Lucene search
K

2877 matches found

EUVD
EUVD
added 2026/06/04 6:46 a.m.11 views

EUVD-2026-34218

Incoming VPN network profile settings fail to process special characters safely, enabling command injection via malicious config files...

8.5CVSS5.8AI score0.0072EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/04 12:0 a.m.11 views

Acer M6E 安全漏洞

The Acer M6E is a portable 5G mobile hotspot device from Acer, a company based in Taiwan, China. The Acer M6E has a security vulnerability. This vulnerability stems from the lack of authorization verification for the key management API endpoints involved in cellular eSIM allocation. As a result,...

8.3CVSS5.3AI score0.00168EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/02 2:15 p.m.11 views

CVE-2026-47117 OpenMed < 1.5.2 Remote Code Execution via PII Model Loading

OpenMed before 1.5.2 contains a remote code execution vulnerability in the PII privacy-filter model loading path. The privacy-filter dispatcher used broad substring matching on the user-supplied modelname parameter, allowing a value such as attacker/foo-privacy-filter-bar to route through a path...

9.8CVSS6.5AI score0.00915EPSS
Exploits0References4
Ubuntu
Ubuntu
added 2026/06/02 2:5 p.m.16 views

USN-8238-2: EditorConfig vulnerability

USN-8238-1 fixed a vulnerability in EditorConfig. This update contains the corresponding fix for Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, and Ubuntu 22.04 LTS. Original advisory details: It was discovered that EditorConfig incorrectly handled specially crafted configuration files. A...

8.6CVSS5.8AI score0.00151EPSS
Exploits1
OSV
OSV
added 2026/06/02 2:5 p.m.11 views

USN-8238-2 editorconfig-core vulnerability

USN-8238-1 fixed a vulnerability in EditorConfig. This update contains the corresponding fix for Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, and Ubuntu 22.04 LTS. Original advisory details: It was discovered that EditorConfig incorrectly handled specially crafted configuration files. A...

8.6CVSS5.8AI score0.00151EPSS
Exploits1References2
CNNVD
CNNVD
added 2026/06/02 12:0 a.m.7 views

NamelessMC 安全漏洞

NamelessMC is a free, easy-to-use, and powerful website software developed by the NamelessMC team. It’s suitable for your Minecraft server and comes with numerous features. Version 2.2.4 of NamelessMC has a security vulnerability. This vulnerability arises from the fact that the...

5.3CVSS5.4AI score0.00235EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/01 12:0 a.m.18 views

TRAC PDBM 安全漏洞

TRAC PDBM is an industrial automation process database management software developed by the Slovenian company TRAC. TRAC PDBM has a security vulnerability that stems from the use of static, hard-coded keys. This vulnerability could allow attackers to decrypt credentials stored in configuration...

6.4CVSS5.4AI score0.00065EPSS
Exploits0References1
OSV
OSV
added 2026/06/01 12:0 a.m.27 views

MAL-2026-5143 Malicious code in @redhat-cloud-services/javascript-clients-shared (npm)

Part of the "Mini Shai-Hulud" supply chain worm campaign that compromised the GitHub Actions OIDC trusted publisher shared by Red Hat Cloud Services npm packages. The attacker injected a preinstall hook into this and 31 other packages in the @redhat-cloud-services scope. The hook delivers a...

6.2AI score
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/05/30 2:55 p.m.12 views

CVE-2018-25408

The Open ISES Project 3.30A contains a path traversal vulnerability in the ajax/download.php endpoint that allows unauthenticated attackers to download arbitrary files by manipulating the filename parameter. Attackers can supply directory traversal sequences ../ in the filename parameter to acces...

8.7CVSS5.9AI score0.00638EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2026/05/30 2:55 p.m.39 views

CVE-2018-25408 The Open ISES Project 3.30A Path Traversal Arbitrary File Download

The Open ISES Project 3.30A contains a path traversal vulnerability in the ajax/download.php endpoint that allows unauthenticated attackers to download arbitrary files by manipulating the filename parameter. Attackers can supply directory traversal sequences ../ in the filename parameter to acces...

