Page 2 of 14665 results (0.020 seconds)

CVSS: 7.5EPSS: %CPEs: -EXPL: 0

27 Jun 2025 — This vulnerability allows remote attackers to disclose sensitive information on affected installations of Marvell QConvergeConsole. ... An attacker can leverage this vulnerability to disclose information in the context of SYSTEM. •

CVSS: 7.5EPSS: %CPEs: -EXPL: 0

27 Jun 2025 — This vulnerability allows remote attackers to disclose sensitive information on affected installations of Marvell QConvergeConsole. ... An attacker can leverage this vulnerability to disclose information in the context of SYSTEM. •

CVSS: 7.5EPSS: %CPEs: -EXPL: 0

27 Jun 2025 — This vulnerability allows remote attackers to disclose sensitive information on affected installations of Marvell QConvergeConsole. ... An attacker can leverage this vulnerability to disclose information in the context of SYSTEM. •

CVSS: 5.3EPSS: %CPEs: -EXPL: 0

27 Jun 2025 — This vulnerability allows remote attackers to disclose sensitive information on affected installations of Marvell QConvergeConsole. ... An attacker can leverage this vulnerability to disclose information in the context of SYSTEM. •

CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0

26 Jun 2025 — IBM InfoSphere DataStage Flow Designer in IBM InfoSphere Information Server 11.7 discloses sensitive user information in API requests in clear text that could be intercepted using man in the middle techniques. • https://www.ibm.com/support/pages/node/7237604 • CWE-319: Cleartext Transmission of Sensitive Information

CVSS: 4.9EPSS: 0%CPEs: 1EXPL: 0

26 Jun 2025 — A path traversal vulnerability in System Information Reporter (SIR) 1.0.3 and prior allowed an authenticated high privileged user to issue malicious ePO post requests to System Information Reporter, leading to creation of files anywhere on the filesystem and possibly overwriting existing files and exposing sensitive information disclosure. • https://thrive.trellix.com/s/article/000014635 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •

CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0

25 Jun 2025 — Autel MaxiCharger AC Wallbox Commercial PIN Missing Authentication Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Autel MaxiCharger AC Wallbox Commercial charging stations. • https://www.zerodayinitiative.com/advisories/ZDI-25-342 • CWE-306: Missing Authentication for Critical Function •

CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0

25 Jun 2025 — A local, low-privileged attacker can learn the password of the connected controller in PLC Designer V4 due to an incorrect implementation that results in the password being displayed in plain text under special conditions. • https://certvde.com/en/advisories/VDE-2025-043 • CWE-312: Cleartext Storage of Sensitive Information

CVSS: 6.8EPSS: 0%CPEs: 690EXPL: 1

25 Jun 2025 — An authenticated attacker can reconfigure the target device to use an external service (such as LDAP or FTP) controlled by the attacker. If an existing password is present for an external service, the attacker can force the target device to authenticate to an attacker controlled device using the existing credentials for that external service. In the case of an external LDAP or FTP service, this will disclose the plaintext password for that external service to the attacker. • https://assets.contentstack.io/v3/assets/blte4f029e766e6b253/blt6495b3c6adf2867f/685aa980a26c5e2b1026969c/vulnerability-disclosure-whitepaper.pdf • CWE-522: Insufficiently Protected Credentials •

CVSS: 7.8EPSS: 0%CPEs: 666EXPL: 1

25 Jun 2025 — An unauthenticated attacker who can connect to the Web Services feature (HTTP TCP port 80) can issue a WS-Scan SOAP request containing an unexpected JobToken value which will crash the target device. The device will reboot, after which the attacker can reissue the command to repeatedly crash the device. • https://assets.contentstack.io/v3/assets/blte4f029e766e6b253/blt6495b3c6adf2867f/685aa980a26c5e2b1026969c/vulnerability-disclosure-whitepaper.pdf • CWE-1286: Improper Validation of Syntactic Correctness of Input •