CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

NVD•added 2025/08/21 1:15 a.m.•6 views

CVE-2025-27214

A Missing Authentication for Critical Function vulnerability in the UniFi Connect EV Station Pro may allow a malicious actor with physical or adjacent access to perform an unauthorized factory reset. Affected Products: UniFi Connect EV Station Pro Version 1.5.18 and earlier Mitigation: Update Uni...

9.8CVSS0.00374EPSS

CVE•added 2025/08/21 12:1 a.m.•20 views

CVE-2025-27214

The CVE-2025-27214 entry concerns UniFi Connect EV Station Pro (versions up to 1.5.18) where a Missing Authentication for Critical Function vulnerability could allow a nearby or physically present attacker to trigger an unauthorized factory reset. The core issue is lack of authentication for crit...

9.8CVSS6.9AI score0.00374EPSS

Cvelist•added 2025/08/21 12:1 a.m.•7 views

CVE-2025-27214

0.00374EPSS

Vulnrichment•added 2025/08/21 12:1 a.m.•4 views

CVE-2025-27214

6.9AI score0.00374EPSS

CNNVD•added 2025/08/21 12:0 a.m.•1 views

Ubiquiti UniFi Connect EV Station 安全漏洞

Ubiquiti UniFi Connect EV Station is an electric vehicle station from Ubiquiti USA. A security vulnerability exists in the Ubiquiti UniFi Connect EV Station version 1.5.18 and earlier, which stems from a lack of authentication for critical functions and could result in an unauthorized restoration...

9.8CVSS6.9AI score0.00374EPSS

Tenable Nessus•added 2025/08/19 12:0 a.m.•3 views

Linux Distros Unpatched Vulnerability : CVE-2020-10672

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to...

8.8CVSS7AI score0.02959EPSS

Tenable Nessus•added 2025/08/19 12:0 a.m.•3 views

Linux Distros Unpatched Vulnerability : CVE-2022-31251

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A Incorrect Default Permissions vulnerability in the packaging of the slurm testsuite of openSUSE Factory allows local attackers with control over the slurm use...

6.5CVSS6.3AI score0.00203EPSS

Exploits1References2

Tenable Nessus•added 2025/08/19 12:0 a.m.•3 views

Linux Distros Unpatched Vulnerability : CVE-2014-7931

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - factory.cc in Google V8, as used in Google Chrome before 40.0.2214.91, allows remote attackers to cause a denial of service memory corruption or possibly have...

7.5CVSS8.5AI score0.01791EPSS

Tenable Nessus•added 2025/08/18 12:0 a.m.•5 views

Linux Distros Unpatched Vulnerability : CVE-2021-25319

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A Incorrect Default Permissions vulnerability in the packaging of virtualbox of openSUSE Factory allows local attackers in the vboxusers groupu to escalate to...

7.8CVSS7.1AI score0.00255EPSS

Tenable Nessus•added 2025/08/18 12:0 a.m.•4 views

Linux Distros Unpatched Vulnerability : CVE-2021-25322

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A UNIX Symbolic Link Symlink Following vulnerability in python-HyperKitty of openSUSE Leap 15.2, Factory allows local attackers to escalate privileges from the...

7.8CVSS6.9AI score0.00437EPSS

Exploits1References2

RedhatCVE•added 2025/08/17 8:29 a.m.•12 views

CVE-2025-7778

The Icons Factory plugin for WordPress is vulnerable to Arbitrary File Deletion due to insufficient authorization and improper path validation within the deletefiles function in all versions up to, and including, 1.6.12. This makes it possible for unauthenticated attackers to to delete arbitrary...

9.8CVSS8.3AI score0.00628EPSS

Patchstack•added 2025/08/15 11:22 p.m.•5 views

WordPress Icons Factory plugin <= 1.6.12 - Missing Authorization to Unauthenticated Arbitrary File Deletion via delete_files() Function vulnerability

Missing Authorization to Unauthenticated Arbitrary File Deletion via deletefiles Function vulnerability discovered by johska in WordPress Plugin Icons Factory versions = 1.6.12...

9.8CVSS6.7AI score0.00628EPSS

Exploits0References1Affected Software1

NVD•added 2025/08/15 9:15 a.m.•5 views

CVE-2025-7778

9.8CVSS0.00628EPSS

CVE•added 2025/08/15 8:25 a.m.•24 views

CVE-2025-7778

The CVE-2025-7778 entry concerns the Icons Factory WordPress plugin (versions up to and including 1.6.12). The vulnerability arises from missing authorization and improper path validation in delete_files(), enabling unauthenticated attackers to delete arbitrary server files (potentially including...

9.8CVSS8.2AI score0.00628EPSS

Cvelist•added 2025/08/15 8:25 a.m.•8 views

CVE-2025-7778 Icons Factory <= 1.6.12 - Missing Authorization to Unauthenticated Arbitrary File Deletion via delete_files() Function

9.8CVSS0.00628EPSS

Vulnrichment•added 2025/08/15 8:25 a.m.•2 views

CVE-2025-7778 Icons Factory <= 1.6.12 - Missing Authorization to Unauthenticated Arbitrary File Deletion via delete_files() Function

9.8CVSS7.5AI score0.00628EPSS