Lucene search
K

25173 matches found

Vulnrichment
Vulnrichment
added 2025/11/18 1:56 p.m.5 views

CVE-2025-55179

Incomplete validation of rich response messages in WhatsApp for iOS prior to v2.25.23.73, WhatsApp Business for iOS v2.25.23.82, and WhatsApp for Mac v2.25.23.83 could have allowed a user to trigger processing of media content from an arbitrary URL on another user’s device. We have not seen...

5.4CVSS6.4AI score0.00149EPSS
Exploits0References2
CVE
CVE
added 2025/11/18 7:43 a.m.14 views

CVE-2025-8404

CVE-2025-8404 describes a stack buffer overflow in the Supermicro BMC Shared library. An authenticated attacker with access to the BMC can trigger a crafted header to overflow a stack and achieve arbitrary code execution on the BMC firmware OS. The issue is assessed with CVSS 3.1: Network attack ...

5.5CVSS7.7AI score0.00277EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/11/18 7:5 a.m.7 views

CVE-2025-7623 Supermicro BMC SMASH services has a Stack-based buffer overflow vulnerability

Stack-based buffer overflow in the SMASH-CLP shell. An authenticated attacker with SSH access to the BMC can exploit a stack buffer overflow via a crafted SMASH command, overwrite the return address and registers, and achieve arbitrary code execution on the BMC firmware operating system...

5.4CVSS0.00234EPSS
Exploits0References1
EUVD
EUVD
added 2025/11/18 7:5 a.m.6 views

EUVD-2025-197951

Stack-based buffer overflow in the SMASH-CLP shell. An authenticated attacker with SSH access to the BMC can exploit a stack buffer overflow via a crafted SMASH command, overwrite the return address and registers, and achieve arbitrary code execution on the BMC firmware operating system...

5.4CVSS7.5AI score0.00234EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/11/18 5:56 a.m.6 views

CVE-2025-60022

Improper certificate validation vulnerability exists in 'デジラアプリ' App for iOS prior to ver.80.10.00. If this vulnerability is exploited, a man-in-the-middle attack may allow an attacker to eavesdrop on and/or tamper with an encrypted communication...

4.8CVSS5AI score0.00121EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/11/18 1:25 a.m.4 views

CVE-2025-8693

A post-authentication command injection vulnerability in the "priv" parameter of Zyxel DX3300-T0 firmware version 5.50ABVY.6.3C0 and earlier could allow an authenticated attacker to execute operating system OS commands on an affected device...

8.8CVSS7.3AI score0.00974EPSS
Exploits0References1
CVE
CVE
added 2025/11/18 1:25 a.m.15 views

CVE-2025-8693

Zyxel DX3300-T0 firmware versions prior to 5.50(ABVY.6.3)C0 are affected by a post-authentication command-injection vulnerability in the priv parameter that could allow an authenticated attacker to execute OS commands. The PT-2025-47237 entry confirms the affected firmware range and the impact. R...

8.8CVSS7.3AI score0.00974EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2025/11/18 12:0 a.m.4 views

PT-2025-47388

Name of the Vulnerable Software and Affected Versions AOS-CX Operating System affected versions not specified Description A command injection vulnerability exists in the AOS-CX Operating System. Exploitation could allow an authenticated remote attacker to conduct a Remote Code Execution RCE on th...

6.7CVSS7.5AI score0.00597EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2025/11/18 12:0 a.m.5 views

PT-2025-47397

Name of the Vulnerable Software and Affected Versions affected versions not specified Description A flaw exists in the command line interface that may allow a remote attacker with authentication to inject commands. Exploitation could lead to the execution of arbitrary commands on the operating...

6.5CVSS7.1AI score0.00806EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2025/11/18 12:0 a.m.5 views

PT-2025-47387

Name of the Vulnerable Software and Affected Versions AOS-CX Operating System affected versions not specified Description A command injection vulnerability exists in the AOS-CX Operating System. Successful exploitation could allow an authenticated remote attacker to conduct a Remote Code Executio...

