4.3

CVSS3.1

CVE-2024-12974 - XSS in Akinsoft's ProKuafΓΆr

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Akinsoft ProKuafΓΆr allows Cross-Site Scripting (XSS).This issue affects ProKuafΓΆr: from s1.02.07 before v1.02.08.

πŸ“… Published: Sept. 2, 2025, 1:19 p.m. πŸ”„ Last Modified: Sept. 3, 2025, 8:27 p.m.

8.2

CVSS3.1

CVE-2024-58259 - Rancher affected by unauthenticated Denial of Service

A vulnerability has been identified within Rancher Manager in which it did not enforce request body size limits on certain public (unauthenticated) and authenticated API endpoints. This allows a malicious user to exploit this by sending excessively large payloads, which are fully loaded into me…

πŸ“… Published: Sept. 2, 2025, 11:53 a.m. πŸ”„ Last Modified: Sept. 2, 2025, 11:54 a.m.

8.6

CVSS3.1

CVE-2025-2414 - OTP Bypass in Akinsoft's OctoCloud

Improper Restriction of Excessive Authentication Attempts vulnerability in Akinsoft OctoCloud allows Authentication Bypass.This issue affects OctoCloud: from s1.09.03 before v1.11.01.

πŸ“… Published: Sept. 2, 2025, 11:52 a.m. πŸ”„ Last Modified: Sept. 2, 2025, 11:52 a.m.

7.7

CVSS3.1

CVE-2024-52284 - Rancher Fleet Helm Values are stored inside BundleDeployment in plain text

Unauthorized disclosure of sensitive data: Any user with `GET` or `LIST` permissions on `BundleDeployment` resources could retrieve Helm values containing credentials or other secrets.

πŸ“… Published: Sept. 2, 2025, 11:49 a.m. πŸ”„ Last Modified: Sept. 3, 2025, 7:30 p.m.

4.7

CVSS3.1

CVE-2025-0640 - IDOR in Akinsoft's OctoCloud

Authorization Bypass Through User-Controlled Key vulnerability in Akinsoft OctoCloud allows Resource Leak Exposure.This issue affects OctoCloud: from s1.09.02 before v1.11.01.

πŸ“… Published: Sept. 2, 2025, 11:48 a.m. πŸ”„ Last Modified: Sept. 3, 2025, 8:27 p.m.

4.7

CVSS3.1

CVE-2024-12973 - Host Header Injection in Akinsoft's OctoCloud

Origin Validation Error vulnerability in Akinsoft OctoCloud allows HTTP Response Splitting, CAPEC - 87 - Forceful Browsing.This issue affects OctoCloud: from s1.09.01 before v1.11.01.

πŸ“… Published: Sept. 2, 2025, 11:43 a.m. πŸ”„ Last Modified: Sept. 3, 2025, 8:27 p.m.

4.3

CVSS3.1

CVE-2024-12972 - XSS in Akinsoft's OctoCloud

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Akinsoft OctoCloud allows Cross-Site Scripting (XSS).This issue affects OctoCloud: from s1.09.01 before v1.11.01.

πŸ“… Published: Sept. 2, 2025, 11:38 a.m. πŸ”„ Last Modified: Sept. 3, 2025, 8:27 p.m.

8.5

CVSS4.0

CVE-2025-46810 -

A UNIX Symbolic Link (Symlink) Following vulnerability in the packaging of openSUSE Tumbleweed traefik2 allows the traefik user to escalate to root.Β This issue affects Tumbleweed: from ? before 2.11.29.

πŸ“… Published: Sept. 2, 2025, 11:34 a.m. πŸ”„ Last Modified: Sept. 2, 2025, 11:35 a.m.

9.3

CVSS4.0

CVE-2025-52551 - Proprietary protocol allows for unauthenticated file operations

E2 Facility Management Systems use a proprietary protocol that allows for unauthenticated file operations on any file in the file system.

πŸ“… Published: Sept. 2, 2025, 11:30 a.m. πŸ”„ Last Modified: Sept. 2, 2025, 3:55 p.m.

8.6

CVSS4.0

CVE-2025-52550 - Firmware upgrade packages are unsigned

E3 Site Supervisor Control (firmware version < 2.31F01) firmware upgrade packages are unsigned. An attacker can forge malicious firmware upgrade packages. An attacker with admin access to the application services can install a malicious firmware upgrade.

πŸ“… Published: Sept. 2, 2025, 11:26 a.m. πŸ”„ Last Modified: Sept. 2, 2025, 3:55 p.m.
Total resulsts: 308638
Page 87 of 30,864
Β« previous page Β» next page
Filters