:41 a.m.3 views

CVE-2025-5483

The LC Wizard plugin for WordPress is vulnerable to Privilege Escalation due to a missing capability check in the ghl-wizard/inc/wpuser.php file in versions 1.2.10 to 1.3.0. This makes it possible for unauthenticated attackers to create new user accounts with the administrator role when the PRO...

8.1CVSS5.8AI score0.0028EPSS
Exploits0References1
NVD
NVD
added 2025/11/07 4:15 a.m.5 views

CVE-2025-5483

The LC Wizard plugin for WordPress is vulnerable to Privilege Escalation due to a missing capability check in the ghl-wizard/inc/wpuser.php file in versions 1.2.10 to 1.3.0. This makes it possible for unauthenticated attackers to create new user accounts with the administrator role when the PRO...

8.1CVSS0.0028EPSS
Exploits0References2
EUVD
EUVD
added 2025/11/07 3:27 a.m.3 views

EUVD-2025-38233

The LC Wizard plugin for WordPress is vulnerable to Privilege Escalation due to a missing capability check in the ghl-wizard/inc/wpuser.php file in versions 1.2.10 to 1.3.0. This makes it possible for unauthenticated attackers to create new user accounts with the administrator role when the PRO...

8.1CVSS5.4AI score0.0028EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2025/11/07 3:27 a.m.5 views

CVE-2025-5483 LC Wizard 1.2.10 - 1.3.0 - Missing Authorization to Unauthenticated Privilege Escalation

The LC Wizard plugin for WordPress is vulnerable to Privilege Escalation due to a missing capability check in the ghl-wizard/inc/wpuser.php file in versions 1.2.10 to 1.3.0. This makes it possible for unauthenticated attackers to create new user accounts with the administrator role when the PRO...

8.1CVSS5.5AI score0.0028EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/11/07 3:27 a.m.6 views

CVE-2025-5483 LC Wizard 1.2.10 - 1.3.0 - Missing Authorization to Unauthenticated Privilege Escalation

The LC Wizard plugin for WordPress is vulnerable to Privilege Escalation due to a missing capability check in the ghl-wizard/inc/wpuser.php file in versions 1.2.10 to 1.3.0. This makes it possible for unauthenticated attackers to create new user accounts with the administrator role when the PRO...

8.1CVSS0.0028EPSS
Exploits0References2
Rows per page
Query Builder