Lucene search
K

120961 matches found

Vulnrichment
Vulnrichment
added 2025/12/17 10:44 p.m.2 views

CVE-2023-53912 USB Flash Drives Control 4.1.0.0 Unquoted Service Path Privilege Escalation

USB Flash Drives Control 4.1.0.0 contains an unquoted service path vulnerability in its service configuration that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted path in 'C:\Program Files\USB Flash Drives Control\usbcs.exe' to inject malicious...

8.5CVSS6.9AI score0.00119EPSS
Exploits0References3
NVD
NVD
added 2025/12/17 9:16 p.m.10 views

CVE-2025-43529

A use-after-free issue was addressed with improved memory management. This issue is fixed in Safari 26.2, iOS 18.7.3 and iPadOS 18.7.3, iOS 26.2 and iPadOS 26.2, macOS Tahoe 26.2, tvOS 26.2, visionOS 26.2, watchOS 26.2. Processing maliciously crafted web content may lead to arbitrary code...

8.8CVSS0.08439EPSS
Exploits8References8
OSV
OSV
added 2025/12/17 9:16 p.m.4 views

UBUNTU-CVE-2025-43529

A use-after-free issue was addressed with improved memory management. This issue is fixed in Safari 26.2, iOS 18.7.3 and iPadOS 18.7.3, iOS 26.2 and iPadOS 26.2, macOS Tahoe 26.2, tvOS 26.2, visionOS 26.2, watchOS 26.2. Processing maliciously crafted web content may lead to arbitrary code...

8.8CVSS7.6AI score0.08439EPSS
Exploits8References12
Vulnrichment
Vulnrichment
added 2025/12/17 8:46 p.m.3 views

CVE-2025-43529

A use-after-free issue was addressed with improved memory management. This issue is fixed in watchOS 26.2, Safari 26.2, iOS 18.7.3 and iPadOS 18.7.3, iOS 26.2 and iPadOS 26.2, macOS Tahoe 26.2, visionOS 26.2, tvOS 26.2. Processing maliciously crafted web content may lead to arbitrary code...

7AI score0.08439EPSS
Exploits8References7
Cvelist
Cvelist
added 2025/12/17 8:46 p.m.30 views

CVE-2025-43529

A use-after-free issue was addressed with improved memory management. This issue is fixed in Safari 26.2, iOS 18.7.3 and iPadOS 18.7.3, iOS 26.2 and iPadOS 26.2, macOS Tahoe 26.2, tvOS 26.2, visionOS 26.2, watchOS 26.2. Processing maliciously crafted web content may lead to arbitrary code...

0.08439EPSS
Exploits8References7
Debian CVE
Debian CVE
added 2025/12/17 8:46 p.m.3 views

CVE-2025-43529

A use-after-free issue was addressed with improved memory management. This issue is fixed in Safari 26.2, iOS 18.7.3 and iPadOS 18.7.3, iOS 26.2 and iPadOS 26.2, macOS Tahoe 26.2, tvOS 26.2, visionOS 26.2, watchOS 26.2. Processing maliciously crafted web content may lead to arbitrary code...

8.8CVSS8.6AI score0.08439EPSS
Exploits8
ATTACKERKB
ATTACKERKB
added 2025/12/17 8:27 p.m.3 views

CVE-2025-53000

The nbconvert tool, jupyter nbconvert, converts Jupyter notebooks to various other formats via Jinja templates. Versions of nbconvert up to and including 7.16.6 on Windows have a vulnerability in which converting a notebook containing SVG output to a PDF results in unauthorized code execution...

8.5CVSS6AI score0.00233EPSS
Exploits1References6
Vulnrichment
Vulnrichment
added 2025/12/17 8:27 p.m.2 views

CVE-2025-53000 nbconvert has an uncontrolled search path that leads to unauthorized code execution on Windows

The nbconvert tool, jupyter nbconvert, converts Jupyter notebooks to various other formats via Jinja templates. Versions of nbconvert up to and including 7.16.6 on Windows have a vulnerability in which converting a notebook containing SVG output to a PDF results in unauthorized code execution...

8.5CVSS5.9AI score0.00233EPSS
Exploits1References6
CVE
CVE
added 2025/12/17 8:27 p.m.74 views

CVE-2025-53000

The CVE-2025-53000 issue affects nbconvert (jupyter nbconvert) on Windows prior to 7.17.0, where exporting a notebook with SVG output to PDF could execute arbitrary code. The root cause is an unsafe search for the Inkscape executable: nbconvert’s svg2pdf.py uses shutil.which("inkscape"), which ma...

