Lucene search
K

120932 matches found

OSV
OSV
added 2026/01/06 3:15 a.m.3 views

CVE-2025-12793

An uncontrolled DLL loading path vulnerability exists in AsusSoftwareManagerAgent. A local attacker may influence the application to load a DLL from an attacker-controlled location, potentially resulting in arbitrary code execution. Refer to the ' Security Update for MyASUS' section on the ASUS...

7.8CVSS6AI score0.00115EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/01/06 2:14 a.m.2 views

CVE-2025-12793

An uncontrolled DLL loading path vulnerability exists in AsusSoftwareManagerAgent. A local attacker may influence the application to load a DLL from an attacker-controlled location, potentially resulting in arbitrary code execution. Refer to the ' Security Update for MyASUS' section on the ASUS...

8.5CVSS6.8AI score0.00115EPSS
Exploits0References1
CVE
CVE
added 2026/01/06 2:14 a.m.16 views

CVE-2025-12793

CVE-2025-12793 affects AsusSoftwareManagerAgent with an uncontrolled DLL loading path vulnerability. The Red Hat and CVE records corroborate a local attacker could influence the process to load a DLL from an attacker-controlled location, potentially enabling arbitrary code execution. The PT-Secur...

8.5CVSS6.8AI score0.00115EPSS
Exploits0References1Affected Software1
CNVD
CNVD
added 2026/01/06 12:0 a.m.3 views

Tenda M3 /goform/exeCommand File Stack Buffer Overflow Vulnerability

Tenda M3 is a wireless controller AC from Tenda, which is aimed at scenarios such as hotel chains, low-star hotels and small and medium-sized businesses. Tenda M3 has a stack buffer overflow vulnerability, the vulnerability stems from the wrong operation of the parameter cmdinput in the file...

9CVSS6.4AI score0.00632EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/01/06 12:0 a.m.4 views

ASUS System Control Interface 安全漏洞

ASUS System Control Interface is a computer system control interface from Asus China. A security vulnerability exists in ASUS System Control Interface, which originates from an uncontrolled DLL load path that could lead to the execution of arbitrary code...

8.5CVSS6.9AI score0.00115EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/01/06 12:0 a.m.7 views

Forcepoint One DLP Client 安全漏洞

Forcepoint One DLP Client is an endpoint data protection agent software from Forcepoint, USA. A security vulnerability exists in Forcepoint One DLP Client version 23.04.5642, which stems from a restriction on the ctypes library that can be bypassed, potentially leading to the execution of arbitra...

7.8CVSS7.1AI score0.00178EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/01/06 12:0 a.m.8 views

PT-2026-1396

Name of the Vulnerable Software and Affected Versions AsusSoftwareManagerAgent affected versions not specified Description An uncontrolled DLL loading path issue exists in AsusSoftwareManagerAgent. A local attacker may be able to influence the application to load a DLL from a location controlled ...

8.5CVSS7AI score0.00115EPSS
Exploits0References6
CNVD
CNVD
added 2026/01/06 12:0 a.m.3 views

Tenda M3 /goform/setAdInfoDetail File Heap Buffer Overflow Vulnerability

Tenda M3 is a wireless controller AC from Tenda, which is aimed at scenarios such as hotel chains, low-star hotels and small and medium-sized businesses. Tenda M3 heap buffer overflow vulnerability exists, the vulnerability stems from the parameter...

9CVSS6.3AI score0.00632EPSS
Exploits1References1
CNVD
CNVD
added 2026/01/06 12:0 a.m.4 views

Tenda M3 /goform/setAdPushInfo File Stack Buffer Overflow Vulnerability

Tenda M3 is a wireless controller AC from Tenda, which is aimed at scenarios such as hotel chains, low-star hotels and small and medium-sized businesses. Tenda M3 has a stack buffer overflow vulnerability, the vulnerability stems from the incorrect operation of the parameter mac/terminal in the...

9CVSS6.3AI score0.00632EPSS
Exploits1References1
OSV
OSV
added 2026/01/05 10:56 p.m.6 views

GHSA-829Q-M3QG-PH8R Vega XSS via expression abusing vlSelectionTuples function array map calls in environments with satisfactory function gadgets in the global scope

Impact Applications meeting these two conditions are at risk of arbitrary JavaScript code execution, even if "safe mode" expressionInterpreter is used. 1. Use vega in an application that attaches both vega library and a vega.View instance similar to the Vega Editor to the global window, or has an...

