Lucene search
K

995 matches found

RedhatCVE
RedhatCVE
added 2026/01/09 9:17 a.m.9 views

CVE-2025-23056

A vulnerability in the web management interface of HPE Aruba Networking Fabric Composer could allow an authenticated remote attacker to conduct a stored cross-site scripting XSS attack. If successfully exploited, a threat actor could run arbitrary script code in a victim's web browser within the...

5.5CVSS5.6AI score0.00258EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 8:36 a.m.7 views

CVE-2020-7304

Cross site request forgery vulnerability in McAfee Data Loss Prevention DLP ePO extension prior to 11.5.3 allows authenticated remote attacker to embed a CRSF script via adding a new label...

7.6CVSS6.5AI score0.00487EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 8:33 a.m.7 views

CVE-2024-41915

A vulnerability in the web-based management interface of ClearPass Policy Manager could allow an authenticated remote attacker to conduct SQL injection attacks against the ClearPass Policy Manager instance. An attacker could exploit this vulnerability to obtain and modify sensitive information in...

8.8CVSS7.2AI score0.00547EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/08 3:14 a.m.4 views

CVE-2025-15382

A heap buffer over-read vulnerability exists in the wolfSSHCleanPath function in wolfSSH. An authenticated remote attacker can trigger the issue via crafted SCP path input containing '/./' sequences, resulting in a heap over read by 1 byte...

5.1CVSS7AI score0.00302EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/01/05 12:0 a.m.4 views

Quanta QOCA aim AI Medical Cloud Platform 安全漏洞

Quanta QOCA aim AI Medical Cloud Platform is an artificial intelligence AI medical cloud computing integration platform from Quanta, a Taiwan, China-based company that provides comprehensive AI model development tools covering the entire process from AI development to clinical applications. A...

5.3CVSS6.6AI score0.00304EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/01/05 12:0 a.m.8 views

Quanta QOCA aim AI Medical Cloud Platform 安全漏洞

Quanta QOCA aim AI Medical Cloud Platform is an artificial intelligence AI medical cloud computing integration platform from Quanta, a Taiwan, China-based company that provides comprehensive AI model development tools covering the entire process from AI development to clinical applications. Quant...

7.1CVSS6.6AI score0.00259EPSS
Exploits0References2
OSV
OSV
added 2026/01/02 3:16 p.m.4 views

CVE-2025-47208

An allocation of resources without limits or throttling vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains a user account, they can then exploit the vulnerability to prevent other systems, applications, or processes from accessing the same...

6.5CVSS5.8AI score0.00286EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/01/02 12:0 a.m.9 views

PT-2026-1076

Name of the Vulnerable Software and Affected Versions QNAP versions prior to QTS 5.2.7.3256 build 20250913 QNAP versions prior to QuTS hero h5.2.7.3256 build 20250913 QNAP versions prior to QuTS hero h5.3.0.3192 build 20250716 Description A buffer overflow condition exists in QNAP operating...

8.1CVSS7.1AI score0.00299EPSS
Exploits0References5
CNNVD
CNNVD
added 2025/12/31 12:0 a.m.5 views

QNO VPN Firewall 操作系统命令注入漏洞

QNO VPN Firewall is a multi-functional security gateway from Taiwan, China-based QNO. QNO VPN Firewall suffers from an operating system command injection vulnerability that originates from OS command injection, which could allow an authenticated remote attacker to execute arbitrary OS commands on...

8.8CVSS8AI score0.00872EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/12/09 10:44 a.m.33 views

CVE-2025-40935

A vulnerability has been identified in RUGGEDCOM RMC8388 V5.X All versions V5.10.1, RUGGEDCOM RS416Pv2 V5.X All versions V5.10.1, RUGGEDCOM RS416v2 V5.X All versions V5.10.1, RUGGEDCOM RS900 32M V5.X All versions V5.10.1, RUGGEDCOM RS900G 32M V5.X All versions V5.10.1, RUGGEDCOM RSG2100 32M V5.X...

5.3CVSS0.00226EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/12/08 12:0 a.m.7 views

PT-2025-49514

Vitals ESP developed by Galaxy Software Services has a SQL Injection vulnerability, allowing authenticated remote attackers to inject arbitrary SQL commands to read database contents...

7.1CVSS8AI score0.00283EPSS
Exploits0References3
EUVD
EUVD
added 2025/11/18 9:32 p.m.6 views

EUVD-2025-198085

A vulnerability in the command line interface of affected devices could allow an authenticated remote attacker to conduct a command injection attack. Successful exploitation could allow an attacker to execute arbitrary commands on the underlying operating system...

6.5CVSS7.5AI score0.00824EPSS
Exploits0References2
EUVD
EUVD
added 2025/11/18 9:32 p.m.5 views

EUVD-2025-198066

A vulnerability in the web management interface of the AOS-CX OS user authentication service could allow an authenticated remote attacker to hijack an active user session. Successful exploitation may enable the attacker to maintain unauthorized access to the session, potentially leading to the vi...

5.8CVSS6.4AI score0.00233EPSS
Exploits0References2
OSV
OSV
added 2025/11/18 8:15 p.m.5 views

CVE-2025-37162

A vulnerability in the command line interface of affected devices could allow an authenticated remote attacker to conduct a command injection attack. Successful exploitation could allow an attacker to execute arbitrary commands on the underlying operating system...

8.8CVSS6.1AI score0.00824EPSS
Exploits0References1
NVD
NVD
added 2025/11/18 7:15 p.m.8 views

CVE-2025-37157

A command injection vulnerability exists in the AOS-CX Operating System. Successful exploitation could allow an authenticated remote attacker to conduct a Remote Code Execution RCE on the affected system...

8.8CVSS0.0061EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/11/18 12:0 a.m.9 views

PT-2025-47387

Name of the Vulnerable Software and Affected Versions AOS-CX Operating System affected versions not specified Description A command injection vulnerability exists in the AOS-CX Operating System. Successful exploitation could allow an authenticated remote attacker to conduct a Remote Code Executio...

6.7CVSS7.5AI score0.0061EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2025/11/14 5:15 a.m.3 views

CVE-2025-64444

Improper neutralization of special elements used in an OS command 'OS Command Injection' issue exists in NCP-HG100 1.4.48.16 and earlier. If exploited, a remote attacker who has obtained the authentication information to log in to the management page of the product may execute an arbitrary OS...

8.6CVSS7.1AI score0.01256EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/11/10 12:0 a.m.7 views

PT-2025-45589

Name of the Vulnerable Software and Affected Versions U-Office Force affected versions not specified Description U-Office Force developed by e-Excellence is subject to a SQL Injection issue. This allows an authenticated remote attacker to inject arbitrary SQL commands, potentially leading to...

8.8CVSS7.5AI score0.00351EPSS
Exploits0References12
EUVD
EUVD
added 2025/11/07 6:30 p.m.6 views

EUVD-2025-38281

An allocation of resources without limits or throttling vulnerability has been reported to affect File Station 5. If a remote attacker gains a user account, they can then exploit the vulnerability to prevent other systems, applications, or processes from accessing the same type of resource. We ha...

7.1CVSS6.4AI score0.00452EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/11/07 3:14 p.m.7 views

CVE-2025-53409 File Station 5

An allocation of resources without limits or throttling vulnerability has been reported to affect File Station 5. If a remote attacker gains a user account, they can then exploit the vulnerability to prevent other systems, applications, or processes from accessing the same type of resource. We ha...

7.1CVSS0.00452EPSS
Exploits0References1
Rows per page
Query Builder