7.7

CVSS3.1

CVE-2024-52284 - Rancher Fleet Helm Values are stored inside BundleDeployment in plain text

Unauthorized disclosure of sensitive data: Any user with `GET` or `LIST` permissions on `BundleDeployment` resources could retrieve Helm values containing credentials or other secrets.

πŸ“… Published: Sept. 2, 2025, 11:49 a.m. πŸ”„ Last Modified: April 15, 2026, 12:35 a.m.

4.7

CVSS3.1

CVE-2025-0640 - IDOR in Akinsoft's OctoCloud

Authorization Bypass Through User-Controlled Key vulnerability in Akinsoft OctoCloud allows Resource Leak Exposure.This issue affects OctoCloud: from s1.09.02 before v1.11.01.

πŸ“… Published: Sept. 2, 2025, 11:48 a.m. πŸ”„ Last Modified: April 15, 2026, 12:35 a.m.

4.7

CVSS3.1

CVE-2024-12973 - Host Header Injection in Akinsoft's OctoCloud

Origin Validation Error vulnerability in Akinsoft OctoCloud allows HTTP Response Splitting, CAPEC - 87 - Forceful Browsing.This issue affects OctoCloud: from s1.09.01 before v1.11.01.

πŸ“… Published: Sept. 2, 2025, 11:43 a.m. πŸ”„ Last Modified: April 15, 2026, 12:35 a.m.

4.3

CVSS3.1

CVE-2024-12972 - XSS in Akinsoft's OctoCloud

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Akinsoft OctoCloud allows Cross-Site Scripting (XSS).This issue affects OctoCloud: from s1.09.01 before v1.11.01.

πŸ“… Published: Sept. 2, 2025, 11:38 a.m. πŸ”„ Last Modified: April 15, 2026, 12:35 a.m.

8.5

CVSS4.0

CVE-2025-46810 - traefik: Escalation to root from traefik user via %post script

A UNIX Symbolic Link (Symlink) Following vulnerability in the packaging of openSUSE Tumbleweed traefik2 allows the traefik user to escalate to root.Β This issue affects Tumbleweed: from ? before 2.11.29.

πŸ“… Published: Sept. 2, 2025, 11:34 a.m. πŸ”„ Last Modified: April 15, 2026, 12:35 a.m.

9.3

CVSS4.0

CVE-2025-52551 - Proprietary protocol allows for unauthenticated file operations

E2 Facility Management Systems use a proprietary protocol that allows for unauthenticated file operations on any file in the file system.

πŸ“… Published: Sept. 2, 2025, 11:30 a.m. πŸ”„ Last Modified: April 15, 2026, 12:35 a.m.

8.6

CVSS4.0

CVE-2025-52550 - Firmware upgrade packages are unsigned

E3 Site Supervisor Control (firmware version < 2.31F01) firmware upgrade packages are unsigned. An attacker can forge malicious firmware upgrade packages. An attacker with admin access to the application services can install a malicious firmware upgrade.

πŸ“… Published: Sept. 2, 2025, 11:26 a.m. πŸ”„ Last Modified: Oct. 1, 2025, 6:20 p.m.

9.2

CVSS4.0

CVE-2025-52549 - Predictable root linux password generation

E3 Site Supervisor Control (firmware version < 2.31F01) generates the root linux password on each boot. An attacker can generate the root linux password for a vulnerable device based on known or easy to fetch parameters.

πŸ“… Published: Sept. 2, 2025, 11:26 a.m. πŸ”„ Last Modified: Oct. 1, 2025, 6:23 p.m.

6.9

CVSS4.0

CVE-2025-52548 - Enabling SSH and Shellinabox on the vulnerable machine

E3 Site Supervisor Control (firmware version < 2.31F01) contains a hidden API call in the application services that enables SSH and Shellinabox, which exist but are disabled by default. An attacker with admin access to the application services can utilize this API to enable remote access to the und…

πŸ“… Published: Sept. 2, 2025, 11:26 a.m. πŸ”„ Last Modified: Oct. 1, 2025, 6:25 p.m.

8.7

CVSS4.0

CVE-2025-52547 - DoS to the application services

E3 Site Supervisor Control (firmware version < 2.31F01) MGW contains an API call that lacks input validation. An attacker can use this command to continuously crash the application services.

πŸ“… Published: Sept. 2, 2025, 11:25 a.m. πŸ”„ Last Modified: Oct. 1, 2025, 6:25 p.m.
Total resulsts: 349182
Page 4055 of 34,919
Β« previous page Β» next page
Filters