8.1CVSS6.9AI score0.00452EPSS
Exploits1References3
NVD
NVD
added 2026/01/05 10:15 p.m.10 views

CVE-2025-65110

Vega is a visualization grammar, a declarative format for creating, saving, and sharing interactive visualization designs. Prior to versions 6.1.2 and 5.6.3, applications meeting two conditions are at risk of arbitrary JavaScript code execution, even if "safe mode" expressionInterpreter is used...

9.3CVSS0.00452EPSS
Exploits1References1
OSV
OSV
added 2026/01/05 10:15 p.m.4 views

DEBIAN-CVE-2025-65110

Vega is a visualization grammar, a declarative format for creating, saving, and sharing interactive visualization designs. Prior to versions 6.1.2 and 5.6.3, applications meeting two conditions are at risk of arbitrary JavaScript code execution, even if "safe mode" expressionInterpreter is used...

9.3CVSS6.1AI score0.00452EPSS
Exploits1References1
Cvelist
Cvelist
added 2026/01/05 9:22 p.m.25 views

CVE-2025-65110 Vega Cross-Site Scripting (XSS) via expression abusing vlSelectionTuples function array map calls in environments with satisfactory function gadgets in the global scope

Vega is a visualization grammar, a declarative format for creating, saving, and sharing interactive visualization designs. Prior to versions 6.1.2 and 5.6.3, applications meeting two conditions are at risk of arbitrary JavaScript code execution, even if "safe mode" expressionInterpreter is used...

8.1CVSS0.00452EPSS
Exploits1References1
CVE
CVE
added 2026/01/05 9:22 p.m.21 views

CVE-2025-65110

CVE-2025-65110 affects Vega, a visualization grammar. Prior to versions 6.1.2 and 5.6.3, if an application both attaches the Vega library and a vega.View instance to the global window (or has other safe-function gadget in the global scope) and allows user-defined Vega JSON definitions, it is at r...

9.3CVSS7AI score0.00452EPSS
Exploits1References1Affected Software1
OSV
OSV
added 2026/01/05 9:22 p.m.5 views

CVE-2025-65110 Vega Cross-Site Scripting (XSS) via expression abusing vlSelectionTuples function array map calls in environments with satisfactory function gadgets in the global scope

Vega is a visualization grammar, a declarative format for creating, saving, and sharing interactive visualization designs. Prior to versions 6.1.2 and 5.6.3, applications meeting two conditions are at risk of arbitrary JavaScript code execution, even if "safe mode" expressionInterpreter is used...

8.1CVSS7.2AI score0.00452EPSS
Exploits1References3
RedHat Linux
RedHat Linux
added 2026/01/05 6:1 p.m.6 views

libtiff: Libtiff Write-What-Where

A flaw was found in Libtiff. This vulnerability is a "write-what-where" condition, triggered when the library processes a specially crafted TIFF image file. By providing an abnormally large image height value in the file's metadata, an attacker can trick the library into writing attacker-controll...

8.8CVSS7.6AI score0.00739EPSS
Exploits0References8
RedHat Linux
RedHat Linux
added 2026/01/05 5:40 p.m.4 views

libtiff: Libtiff Write-What-Where

A flaw was found in Libtiff. This vulnerability is a "write-what-where" condition, triggered when the library processes a specially crafted TIFF image file. By providing an abnormally large image height value in the file's metadata, an attacker can trick the library into writing attacker-controll...

8.8CVSS7.6AI score0.00739EPSS
Exploits0References8
OSV
OSV
added 2026/01/05 1:2 p.m.6 views

USN-7941-1 webkit2gtk vulnerabilities

Several security issues were discovered in the WebKitGTK Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and...

8.8CVSS6.6AI score0.00564EPSS
Exploits0References5
OSV
OSV
added 2026/01/05 9:15 a.m.4 views

CVE-2025-15240

QOCA aim AI Medical Cloud Platform developed by Quanta Computer has an Arbitrary File Upload vulnerability, allowing authenticated remote attackers to upload and execute web shell backdoors, thereby enabling arbitrary code execution on the server...

8.8CVSS6.4AI score0.00437EPSS
Exploits0References2
CVE
CVE
added 2026/01/05 8:18 a.m.16 views

CVE-2025-15240

CVE-2025-15240 concerns Quanta Computer’s QOCA aim AI Medical Cloud Platform. Multiple trusted sources confirm an Arbitrary File Upload vulnerability that enables an authenticated remote attacker to upload and execute a WebShell backdoor, resulting in arbitrary code execution on the affected serv...

8.8CVSS7.9AI score0.00437EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder