Lucene search
K

9 matches found

EUVD
EUVD
added 2025/11/10 5:18 a.m.2 views

EUVD-2025-42057

Malicious code in rina-ragi5-sumpek npm...

6.6AI score
Exploits0
VulnCheck KEV
VulnCheck KEV
added 2024/11/25 12:0 a.m.9 views

VulnCheck KEV: CVE-2024-42057

A command injection vulnerability in the IPSec VPN feature of Zyxel ATP series firmware versions from V4.32 through V5.38, USG FLEX series firmware versions from V4.50 through V5.38, USG FLEX 50W series firmware versions from V4.16 through V5.38, and USG20W-VPN series firmware versions from...

8.1CVSS5.8AI score0.0132EPSS
Exploits0References1
The Hacker News
The Hacker News
added 2024/09/04 11:27 a.m.31 views

Zyxel Patches Critical OS Command Injection Flaw in Access Points and Routers

Zyxel has released software updates to address a critical security flaw impacting certain access point AP and security router versions that could result in the execution of unauthorized commands. Tracked as CVE-2024-7261 CVSS score: 9.8, the vulnerability has been described as a case of operating...

9.8CVSS7.5AI score0.11269EPSS
Exploits0
Circl
Circl
added 2024/09/03 4:55 a.m.12 views

CVE-2024-42057

creationtimestamp| type| source ---|---|--- 2024-09-03 04:55:48+00:00| seen| https://t.me/cvedetector/4663 2024-09-04 12:00:00+00:00| seen| https://t.me/truesecator/6165 2024-09-05 08:37:49+00:00| seen| https://vulnerability.circl.lu/bundle/c854b418-a4e1-4135-958a-a523843c27f0 2024-11-19...

8.1CVSS6AI score0.0132EPSS
Exploits0References9
CVE
CVE
added 2024/09/03 1:43 a.m.106 views

CVE-2024-42057

CVE-2024-42057 affects Zyxel Zyxel ATP and USG FLEX/USG FLEX 50(W)/USG20(W)-VPN firmware from V4.16–V5.38 (and V4.32–V5.38 for ATP/USG), with an unauthenticated OS command injection via a crafted username. The root cause is in the IPSec VPN feature; successful exploitation requires User-Based-PSK...

8.1CVSS8.2AI score0.0132EPSS
Exploits0References1Affected Software1
Circl
Circl
added 2021/11/04 11:25 p.m.5 views

CVE-2021-42057

creationtimestamp| type| source ---|---|--- 2021-11-04 23:25:42+00:00| seen| https://t.me/cibsecurity/31860...

9.3CVSS7.5AI score0.01205EPSS
Exploits1References1
OSV
OSV
added 2021/11/04 9:15 p.m.15 views

CVE-2021-42057

Obsidian Dataview through 0.4.12-hotfix1 allows eval injection. The evalInContext function in executes user input, which allows an attacker to craft malicious Markdown files that will execute arbitrary code once opened. NOTE: 0.4.13 provides a mitigation for some use cases...

7.8CVSS7.9AI score
Exploits0References1
CVE
CVE
added 2021/11/04 8:20 p.m.55 views

CVE-2021-42057

Summary (CVE-2021-42057) Obsidian Dataview (plugin) up to 0.4.12-hotfix1 is vulnerable due to the evalInContext function executing user input, enabling an attacker to craft malicious Markdown files that will execute arbitrary code when opened. The issue is mitigated for some use cases by 0.4.13. ...

9.3CVSS7.9AI score0.01205EPSS
Exploits1References1Affected Software1
Tenable Nessus
Tenable Nessus
added 2011/09/27 12:0 a.m.70 views

Web Server Allows Password Auto-Completion (PCI-DSS variant) (deprecated)

This plugin has been deprecated because the corresponding failure item in the ASV Program Guide no longer pertains, as of the May 2013 release. Plugin ID 42057 should be used instead. %NASLMINLEVEL 999999 C Tenable Network Security, Inc. @DEPRECATED@ Disabled on 2016/06/13. Confirmed not required...

7.3AI score
Exploits0
Rows per page
Query Builder