Lucene search
K

120954 matches found

RedhatCVE
RedhatCVE
added 2025/12/29 6:16 a.m.7 views

CVE-2025-68973

A flaw was found in GnuPG. An attacker can provide crafted input to the armorfilter function, which incorrectly increments an index variable, leading to an out-of-bounds write. This memory corruption vulnerability may allow for information disclosure and could potentially lead to arbitrary code...

7.8CVSS6.8AI score0.00129EPSS
Exploits1References8
Positive Technologies
Positive Technologies
added 2025/12/29 12:0 a.m.5 views

PT-2025-53779

Name of the Vulnerable Software and Affected Versions GoAhead-Webs on KuWFi 4G LTE AC900 version 1.0.13 Description A stack-based buffer overflow exists in the GoAhead-Webs HTTP daemon. The /goform/formMultiApnSetting handler uses sprintf to copy the pincode parameter, supplied by the user, into ...

8AI score0.04193EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2025/12/29 12:0 a.m.8 views

PT-2025-53770

Name of the Vulnerable Software and Affected Versions affected versions not specified Description The software suffers from an Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting XSS. This allows for the injection of malicious scripts into web pages. Th...

4.8CVSS6.8AI score0.00145EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2025/12/29 12:0 a.m.11 views

PT-2026-50453

Name of the Vulnerable Software and Affected Versions PickleScan versions prior to 0.0.33 Description PickleScan fails to include the pty.spawn function in its list of unsafe globals, which allows attackers to bypass security checks. By crafting malicious pickle payloads using the pty.spawn...

8.8CVSS6.5AI score0.00384EPSS
Exploits0References10
Positive Technologies
Positive Technologies
added 2025/12/29 12:0 a.m.4 views

PT-2025-53702

Name of the Vulnerable Software and Affected Versions WMPro affected versions not specified Description WMPro developed by Sunnet has an arbitrary file upload issue. Unauthenticated remote attackers can upload and execute web shell backdoors, leading to arbitrary code execution on the server...

9.8CVSS7.9AI score0.00508EPSS
Exploits0References6
Snyk
Snyk
added 2025/12/28 10:45 p.m.3 views

Stack-based Buffer Overflow

Overview Affected versions of this package are vulnerable to Stack-based Buffer Overflow via the sgpipelinedescdefaults function. An attacker can execute arbitrary code or cause a crash by supplying crafted input that triggers a stack-based buffer overflow. Remediation A fix was pushed into the...

7.8CVSS7.9AI score0.00192EPSS
Exploits1References2
GithubExploit
GithubExploit
added 2025/12/27 5:6 p.m.116 views

Exploit for CVE-2025-63909

Cohesity TranZman Security Advisories This repository contain...

7.2CVSS6.1AI score0.03686EPSS
Exploits6
RedhatCVE
RedhatCVE
added 2025/12/27 7:43 a.m.7 views

CVE-2025-67450

Due to insecure library loading in the Eaton UPS Companion software executable, an attacker with access to the software package could perform arbitrary code execution . This security issue has been fixed in the latest version of EUC which is available on the Eaton download center...

7.8CVSS7.7AI score0.00134EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2025/12/27 12:0 a.m.6 views

NewStart CGSL MAIN 7.02 : libpq Multiple Vulnerabilities (NS-SA-2025-0255)

The remote NewStart CGSL host, running version MAIN 7.02, has libpq packages installed that are affected by multiple vulnerabilities: - Incorrect control of environment variables in PostgreSQL PL/Perl allows an unprivileged database user to change sensitive process environment variables e.g. PATH...

8.8CVSS8.4AI score0.04422EPSS
Exploits1References11
Tenable Nessus
Tenable Nessus
added 2025/12/27 12:0 a.m.8 views

GLSA-202512-01 : GnuPG: Arbitrary Code Execution

The remote host is affected by the vulnerability described in GLSA-202512-01 GnuPG: Arbitrary Code Execution A vulnerability has been discovered in GnuPG's armor parser. Tenable has extracted the preceding description block directly from the Gentoo Linux security advisory. Note that Nessus has no...

