Lucene search
K

2838 matches found

CNNVD
CNNVD
added 2025/02/19 12:0 a.m.3 views

Bento4 安全漏洞

Bento4 is an open source C++ library for reading and writing MP4 files from Axiomatic Systems. A security vulnerability exists in Bento4 version v1.6.0-641, which originates from an information leak in Ap4DescriptorFactory.cpp...

6.5CVSS6.5AI score0.00351EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2025/02/19 12:0 a.m.9 views

PT-2025-7585 · Bento4 · Bento4

Name of the Vulnerable Software and Affected Versions: Bento4 version 1.6.0-641 Description: An issue in Bento4 allows an attacker to obtain sensitive information via the Mp4Fragment.cpp and in AP4 DescriptorFactory::CreateDescriptorFromStream at Ap4DescriptorFactory.cpp. Recommendations: For...

6.5CVSS6.7AI score0.00351EPSS
Exploits1References6
Trend Micro Simply Security
Trend Micro Simply Security
added 2025/02/18 12:0 a.m.72 views

Earth Preta Mixes Legitimate and Malicious Components to Sidestep Detection

Our Threat Hunting team discusses Earth Preta’s latest technique, in which the APT group leverages MAVInject and Setup Factory to deploy payloads, bypass ESET antivirus, and maintain control over compromised systems...

7.3AI score
Exploits0
CNVD
CNVD
added 2025/02/17 12:0 a.m.12 views

Google Android onCreate function authorization issue vulnerability

Google Android is a Linux-based open source operating system from Google. Google Android suffers from an authorization issue vulnerability that stems from a lack of permission checking in the onCreate function of ChooserActivity.java, which can be exploited by an attacker to cause a bypass of...

8.4CVSS6.5AI score0.00085EPSS
Exploits0References1
CNVD
CNVD
added 2025/02/17 12:0 a.m.9 views

Google Android shouldSkipForInitialSUW function authorization issue vulnerability

Google Android is a Linux-based open source operating system from Google. Google Android suffers from an authorization issue vulnerability that stems from a lack of permission checking in the shouldSkipForInitialSUW function of AdvancedPowerUsageDetail.java, which can be exploited by an attacker ...

8.4CVSS6.5AI score0.00085EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/02/14 2:51 p.m.6 views

CVE-2025-26361

A CWE-306 "Missing Authentication for Critical Function" in maxprofile/setup/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an unauthenticated remote attacker to factory reset the device via crafted HTTP requests...

9.1CVSS7.1AI score0.00786EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/02/13 12:0 a.m.5 views

Schneider Electric EcoStruxure Control Expert、EcoStruxure Process Expert和OPC Factory Server 输入验证错误漏洞

Schneider Electric EcoStruxure Control Expert formerly known as Unity Pro, among others, is a product of Schneider Electric, France.Schneider Electric EcoStruxure Control Expert is a suite of programming software for Schneider Electric logic controller products. Schneider Electric EcoStruxure...

6.8CVSS6.3AI score0.00143EPSS
Exploits0References1
OSV
OSV
added 2025/02/12 2:15 p.m.7 views

CVE-2025-26361

A CWE-306 "Missing Authentication for Critical Function" in maxprofile/setup/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an unauthenticated remote attacker to factory reset the device via crafted HTTP requests...

9.1CVSS5.8AI score0.00786EPSS
Exploits0References1
NVD
NVD
added 2025/02/12 2:15 p.m.20 views

CVE-2025-26361

A CWE-306 "Missing Authentication for Critical Function" in maxprofile/setup/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an unauthenticated remote attacker to factory reset the device via crafted HTTP requests...

9.1CVSS0.00786EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/02/12 1:29 p.m.5 views

CVE-2025-26361

A CWE-306 "Missing Authentication for Critical Function" in maxprofile/setup/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an unauthenticated remote attacker to factory reset the device via crafted HTTP requests...

9.1CVSS9.3AI score0.00786EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/02/12 1:29 p.m.11 views

CVE-2025-26361

A CWE-306 "Missing Authentication for Critical Function" in maxprofile/setup/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an unauthenticated remote attacker to factory reset the device via crafted HTTP requests...

