Lucene search
K

25155 matches found

Positive Technologies
Positive Technologies
added 2025/12/11 12:0 a.m.6 views

PT-2025-50680

Name of the Vulnerable Software and Affected Versions Ruijie RG-BCR RG-BCR860 affected versions not specified Description An issue exists that allows attackers to execute arbitrary commands. This can be achieved by sending a specially crafted POST request to the...

8.8CVSS7.3AI score0.02666EPSS
Exploits1References6
EUVD
EUVD
added 2025/12/11 12:0 a.m.3 views

EUVD-2025-202710

An issue was discovered in Foxit PDF and Editor for Windows and macOS before 13.2 and 2025 before 2025.2. A crafted PDF can contain JavaScript that attaches an OnBlur action on a form field that destroys an annotation. During user right-click interaction, the program's internal focus change...

6.7CVSS7.5AI score0.00115EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/12/11 12:0 a.m.4 views

PT-2025-50674

Name of the Vulnerable Software and Affected Versions Ruijie RG-EW1800GX versions B11P226 EW1800GX 10223121 Description An issue exists in Ruijie RG-EW1800GX that allows attackers to execute arbitrary commands. This is due to an OS Command Injection flaw triggered by a crafted POST request to the...

8.8CVSS7.3AI score0.02244EPSS
Exploits1References5
Tenable Nessus
Tenable Nessus
added 2025/12/11 12:0 a.m.3 views

Qnap QTS and QuTS hero Improper Neutralization of CRLF Sequences (CVE-2024-48868)

An improper neutralization of CRLF sequences 'CRLF Injection' vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers to modify application data. We have already fixed the vulnerability in the following version...

8.7CVSS5.3AI score0.00439EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/12/11 12:0 a.m.2 views

Photon OS 4.0: Iptraf PHSA-2025-4.0-0925

An update of the iptraf package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2025-4.0-0925. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...

7.5CVSS6.6AI score0.00727EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2025/12/11 12:0 a.m.7 views

PT-2025-50683

Name of the Vulnerable Software and Affected Versions Ruijie X30-PRO version X30-PRO-V1 09241521 Description An issue exists in Ruijie X30-PRO version X30-PRO-V1 09241521 that allows attackers to execute arbitrary commands. This is possible through a crafted POST request to the module set paramet...

8.8CVSS7AI score0.02666EPSS
Exploits1References5
Tenable Nessus
Tenable Nessus
added 2025/12/11 12:0 a.m.2 views

Qnap QTS and QuTS hero NULL Pointer Dereference (CVE-2024-37045)

A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained administrator access to launch a denial-of-service DoS attack. We have already fixed the vulnerability in the...

5.1CVSS5.5AI score0.00574EPSS
Exploits0References2
EUVD
EUVD
added 2025/12/10 9:31 p.m.5 views

EUVD-2025-202604

External control of file name or path in Zoom Rooms for macOS before version 6.6.0 may allow an authenticated user to conduct a disclosure of information via local access...

5CVSS5.6AI score0.00118EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/12/10 6:13 p.m.4 views

CVE-2025-62549

Untrusted pointer dereference in Windows Routing and Remote Access Service RRAS allows an unauthorized attacker to execute code over a network...

8.8CVSS7.4AI score0.01196EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/12/10 6:13 p.m.4 views

CVE-2025-53949

An Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' vulnerability CWE-78 vulnerability in Fortinet FortiSandbox 5.0.0 through 5.0.2, FortiSandbox 4.4.0 through 4.4.7, FortiSandbox 4.2 all versions, FortiSandbox 4.0 all versions may allow an authenticated...

8.8CVSS7.3AI score0.15537EPSS
Exploits0References1
OSV
OSV
added 2025/12/10 5:15 p.m.5 views

CVE-2025-67640

Jenkins Git client Plugin 6.4.0 and earlier does not not correctly escape the path to the workspace directory as part of an argument in a temporary shell script generated by the plugin, allowing attackers able to control the workspace directory name to inject arbitrary OS commands...

5CVSS6.9AI score
Exploits0References1
CNVD
CNVD
added 2025/12/10 12:0 a.m.4 views

Huawei HarmonyOS Competitive Conditions Vulnerability

Huawei HarmonyOS is a distributed operating system developed independently by Huawei Technologies Co. Huawei HarmonyOS suffers from a competitive condition vulnerability, which originates from a competitive condition vulnerability in the audio module, and can be exploited by an attacker to affect...

6.7CVSS6.7AI score0.00059EPSS
Exploits0References1
CNVD
CNVD
added 2025/12/10 12:0 a.m.3 views

Huawei HarmonyOS Multi-threaded Competitive Condition Vulnerability

Huawei HarmonyOS is Huawei's self-developed distributed operating system, designed for cell phones, tablets, smart homes and other full-scene devices to achieve seamless cross-device collaboration. Huawei HarmonyOS suffers from a multi-threaded competitive condition vulnerability that can be...

8.4CVSS6.6AI score0.0006EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/12/10 12:0 a.m.5 views

PT-2025-50506

Name of the Vulnerable Software and Affected Versions Zoom Rooms for macOS versions prior to 6.6.0 Description An authenticated user could potentially disclose information through local access due to external control of a file name or path in Zoom Rooms for macOS. The issue involves manipulation ...

5.5CVSS5.8AI score0.00118EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2025/12/10 12:0 a.m.28 views

PT-2025-50332

Hi All, Looking at the Action1 reports, and unable to see anything which would be useful to for reporting from for the vulnerability of devices. I'm looking for an export with the data similar to the below DeviceName, CveId, Severity, CVSS, PatchAvailable, Product, OS, LastSeen PC-001,...

6.5CVSS6.8AI score0.01593EPSS
Exploits13References1
NVD
NVD
added 2025/12/09 6:16 p.m.3 views

CVE-2025-64153

A improper neutralization of special elements used in an os command 'os command injection' in Fortinet FortiExtender 7.6.0 through 7.6.3, FortiExtender 7.4.0 through 7.4.7, FortiExtender 7.2 all versions, FortiExtender 7.0 all versions may allow an authenticated attacker to execute unauthorized...

7.2CVSS0.01526EPSS
Exploits0References1
OSV
OSV
added 2025/12/09 6:15 p.m.5 views

CVE-2025-53949

An Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' vulnerability CWE-78 vulnerability in Fortinet FortiSandbox 5.0.0 through 5.0.2, FortiSandbox 4.4.0 through 4.4.7, FortiSandbox 4.2 all versions, FortiSandbox 4.0 all versions may allow an authenticated...

8.8CVSS6AI score0.15537EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/12/09 5:1 p.m.2 views

CVE-2025-12945 Improper input validation in NETGEAR Nighthawk router R7000P

A vulnerability in NETGEAR Nighthawk R7000P routers lets an authenticated admin execute OS command injections due to improper input validation. This issue affects R7000P: through 1.3.3.154...

4.8CVSS6.8AI score0.01608EPSS
Exploits0References2
OSV
OSV
added 2025/12/09 4:17 p.m.5 views

CVE-2025-5471

Uncontrolled Search Path Element vulnerability in Yandex Telemost on MacOS allows Search Order Hijacking.This issue affects Telemost: before 2.19.1...

7.8CVSS5.8AI score
Exploits0References1
NVD
NVD
added 2025/12/09 4:17 p.m.3 views

CVE-2025-41692

A high privileged remote attacker with admin privileges for the webUI can brute-force the "root" and "user" passwords of the underlying OS due to a weak password generation algorithm...

6.8CVSS0.0025EPSS
Exploits0References1
Rows per page
Query Builder