Lucene search
K

983 matches found

EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2023-23666

Malicious code in bioql PyPI...

7.8CVSS7.6AI score0.00244EPSS
Exploits0References3
Zero Day Initiative
Zero Day Initiative
added 2025/09/23 12:0 a.m.7 views

SolarWinds Web Help Desk AjaxProxy Deserialization of Untrusted Data Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of SolarWinds Web Help Desk. Authentication is not required to exploit this vulnerability. The specific flaw exists within the AjaxProxy class. The issue results from the lack of proper validation of...

9.8CVSS7.7AI score0.8833EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2025/08/20 4:25 p.m.4 views

CVE-2025-8610 AOMEI Cyber Backup Missing Authentication for Critical Function Remote Code Execution Vulnerability

AOMEI Cyber Backup Missing Authentication for Critical Function Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of AOMEI Cyber Backup. Authentication is not required to exploit this vulnerability. The specific fla...

9.8CVSS8.5AI score0.00774EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/08/15 5:30 p.m.7 views

CVE-2025-34153

Hyland OnBase versions prior to 17.0.2.87 other versions may be affected are vulnerable to unauthenticated remote code execution via insecure deserialization on the .NET Remoting TCP channel. The service registers a listener on port 6031 with the URI endpoint TimerServer, implemented in...

10CVSS8.9AI score0.0061EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
added 2025/08/14 12:0 a.m.7 views

Microsoft Windows Subsystem for Linux WslCoreVm::Initialize Incorrect Privilege Management Information Disclosure Vulnerability

This vulnerability allows local attackers to read arbitrary files on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within...

4.7CVSS6.6AI score0.00209EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
added 2025/08/14 12:0 a.m.17 views

(Pwn2Own) Microsoft Windows 11 vhdmp Improper Validation of Array Index Local Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the Virtual Hard...

8.8CVSS7.1AI score0.00422EPSS
Exploits0References1
CVE
CVE
added 2025/08/08 6:10 p.m.35 views

CVE-2012-10047

CVE-2012-10047 concerns Cyclope Employee Surveillance Solution, version 6.x. A SQL injection flaw in the login flow (auth-login) arises because the username parameter is not properly sanitized, enabling an attacker to inject arbitrary SQL. According to connected documents, this can be leveraged t...

10CVSS6.9AI score0.00865EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2025/08/08 12:0 a.m.7 views

PT-2025-32400

Name of the Vulnerable Software and Affected Versions: Cyclope Employee Surveillance Solution versions 6.x Description: Cyclope Employee Surveillance Solution versions 6.x contains a SQL injection flaw in its login mechanism. The username parameter in the auth-login POST request is not properly...

10CVSS6.6AI score0.00865EPSS
Exploits0References8
Zero Day Initiative
Zero Day Initiative
added 2025/08/06 12:0 a.m.17 views

(0Day) AOMEI Cyber Backup Missing Authentication for Critical Function Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of AOMEI Cyber Backup. Authentication is not required to exploit this vulnerability. The specific flaw exists within the StorageNode service, which listens on TCP port 9075 by default. The issue results...

9.8CVSS7.4AI score0.00774EPSS
Exploits0
Vulnrichment
Vulnrichment
added 2025/07/31 8:24 a.m.3 views

CVE-2025-8192 Race condition in AndroidTV TvSettings

There exists a TOCTOU race condition in TvSettings AppRestrictionsFragment.java that lead to start of attacker supplied activity in Settings’ context, i.e. system-uid context, thus lead to launchAnyWhere. The core idea is to utilize the time window between the check of Intent and the use to Inten...

6.9CVSS6.8AI score0.00094EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
added 2025/07/29 12:0 a.m.6 views

AVG TuneUp for PC TuneupSvc Link Following Local Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on affected installations of AVG TuneUp for PC. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the AVG TuneUp...

7.8CVSS6.7AI score0.00137EPSS
Exploits0
Zero Day Initiative
Zero Day Initiative
added 2025/07/29 12:0 a.m.4 views

AVG TuneUp for PC TuneUp Service Link Following Local Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on affected installations of AVG TuneUp for PC. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the TuneUp Service...

