Lucene search
K

5655 matches found

Cvelist
Cvelist
added 2025/05/21 9:0 p.m.13 views

CVE-2025-5053 FreeFloat FTP Server MDIR Command buffer overflow

A vulnerability, which was classified as critical, has been found in FreeFloat FTP Server 1.0. Affected by this issue is some unknown functionality of the component MDIR Command Handler. The manipulation leads to buffer overflow. The attack may be launched remotely. The exploit has been disclosed...

7.5CVSS0.00588EPSS
Exploits1References4
RedhatCVE
RedhatCVE
added 2025/05/21 8:45 p.m.8 views

CVE-2005-4687

PunBB 1.2.9, used alone or with F-ART BLOG:CMS, may trust a client's IP address as specified in the X-Forwarded-For HTTP header rather than the TCP/IP stack, which allows remote attackers to misrepresent their IP address by sending a modified header...

5CVSS7AI score0.01392EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/21 8:39 p.m.8 views

CVE-2002-2354

Netgear FM114P firmware 1.3 wireless firewall allows remote attackers to cause a denial of service crash or hang via a large number of TCP connection requests...

7.8CVSS7.1AI score0.01844EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/21 8:32 p.m.9 views

CVE-2002-2100

Microsoft Outlook 2002 allows remote attackers to embed bypass the file download restrictions for attachments via an HTML email message that uses an IFRAME to reference malicious content...

5CVSS7AI score0.11363EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/21 8:27 p.m.8 views

CVE-2008-0940

Cross-site scripting XSS vulnerability in Plain Black WebGUI before 7.4.24 allows remote attackers to inject arbitrary web script or HTML when creating a username, a different vulnerability than CVE-2007-0407...

6.8CVSS5.8AI score0.01401EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/21 8:26 p.m.9 views

CVE-2002-1923

The default configuration in MySQL 3.20.32 through 3.23.52, when running on Windows, does not have logging enabled, which could allow remote attackers to conduct activities without detection...

7.5CVSS7AI score0.0253EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/21 8:17 p.m.6 views

CVE-2008-0618

Multiple cross-site scripting XSS vulnerabilities in the DMSGuestbook 1.8.0 and 1.7.0 plugin for WordPress allow remote attackers to inject arbitrary web script or HTML via the 1 gbname, 2 gbemail, 3 gburl, and 4 gbmsg parameters to unspecified programs. NOTE: the provenance of this information i...

4.3CVSS6AI score0.01514EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/21 8:17 p.m.14 views

CVE-2009-2907

Multiple cross-site scripting XSS vulnerabilities in SpringSource tc Server 6.0.20.B and earlier, Application Management Suite AMS before 2.0.0.SR4, Hyperic HQ Open Source before 4.2.x, Hyperic HQ 4.0 Enterprise before 4.0.3.2, and Hyperic HQ 4.1 Enterprise before 4.1.2.1 allow remote attackers t...

4.3CVSS6AI score0.01199EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2025/05/21 7:46 p.m.6 views

CVE-2008-7201

Lantronix MSS485-T allows remote attackers to cause a denial of service unstable performance and service loss via certain vulnerability scans, as demonstrated using 1 Nessus and 2 nmap...

7.8CVSS7AI score0.01267EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/21 7:38 p.m.6 views

CVE-2009-2454

Cross-site scripting XSS vulnerability in Citrix Web Interface 4.6, 5.0, and 5.0.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

4.3CVSS5.8AI score0.01073EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/21 7:30 p.m.11 views

CVE-2008-3634

Apple iTunes before 8.0 on Mac OS X 10.4.11, when iTunes Music Sharing is enabled but blocked by the host-based firewall, presents misleading information about firewall security, which might allow remote attackers to leverage an exposure that would be absent if the administrator were given better...

