Lucene search
K

642 matches found

RedhatCVE
RedhatCVE
added 2025/05/22 10:9 a.m.9 views

CVE-2019-19398

M5 lite 10 with versions of 8.0.0.182C00 have an insufficient input validation vulnerability. Due to the input validation logic is incorrect, an attacker can exploit this vulnerability to modify the memory of the device by doing a series of operations. Successful exploit may lead to malicious cod...

9.8CVSS7AI score0.01431EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 9:13 a.m.7 views

CVE-2018-7716

PrivateVPN 2.0.31 for macOS suffers from a root privilege escalation vulnerability with its com.privat.vpn.helper privileged helper tool. This privileged helper tool implements an XPC service that allows arbitrary installed applications to connect and send messages. The XPC service extracts the...

10CVSS7.5AI score0.02413EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 8:49 a.m.6 views

CVE-2019-5246

Smartphones with software of ELLE-AL00B 9.1.0.109C00E106R1P21, 9.1.0.113C00E110R1P21, 9.1.0.125C00E120R1P21, 9.1.0.135C00E130R1P21, 9.1.0.153C00E150R1P21, 9.1.0.155C00E150R1P21, 9.1.0.162C00E160R2P1 have an insufficient verification vulnerability. The system does not verify certain parameters...

6.2CVSS7.2AI score0.00171EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 5:11 a.m.9 views

CVE-2019-5223

PCManager 9.1.3.1 has an improper authentication vulnerability. The certain driver interface of the software does not perform a validation of user-mode data properly, successful exploit could result in malicious code execution...

7.8CVSS7.3AI score0.00941EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 4:21 a.m.14 views

CVE-2019-10863

A command injection vulnerability exists in TeemIp versions before 2.4.0. The newconfig parameter of exec.php allows one to create a new PHP file with the exception of config information. The malicious PHP code sent is executed instantaneously and is not saved on the server...

7.2CVSS7.6AI score0.13418EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 2:17 a.m.8 views

CVE-2010-5181

Race condition in VIPRE Antivirus Premium 4.0.3272 on Windows XP allows local users to bypass kernel-mode hook handlers, and execute dangerous code that would otherwise be blocked by a handler but not blocked by signature-based malware detection, via certain user-space memory changes during...

7CVSS6.9AI score0.00308EPSS
Exploits0References1
CNVD
CNVD
added 2025/05/13 12:0 a.m.4 views

Linux kernel null pointer dereference vulnerability (CNVD-2025-10179)

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. Linux kernel suffers from a null pointer dereference vulnerability that stems from an unverified region HPA order that could lead to a null pointer dereference. An attacker cou...

5.5CVSS7.4AI score0.0014EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2025/05/06 12:30 p.m.16 views

Apache Parquet Java: Potential malicious code execution from trusted packages in the parquet-avro module when reading an Avro schema from a Parquet file metadata

Schema parsing in the parquet-avro module of Apache Parquet 1.15.0 and previous versions allows bad actors to execute arbitrary code. While 1.15.1 introduced a fix to restrict untrusted packages, the default setting of trusted packages still allows malicious classes from these packages to be...

8.1CVSS7.5AI score0.01446EPSS
Exploits0References5Affected Software1
Vulnrichment
Vulnrichment
added 2025/05/06 9:8 a.m.12 views

CVE-2025-46762 Apache Parquet Java: Potential malicious code execution from trusted packages in the parquet-avro module when reading an Avro schema from a Parquet file metadata

Schema parsing in the parquet-avro module of Apache Parquet 1.15.0 and previous versions allows bad actors to execute arbitrary code. While 1.15.1 introduced a fix to restrict untrusted packages, the default setting of trusted packages still allows malicious classes from these packages to be...

7.1CVSS7.6AI score0.01446EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/05/06 9:8 a.m.25 views

CVE-2025-46762 Apache Parquet Java: Potential malicious code execution from trusted packages in the parquet-avro module when reading an Avro schema from a Parquet file metadata

Schema parsing in the parquet-avro module of Apache Parquet 1.15.0 and previous versions allows bad actors to execute arbitrary code. While 1.15.1 introduced a fix to restrict untrusted packages, the default setting of trusted packages still allows malicious classes from these packages to be...

