Lucene search
K

25205 matches found

Positive Technologies
Positive Technologies
added 2025/11/18 12:0 a.m.5 views

PT-2025-47397

Name of the Vulnerable Software and Affected Versions affected versions not specified Description A flaw exists in the command line interface that may allow a remote attacker with authentication to inject commands. Exploitation could lead to the execution of arbitrary commands on the operating...

6.5CVSS7.1AI score0.00806EPSS
Exploits0References3
CNNVD
CNNVD
added 2025/11/18 12:0 a.m.6 views

Fortinet FortiWeb 安全漏洞

Fortinet FortiWeb is a web application layer firewall from Fortinet that blocks threats such as cross-site scripting, SQL injection, cookie poisoning, schema poisoning, and other attacks to secure web applications and protect sensitive database content. A security vulnerability exists in Fortinet...

7.2CVSS7.5AI score0.54376EPSS
Exploits9References3
CNNVD
CNNVD
added 2025/11/18 12:0 a.m.3 views

Zyxel DX3300-T0 操作系统命令注入漏洞

The Zyxel DX3300-T0 is a small wireless WiFi router from China Hopkins Zyxel. An operating system command injection vulnerability exists in Zyxel DX3300-T0 5.50 ABVY.6.3 C0 and earlier versions, which stems from the presence of post-authentication command injection in the priv parameter, which...

8.8CVSS7.5AI score0.00974EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/11/18 12:0 a.m.4 views

PT-2025-47237

Name of the Vulnerable Software and Affected Versions Zyxel DX3300-T0 firmware versions prior to 5.50ABVY.6.3C0 Description A post-authentication command injection issue exists in the priv parameter. Successful exploitation allows an authenticated attacker to execute operating system OS commands ...

8.8CVSS7.5AI score0.00974EPSS
Exploits0References11
Tenable Nessus
Tenable Nessus
added 2025/11/18 12:0 a.m.5 views

Mozilla Firefox < 62.0

The version of Firefox installed on the remote Windows host is prior to 62.0. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2018-20 advisory. - A use-after-free vulnerability can occur when an IndexedDB index is deleted while still in use by JavaScript code that ...

9.8CVSS7.4AI score0.03662EPSS
Exploits6References11
Tenable Nessus
Tenable Nessus
added 2025/11/18 12:0 a.m.5 views

Mozilla Thunderbird < 91.1

The version of Thunderbird installed on the remote macOS or Mac OS X host is prior to 91.1. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2021-41 advisory. - Mozilla developers Tyson Smith, Christian Holler, and Gabriele Svelto reported memory safety bugs present...

8.8CVSS8.3AI score0.01118EPSS
Exploits1References3
Tenable Nessus
Tenable Nessus
added 2025/11/18 12:0 a.m.3 views

AIX : Multiple Vulnerabilities (IJ56113)

The version of AIX installed on the remote host is prior to APAR IJ56113. It is, therefore, affected by multiple vulnerabilities as referenced in the IJ56113 advisory. - IBM AIX 7.2, and 7.3 and IBM VIOS 3.1, and 4.1 nimsh service SSL/TLS implementations could allow a remote attacker to execute...

10CVSS9.1AI score0.00858EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2025/11/18 12:0 a.m.2 views

Photon OS 5.0: Linux PHSA-2025-5.0-0676

An update of the Linux package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2025-5.0-0676. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...

7.4CVSS7.3AI score0.00798EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/11/18 12:0 a.m.4 views

Mozilla Thunderbird < 52.8

The version of Thunderbird installed on the remote macOS or Mac OS X host is prior to 52.8. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2018-13 advisory. - Mozilla developers backported selected changes in the Skia library. These changes correct memory corrupti...

9.8CVSS7.7AI score0.21288EPSS
Exploits4References14
Positive Technologies
Positive Technologies
added 2025/11/18 12:0 a.m.5 views

PT-2025-47388

Name of the Vulnerable Software and Affected Versions AOS-CX Operating System affected versions not specified Description A command injection vulnerability exists in the AOS-CX Operating System. Exploitation could allow an authenticated remote attacker to conduct a Remote Code Execution RCE on th...

6.7CVSS7.5AI score0.00597EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2025/11/18 12:0 a.m.6 views

PT-2025-47387

Name of the Vulnerable Software and Affected Versions AOS-CX Operating System affected versions not specified Description A command injection vulnerability exists in the AOS-CX Operating System. Successful exploitation could allow an authenticated remote attacker to conduct a Remote Code Executio...

6.7CVSS7.5AI score0.00597EPSS
Exploits0References3
Photon
Photon
added 2025/11/18 12:0 a.m.5 views

Important Photon OS Security Update - PHSA-2025-5.0-0682

Updates of 'containerd', 'linux-esx', 'linux' packages of Photon OS have been released...

7.8CVSS6.7AI score0.0018EPSS
Exploits1
OSV
OSV
added 2025/11/17 6:15 p.m.2 views

CVE-2025-55055

CWE-78 Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection'...

9.8CVSS5.8AI score0.00743EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/11/17 5:48 p.m.4 views

CVE-2025-34322 Nagios Log Server < 2026R1.0.1 Authenticated Command Injection via Natural Language Queries

Nagios Log Server versions prior to 2026R1.0.1 contain an authenticated command injection vulnerability in the experimental 'Natural Language Queries' feature. When this feature is configured, certain user-controlled settings—including model selection and connection parameters—are read from the...

8.6CVSS7.1AI score0.046EPSS
Exploits0References4
CVE
CVE
added 2025/11/17 5:48 p.m.16 views

CVE-2025-34322

Nagios Log Server (before 2026R1.0.1) is affected by an authenticated command-injection in the experimental Natural Language Queries feature. The issue arises when user-controlled settings (including model selection and connection parameters) are read from global configuration and concatenated in...

8.6CVSS7.5AI score0.046EPSS
Exploits0References4Affected Software1
Vulnrichment
Vulnrichment
added 2025/11/17 5:25 p.m.2 views

CVE-2025-55055

CWE-78 Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection'...

6.8CVSS6.7AI score0.00743EPSS
Exploits0References1
EUVD
EUVD
added 2025/11/17 5:25 p.m.6 views

EUVD-2025-197852

CWE-78 Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection'...

6.8CVSS6.5AI score0.00743EPSS
Exploits0References2
CVE
CVE
added 2025/11/17 5:3 p.m.551 views

CVE-2025-13193

Affects libvirt-based virtualization. CVE-2025-13193 causes external inactive snapshots for shut-down VMs to be world-readable, enabling information disclosure by unprivileged users. Public sources (Unity Linux UTSA-2025-993329; openSUSE openSUSE-SU-2025-20100-1; SUSE SUSE-SU-2026:0279-1) describ...

5.5CVSS5.6AI score0.00104EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/11/17 5:3 p.m.2 views

CVE-2025-13193

A flaw was found in libvirt. External inactive snapshots for shut-down VMs are incorrectly created as world-readable, making it possible for unprivileged users to inspect the guest OS contents. This results in an information disclosure vulnerability. Mitigation Mitigation for this issue is either...

5.5CVSS5.5AI score0.00104EPSS
Exploits0References3
NVD
NVD
added 2025/11/17 4:15 a.m.7 views

CVE-2025-13284

ThinPLUS developed by ThinPLUS has an OS Command Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary OS commands and execute them on the server...

9.8CVSS0.01619EPSS
Exploits0References2
Rows per page
Query Builder