2.6CVSS6.3AI score0.01643EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/21 7:17 p.m.6 views

CVE-2007-2066

UseBB before 1.0.6 allows remote attackers to obtain sensitive information via a request with unspecified GET or POST parameters to an unspecified script, which reveals the path in an error message...

5CVSS6.4AI score0.01205EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/21 6:34 p.m.5 views

CVE-2007-1406

Trac before 0.10.3.1 does not send a Content-Disposition HTTP header specifying an attachment in certain "unsafe" situations, which has unknown impact and remote attack vectors...

10CVSS6.9AI score0.01342EPSS
Exploits0References1
CVE
CVE
added 2025/05/21 6:58 a.m.50 views

CVE-2021-25254

Yandex Browser Lite for Android before 21.1.0 is vulnerable to address-bar spoofing (authentication bypass). The issue is described in multiple sources (e.g., PT-2021-7166) as a spoofing vulnerability with no clearly documented fixed version in the provided materials; exploitation status and spec...

8.2CVSS6.7AI score0.00461EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2025/05/20 9:15 p.m.11 views

CVE-2025-4998

A vulnerability has been found in H3C Magic R200G up to 100R002 and classified as problematic. Affected by this vulnerability is the function EditBasicSSID/EditBasicSSID5G/SetAPWifiorLedInfoById/SetMobileAPInfoById/AspSetTimingtimeWifiAndLed/AddMacList/EditMacList/AddWlanMacList/EditWlanMacList o...

7.1CVSS0.00441EPSS
Exploits0References4
BDU FSTEC
BDU FSTEC
added 2025/05/20 12:0 a.m.5 views

The vulnerability of Adobe Connect’s instant messaging program lies in the insufficient protection of the website structure, which allows attackers to perform cross-site scripting attacks.

The vulnerability of the Adobe Connect instant messaging program is related to insufficient protection of the website structure. Exploiting this vulnerability allows a malicious actor to perform cross-site scripting attacks remotely...

6.4CVSS5.2AI score0.00235EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2025/05/19 12:0 a.m.3 views

PT-2025-21926 · Unknown · Phpgurukul Auto Taxi Stand Management System

Name of the Vulnerable Software and Affected Versions: PHPGurukul Auto Taxi Stand Management System version 1.0 Description: A critical vulnerability has been found in the PHPGurukul Auto Taxi Stand Management System. The issue is related to an unknown function of the file...

9.8CVSS7.4AI score0.00478EPSS
Exploits1References9
Vulnrichment
Vulnrichment
added 2025/05/18 3:31 p.m.6 views

CVE-2025-4885 itsourcecode Sales and Inventory System product_add.php sql injection

A vulnerability classified as critical has been found in itsourcecode Sales and Inventory System 1.0. Affected is an unknown function of the file /pages/productadd.php. The manipulation of the argument serial leads to sql injection. It is possible to launch the attack remotely. The exploit has be...

7.5CVSS7.6AI score0.00415EPSS
Exploits1References5
Vulnrichment
Vulnrichment
added 2025/05/18 12:0 p.m.10 views

CVE-2025-4874 PHPGurukul News Portal Project contactus.php sql injection

A vulnerability was found in PHPGurukul News Portal Project 4.1 and classified as critical. Affected by this issue is some unknown functionality of the file /admin/contactus.php. The manipulation of the argument pagetitle leads to sql injection. The attack may be launched remotely. The exploit ha...

7.5CVSS7.5AI score0.00472EPSS
Exploits1References5
CVE
CVE
added 2025/05/18 2:0 a.m.39 views

CVE-2025-4848

CVE-2025-4848 affects FreeFloat FTP Server 1.0. The vulnerability is in the RECV Command Handler and causes a buffer overflow in processing input data, enabling remote exploitation. Multiple connected sources confirm remote attack potential and public disclosure of the exploit. Remediation guidan...

9.8CVSS7.2AI score0.00588EPSS
Exploits1References4Affected Software1
Rows per page
Query Builder