Lucene search
K

767 matches found

CVE
CVE
added 2026/01/23 3:1 a.m.18 views

CVE-2026-0792

CVE-2026-0792 concerns the ALGO 8180 IP Audio Alerter. The flaw is a stack-based buffer overflow in the handling of the SIP SIP INVITE Alert-Info header, caused by insufficient validation of the length of user-supplied data before copying it into a fixed-length buffer. This can allow remote code ...

9.8CVSS6.5AI score0.00631EPSS
Exploits0References1Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/01/23 3:1 a.m.2 views

CVE-2026-0787

ALGO 8180 IP Audio Alerter SAC Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of ALGO 8180 IP Audio Alerter devices. Authentication is not required to exploit this vulnerability. The specific fl...

8.1CVSS6.3AI score0.01278EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/01/23 2:47 a.m.5 views

CVE-2025-15063

Ollama MCP Server execAsync Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ollama MCP Server. Authentication is not required to exploit this vulnerability. The specific flaw exists within the...

9.8CVSS6.3AI score0.02111EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/01/09 9:7 a.m.9 views

CVE-2020-10930

This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of NETGEAR R6700 V1.0.4.8410.0.58 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of URLs. The issue results from th...

6.5CVSS5.8AI score0.00916EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 8:53 a.m.9 views

CVE-2021-27245

This vulnerability allows a firewall bypass on affected installations of TP-Link Archer A7 prior to Archer C7USV5210125 and Archer A7USV5200220 AC1750 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of IPv6 connections. The issue...

9.3CVSS6.8AI score0.03215EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 8:53 a.m.14 views

CVE-2021-27239

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R6400 and R6700 firmware version 1.0.4.98 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the upnpd service, which listens on...

8.8CVSS7.6AI score0.00746EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 8:50 a.m.10 views

CVE-2021-31439

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Synology DiskStation Manager. Authentication is not required to exploit this vulnerablity. The specific flaw exists within the processing of DSI structures in Netatalk. The issue results fr...

8.8CVSS7AI score0.02331EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 8:41 a.m.10 views

CVE-2022-0194

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Netatalk. Authentication is not required to exploit this vulnerability. The specific flaw exists within the adaddcomment function. The issue results from the lack of proper validation of the length o...

9.8CVSS7.1AI score0.04409EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 8:36 a.m.13 views

CVE-2020-10914

This vulnerability allows remote attackers to execute arbitrary code on affected installations of VEEAM One Agent 9.5.4.4587. Authentication is not required to exploit this vulnerability. The specific flaw exists within the PerformHandshake method. The issue results from the lack of proper...

9.8CVSS7.3AI score0.4703EPSS
Exploits3References1
RedhatCVE
RedhatCVE
added 2026/01/09 8:36 a.m.11 views

CVE-2020-10925

This vulnerability allows network-adjacent attackers to compromise the integrity of downloaded information on affected installations of NETGEAR R6700 V1.0.4.8410.0.58 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the downloading of files vi...

8.8CVSS6.7AI score0.01431EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 8:35 a.m.10 views

CVE-2020-10917

This vulnerability allows remote attackers to execute arbitrary code on affected installations of NEC ESMPRO Manager 6.42. Authentication is not required to exploit this vulnerability. The specific flaw exists within the RMI service. The issue results from the lack of proper validation of...

9.8CVSS7.4AI score0.05574EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 8:35 a.m.14 views

CVE-2020-10915

This vulnerability allows remote attackers to execute arbitrary code on affected installations of VEEAM One Agent 9.5.4.4587. Authentication is not required to exploit this vulnerability. The specific flaw exists within the HandshakeResult method. The issue results from the lack of proper...

9.8CVSS7.3AI score0.86619EPSS
Exploits4References1
Zero Day Initiative
Zero Day Initiative
added 2026/01/09 12:0 a.m.8 views

(0Day) WatchYourLAN Configuration Page Argument Injection Remote Code Execution Vulnerability

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of WatchYourLAN. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of the arpstrs parameter. The issue results from the lack of proper...

8.8CVSS7.3AI score0.00665EPSS
Exploits0
NVD
NVD
added 2026/01/08 1:15 p.m.9 views

CVE-2025-69260

A message out-of-bounds read vulnerability in Trend Micro Apex Central could allow a remote attacker to create a denial-of-service condition on affected installations. Please note: authentication is not required in order to exploit this vulnerability...

7.5CVSS0.01419EPSS
Exploits1References3
Cvelist
Cvelist
added 2026/01/08 12:50 p.m.23 views

CVE-2025-69259

A message unchecked NULL return value vulnerability in Trend Micro Apex Central could allow a remote attacker to create a denial-of-service condition on affected installations. Please note: authentication is not required in order to exploit this vulnerability...

7.5CVSS0.01419EPSS
Exploits1References3
CVE
CVE
added 2026/01/08 12:50 p.m.36 views

CVE-2025-69259

Trend Micro Apex Central is affected by CVE-2025-69259, a remote-unauthenticated vulnerability characterized as a message unchecked NULL return value that can cause a denial-of-service. Connected sources (JVNDB, RH, NCSC, CNNVD) confirm a multi-vulnerability context for Trend Micro Apex Central a...

7.5CVSS6.7AI score0.01419EPSS
Exploits1References3Affected Software1
RedhatCVE
RedhatCVE
added 2026/01/07 9:16 a.m.8 views

CVE-2022-27644

This vulnerability allows network-adjacent attackers to compromise the integrity of downloaded information on affected installations of NETGEAR R6700v3 1.0.4.12010.0.91 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the downloading of files...

8.8CVSS6.7AI score0.00339EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2025/12/23 9:4 p.m.3 views

CVE-2025-14931 Hugging Face smolagents Remote Python Executor Deserialization of Untrusted Data Remote Code Execution Vulnerability

Hugging Face smolagents Remote Python Executor Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Hugging Face smolagents. Authentication is not required to exploit this...

10CVSS7.6AI score0.0083EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/11/21 10:35 p.m.10 views

CVE-2025-63603

A command injection vulnerability exists in the MCP Data Science Server's reading-plus-ai/mcp-server-data-exploration 0.1.6 in the safeeval function src/mcpserverds/server.py:108. The function uses Python's exec to execute user-supplied scripts but fails to restrict the builtins dictionary in the...

6.5CVSS8.3AI score0.00796EPSS
Exploits1References1
OSV
OSV
added 2025/11/18 4:15 p.m.5 views

CVE-2025-63603

A command injection vulnerability exists in the MCP Data Science Server's reading-plus-ai/mcp-server-data-exploration 0.1.6 in the safeeval function src/mcpserverds/server.py:108. The function uses Python's exec to execute user-supplied scripts but fails to restrict the builtins dictionary in the...

6.5CVSS6.1AI score0.00796EPSS
Exploits1References1
Rows per page
Query Builder