cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2024-4740,https://securityvulnerability.io/vulnerability/CVE-2024-4740,Software Vulnerability Affects Sensitive Data,"MXsecurity software versions v1.1.0 and earlier have a vulnerability arising from the use of hard-coded credentials, which compromises the security of the system. Attackers exploiting this vulnerability can gain unauthorized access to sensitive data, potentially allowing them to tamper with critical information. Organizations utilizing these versions are encouraged to assess their security posture and implement corrective measures to mitigate associated risks.",Moxa,Mxsecurity Series,7.5,HIGH,0.0004799999878741801,false,,false,false,false,,,false,false,,2024-10-18T08:21:15.659Z,0
CVE-2024-4739,https://securityvulnerability.io/vulnerability/CVE-2024-4739,Unauthorized Access to Resource Due to Inadequate Restriction,"The MXsecurity software, developed by Moxa, is affected by a vulnerability that arises from inadequate access restrictions to sensitive resources. Versions v1.1.0 and older are susceptible, allowing an attacker with a valid authenticator to impersonate an authorized user. This flaw signifies potential risks to data integrity and confidentiality, as unauthorized individuals could exploit this weakness to gain access to restricted resources, leading to possible data breaches. Immediate attention to software updates and security advisories is essential to mitigate these vulnerabilities.",Moxa,Mxsecurity Series,7.5,HIGH,0.0008699999889358878,false,,false,false,false,,,false,false,,2024-10-18T08:11:04.908Z,0
CVE-2023-39980,https://securityvulnerability.io/vulnerability/CVE-2023-39980,MXsecurity Authenticated Information Disclosure Due to SQL Injection,"A flaw has been identified in MXsecurity versions prior to v1.0.1, which enables unauthorized disclosure of authenticated information. This vulnerability results from improper neutralization of special elements, which allows remote attackers to manipulate SQL commands. Organizations using affected versions are advised to update to the latest version to mitigate potential security risks.",Moxa,Mxsecurity Series,7.1,HIGH,0.0009200000204145908,false,,false,false,false,,,false,false,,2023-09-02T13:15:00.000Z,0
CVE-2023-39982,https://securityvulnerability.io/vulnerability/CVE-2023-39982,MXsecurity Hardcoded Credential,"A vulnerability has been identified in MXsecurity versions prior to v1.0.1. The vulnerability may put the confidentiality and integrity of SSH communications at risk on the affected device. This vulnerability is attributed to a hard-coded SSH host key, which might facilitate man-in-the-middle attacks and enable the decryption of SSH traffic.",Moxa,Mxsecurity Series,5.9,MEDIUM,0.0017000000225380063,false,,false,false,false,,,false,false,,2023-09-02T13:15:00.000Z,0
CVE-2023-39983,https://securityvulnerability.io/vulnerability/CVE-2023-39983,MXsecurity Register Database Pollution,"A vulnerability that poses a potential risk of polluting the MXsecurity sqlite database and the nsm-web UI has been identified in MXsecurity versions prior to v1.0.1. This vulnerability might allow an unauthenticated remote attacker to register or add devices via the nsm-web application.

",Moxa,Mxsecurity Series,5.3,MEDIUM,0.001129999989643693,false,,false,false,false,,,false,false,,2023-09-02T13:15:00.000Z,0
CVE-2023-39981,https://securityvulnerability.io/vulnerability/CVE-2023-39981,MXsecurity Device Information Disclosure,"A vulnerability has been identified in Moxa's MXsecurity product, which allows unauthorized access due to inadequate authentication measures. This issue could enable remote attackers to potentially disclose sensitive device information, raising concerns about the overall security posture of affected systems. Users are encouraged to upgrade to MXsecurity version 1.0.1 or later to mitigate this vulnerability.",Moxa,Mxsecurity Series,7.5,HIGH,0.0026400000788271427,false,,false,false,false,,,false,false,,2023-09-02T13:15:00.000Z,0
CVE-2023-39979,https://securityvulnerability.io/vulnerability/CVE-2023-39979,MXsecurity Authentication Bypass,"A vulnerability exists in MXsecurity versions prior to 1.0.1, allowing remote attackers to bypass authentication mechanisms due to inadequate randomness in the web service authenticator. This weakness can potentially enable unauthorized access to the system, exposing sensitive data and functionalities. It is crucial for users of affected versions to apply the latest updates to mitigate the risks associated with this vulnerability.",Moxa,Mxsecurity Series,9.8,CRITICAL,0.002309999894350767,false,,false,false,false,,,false,false,,2023-09-02T13:15:00.000Z,0
CVE-2023-33236,https://securityvulnerability.io/vulnerability/CVE-2023-33236,MXsecurity Hardcoded Credential Vulnerability,"MXsecurity version 1.0 is susceptible to a hardcoded credential vulnerability that allows attackers to craft arbitrary JWT tokens. This exploitation enables unauthorized access by bypassing the authentication mechanisms designed for web-based APIs, posing serious security risks for systems reliant on this product.",Moxa,MXsecurity Series,9.8,CRITICAL,0.003659999929368496,false,,false,false,false,,,false,false,,2023-05-22T07:15:00.000Z,0
CVE-2023-33235,https://securityvulnerability.io/vulnerability/CVE-2023-33235,MXsecurity Command Injection Vulnerability,"A command injection vulnerability has been identified in MXsecurity version 1.0, specifically within the SSH CLI program. This security flaw allows attackers, who have gained authorized access, to escape from a restricted shell environment. By exploiting this vulnerability, they can execute arbitrary code, posing a significant risk to system integrity and security.",Moxa,MXsecurity Series,8.8,HIGH,0.00471000000834465,false,,false,false,false,,,false,false,,2023-05-22T06:15:00.000Z,0