Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

20 matches found

RedhatCVE
RedhatCVEadded 2026/01/09 9:2 a.m.4 views

CVE-2023-25757

Improper access control in some IntelR UnisonTM software before version 10.12 may allow a privileged user to potentially enable escalation of privilege via network access...

7.3CVSS7.2AI score0.0014EPSS
Exploits0References1
Tenable Nessus
Tenable Nessusadded 2025/11/12 12:0 a.m.2 views

Oracle Linux 8 / 9 : Unbreakable Enterprise kernel (ELSA-2025-25757)

The remote Oracle Linux 8 / 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2025-25757 advisory. - i40e: add validation for ringlen param Lukasz Czapnik Orabug: 38607608 CVE-2025-39973 - crypto: afalg - Disallow concurrent writes in afalgsendm...

7.8CVSS8.2AI score0.00119EPSS
Exploits2References121
RedhatCVE
RedhatCVEadded 2025/05/22 7:26 p.m.5 views

CVE-2021-25757

In JetBrains Hub before 2020.1.12629, an open redirect was possible...

6.1CVSS6.9AI score0.00003EPSS
Exploits0References1
NVD
NVDadded 2023/08/11 3:15 a.m.10 views

CVE-2023-25757

Improper access control in some IntelR UnisonTM software before version 10.12 may allow a privileged user to potentially enable escalation of privilege via network access...

7.3CVSS7.4AI score0.0014EPSS
Exploits0References1
AlpineLinux
AlpineLinuxadded 2023/08/11 2:37 a.m.20 views

CVE-2023-25757

Improper access control in some IntelR UnisonTM software before version 10.12 may allow a privileged user to potentially enable escalation of privilege via network access...

7.3CVSS7.3AI score0.0014EPSS
Exploits0References1
Vulnrichment
Vulnrichmentadded 2023/08/11 2:37 a.m.12 views

CVE-2023-25757

Improper access control in some IntelR UnisonTM software before version 10.12 may allow a privileged user to potentially enable escalation of privilege via network access...

7.3CVSS7.2AI score0.0014EPSS
Exploits0References1
CVE
CVEadded 2023/08/11 2:37 a.m.37 views

CVE-2023-25757

Intel Unison software vulnerable to improper access control until version 10.12, enabling privilege escalation via network access by a privileged attacker. Affected product: Intel(R) Unison(TM) software prior to 10.12. Root cause: access-control weakness that could allow escalation of privilege w...

7.3CVSS7.1AI score0.0014EPSS
Exploits0References1Affected Software1
Intel
Inteladded 2023/08/08 12:0 a.m.19 views

Intel® Unison™ Software Advisory

Summary: Potential security vulnerabilities in some Intel® Unison™ software may allow escalation of privilege or information disclosure. Intel is releasing software updates to mitigate these potential vulnerabilities. Vulnerability Details: CVEID: CVE-2023-25757 Description: Improper access contr...

7.3CVSS6.5AI score0.0014EPSS
Exploits0
ATTACKERKB
ATTACKERKBadded 2022/03/28 7:15 a.m.3 views

CVE-2022-25757

In Apache APISIX before 2.13.0, when decoding JSON with duplicate keys, lua-cjson will choose the last occurred value as the result. By passing a JSON with a duplicate key, the attacker can bypass the bodyschema validation in the request-validation plugin. For example,...

9.8CVSS5.9AI score0.00424EPSS
Exploits0References3
NVD
NVDadded 2022/03/28 7:15 a.m.22 views

CVE-2022-25757

In Apache APISIX before 2.13.0, when decoding JSON with duplicate keys, lua-cjson will choose the last occurred value as the result. By passing a JSON with a duplicate key, the attacker can bypass the bodyschema validation in the request-validation plugin. For example,...

9.8CVSS0.00424EPSS
Exploits0References2
CVE
CVEadded 2022/03/28 7:0 a.m.117 views

CVE-2022-25757

CVE-2022-25757 (Apache APISIX) affects APISIX up to version 2.12.x before 2.13.0. When decoding JSON with duplicate keys, lua-cjson returns the last value, allowing an attacker to bypass the body_schema validation in the request-validation plugin (e.g., {"string_payload":"bad","string_payload":"g...