8.7CVSS0.00638EPSS
Exploits0References4
CVE
CVE
added 2026/05/30 2:55 p.m.28 views

CVE-2018-25408

The Open ISES Project 3.30A contains a path traversal vulnerability in the ajax/download.php endpoint that lets unauthenticated attackers download arbitrary files by supplying directory traversal sequences (e.g., ../) in the filename parameter. Affected component: ajax/download.php within The Ope...

8.7CVSS5.9AI score0.00638EPSS
Exploits0References4
EUVD
EUVD
added 2026/05/30 2:55 p.m.17 views

EUVD-2018-21930

The Open ISES Project 3.30A contains a path traversal vulnerability in the ajax/download.php endpoint that allows unauthenticated attackers to download arbitrary files by manipulating the filename parameter. Attackers can supply directory traversal sequences ../ in the filename parameter to acces...

8.7CVSS5.9AI score0.00638EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/05/29 2:46 p.m.15 views

CVE-2018-25393 Navigate CMS 2.8.5 Path Traversal via navigate_download.php

Navigate CMS 2.8.5 contains a path traversal vulnerability that allows authenticated users to download arbitrary files by injecting directory traversal sequences in the id parameter. Attackers can send GET requests to navigatedownload.php with path traversal payloads ../../../cfg/globals.php to...

7.1CVSS5.9AI score0.00565EPSS
Exploits0References4
NVD
NVD
added 2026/05/27 8:16 a.m.17 views

CVE-2025-41670

A local user with low privileges may be able to influence the behavior of a privileged system service by manipulating configuration or application-related files located in user-writable areas of the filesystem. The affected service processes data from locations that are not sufficiently protected...

8.7CVSS0.0019EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/27 7:17 a.m.30 views

CVE-2025-41670 Untrusted Search Path

A local user with low privileges may be able to influence the behavior of a privileged system service by manipulating configuration or application-related files located in user-writable areas of the filesystem. The affected service processes data from locations that are not sufficiently protected...

8.7CVSS0.0019EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/27 7:17 a.m.9 views

EUVD-2025-209951

A local user with low privileges may be able to influence the behavior of a privileged system service by manipulating configuration or application-related files located in user-writable areas of the filesystem. The affected service processes data from locations that are not sufficiently protected...

8.7CVSS5.8AI score0.0019EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/27 7:17 a.m.9 views

CVE-2025-41670

A local user with low privileges may be able to influence the behavior of a privileged system service by manipulating configuration or application-related files located in user-writable areas of the filesystem. The affected service processes data from locations that are not sufficiently protected...

8.7CVSS5.8AI score0.0019EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/05/27 7:17 a.m.8 views

CVE-2025-41670 Untrusted Search Path

A local user with low privileges may be able to influence the behavior of a privileged system service by manipulating configuration or application-related files located in user-writable areas of the filesystem. The affected service processes data from locations that are not sufficiently protected...

8.7CVSS5.8AI score0.0019EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2026/05/26 5:16 p.m.22 views

XWiki Platform has path traversal via resources parameter in ssx and jsx endpoints when using leading slash

Impact It's possible to get access and read configuration files by using URLs such as http://localhost:8080/bin/ssx/Main/WebHome?resource=/../../WEB-INF/xwiki.cfg&minify=false. This can apparently be reproduced on Tomcat instances. Patches This has been patched in 18.0.0-rc-1, 17.10.3, 17.4.9,...

9.3CVSS5.8AI score0.19538EPSS
Exploits1References5Affected Software1
GithubExploit
GithubExploit
added 2026/05/26 1:6 p.m.92 views

Exploit for CVE-2020-25078

ABYSS C2 — HiSilicon DVR Exploit Framework ⚠️ EDUCATIONAL...

7.5CVSS7.6AI score0.97901EPSS
Exploits4
Rows per page
Query Builder