Lucene search
K

25165 matches found

OSV
OSV
added 2025/12/10 5:15 p.m.5 views

CVE-2025-67640

Jenkins Git client Plugin 6.4.0 and earlier does not not correctly escape the path to the workspace directory as part of an argument in a temporary shell script generated by the plugin, allowing attackers able to control the workspace directory name to inject arbitrary OS commands...

5CVSS6.9AI score
Exploits0References1
CNVD
CNVD
added 2025/12/10 12:0 a.m.4 views

Huawei HarmonyOS Competitive Conditions Vulnerability

Huawei HarmonyOS is a distributed operating system developed independently by Huawei Technologies Co. Huawei HarmonyOS suffers from a competitive condition vulnerability, which originates from a competitive condition vulnerability in the audio module, and can be exploited by an attacker to affect...

6.7CVSS6.7AI score0.00059EPSS
Exploits0References1
CNVD
CNVD
added 2025/12/10 12:0 a.m.3 views

Huawei HarmonyOS Multi-threaded Competitive Condition Vulnerability

Huawei HarmonyOS is Huawei's self-developed distributed operating system, designed for cell phones, tablets, smart homes and other full-scene devices to achieve seamless cross-device collaboration. Huawei HarmonyOS suffers from a multi-threaded competitive condition vulnerability that can be...

8.4CVSS6.6AI score0.0006EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/12/10 12:0 a.m.5 views

PT-2025-50506

Name of the Vulnerable Software and Affected Versions Zoom Rooms for macOS versions prior to 6.6.0 Description An authenticated user could potentially disclose information through local access due to external control of a file name or path in Zoom Rooms for macOS. The issue involves manipulation ...

5.5CVSS5.8AI score0.00118EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2025/12/10 12:0 a.m.28 views

PT-2025-50332

Hi All, Looking at the Action1 reports, and unable to see anything which would be useful to for reporting from for the vulnerability of devices. I'm looking for an export with the data similar to the below DeviceName, CveId, Severity, CVSS, PatchAvailable, Product, OS, LastSeen PC-001,...

6.5CVSS6.8AI score0.01593EPSS
Exploits13References1
NVD
NVD
added 2025/12/09 6:16 p.m.3 views

CVE-2025-64153

A improper neutralization of special elements used in an os command 'os command injection' in Fortinet FortiExtender 7.6.0 through 7.6.3, FortiExtender 7.4.0 through 7.4.7, FortiExtender 7.2 all versions, FortiExtender 7.0 all versions may allow an authenticated attacker to execute unauthorized...

7.2CVSS0.01526EPSS
Exploits0References1
OSV
OSV
added 2025/12/09 6:15 p.m.5 views

CVE-2025-53949

An Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' vulnerability CWE-78 vulnerability in Fortinet FortiSandbox 5.0.0 through 5.0.2, FortiSandbox 4.4.0 through 4.4.7, FortiSandbox 4.2 all versions, FortiSandbox 4.0 all versions may allow an authenticated...

8.8CVSS6AI score0.15537EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/12/09 5:1 p.m.2 views

CVE-2025-12945 Improper input validation in NETGEAR Nighthawk router R7000P

A vulnerability in NETGEAR Nighthawk R7000P routers lets an authenticated admin execute OS command injections due to improper input validation. This issue affects R7000P: through 1.3.3.154...

4.8CVSS6.8AI score0.01608EPSS
Exploits0References2
OSV
OSV
added 2025/12/09 4:17 p.m.5 views

CVE-2025-5471

Uncontrolled Search Path Element vulnerability in Yandex Telemost on MacOS allows Search Order Hijacking.This issue affects Telemost: before 2.19.1...

7.8CVSS5.8AI score
Exploits0References1
NVD
NVD
added 2025/12/09 4:17 p.m.3 views

CVE-2025-41692

A high privileged remote attacker with admin privileges for the webUI can brute-force the "root" and "user" passwords of the underlying OS due to a weak password generation algorithm...