8.5CVSS5.9AI score0.00233EPSS
Exploits1References6Affected Software1
OSV
OSV
added 2025/12/17 7:16 p.m.4 views

CVE-2025-67170

A reflected cross-site scripting XSS vulnerability in RiteCMS v3.1.0 allows attackers to execute arbitrary code in the context of a user's browser via a crafted payload...

6.1CVSS6.2AI score0.00218EPSS
Exploits1References2
NVD
NVD
added 2025/12/17 7:16 p.m.4 views

CVE-2025-66953

CSRF vulnerability in narda miteq Uplink Power Contril Unit UPC2 v.1.17 allows a remote attacker to execute arbitrary code via the Web-based management interface and specifically the /systemsetup.htm, /setclock.htm, /receiversetup.htm, /cal.htm?..., and /channelsetup.htm endpoints...

8.8CVSS0.00253EPSS
Exploits1References2
EUVD
EUVD
added 2025/12/17 6:31 p.m.8 views

EUVD-2025-203902

The OTA firmware update mechanism in Netun Solutions HelpFlash IoT firmware v18178221102ASCIIPRO1R550 uses hard-coded WiFi credentials identical across all devices and does not authenticate update servers or validate firmware signatures. An attacker with brief physical access can activate OTA mod...

6.6CVSS7.2AI score0.00085EPSS
Exploits0References3
OSV
OSV
added 2025/12/17 6:31 p.m.4 views

GHSA-M4F2-XPFQ-H97V Pagekit CMS is vulnerable to OS Command Injection via Storage component

An authenticated arbitrary file upload vulnerability in the /storage/poc.php component of Pagekit CMS v1.0.18 allows attackers to execute arbitrary code via uploading a crafted PHP file. The project is archived as of December 1, 2023...

9.9CVSS7.7AI score0.0045EPSS
Exploits1References3
OSV
OSV
added 2025/12/17 5:15 p.m.6 views

CVE-2025-65855

The OTA firmware update mechanism in Netun Solutions HelpFlash IoT firmware v18178221102ASCIIPRO1R550 uses hard-coded WiFi credentials identical across all devices and does not authenticate update servers or validate firmware signatures. An attacker with brief physical access can activate OTA mod...

6.6CVSS6.3AI score0.00085EPSS
Exploits0References2
IBM Security Bulletins
IBM Security Bulletins
added 2025/12/17 2:25 p.m.7 views

Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to an arbitrary code execution in Python-Future [CVE-2025-50817]

Summary IBM Watson Speech Services Cartridge is vulnerable to an arbitrary code execution in Python-Future, due to the unintended import of a file named test.py. CVE-2025-50817. Python-Future is used in our service runtimes. This vulnerabilitiy has been addressed. Please read the details for...

5.4CVSS7.9AI score0.00271EPSS
Exploits0Affected Software1
RedhatCVE
RedhatCVE
added 2025/12/17 8:7 a.m.6 views

CVE-2025-14252

An Improper Access Control vulnerability in Advantech SUSI driver susi.sys allows attackers to read/write arbitrary memory, I/O ports, and MSRs, resulting in privilege escalation, arbitrary code execution, and information disclosure. This issue affects Advantech SUSI: 5.0.24335 and prior...

8.5CVSS7.3AI score0.00111EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2025/12/17 7:48 a.m.4 views

kernel: nfsd: handle get_client_locked() failure in nfsd4_setclientid_confirm()

A vulnerability has been identified in the Linux kernel's Network File System NFS daemon that could allow for a Denial of Service and in worst case scenario Arbitrary Code Execution. This Use-After-Free flaw arises from a race condition when the kernel handles the confirmation of an NFS client...

7.8CVSS5.8AI score0.00163EPSS
Exploits0References5
NVD
NVD
added 2025/12/17 1:15 a.m.4 views

CVE-2025-53524

Fuji Electric Monitouch V-SFT-6 is vulnerable to an out-of-bounds write while processing a specially crafted project file, which may allow an attacker to execute arbitrary code...

8.4CVSS0.00219EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2025/12/17 12:19 a.m.6 views

CVE-2025-53524 Fuji Electric Monitouch V-SFT-6 Out-of-bounds Write

Fuji Electric Monitouch V-SFT-6 is vulnerable to an out-of-bounds write while processing a specially crafted project file, which may allow an attacker to execute arbitrary code...

8.4CVSS7.4AI score0.00219EPSS
Exploits0References3
Cvelist
Cvelist
added 2025/12/17 12:19 a.m.25 views

CVE-2025-53524 Fuji Electric Monitouch V-SFT-6 Out-of-bounds Write

Fuji Electric Monitouch V-SFT-6 is vulnerable to an out-of-bounds write while processing a specially crafted project file, which may allow an attacker to execute arbitrary code...

8.4CVSS0.00219EPSS
Exploits0References3
Rows per page
Query Builder