5.5AI score
Exploits0References2
CVE
CVE
added 2025/12/26 9:54 p.m.11 views

CVE-2025-67729

LMDeploy prior to v0.11.1 is affected by an insecure deserialization vulnerability in torch.load() called without weights_only=True when loading model checkpoint files (.bin/.pt). This can allow an attacker to execute arbitrary code on the victim's machine. The issue is patched in v0.11.1. Affect...

8.8CVSS9.4AI score0.00487EPSS
Exploits0References2Affected Software1
RedhatCVE
RedhatCVE
added 2025/12/26 6:54 p.m.5 views

CVE-2025-68942

A flaw was found in Gitea. A remote attacker could exploit a Cross-Site Scripting XSS vulnerability by injecting malicious scripts into the search input box. This occurs because the application improperly uses v-html instead of v-text for rendering user input. Successful exploitation allows for t...

5.4CVSS5.4AI score0.00222EPSS
Exploits0References6
EUVD
EUVD
added 2025/12/26 5:34 p.m.2 views

EUVD-2025-205455

lmdeploy vulnerable to Arbitrary Code Execution via Insecure Deserialization in torch.load...

8.8CVSS9.2AI score0.00487EPSS
Exploits0References4
OSV
OSV
added 2025/12/26 5:34 p.m.3 views

GHSA-9PF3-7RRR-X5JH lmdeploy vulnerable to Arbitrary Code Execution via Insecure Deserialization in torch.load()

Summary An insecure deserialization vulnerability exists in lmdeploy where torch.load is called without the weightsonly=True parameter when loading model checkpoint files. This allows an attacker to execute arbitrary code on the victim's machine when they load a malicious .bin or .pt model file...

8.8CVSS7.9AI score0.00487EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2025/12/26 5:34 p.m.12 views

lmdeploy vulnerable to Arbitrary Code Execution via Insecure Deserialization in torch.load()

Summary An insecure deserialization vulnerability exists in lmdeploy where torch.load is called without the weightsonly=True parameter when loading model checkpoint files. This allows an attacker to execute arbitrary code on the victim's machine when they load a malicious .bin or .pt model file...

8.8CVSS8.1AI score0.00487EPSS
Exploits0References4Affected Software1
NVD
NVD
added 2025/12/26 7:15 a.m.3 views

CVE-2025-67450

Due to insecure library loading in the Eaton UPS Companion software executable, an attacker with access to the software package could perform arbitrary code execution . This security issue has been fixed in the latest version of EUC which is available on the Eaton download center...

7.8CVSS0.00134EPSS
Exploits0References1
OSV
OSV
added 2025/12/26 7:15 a.m.2 views

CVE-2025-59888

Improper quotation in search paths in the Eaton UPS Companion software installer could lead to arbitrary code execution of an attacker with the access to the file system. This security issue has been fixed in the latest version of EUC which is available on the Eaton download center...

6.7CVSS6.2AI score0.00192EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/12/26 6:59 a.m.25 views

CVE-2025-67450

Due to insecure library loading in the Eaton UPS Companion software executable, an attacker with access to the software package could perform arbitrary code execution . This security issue has been fixed in the latest version of EUC which is available on the Eaton download center...

7.8CVSS0.00134EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/12/26 6:59 a.m.2 views

CVE-2025-67450

Due to insecure library loading in the Eaton UPS Companion software executable, an attacker with access to the software package could perform arbitrary code execution . This security issue has been fixed in the latest version of EUC which is available on the Eaton download center...

7.8CVSS7.4AI score0.00134EPSS
Exploits0References1
EUVD
EUVD
added 2025/12/26 6:59 a.m.3 views

EUVD-2025-205430

Due to insecure library loading in the Eaton UPS Companion software executable, an attacker with access to the software package could perform arbitrary code execution . This security issue has been fixed in the latest version of EUC which is available on the Eaton download center...

7.8CVSS7.2AI score0.00134EPSS
Exploits0References2
Rows per page
Query Builder