LOLLMS WebUI - Absolute Path Traversal

An absolute path traversal vulnerability exists in parisneo/lollms-webui v9.6, specifically in the openfile endpoint of lollmsadvanced.py. The sanitizepath function with allowabsolutepath=True allows an attacker to access arbitrary files and directories on a Windows system. This vulnerability can...

CVE-2019-6250

creationtimestamp| type| source ---|---|--- 2026-05-03 15:00:06+00:00| seen| Telegram/T6MjwEy1GXd0xTLgBckUymGQqfeNIMlbkOpXvJPPSDtMl2M...

Exploit for Integer Overflow or Wraparound in Zeromq Libzmq

CVE-2019-6250 — libzmq pre-auth RCE lab !CVEhttps://img.s...

CVE-2024-6250

creationtimestamp| type| source ---|---|--- 2026-01-28 17:51:17+00:00| confirmed| https://github.com/projectdiscovery/nuclei-templates/tree/main/http/cves/2024/CVE-2024-6250.yaml 2026-01-29 21:02:30+00:00| seen| https://bsky.app/profile/beikokucyber.bsky.social/post/3mdloqbkbmi2i 2026-02-24...

EUVD-2025-25794

Malicious code in bioql PyPI...

CVE-2007-6250

creationtimestamp| type| source ---|---|--- 2025-09-09 21:02:32+00:00| seen| https://bsky.app/profile/beikokucyber.bsky.social/post/3lygmjgalv72k...

CVE-2025-9483 Linksys RE6250/RE6300/RE6350/RE6500/RE7000/RE9000 singlePortForwardAdd stack-based overflow

A flaw has been found in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001. Affected is the function singlePortForwardAdd of the file /goform/singlePortForwardAdd. This manipulation of the argument ruleName/schedule/inboundFilter...

CVE-2025-8832

A vulnerability was determined in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 up to 20250801. This vulnerability affects the function setDMZ of the file /goform/setDMZ. The manipulation of the argument DMZIPAddress leads to stack-based buffer overflow. The attack can be initiated...

BeyondTrust Privilege Management for Windows < 25.4.270.0 Multiple Vulnerabilities (BT25-05) (BTS25-06)

The version of BeyondTrust Privilege Management for Windows installed on the remote host is prior to 25.4.270.0. It is, therefore, affected by multiple vulnerabilities as referenced in the BT25-05 and BT25-06 advisories: - Prior to version 25.4.270.0, a local authenticated attacker can manipulate...

PT-2025-32502 · Linksys · Linksys Re9000 +5

Name of the Vulnerable Software and Affected Versions: Linksys RE6250, RE6300, RE6350, RE6500, RE7000, and RE9000 versions up to 20250801 Description: A vulnerability exists in the setRIP function of the /goform/setRIP file. Manipulation of the RIPmode and RIPpasswd arguments leads to a stack-bas...

CVE-2025-6250

Prior to 25.4.270.0, when wmic.exe is elevated with a full admin token the user can stop the Defendpoint service, bypassing anti-tamper protections. Once the service is disabled, the malicious user can add themselves to Administrators group and run any process with elevated permissions...

CVE-2025-6250

Prior to 25.4.270.0, when wmic.exe is elevated with a full admin token the user can stop the Defendpoint service, bypassing anti-tamper protections. Once the service is disabled, the malicious user can add themselves to Administrators group and run any process with elevated permissions...

CVE-2025-6250 Privilege Management for Windows - Elevation of Privilege

Prior to 25.4.270.0, when wmic.exe is elevated with a full admin token the user can stop the Defendpoint service, bypassing anti-tamper protections. Once the service is disabled, the malicious user can add themselves to Administrators group and run any process with elevated permissions...

CVE-2025-6250 Privilege Management for Windows - Elevation of Privilege

Prior to 25.4.270.0, when wmic.exe is elevated with a full admin token the user can stop the Defendpoint service, bypassing anti-tamper protections. Once the service is disabled, the malicious user can add themselves to Administrators group and run any process with elevated permissions...

CVE-2025-6250

CVE-2025-6250 — Normal mode : Multiple sources describe a privilege escalation in BeyondTrust Privilege Management for Windows prior to 25.4.270.0 via wmic.exe. When a user runs wmic.exe with a full admin token, they can stop the Defendpoint service, bypass anti-tamper protections, and add themse...

PT-2025-32523 · Linksys · Linksys Re9000 +5

Name of the Vulnerable Software and Affected Versions: Linksys RE6250, RE6300, RE6350, RE6500, RE7000, and RE9000 versions up to 20250801 Description: A vulnerability exists in Linksys Wi-Fi range extender models. The issue resides in the langSwitchBack function of the /goform/langSwitchBack file...

CVE-2020-6250

SAP Adaptive Server Enterprise, version 16.0, allows an authenticated attacker to exploit certain misconfigured endpoints exposed over the adjacent network, to read system administrator password leading to Information Disclosure. This could help the attacker to read/write any data and even stop t...

CVE-2024-6250 Absolute Path Traversal in parisneo/lollms-webui

An absolute path traversal vulnerability exists in parisneo/lollms-webui v9.6, specifically in the openfile endpoint of lollmsadvanced.py. The sanitizepath function with allowabsolutepath=True allows an attacker to access arbitrary files and directories on a Windows system. This vulnerability can...

CVE-2023-6250

creationtimestamp| type| source ---|---|--- 2023-12-26 20:26:59+00:00| seen| https://t.me/ctinow/159446 2024-01-02 23:16:45+00:00| seen| https://t.me/ctinow/162080...

CVE-2023-6250

The vulnerability CVE-2023-6250 affects WordPress plugin BestWebSoft’s Like & Share (versions before 2.74). The issue causes unauthenticated users to access the content of password‑protected posts via a meta tag vulnerability in the plugin. Impact is disclosure of restricted post content; no expl...