An issue in the emqx_sn plugin of EMQX v4.3.8 allows attackers to execute a directory traversal via uploading a crafted .txt file.
CVSS Score
6.5
EPSS Score
0.005
Published
2023-07-17
EMQ X Dashboard V3.0.0 is affected by username enumeration in the "/api /v3/auth" interface. When a user login, the application returns different results depending on whether the account is correct, that allowed an attacker to determine if a given username was valid
CVSS Score
5.3
EPSS Score
0.002
Published
2022-03-28