Lucene search
K

21310 matches found

Tenable Nessus
Tenable Nessus
added 2025/02/25 12:0 a.m.10 views

Siemens SIMATIC S7-1500 TM MFP BIOS Reachable Assertion (CVE-2021-3326)

The iconv function in the GNU C Library aka glibc or libc6 2.32 and earlier, when processing invalid input sequences in the ISO-2022-JP-3 encoding, fails an assertion in the code path and aborts the program, potentially resulting in a denial of service. This plugin only works with Tenable.ot...

7.5CVSS6.8AI score0.03093EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2025/02/25 12:0 a.m.10 views

Siemens SIMATIC S7-1500 TM MFP BIOS Improper Input Validation (CVE-2016-10228)

The iconv program in the GNU C Library aka glibc or libc6 2.31 and earlier, when invoked with multiple suffixes in the destination encoding TRANSLATE or IGNORE along with the -c option, enters an infinite loop when processing invalid multi-byte input sequences, leading to a denial of service. Thi...

5.9CVSS6.6AI score0.04006EPSS
Exploits0References5
IBM Security Bulletins
IBM Security Bulletins
added 2025/02/24 11:37 p.m.20 views

Security Bulletin: Denial of service, SQL injection, and other vulnerabilities might affect IBM Storage Defender – Resiliency Service

Summary IBM Storage Defender – Resiliency Service is vulnerable to denial of service, SQL injection, and others. The vulnerabilities have been addressed. CVE-2023-52425, CVE-2024-53908, CVE-2024-53907, CVE-2023-52426, CVE-2022-29162, CVE-2023-25809, CVE-2023-27561, CVE-2023-28642, CVE-2024-21626,...

9.8CVSS9.2AI score0.18087EPSS
Exploits21Affected Software1
RedhatCVE
RedhatCVE
added 2025/02/22 4:22 a.m.12 views

CVE-2024-49780

IBM OpenPages with Watson 8.3 and 9.0 IBM OpenPages could allow a remote attacker to traverse directories on the system. An attacker with privileges to perform Import Configuration could send a specially crafted http request containing "dot dot" sequences /../ in the file name parameter used in...

6.5CVSS6.9AI score0.00525EPSS
Exploits0References1
0day.today
0day.today
added 2025/02/22 12:0 a.m.476 views

RaspberryMatic 3.73.9.20240130 Remote Code Execution Exploit

RaspberryMatic / OCCU contains a unauthenticated remote code execution vulnerability, caused by multiple issues within the Java based HMIPServer.jar component. The webui allows for Firmware uploads which can be reached through the URL /pages/jpages/system/DeviceFirmware/addFirmware. This allows a...

10CVSS8.4AI score0.08739EPSS
Exploits4
RedhatCVE
RedhatCVE
added 2025/02/21 10:22 p.m.9 views

CVE-2025-27092

GHOSTS is an open source user simulation framework for cyber experimentation, simulation, training, and exercise. A path traversal vulnerability was discovered in GHOSTS version 8.0.0.0 that allows an attacker to access files outside of the intended directory through the photo retrieval endpoint...

8.7CVSS6.7AI score0.00597EPSS
Exploits1References1
Metasploit
Metasploit
added 2025/02/21 6:53 p.m.702 views

RaspberryMatic unauthenticated Remote Code Execution vulnerability through HMServer File Upload.

RaspberryMatic / OCCU contains a unauthenticated remote code execution RCE vulnerability, caused by multiple issues within the Java based HMIPServer.jar component. The webui allows for Firmware uploads which can be reached through the URL /pages/jpages/system/DeviceFirmware/addFirmware. This allo...

10CVSS7.9AI score0.08739EPSS
Exploits4
Schneier on Security
Schneier on Security
added 2025/02/21 3:33 p.m.11 views

Implementing Cryptography in AI Systems

Interesting research: "How to Securely Implement Cryptography in Deep Neural Networks." Abstract: The wide adoption of deep neural networks DNNs raises the question of how can we equip them with a desired cryptographic functionality e.g, to decrypt an encrypted input, to verify that this input is...

7.3AI score
Exploits0
Amazon
Amazon
added 2025/02/21 12:0 a.m.3 views

Medium: php8.1

Issue Overview: The upstream advisory describes this issue as follows: A memory-related vulnerability in PHP's filter handling system, particularly when processing input with convert.quoted-printable-decode filters, leads to a segmentation fault. This vulnerability is triggered through specific...

9.8CVSS8.2AI score0.02286EPSS
Exploits6
Amazon
Amazon
added 2025/02/21 12:0 a.m.4 views

Medium: php8.1

Issue Overview: The upstream advisory describes this issue as follows: A memory-related vulnerability in PHP's filter handling system, particularly when processing input with convert.quoted-printable-decode filters, leads to a segmentation fault. This vulnerability is triggered through specific...

