Lucene search
K

35 matches found

RedhatCVE
RedhatCVE
added 2025/12/17 12:55 a.m.12 views

CVE-2025-63414

A Path Traversal vulnerability in the Allsky WebUI version v2024.12.0606 allows an unauthenticated remote attacker to achieve arbitrary command execution. By sending a crafted HTTP request to the /html/execute.php endpoint with a malicious payload in the id parameter, an attacker can execute...

10CVSS8.9AI score0.01624EPSS
Exploits1References1
EUVD
EUVD
added 2025/12/16 6:31 p.m.5 views

EUVD-2025-203804

A Path Traversal vulnerability in the Allsky WebUI version v2024.12.0606 allows an unauthenticated remote attacker to achieve arbitrary command execution. By sending a crafted HTTP request to the /html/execute.php endpoint with a malicious payload in the id parameter, an attacker can execute...

10CVSS8.4AI score0.01624EPSS
Exploits1References4
NVD
NVD
added 2025/12/16 5:16 p.m.3 views

CVE-2025-63414

A Path Traversal vulnerability in the Allsky WebUI version v2024.12.0606 allows an unauthenticated remote attacker to achieve arbitrary command execution. By sending a crafted HTTP request to the /html/execute.php endpoint with a malicious payload in the id parameter, an attacker can execute...

10CVSS0.01624EPSS
Exploits1References3
OSV
OSV
added 2025/12/16 5:16 p.m.6 views

CVE-2025-63414

A Path Traversal vulnerability in the Allsky WebUI version v2024.12.0606 allows an unauthenticated remote attacker to achieve arbitrary command execution. By sending a crafted HTTP request to the /html/execute.php endpoint with a malicious payload in the id parameter, an attacker can execute...

10CVSS8.8AI score0.01624EPSS
Exploits1References3
Cvelist
Cvelist
added 2025/12/16 12:0 a.m.28 views

CVE-2025-63414

A Path Traversal vulnerability in the Allsky WebUI version v2024.12.0606 allows an unauthenticated remote attacker to achieve arbitrary command execution. By sending a crafted HTTP request to the /html/execute.php endpoint with a malicious payload in the id parameter, an attacker can execute...

0.01624EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2025/12/16 12:0 a.m.3 views

CVE-2025-63414

A Path Traversal vulnerability in the Allsky WebUI version v2024.12.0606 allows an unauthenticated remote attacker to achieve arbitrary command execution. By sending a crafted HTTP request to the /html/execute.php endpoint with a malicious payload in the id parameter, an attacker can execute...

8.5AI score0.01624EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2025/12/16 12:0 a.m.5 views

PT-2025-51740

Name of the Vulnerable Software and Affected Versions Allsky WebUI version v2024.12.06 06 Description A path traversal flaw exists in Allsky WebUI version v2024.12.06 06 that permits an unauthenticated remote attacker to execute commands on the system. This is achieved by submitting a specially...

10CVSS8.4AI score0.01624EPSS
Exploits1References9
CNNVD
CNNVD
added 2025/12/16 12:0 a.m.5 views

Allsky Camera 安全漏洞

Allsky Camera is an Allsky open source camera system for photographing and monitoring the entire sky. A security vulnerability exists in Allsky Camera version v2024.12.0606, which originates from path traversal and could lead to arbitrary command execution...

10CVSS7.1AI score0.01624EPSS
Exploits1References4
CVE
CVE
added 2025/12/16 12:0 a.m.19 views

CVE-2025-63414

CVE-2025-63414 describes a Path Traversal in Allsky WebUI v2024.12.06_06 that allows unauthenticated remote command execution via /html/execute.php with a crafted id payload, leading to full remote code execution. The issue is confirmed across multiple sources (Red Hat CVE entry, EUVD/ENISA entry...

10CVSS8.5AI score0.01624EPSS
Exploits1References3Affected Software1
RedhatCVE
RedhatCVE
added 2025/12/10 1:35 a.m.3 views

CVE-2025-65572

Cross Site Scripting XSS vulnerability in AllskyTeam AllSky v2024.12.0606 allows remote attackers to execute arbitrary code via the 1 config, 2 filename, or 3 extratext parameter to allskySettings.php. When the page is reloaded or when user visits allskySettings.php, the showMessages function in...