9.8CVSS9.5AI score0.00424EPSS
Exploits0References2Affected Software1
Cvelist
Cvelistadded 2022/03/28 7:0 a.m.18 views

CVE-2022-25757 Apache APISIX: the body_schema check in request-validation plugin can be bypassed

In Apache APISIX before 2.13.0, when decoding JSON with duplicate keys, lua-cjson will choose the last occurred value as the result. By passing a JSON with a duplicate key, the attacker can bypass the bodyschema validation in the request-validation plugin. For example,...

9.6AI score0.00424EPSS
Exploits0References2
Circl
Circladded 2021/02/03 6:49 p.m.2 views

CVE-2021-25757

creationtimestamp| type| source ---|---|--- 2021-02-03 18:49:24+00:00| seen| https://t.me/cibsecurity/23019...

6.1CVSS6.1AI score0.00003EPSS
Exploits0References1
NVD
NVDadded 2021/02/03 4:15 p.m.21 views

CVE-2021-25757

In JetBrains Hub before 2020.1.12629, an open redirect was possible...

6.1CVSS0.00003EPSS
Exploits0References2
CVE
CVEadded 2021/02/03 3:17 p.m.45 views

CVE-2021-25757

CVE-2021-25757 : Concrete details across multiple sources show an open redirect vulnerability in JetBrains Hub prior to version 2020.1.12629. The affected component is JetBrains Hub (authentication/redirect flow). The root cause is an open redirect that could be abused to redirect users to an arb...

6.1CVSS6.3AI score0.00003EPSS
Exploits0References2Affected Software1
Jetbrains
Jetbrainsadded 2021/02/03 12:0 a.m.109 views

JetBrains Security Bulletin Q4 2020

JetBrains News Security JetBrains Security Bulletin Q4 2020 Robert Demmer In the fourth quarter of 2020, we resolved a number of security issues in our products. Here’s a summary report that contains a description of each issue and the version in which it was resolved. Product | Description |...

7.5CVSS6.8AI score0.00005EPSS
Exploits1Affected Software9
Cvelist
Cvelistadded 2020/12/15 7:27 p.m.22 views

CVE-2020-25757

A lack of input validation and access controls in Lua CGIs on D-Link DSR VPN routers may result in arbitrary input being passed to system command APIs, resulting in arbitrary command execution with root privileges. This affects DSR-150, DSR-250, DSR-500, and DSR-1000AC with firmware 3.14 and 3.17...

8.9AI score0.00518EPSS
Exploits0References3
CVE
CVEadded 2020/12/15 7:27 p.m.67 views

CVE-2020-25757

CVE-2020-25757 affects D-Link DSR-series VPN routers (DSR-150, DSR-250, DSR-500, DSR-1000AC) running firmware 3.14 and 3.17. The root cause is inadequate input validation and access controls in Lua CGI handlers, allowing user-supplied data to reach system command APIs (os.popen) and enabling arbi...

8.8CVSS8.8AI score0.00518EPSS
Exploits0References3Affected Software1
Circl
Circladded 2020/12/10 1:7 p.m.2 views

CVE-2020-25757

creationtimestamp| type| source ---|---|--- 2020-12-10 13:07:21+00:00| seen| https://t.me/truesecator/1241 2020-12-10 15:21:30+00:00| seen| https://t.me/coridoryvlasti/139 2020-12-15 22:40:54+00:00| seen| https://t.me/cibsecurity/20875...

8.8CVSS7.3AI score0.00518EPSS
Exploits0References3
ThreatPost
ThreatPostadded 2020/12/09 2:56 p.m.228 views

D-Link Routers at Risk for Remote Takeover from Zero-Day Flaw

Buggy firmware opens a number of D-Link VPN router models to zero-day attacks. The flaws, which lack a complete vendor fix, allow adversaries to launch root command injection attacks that can be executed remotely and allow for device takeover. Impacted are D-Link router models DSR-150, DSR-250,...

1.4AI score0.01453EPSS
Exploits0References13
Rows per page
Query Builder