9.8CVSS10AI score0.02286EPSS
Exploits6
Packet Storm
Packet Storm
added 2025/02/21 12:0 a.m.454 views

RaspberryMatic 3.73.9.20240130 Remote Code Execution

RaspberryMatic / OCCU contains a unauthenticated remote code execution vulnerability, caused by multiple issues within the Java based HMIPServer.jar component. The webui allows for Firmware uploads which can be reached through the URL /pages/jpages/system/DeviceFirmware/addFirmware. This allows a...

10CVSS8.3AI score0.08739EPSS
Exploits4
RedhatCVE
RedhatCVE
added 2025/02/20 7:20 p.m.4 views

CVE-2025-25284

The ZOO-Project is an open source processing platform, released under MIT/X11 Licence. A vulnerability in ZOO-Project's WPS Web Processing Service implementation allows unauthorized access to files outside the intended directory through path traversal. Specifically, the GdalTranslate service, whe...

8.7CVSS6.7AI score0.00584EPSS
Exploits0References1
NVD
NVD
added 2025/02/20 4:15 a.m.14 views

CVE-2024-49780

IBM OpenPages with Watson 8.3 and 9.0 IBM OpenPages could allow a remote attacker to traverse directories on the system. An attacker with privileges to perform Import Configuration could send a specially crafted http request containing "dot dot" sequences /../ in the file name parameter used in...

6.5CVSS0.00525EPSS
Exploits0References1
OSV
OSV
added 2025/02/20 4:15 a.m.6 views

CVE-2024-49780

IBM OpenPages with Watson 8.3 and 9.0 IBM OpenPages could allow a remote attacker to traverse directories on the system. An attacker with privileges to perform Import Configuration could send a specially crafted http request containing "dot dot" sequences /../ in the file name parameter used in...

6.5CVSS5.9AI score0.00525EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/02/20 3:49 a.m.21 views

CVE-2024-49780 IBM OpenPages path traversal

IBM OpenPages with Watson 8.3 and 9.0 IBM OpenPages could allow a remote attacker to traverse directories on the system. An attacker with privileges to perform Import Configuration could send a specially crafted http request containing "dot dot" sequences /../ in the file name parameter used in...

5.3CVSS0.00525EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/02/20 3:49 a.m.11 views

CVE-2024-49780 IBM OpenPages path traversal

IBM OpenPages with Watson 8.3 and 9.0 IBM OpenPages could allow a remote attacker to traverse directories on the system. An attacker with privileges to perform Import Configuration could send a specially crafted http request containing "dot dot" sequences /../ in the file name parameter used in...

5.3CVSS6AI score0.00525EPSS
Exploits0References1
CVE
CVE
added 2025/02/20 3:49 a.m.48 views

CVE-2024-49780

CVE-2024-49780 affects IBM OpenPages with Watson 8.3 and 9.0. The vulnerability arises from path traversal in the Import Configuration file-name parameter, allowing a privileged attacker to write files outside the intended directory and potentially overwrite arbitrary files. IBM’s Security Bullet...

6.5CVSS5.6AI score0.00525EPSS
Exploits0References1Affected Software1
0day.today
0day.today
added 2025/02/20 12:0 a.m.641 views

BeyondTrust Remote Code Execution Exploit

This exploit achieves unauthenticated remote code execution against BeyondTrust Privileged Remote Access PRA and Remote Support RS, with the privileges of the site user of the targeted BeyondTrust product site. This exploit targets PRA and RS versions 24.3.1 and below. This module requires...

9.8CVSS8.8AI score0.89472EPSS
Exploits14
NVD
NVD
added 2025/02/19 11:15 p.m.7 views

CVE-2025-27092

GHOSTS is an open source user simulation framework for cyber experimentation, simulation, training, and exercise. A path traversal vulnerability was discovered in GHOSTS version 8.0.0.0 that allows an attacker to access files outside of the intended directory through the photo retrieval endpoint...

8.7CVSS0.00597EPSS
Exploits1References2
CVE
CVE
added 2025/02/19 10:16 p.m.90 views

CVE-2025-27092

CVE-2025-27092 affects the GHOSTS framework. A path traversal flaw exists in the photo retrieval endpoint at /api/npcs/{id}/photo, where crafted photoLink values can cause directory traversal and expose files outside the intended photo directory. Affected versions are 8.0.0.0 up to 8.2.7.89. The ...

8.7CVSS6.5AI score0.00597EPSS
Exploits1References2Affected Software1
Rows per page
Query Builder