9.1CVSS0.00786EPSS
Exploits0References1
CVE
CVE
added 2025/02/12 1:29 p.m.60 views

CVE-2025-26361

CVE-2025-26361 affects Q-Free MaxTime (versions up to 2.11.0). The vulnerability is due to missing authentication for a critical function in maxprofile/setup/routes.lua, enabling an unauthenticated remote attacker to factory reset the device via crafted HTTP requests. Some sources confirm the iss...

9.1CVSS9.3AI score0.00786EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2025/02/12 12:0 a.m.6 views

PT-2025-7150 · Q Free · Q-Free Maxtime

Name of the Vulnerable Software and Affected Versions: Q-Free MaxTime versions 2.11.0 and earlier Description: The issue is related to missing authentication for a critical function in maxprofile/setup/routes.lua, allowing an unauthenticated remote attacker to factory reset the device via crafted...

9.1CVSS7.3AI score0.00786EPSS
Exploits0References4
CNNVD
CNNVD
added 2025/02/12 12:0 a.m.4 views

Q-Free MAXTIME Suite 访问控制错误漏洞

Q-Free MAXTIME Suite is a software suite for local traffic signal management from Q-Free. An access control error vulnerability exists in Q-Free MAXTIME Suite version 2.11.0 and prior versions, which stems from a lack of authentication for critical functions in maxprofile/setup/routes.lua. An...

9.1CVSS6.7AI score0.00786EPSS
Exploits0References1
GithubExploit
GithubExploit
added 2025/02/06 8:24 p.m.96 views

Exploit for CVE-2024-35106

NEXTU FLETA Wifi6 Router DOS, Potential RCE POC This document...

4.6CVSS8.8AI score0.00506EPSS
Exploits1
RedhatCVE
RedhatCVE
added 2025/02/05 12:31 p.m.16 views

CVE-2024-43050

Memory corruption while invoking IOCTL calls from user space to issue factory test command inside WLAN driver...

7.8CVSS7.2AI score0.00103EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/02/05 12:12 p.m.9 views

CVE-2024-52803

LLama Factory enables fine-tuning of large language models. A critical remote OS command injection vulnerability has been identified in the LLama Factory training process. This vulnerability arises from improper handling of user input, allowing malicious actors to execute arbitrary OS commands on...

9.8CVSS7.9AI score0.02273EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/02/05 8:7 a.m.11 views

CVE-2024-29082

Improper access control vulnerability affecting Vonets industrial wifi bridge relays and wifi bridge repeaters, software versions 3.3.23.6.9 and prior, enables an unauthenticated remote attacker to bypass authentication and factory reset the device via unprotected goform endpoints...

8.8CVSS7.5AI score0.00797EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/02/05 6:42 a.m.7 views

CVE-2024-50357

FutureNet NXR series routers provided by Century Systems Co., Ltd. have REST-APIs, which are configured as disabled in the initial factory default configuration. But, REST-APIs are unexpectedly enabled when the affected product is powered up, provided either http-server GUI or Web authentication ...

9.8CVSS7.4AI score0.00556EPSS
Exploits0References1
vulnersOsv
vulnersOsv
added 2025/02/04 12:30 p.m.10 views

ai.grakn:grakn (>=0.13.0 <=0.14.0), ai.grakn:grakn-client (>=0.13.0 <=0.14.0) +374 more potentially affected by CVE-2025-23015 via org.apache.cassandra:cassandra-all (>=0.7.0-rc4 <=3.0.3)

org.apache.cassandra:cassandra-all MAVEN version =0.7.0-rc4, =0.13.0, =0.13.0, =0.13.0, =0.13.0, =0.7.0, =0.13.0, =0.13.0, =0.13.0, =0.13.0, =0.13.0, =0.13.0, =0.10.0, =0.13.0, =0.15.0, =0.6.1, =0.10.0 and more Source cves: CVE-2025-23015 Source advisory: OSV:GHSA-WMCC-9VCH-JMX4...

8.8CVSS7.2AI score0.00964EPSS
Exploits0
Rows per page
Query Builder