6.5

CVSS3.1

CVE-2024-50690 -

SunGrow WiNet-SV200.001.00.P027 and earlier versions contains a hardcoded password that can be used to decrypt all firmware updates.

πŸ“… Published: Jan. 24, 2025, midnight πŸ”„ Last Modified: May 29, 2025, 4:02 p.m.

9.9

CVSS3.1

CVE-2024-56404 -

In One Identity Identity Manager 9.x before 9.3, an insecure direct object reference (IDOR) vulnerability allows privilege escalation. Only On-Premise installations are affected.

πŸ“… Published: Jan. 24, 2025, midnight πŸ”„ Last Modified: Jan. 24, 2025, 7:43 p.m.

4.6

CVSS3.1

CVE-2024-57041 -

A persistent cross-site scripting (XSS) vulnerability in NodeBB v3.11.0 allows remote attackers to store arbitrary code in the 'about me' section of their profile.

πŸ“… Published: Jan. 24, 2025, midnight πŸ”„ Last Modified: June 27, 2025, 7:33 p.m.

5.4

CVSS3.1

CVE-2024-50692 -

SunGrow WiNet-SV200.001.00.P027 and earlier versions contains hardcoded MQTT credentials that allow an attacker to send arbitrary commands to an arbitrary inverter. It is also possible to impersonate the broker, because TLS is not used to identify the real MQTT broker. This means that MQTT communic…

πŸ“… Published: Jan. 24, 2025, midnight πŸ”„ Last Modified: May 29, 2025, 4:02 p.m.

9.8

CVSS3.1

CVE-2024-50698 -

SunGrow WiNet-SV200.001.00.P027 and earlier versions is vulnerable to heap-based buffer overflow due to bounds checks of the MQTT message content.

πŸ“… Published: Jan. 24, 2025, midnight πŸ”„ Last Modified: Sept. 15, 2025, 3:35 p.m.

5.7

CVSS3.1

CVE-2024-57277 -

InnoShop V.0.3.8 and below is vulnerable to Cross Site Scripting (XSS) via SVG file upload.

πŸ“… Published: Jan. 24, 2025, midnight πŸ”„ Last Modified: Jan. 26, 2026, 3:16 p.m.

4.9

CVSS3.1

CVE-2021-42718 - Sensitive data unnecessarily returned from authenticated API

Information Disclosure in API in Replicated Replicated Classic versions prior to 2.53.1 on all platforms allows authenticated users with Admin Console access to retrieve sensitive data, including application secrets, via accessing container definitions with environment variables through the Admin C…

πŸ“… Published: Jan. 23, 2025, 10:45 p.m. πŸ”„ Last Modified: July 13, 2025, 11:14 a.m.

4.8

CVSS3.1

CVE-2025-0577 - Glibc: vdso getrandom acceleration may return predictable randomness

An insufficient entropy vulnerability was found in glibc. The getrandom and arc4random family of functions may return predictable randomness if these functions are called again after the fork, which happens concurrently with a call to any of these functions.

πŸ“… Published: Jan. 23, 2025, 10:40 p.m. πŸ”„ Last Modified: Feb. 25, 2026, 4:54 p.m.

6.9

CVSS4.0

CVE-2025-0693 - Issue with AWS Sign-in IAM User Login Flow - Possible Username Enumeration

Variable response times in the AWS Sign-in IAM user login flow allowed for the use of brute force enumeration techniques to identify valid IAM usernames in an arbitrary AWS account.

πŸ“… Published: Jan. 23, 2025, 9:22 p.m. πŸ”„ Last Modified: Oct. 14, 2025, 7:15 p.m.

8.7

CVSS4.0

CVE-2025-23012 - Fedora Repository fedoraIntCallUser default credentials

Fedora Repository 3.8.x includes a service account (fedoraIntCallUser) with default credentials and privileges to read read local files by manipulating datastreams. Fedora Repository 3.8.1 was released on 2015-06-11 and is no longer maintained. Migrate to a currently supported version (6.5.1 as of …

πŸ“… Published: Jan. 23, 2025, 8:25 p.m. πŸ”„ Last Modified: Oct. 7, 2025, 4:47 p.m.
Total resulsts: 342311
Page 6296 of 34,232
Β« previous page Β» next page
Filters