6.8CVSS0.0025EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/12/09 3:53 p.m.19 views

CVE-2025-5471 Dylib Hijacking in Yandex Telemost

Uncontrolled Search Path Element vulnerability in Yandex Telemost on MacOS allows Search Order Hijacking.This issue affects Telemost: before 2.19.1...

8.8CVSS0.00151EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/12/09 8:12 a.m.28 views

CVE-2025-41692 Weak/Predictable root Password

A high privileged remote attacker with admin privileges for the webUI can brute-force the "root" and "user" passwords of the underlying OS due to a weak password generation algorithm...

6.8CVSS0.0025EPSS
Exploits0References1
Microsoft KB
Microsoft KB
added 2025/12/09 8:0 a.m.58 views

November 11, 2025—Hotpatch KB5068840 (OS Build 20348.4346)

None None...

9.8CVSS7.4AI score0.99962EPSS
Exploits32
CNNVD
CNNVD
added 2025/12/09 12:0 a.m.3 views

NETGEAR Nighthawk 安全漏洞

NETGEAR Nighthawk is a series of wireless routers from NETGEAR. A security vulnerability exists in the NETGEAR Nighthawk R7000P 1.3.3.154 and prior versions, which stems from improper input validation and could lead to an authenticated administrator performing an OS command injection attack...

7.2CVSS7.1AI score0.01608EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/12/09 12:0 a.m.4 views

Qnap QTS and QuTS hero Path Traversal (CVE-2025-30270)

A path traversal vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains a user account, they can then exploit the vulnerability to read the contents of unexpected files or system data. We have already fixed the vulnerability in the following...

6.5CVSS5.5AI score0.00445EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/12/09 12:0 a.m.4 views

Selea Targa IP OCR-ANPR Camera 操作系统命令注入漏洞

Selea Targa IP OCR-ANPR Camera is an IP camera from Selea. The Selea Targa IP OCR-ANPR Camera suffers from an operating system command injection vulnerability that stems from a command injection issue with the addr and port parameters in utils.php, which could lead to the execution of arbitrary...

9.8CVSS7.6AI score0.02314EPSS
Exploits1References6
CNNVD
CNNVD
added 2025/12/09 12:0 a.m.6 views

Fortinet FortiExtender 操作系统命令注入漏洞

Fortinet FortiExtender is a wireless WAN wide area network extender device from Fortinet, Inc. An operating system command injection vulnerability exists in Fortinet FortiExtender versions 7.6.0 through 7.6.3, 7.4.0 through 7.4.7, all versions of 7.2, and all versions of 7.0, which originates fro...

7.2CVSS7.6AI score0.01526EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/12/09 12:0 a.m.2 views

Microsoft Windows DirectX 资源管理错误漏洞

Microsoft Windows DirectX is a DirectX end-user runtime Web installer from Microsoft Corporation USA. A resource management error vulnerability exists in Microsoft Windows DirectX. An attacker could exploit the vulnerability to elevate privileges. The following products and editions are...

7CVSS6.3AI score0.00228EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/12/09 12:0 a.m.2 views

Microsoft Windows Installer 输入验证错误漏洞

Microsoft Windows Installer is a component of the Windows operating system from Microsoft Corporation USA. It provides a standard basis for installing and uninstalling software. An input validation error vulnerability exists in Microsoft Windows Installer. An attacker could exploit the...

7.8CVSS6.3AI score0.00364EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/12/09 12:0 a.m.3 views

Microsoft Windows Routing and Remote Access Service 安全漏洞

Microsoft Windows Routing and Remote Access Service is a network service from Microsoft Corporation USA that is used to perform functions such as network routing, virtual private networks VPNs, and dial-up connections. A security vulnerability exists in Microsoft Windows Routing and Remote Access...

6.5CVSS6.1AI score0.00978EPSS
Exploits0References1
Rows per page
Query Builder