6.7CVSS7.5AI score0.00597EPSS
Exploits0References3
CNNVD
CNNVD
added 2025/11/18 12:0 a.m.6 views

Fortinet FortiWeb 安全漏洞

Fortinet FortiWeb is a web application layer firewall from Fortinet that blocks threats such as cross-site scripting, SQL injection, cookie poisoning, schema poisoning, and other attacks to secure web applications and protect sensitive database content. A security vulnerability exists in Fortinet...

7.2CVSS7.5AI score0.54376EPSS
Exploits9References3
CNNVD
CNNVD
added 2025/11/18 12:0 a.m.3 views

Zyxel DX3300-T0 操作系统命令注入漏洞

The Zyxel DX3300-T0 is a small wireless WiFi router from China Hopkins Zyxel. An operating system command injection vulnerability exists in Zyxel DX3300-T0 5.50 ABVY.6.3 C0 and earlier versions, which stems from the presence of post-authentication command injection in the priv parameter, which...

8.8CVSS7.5AI score0.00974EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/11/18 12:0 a.m.4 views

PT-2025-47237

Name of the Vulnerable Software and Affected Versions Zyxel DX3300-T0 firmware versions prior to 5.50ABVY.6.3C0 Description A post-authentication command injection issue exists in the priv parameter. Successful exploitation allows an authenticated attacker to execute operating system OS commands ...

8.8CVSS7.5AI score0.00974EPSS
Exploits0References11
Tenable Nessus
Tenable Nessus
added 2025/11/18 12:0 a.m.3 views

AIX : Multiple Vulnerabilities (IJ56113)

The version of AIX installed on the remote host is prior to APAR IJ56113. It is, therefore, affected by multiple vulnerabilities as referenced in the IJ56113 advisory. - IBM AIX 7.2, and 7.3 and IBM VIOS 3.1, and 4.1 nimsh service SSL/TLS implementations could allow a remote attacker to execute...

10CVSS9.1AI score0.00858EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2025/11/18 12:0 a.m.2 views

Photon OS 5.0: Linux PHSA-2025-5.0-0676

An update of the Linux package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2025-5.0-0676. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...

7.4CVSS7.3AI score0.00798EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/11/18 12:0 a.m.5 views

Mozilla Thunderbird < 91.1

The version of Thunderbird installed on the remote macOS or Mac OS X host is prior to 91.1. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2021-41 advisory. - Mozilla developers Tyson Smith, Christian Holler, and Gabriele Svelto reported memory safety bugs present...

8.8CVSS8.3AI score0.01118EPSS
Exploits1References3
Tenable Nessus
Tenable Nessus
added 2025/11/18 12:0 a.m.5 views

Mozilla Firefox < 62.0

The version of Firefox installed on the remote Windows host is prior to 62.0. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2018-20 advisory. - A use-after-free vulnerability can occur when an IndexedDB index is deleted while still in use by JavaScript code that ...

9.8CVSS7.4AI score0.03662EPSS
Exploits6References11
Tenable Nessus
Tenable Nessus
added 2025/11/18 12:0 a.m.4 views

Mozilla Thunderbird < 52.8

The version of Thunderbird installed on the remote macOS or Mac OS X host is prior to 52.8. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2018-13 advisory. - Mozilla developers backported selected changes in the Skia library. These changes correct memory corrupti...

9.8CVSS7.7AI score0.21288EPSS
Exploits4References14
Photon
Photon
added 2025/11/18 12:0 a.m.5 views

Important Photon OS Security Update - PHSA-2025-5.0-0682

Updates of 'containerd', 'linux-esx', 'linux' packages of Photon OS have been released...

7.8CVSS6.7AI score0.0018EPSS
Exploits1
OSV
OSV
added 2025/11/17 6:15 p.m.2 views

CVE-2025-55055

CWE-78 Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection'...

9.8CVSS5.8AI score0.00743EPSS
Exploits0References1
Rows per page
Query Builder