Lucene search
K

42 matches found

EUVD
EUVD
added 2026/02/24 12:10 a.m.4 views

EUVD-2026-7466

free5GC SMF provides Session Management Function for free5GC, an open-source project for 5th generation 5G mobile core networks. In versions up to and including 1.4.1, SMF panics due to nil pointer dereference and the SMF process terminates. This is triggered by a malformed PFCP...

8.7CVSS5.3AI score0.0031EPSS
Exploits1References2
RedhatCVE
RedhatCVE
added 2026/02/23 7:58 a.m.8 views

CVE-2026-2967

A security vulnerability has been detected in Cesanta Mongoose up to 7.20. This affects the function getpeer of the file /src/netbuiltin.c of the component TCP Sequence Number Handler. The manipulation leads to improper verification of source of a communication channel. The attack may be initiate...

6.3CVSS4.4AI score0.00491EPSS
Exploits1References2
RedhatCVE
RedhatCVE
added 2025/12/15 4:20 p.m.4 views

CVE-2025-37732

A flaw was found in Kibana. This vulnerability allows an authenticated user to render HTML tags within a user’s browser via the integration package upload functionality. Mitigation Restrict network access to the Kibana instance to only trusted users and networks. Implement firewall rules to limit...

5.4CVSS6.3AI score0.00151EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/07 12:30 a.m.3 views

EUVD-2002-0945

Malware in sbrugna...

7.5CVSS6.4AI score0.01485EPSS
Exploits0References5
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2001-1037

Malware in sbrugna...

7.5CVSS6.4AI score0.02439EPSS
Exploits0References6
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2022-51739

Malicious code in bioql PyPI...

10CVSS8.7AI score0.00902EPSS
Exploits1References3
CVE
CVE
added 2025/03/10 6:47 p.m.67 views

CVE-2025-27615

CVE-2025-27615 affects umatiGateway. The Red Hat entry describes that the user interface may be publicly accessible when using the provided docker-compose file, allowing configuration to be viewed and altered. The root cause appears to be UI exposure beyond localhost, with a patch in commit 5d81a...

8.2CVSS7.2AI score0.00486EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2024/08/22 12:0 a.m.9 views

PT-2024-27003 · Swissphone · Swissphone Dical-Red 4009

Name of the Vulnerable Software and Affected Versions: Swissphone DiCal-RED 4009 version not specified Description: The issue allows a remote attacker to gain read access to almost the whole file system via anonymous FTP. This could potentially expose sensitive data. There is no information...

7.6CVSS7.2AI score0.0061EPSS
Exploits1References9
CVE
CVE
added 2024/01/10 12:0 a.m.53 views

CVE-2023-41603

Summary: CVE-2023-41603 affects the D-Link R15 router. Multiple sources list that prior to firmware version 1.08.02 the device did not enforce firewall restrictions for IPv6 traffic, allowing unauthenticated network access to services listening on IPv6. Affected product/versions: D-Link R15 firmw...

5.3CVSS5.3AI score0.00492EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2023/08/21 12:0 a.m.5 views

PT-2023-8524 · D Link · D-Link R15

Name of the Vulnerable Software and Affected Versions: D-Link R15 versions prior to 1.08.02 Description: The issue is related to a lack of firewall restrictions for IPv6 traffic, allowing attackers to access services running on the device that may be listening via IPv6. This can enable unauthoriz...

5.3CVSS5.2AI score0.00492EPSS
Exploits0References6
hivepro
hivepro
added 2023/05/12 12:21 p.m.17 views

New Variant of BPFDoor Linux Malware Features Enhanced Encryption and Stealthy Communication

Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary A new variant of the Linux malware BPFDoor has been discovered, featuring more robust encryption and reverse shell communication. It uses the BPF to bypass firewall restrictions, allowing threat actors t...

