25173 matches found
CVE-2025-55179
Incomplete validation of rich response messages in WhatsApp for iOS prior to v2.25.23.73, WhatsApp Business for iOS v2.25.23.82, and WhatsApp for Mac v2.25.23.83 could have allowed a user to trigger processing of media content from an arbitrary URL on another user’s device. We have not seen...
CVE-2025-8404
CVE-2025-8404 describes a stack buffer overflow in the Supermicro BMC Shared library. An authenticated attacker with access to the BMC can trigger a crafted header to overflow a stack and achieve arbitrary code execution on the BMC firmware OS. The issue is assessed with CVSS 3.1: Network attack ...
CVE-2025-7623 Supermicro BMC SMASH services has a Stack-based buffer overflow vulnerability
Stack-based buffer overflow in the SMASH-CLP shell. An authenticated attacker with SSH access to the BMC can exploit a stack buffer overflow via a crafted SMASH command, overwrite the return address and registers, and achieve arbitrary code execution on the BMC firmware operating system...
EUVD-2025-197951
Stack-based buffer overflow in the SMASH-CLP shell. An authenticated attacker with SSH access to the BMC can exploit a stack buffer overflow via a crafted SMASH command, overwrite the return address and registers, and achieve arbitrary code execution on the BMC firmware operating system...
CVE-2025-60022
Improper certificate validation vulnerability exists in 'デジラアプリ' App for iOS prior to ver.80.10.00. If this vulnerability is exploited, a man-in-the-middle attack may allow an attacker to eavesdrop on and/or tamper with an encrypted communication...
CVE-2025-8693
A post-authentication command injection vulnerability in the "priv" parameter of Zyxel DX3300-T0 firmware version 5.50ABVY.6.3C0 and earlier could allow an authenticated attacker to execute operating system OS commands on an affected device...
CVE-2025-8693
Zyxel DX3300-T0 firmware versions prior to 5.50(ABVY.6.3)C0 are affected by a post-authentication command-injection vulnerability in the priv parameter that could allow an authenticated attacker to execute OS commands. The PT-2025-47237 entry confirms the affected firmware range and the impact. R...
PT-2025-47388
Name of the Vulnerable Software and Affected Versions AOS-CX Operating System affected versions not specified Description A command injection vulnerability exists in the AOS-CX Operating System. Exploitation could allow an authenticated remote attacker to conduct a Remote Code Execution RCE on th...
PT-2025-47397
Name of the Vulnerable Software and Affected Versions affected versions not specified Description A flaw exists in the command line interface that may allow a remote attacker with authentication to inject commands. Exploitation could lead to the execution of arbitrary commands on the operating...
PT-2025-47387
Name of the Vulnerable Software and Affected Versions AOS-CX Operating System affected versions not specified Description A command injection vulnerability exists in the AOS-CX Operating System. Successful exploitation could allow an authenticated remote attacker to conduct a Remote Code Executio...
Fortinet FortiWeb 安全漏洞
Fortinet FortiWeb is a web application layer firewall from Fortinet that blocks threats such as cross-site scripting, SQL injection, cookie poisoning, schema poisoning, and other attacks to secure web applications and protect sensitive database content. A security vulnerability exists in Fortinet...
Zyxel DX3300-T0 操作系统命令注入漏洞
The Zyxel DX3300-T0 is a small wireless WiFi router from China Hopkins Zyxel. An operating system command injection vulnerability exists in Zyxel DX3300-T0 5.50 ABVY.6.3 C0 and earlier versions, which stems from the presence of post-authentication command injection in the priv parameter, which...
PT-2025-47237
Name of the Vulnerable Software and Affected Versions Zyxel DX3300-T0 firmware versions prior to 5.50ABVY.6.3C0 Description A post-authentication command injection issue exists in the priv parameter. Successful exploitation allows an authenticated attacker to execute operating system OS commands ...
AIX : Multiple Vulnerabilities (IJ56113)
The version of AIX installed on the remote host is prior to APAR IJ56113. It is, therefore, affected by multiple vulnerabilities as referenced in the IJ56113 advisory. - IBM AIX 7.2, and 7.3 and IBM VIOS 3.1, and 4.1 nimsh service SSL/TLS implementations could allow a remote attacker to execute...
Photon OS 5.0: Linux PHSA-2025-5.0-0676
An update of the Linux package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2025-5.0-0676. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...
Mozilla Thunderbird < 91.1
The version of Thunderbird installed on the remote macOS or Mac OS X host is prior to 91.1. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2021-41 advisory. - Mozilla developers Tyson Smith, Christian Holler, and Gabriele Svelto reported memory safety bugs present...
Mozilla Firefox < 62.0
The version of Firefox installed on the remote Windows host is prior to 62.0. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2018-20 advisory. - A use-after-free vulnerability can occur when an IndexedDB index is deleted while still in use by JavaScript code that ...
Mozilla Thunderbird < 52.8
The version of Thunderbird installed on the remote macOS or Mac OS X host is prior to 52.8. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2018-13 advisory. - Mozilla developers backported selected changes in the Skia library. These changes correct memory corrupti...
Important Photon OS Security Update - PHSA-2025-5.0-0682
Updates of 'containerd', 'linux-esx', 'linux' packages of Photon OS have been released...
CVE-2025-55055
CWE-78 Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection'...