6.3

CVSS4.0

CVE-2025-9828 - Tenda CP6 uhttp sub_2B7D04 risky encryption

A vulnerability was determined in Tenda CP6 11.10.00.243. The affected element is the function sub_2B7D04 of the component uhttp. Executing manipulation can lead to risky cryptographic algorithm. The attack may be launched remotely. This attack is characterized by high complexity. The exploitabilitโ€ฆ

๐Ÿ“… Published: Sept. 2, 2025, 5:02 p.m. ๐Ÿ”„ Last Modified: Sept. 4, 2025, 3:36 p.m.

9.4

CVSS4.0

CVE-2025-9696 - Use of Hard-coded Credentials in SunPower PVS6

The SunPower PVS6's BluetoothLE interface is vulnerable due to its use of hardcoded encryption parameters and publicly accessible protocol details. An attacker within Bluetooth range could exploit this vulnerability to gain full access to the device's servicing interface. This access allows the attโ€ฆ

๐Ÿ“… Published: Sept. 2, 2025, 4:34 p.m. ๐Ÿ”„ Last Modified: Sept. 4, 2025, 3:36 p.m.

8.6

CVSS3.1

CVE-2025-2413 - OTP Bypass in Akinsoft's ProKuafor

Improper Restriction of Excessive Authentication Attempts vulnerability in Akinsoft ProKuafor allows Authentication Bypass.This issue affects ProKuafor: from s1.02.08 before v1.02.08.

๐Ÿ“… Published: Sept. 2, 2025, 1:28 p.m. ๐Ÿ”„ Last Modified: Sept. 2, 2025, 1:28 p.m.

4.7

CVSS3.1

CVE-2025-0670 - IDOR in Akinsoft's ProKuafor

Authorization Bypass Through User-Controlled Key vulnerability in Akinsoft ProKuafor allows Resource Leak Exposure.This issue affects ProKuafor: from s1.02.07 before v1.02.08.

๐Ÿ“… Published: Sept. 2, 2025, 1:24 p.m. ๐Ÿ”„ Last Modified: Sept. 3, 2025, 8:27 p.m.

4.3

CVSS3.1

CVE-2024-12974 - XSS in Akinsoft's ProKuafรถr

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Akinsoft ProKuafรถr allows Cross-Site Scripting (XSS).This issue affects ProKuafรถr: from s1.02.07 before v1.02.08.

๐Ÿ“… Published: Sept. 2, 2025, 1:19 p.m. ๐Ÿ”„ Last Modified: Sept. 3, 2025, 8:27 p.m.

8.2

CVSS3.1

CVE-2024-58259 - Rancher affected by unauthenticated Denial of Service

A vulnerability has been identified within Rancher Manager in which it did not enforce request body size limits on certain public (unauthenticated) and authenticated API endpoints. This allows a malicious user to exploit this by sending excessively large payloads, which are fully loaded into meโ€ฆ

๐Ÿ“… Published: Sept. 2, 2025, 11:53 a.m. ๐Ÿ”„ Last Modified: Sept. 2, 2025, 11:54 a.m.

8.6

CVSS3.1

CVE-2025-2414 - OTP Bypass in Akinsoft's OctoCloud

Improper Restriction of Excessive Authentication Attempts vulnerability in Akinsoft OctoCloud allows Authentication Bypass.This issue affects OctoCloud: from s1.09.03 before v1.11.01.

๐Ÿ“… Published: Sept. 2, 2025, 11:52 a.m. ๐Ÿ”„ Last Modified: Sept. 2, 2025, 11:52 a.m.

7.7

CVSS3.1

CVE-2024-52284 - Rancher Fleet Helm Values are stored inside BundleDeployment in plain text

Unauthorized disclosure of sensitive data: Any user with `GET` or `LIST` permissions on `BundleDeployment` resources could retrieve Helm values containing credentials or other secrets.

๐Ÿ“… Published: Sept. 2, 2025, 11:49 a.m. ๐Ÿ”„ Last Modified: Sept. 3, 2025, 7:30 p.m.

4.7

CVSS3.1

CVE-2025-0640 - IDOR in Akinsoft's OctoCloud

Authorization Bypass Through User-Controlled Key vulnerability in Akinsoft OctoCloud allows Resource Leak Exposure.This issue affects OctoCloud: from s1.09.02 before v1.11.01.

๐Ÿ“… Published: Sept. 2, 2025, 11:48 a.m. ๐Ÿ”„ Last Modified: Sept. 3, 2025, 8:27 p.m.

4.7

CVSS3.1

CVE-2024-12973 - Host Header Injection in Akinsoft's OctoCloud

Origin Validation Error vulnerability in Akinsoft OctoCloud allows HTTP Response Splitting, CAPEC - 87 - Forceful Browsing.This issue affects OctoCloud: from s1.09.01 before v1.11.01.

๐Ÿ“… Published: Sept. 2, 2025, 11:43 a.m. ๐Ÿ”„ Last Modified: Sept. 3, 2025, 8:27 p.m.
Total resulsts: 308622
Page 85 of 30,863
ยซ previous page ยป next page
Filters