6.9AI score
Exploits0
NVD
NVD
added 2022/12/09 8:15 p.m.24 views

CVE-2022-4390

A network misconfiguration is present in versions prior to 1.0.9.90 of the NETGEAR RAX30 AX2400 series of routers. IPv6 is enabled for the WAN interface by default on these devices. While there are firewall restrictions in place that define access restrictions for IPv4 traffic, these restrictions...

10CVSS0.00902EPSS
Exploits1References2
Prion
Prion
added 2022/12/09 8:15 p.m.20 views

Design/Logic Flaw

A network misconfiguration is present in versions prior to 1.0.9.90 of the NETGEAR RAX30 AX2400 series of routers. IPv6 is enabled for the WAN interface by default on these devices. While there are firewall restrictions in place that define access restrictions for IPv4 traffic, these restrictions...

7.5CVSS9.1AI score0.00902EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2022/12/09 12:0 a.m.18 views

CVE-2022-4390

A network misconfiguration is present in versions prior to 1.0.9.90 of the NETGEAR RAX30 AX2400 series of routers. IPv6 is enabled for the WAN interface by default on these devices. While there are firewall restrictions in place that define access restrictions for IPv4 traffic, these restrictions...

9.4AI score0.00902EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2022/12/09 12:0 a.m.7 views

CVE-2022-4390

A network misconfiguration is present in versions prior to 1.0.9.90 of the NETGEAR RAX30 AX2400 series of routers. IPv6 is enabled for the WAN interface by default on these devices. While there are firewall restrictions in place that define access restrictions for IPv4 traffic, these restrictions...

9.3AI score0.00902EPSS
Exploits1References2
CVE
CVE
added 2022/12/09 12:0 a.m.83 views

CVE-2022-4390

CVE-2022-4390 affects NETGEAR RAX30 AX2400 series routers prior to version 1.0.9.90. A network misconfiguration enables IPv6 on the WAN by default, and IPv6 firewall rules are not consistently applied, potentially allowing arbitrary access to IPv6 services (e.g., SSH/Telnet on ports 22/23) from t...

10CVSS9.1AI score0.00902EPSS
Exploits1References2Affected Software1
Veracode
Veracode
added 2019/01/15 8:57 a.m.14 views

Authorization Bypass

xinetd is vulnerable to authorization bypass. The service type is not verified in builtins.c when the TCPMUX or TCPMUXPLUS type and tcpmux-server service are enabled. This exposes all enabled services and allows remote attackers to bypass access and firewall restrictions via a request to tcpmux...

4.3CVSS6.1AI score0.02779EPSS
Exploits1References16Affected Software1
seebug.org
seebug.org
added 2017/10/19 12:0 a.m.134 views

Apache Solr 7.0.1 - XML External Entity Expansion / Remote Code Execution(CVE-2017-12629)

First Vulnerability: XML External Entity Expansion deftype=xmlparser Lucene includes a query parser that is able to create the full-spectrum of Lucene queries, using an XML data structure. Starting from version 5.1 Solr supports "xml" query parser in the search query. The problem is that lucene x...

7.5CVSS10.4AI score0.91896EPSS
Exploits11
Exploit DB
Exploit DB
added 2017/10/17 12:0 a.m.108 views

Apache Solr 7.0.1 - XML External Entity Expansion / Remote Code Execution

First Vulnerability: XML External Entity Expansion deftype=xmlparser Lucene includes a query parser that is able to create the full-spectrum of Lucene queries, using an XML data structure. Starting from version 5.1 Solr supports "xml" query parser in the search query. The problem is that lucene x...

7.4AI score
Exploits0
FreeBSD
FreeBSD
added 2017/10/13 12:0 a.m.43 views

solr -- Code execution via entity expansion

Solr developers report: Lucene XML parser does not explicitly prohibit doctype declaration and expansion of external entities which leads to arbitrary HTTP requests to the local SOLR instance and to bypass all firewall restrictions. Solr "RunExecutableListener" class can be used to execute...

9.8CVSS9.6AI score0.91896EPSS
Exploits11References2
Rows per page
Query Builder