7.8CVSS6.7AI score0.00142EPSS
Exploits0
Zero Day Initiative
Zero Day Initiative
added 2025/07/28 12:0 a.m.4 views

Samsung MagicINFO 9 Server fillLftOrLfdInfo Unrestricted File Upload Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Samsung MagicINFO 9 Server. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of the fillLftOrLfdInfo method. The issue results from the...

9.8CVSS7AI score0.0061EPSS
Exploits0References1
BDU FSTEC
BDU FSTEC
added 2025/07/23 12:0 a.m.7 views

The vulnerability of the DeserializeFromBase64String method implemented by the PolicyServer server of Trend Micro Endpoint Encryption (TMEE) allows a malicious actor to execute arbitrary code within the SYSTEM context.

The vulnerability of the DeserializeFromBase64String method implemented by the PolicyServer server of Trend Micro Endpoint Encryption TMEE involves insufficient validation of input data. Exploiting this vulnerability allows an attacker operating remotely to execute arbitrary code within the SYSTE...

9CVSS8.4AI score0.07935EPSS
Exploits0References3Affected Software1
BDU FSTEC
BDU FSTEC
added 2025/07/23 12:0 a.m.10 views

The vulnerability of Trend Micro Apex One and Apex One as a Service anti-virus software lies in its uncontrolled search path. This allows attackers to escalate their privileges and execute arbitrary code within the SYSTEM context.

The vulnerability of the Data Loss Prevention module in Trend Micro’s anti-virus software programs Apex One and Apex One as a Service is related to an uncontrolled element in the search process. Exploiting this vulnerability can allow attackers to enhance their privileges and execute arbitrary co...

6.7CVSS7AI score0.0013EPSS
Exploits0References4Affected Software1
BDU FSTEC
BDU FSTEC
added 2025/07/23 12:0 a.m.53 views

The vulnerability of the VsapiNT.sys module in anti-virus software from Trend Micro’s Apex One and Apex One as a Service allows a malicious actor to elevate their privileges and execute arbitrary code within the SYSTEM context.

The vulnerability of the VsapiNT.sys module in anti-virus software from Trend Micro’s Apex One and Apex One as a Service is related to an incorrect definition of the link before accessing the file. Exploiting this vulnerability can allow an attacker to enhance their privileges and execute arbitra...

7CVSS7.5AI score0.00122EPSS
Exploits0References4Affected Software1
Zero Day Initiative
Zero Day Initiative
added 2025/07/21 12:0 a.m.5 views

Veeam Backup Enterprise Manager JobManagmentService Improper Access Control Remote Code Execution Vulnerability

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Veeam Backup Enterprise Manager. Authentication is required to exploit this vulnerability. The specific flaw exists within the JobManagmentService component. The issue results from improper...

6.8CVSS7.6AI score0.10671EPSS
Exploits0References1
CNVD
CNVD
added 2025/07/11 12:0 a.m.4 views

Marvell QConvergeConsole Path Traversal Vulnerability (CNVD-2025-20444)

Marvell QConvergeConsole is a unified adapter management software across data centers from Marvell USA. A path traversal vulnerability exists in Marvell QConvergeConsole due to an error in the deleteEventLogFile method. An attacker could exploit the vulnerability to delete a file in the SYSTEM...

9.1CVSS6.8AI score0.01134EPSS
Exploits0References1
CNVD
CNVD
added 2025/07/11 12:0 a.m.2 views

Marvell QConvergeConsole Path Traversal Vulnerability (CNVD-2025-20443)

Marvell QConvergeConsole is a unified adapter management software across data centers from Marvell USA. A path traversal vulnerability exists in Marvell QConvergeConsole due to an error in the deleteAppFile method. An attacker could exploit the vulnerability to delete a file in the SYSTEM context...

9.1CVSS6.8AI score0.01337EPSS
Exploits0References1
CNVD
CNVD
added 2025/07/11 12:0 a.m.3 views

Marvell QConvergeConsole path traversal vulnerability (CNVD-2025-20449)

Marvell QConvergeConsole is a unified adapter management software across data centers from Marvell USA. A path traversal vulnerability exists in Marvell QConvergeConsole due to an error in getFileUploadSize. An attacker could exploit the vulnerability to disclose information in the SYSTEM context...

7.5CVSS6.5AI score0.01064EPSS
Exploits0References1
Rows per page
Query Builder