Lucene search
K

15 matches found

EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2025-13263

Malicious code in bioql PyPI...

10CVSS8.9AI score0.00713EPSS
Exploits0References4
CISA
CISA
added 2025/07/10 12:0 p.m.4 views

CISA Releases Thirteen Industrial Control Systems Advisories

CISA released thirteen Industrial Control Systems ICS advisories on July 10, 2025. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-25-191-01 Siemens SINEC NMS ICSA-25-191-02 Siemens Solid Edge ICSA-25-191-03 Siemens TI...

7.1AI score
Exploits0References13
CNNVD
CNNVD
added 2025/06/06 12:0 a.m.4 views

KUNBUS Revolution Pi 代码问题漏洞

KUNBUS Revolution Pi is an open, modular and cost-effective Raspberry Pi based industrial PC from KUNBUS. A code issue vulnerability exists in the KUNBUS Revolution Pi that stems from a type conversion error that could lead to authentication bypass...

9.8CVSS6.8AI score0.40725EPSS
Exploits2References3
RedhatCVE
RedhatCVE
added 2025/05/03 7:12 p.m.19 views

CVE-2025-24522

KUNBUS Revolution Pi OS Bookworm 01/2025 is vulnerable because authentication is not configured by default for the Node-RED server. This can give an unauthenticated remote attacker full access to the Node-RED server where they can run arbitrary commands on the underlying operating system...

10CVSS8AI score0.00713EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/05/01 6:44 p.m.32 views

CVE-2025-36558 KUNBUS Revolution Pi Improper Neutralization of Server-Side Includes (SSI) Within a Web Page

KUNBUS PiCtory version 2.11.1 and earlier are vulnerable to a cross-site-scripting attack via the ssotoken used for authentication. If an attacker provides the user with a PiCtory URL containing an HTML script as an ssotoken, that script will reply to the user and be executed...

6.1CVSS0.14477EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/05/01 6:44 p.m.8 views

CVE-2025-36558 KUNBUS Revolution Pi Improper Neutralization of Server-Side Includes (SSI) Within a Web Page

KUNBUS PiCtory version 2.11.1 and earlier are vulnerable to a cross-site-scripting attack via the ssotoken used for authentication. If an attacker provides the user with a PiCtory URL containing an HTML script as an ssotoken, that script will reply to the user and be executed...

6.1CVSS6.2AI score0.14477EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/05/01 6:42 p.m.10 views

CVE-2025-35996 KUNBUS Revolution Pi Improper Neutralization of Server-Side Includes (SSI) Within a Web Page

KUNBUS PiCtory version 2.11.1 and earlier are vulnerable when an authenticated remote attacker crafts a special filename that can be stored by API endpoints. That filename is later transmitted to the client in order to show a list of configuration files. Due to a missing escape or sanitization, t...

9CVSS8.9AI score0.12107EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/05/01 6:42 p.m.54 views

CVE-2025-35996 KUNBUS Revolution Pi Improper Neutralization of Server-Side Includes (SSI) Within a Web Page

KUNBUS PiCtory version 2.11.1 and earlier are vulnerable when an authenticated remote attacker crafts a special filename that can be stored by API endpoints. That filename is later transmitted to the client in order to show a list of configuration files. Due to a missing escape or sanitization, t...

9CVSS0.12107EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/05/01 6:37 p.m.38 views

CVE-2025-24522 KUNBUS Revolution Pi Authentication Bypass by Primary Weakness

KUNBUS Revolution Pi OS Bookworm 01/2025 is vulnerable because authentication is not configured by default for the Node-RED server. This can give an unauthenticated remote attacker full access to the Node-RED server where they can run arbitrary commands on the underlying operating system...

10CVSS0.00713EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/05/01 6:37 p.m.15 views

CVE-2025-24522 KUNBUS Revolution Pi Authentication Bypass by Primary Weakness

KUNBUS Revolution Pi OS Bookworm 01/2025 is vulnerable because authentication is not configured by default for the Node-RED server. This can give an unauthenticated remote attacker full access to the Node-RED server where they can run arbitrary commands on the underlying operating system...

10CVSS9.8AI score0.00713EPSS
Exploits0References2
CVE
CVE
added 2025/05/01 6:37 p.m.67 views

CVE-2025-24522

CVE-2025-24522 affects KUNBUS Revolution Pi OS Bookworm 01/2025 where Node-RED authentication is not configured by default. An unauthenticated remote attacker can gain full access to the Node-RED server and execute arbitrary OS commands (impacting PLC control). Connected sources describe the root...

10CVSS9.9AI score0.00713EPSS
Exploits0References2
CISA
CISA
added 2025/05/01 12:0 p.m.4 views

CISA Releases Two Industrial Control Systems Advisories

CISA released two Industrial Control Systems ICS advisories on May 1, 2025. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-25-121-01 KUNBUS GmbH Revolution Pi ICSMA-25-121-01 MicroDicom DICOM Viewer CISA encourages...

7AI score
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/05/01 12:0 a.m.3 views

PT-2025-18691 · Kunbus +1 · Kunbus Revolution Pi Os +1

Name of the Vulnerable Software and Affected Versions: KUNBUS Revolution Pi OS Bookworm 01/2025 Description: The issue arises because authentication is not configured by default for the Node-RED server. This can give an unauthenticated remote attacker full access to the Node-RED server, where the...

10CVSS9.8AI score0.00713EPSS
Exploits0References13
CNNVD
CNNVD
added 2025/02/10 12:0 a.m.2 views

KUNBUS Revolution Pi 操作系统命令注入漏洞

KUNBUS Revolution Pi is an open, modular and cost-effective industrial PC based on Raspberry Pi from KUNBUS. The KUNBUS Revolution Pi suffers from an operating system command injection vulnerability that stems from the arrSaveConfig parameter of the php/dal.php endpoint containing an operating...

8.3CVSS7.6AI score0.01198EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/02/10 12:0 a.m.5 views

KUNBUS Revolution Pi 路径遍历漏洞

KUNBUS Revolution Pi is an open, modular and cost-effective Raspberry Pi based industrial PC from KUNBUS. A path traversal vulnerability exists in the KUNBUS Revolution Pi, which stems from the dir parameter of the /pictory/php/getFileList.php page containing a path traversal vulnerability...

4.3CVSS6.8AI score0.0046EPSS
Exploits0References2
Rows per page
Query Builder