7.1CVSS0.01446EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/04/25 1:21 p.m.12 views

CVE-2024-12530

Uncontrolled Search Path Element vulnerability in OpenText Secure Content Manager on Windows allows DLL Side-Loading.This issue affects Secure Content Manager: 23.4. End-users can potentially exploit the vulnerability to execute malicious code in the trusted context of the thick-client applicatio...

7CVSS7.3AI score0.00166EPSS
Exploits0References1
The Hacker News
The Hacker News
added 2025/04/24 10:0 a.m.30 views

Critical Commvault Command Center Flaw Enables Attackers to Execute Code Remotely

A critical security flaw has been disclosed in the Commvault Command Center that could allow arbitrary code execution on affected installations. The vulnerability, tracked as CVE-2025-34028 , carries a CVSS score of 9.0 out of a maximum of 10.0. "A critical security vulnerability has been...

10CVSS8.8AI score0.97157EPSS
Exploits5
Vulnrichment
Vulnrichment
added 2025/04/17 3:35 p.m.6 views

CVE-2024-12530 Insecure Dynamic-Link Library (DLL) Load vulnerability

Uncontrolled Search Path Element vulnerability in OpenText Secure Content Manager on Windows allows DLL Side-Loading.This issue affects Secure Content Manager: 23.4. End-users can potentially exploit the vulnerability to execute malicious code in the trusted context of the thick-client applicatio...

7CVSS7.2AI score0.00166EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/04/11 7:11 p.m.26 views

CVE-2025-3115

Injection Vulnerabilities: Attackers can inject malicious code, potentially gaining control over the system executing these functions. Additionally, insufficient validation of filenames during file uploads can enable attackers to upload and execute malicious files, leading to arbitrary code...

9.8CVSS7.5AI score0.00611EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2025/04/10 12:0 a.m.12 views

MongoDB Shell < 2.3.9 Control Character Injection (MONGOSH-2024, MONGOSH-2025, MONGOSH-2026)

The version of MongoDB Shell installed on the remote host is prior to 2.3.9. It is, therefore, affected by a vulnerability as referenced in the MONGOSH-2024, MONGOSH-2025, MONGOSH-2026 advisories. - The MongoDB Shell may be susceptible to control character injection where an attacker with control...

8.8CVSS6AI score0.00287EPSS
Exploits0References6
NVD
NVD
added 2025/04/09 6:15 p.m.24 views

CVE-2025-3115

Injection Vulnerabilities: Attackers can inject malicious code, potentially gaining control over the system executing these functions. Additionally, insufficient validation of filenames during file uploads can enable attackers to upload and execute malicious files, leading to arbitrary code...

9.8CVSS0.00611EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/04/07 8:8 a.m.22 views

CVE-2024-11859 DLL Search Order Hijacking in ESET products for Windows

DLL Search Order Hijacking vulnerability potentially allowed an attacker with administrator privileges to load a malicious dynamic-link library and execute its code...

8.4CVSS0.02014EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2025/04/07 12:0 a.m.3 views

VulnCheck KEV: CVE-2024-11859

DLL Search Order Hijacking vulnerability potentially allowed an attacker with administrator privileges to load a malicious dynamic-link library and execute its code...

8.4CVSS7.3AI score0.02014EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/04/07 12:0 a.m.4 views

ESET多款产品 安全漏洞

ESET Endpoint Antivirus and others are products of ESET Corporation.ESET Endpoint Antivirus is an on-premise and cloud-based anti-malware and security suite for small, medium and large businesses.ESET Security is a line of security antivirus software.ESET NOD32 Antivirus is an antivirus program. ...

8.4CVSS9AI score0.02014EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/03/29 6:32 a.m.20 views

CVE-2024-45354

A code execution vulnerability exists in the Xiaomi shop applicationproduct. The vulnerability is caused by improper input validation and can be exploited by attackers to execute malicious code...

4.3CVSS7.9AI score0.00188EPSS
Exploits0References3
Rows per page
Query Builder