6.1CVSS6.7AI score0.00344EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/12/10 1:35 a.m.5 views

CVE-2025-65573

Cross Site Request Forgery CSRF vulnerability in AllskyTeam AllSky v2024.12.0606 allows remote attackers to cause a denial of service via function handleinterfacePOSTandstatus...

8.8CVSS6.7AI score0.00272EPSS
Exploits1References1
EUVD
EUVD
added 2025/12/09 9:31 p.m.2 views

EUVD-2025-202320

Cross Site Scripting XSS vulnerability in AllskyTeam AllSky v2024.12.0606 allows remote attackers to execute arbitrary code via the 1 config, 2 filename, or 3 extratext parameter to allskySettings.php. When the page is reloaded or when user visits allskySettings.php, the showMessages function in...

6.2AI score0.00344EPSS
Exploits1References5
EUVD
EUVD
added 2025/12/09 9:31 p.m.3 views

EUVD-2025-202322

Cross Site Request Forgery CSRF vulnerability in AllskyTeam AllSky v2024.12.0606 allows remote attackers to cause a denial of service via function handleinterfacePOSTandstatus...

6.2AI score0.00272EPSS
Exploits1References6
NVD
NVD
added 2025/12/09 7:15 p.m.2 views

CVE-2025-65572

Cross Site Scripting XSS vulnerability in AllskyTeam AllSky v2024.12.0606 allows remote attackers to execute arbitrary code via the 1 config, 2 filename, or 3 extratext parameter to allskySettings.php. When the page is reloaded or when user visits allskySettings.php, the showMessages function in...

6.1CVSS0.00344EPSS
Exploits1References4
OSV
OSV
added 2025/12/09 7:15 p.m.4 views

CVE-2025-65573

Cross Site Request Forgery CSRF vulnerability in AllskyTeam AllSky v2024.12.0606 allows remote attackers to cause a denial of service via function handleinterfacePOSTandstatus...

8.8CVSS6.7AI score0.00272EPSS
Exploits1References5
OSV
OSV
added 2025/12/09 7:15 p.m.3 views

CVE-2025-65572

Cross Site Scripting XSS vulnerability in AllskyTeam AllSky v2024.12.0606 allows remote attackers to execute arbitrary code via the 1 config, 2 filename, or 3 extratext parameter to allskySettings.php. When the page is reloaded or when user visits allskySettings.php, the showMessages function in...

6.1CVSS6.7AI score0.00344EPSS
Exploits1References4
NVD
NVD
added 2025/12/09 7:15 p.m.3 views

CVE-2025-65573

Cross Site Request Forgery CSRF vulnerability in AllskyTeam AllSky v2024.12.0606 allows remote attackers to cause a denial of service via function handleinterfacePOSTandstatus...

8.8CVSS0.00272EPSS
Exploits1References5
CVE
CVE
added 2025/12/09 12:0 a.m.11 views

CVE-2025-65572

AllskyTeam AllSky v2024.12.06_06 is affected by a Cross Site Scripting (XSS) flaw in the allskySettings.php handler. The vulnerability arises from parameters (config, filename, extratext) that are processed by showMessages() in status_messages.php, allowing injected scripts to be printed and exec...

6.1CVSS6.3AI score0.00344EPSS
Exploits1References4Affected Software1
CVE
CVE
added 2025/12/09 12:0 a.m.11 views

CVE-2025-65573

CVE-2025-65573 affects AllskyTeam AllSky v2024.12.06_06. The issue is a Cross Site Request Forgery (CSRF) that allows remote attackers to cause a denial of service via the function handle_interface_POST_and_status. The CVSSv3.1 vector is AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H with a base score of 8....

8.8CVSS6.4AI score0.00272EPSS
Exploits1References5Affected Software1
Positive Technologies
Positive Technologies
added 2025/12/09 12:0 a.m.3 views

PT-2025-50210

Name of the Vulnerable Software and Affected Versions AllskyTeam AllSky version 2024.12.06 06 Description A Cross Site Request Forgery CSRF issue exists in AllskyTeam AllSky version 2024.12.06 06. This allows remote attackers to potentially cause a denial of service by exploiting the handle...

8.8CVSS6.6AI score0.00272EPSS
Exploits1References7
Rows per page
Query Builder