Lucene search
K

13930 matches found

RedhatCVE
RedhatCVE
added 2025/12/10 6:13 p.m.5 views

CVE-2025-26489

Improper input validation in the Netconf service in Infinera MTC-9 allows remote authenticated users to crash the service and reboot the appliance, thus causing a DoS condition, via crafted XML payloads.This issue affects MTC-9: from R22.1.1.0275 before R23.0...

6.5CVSS6.8AI score0.00291EPSS
Exploits0References1
OpenVAS
OpenVAS
added 2025/12/10 12:0 a.m.5 views

Synology DiskStation Manager (DSM) Privilege Escalation (Synology-SA-24:27) - Unreliable Remote Version Check

Synology DiskStation Manager DSM is prone to a privilege escalation vulnerability. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

8.8CVSS7.1AI score0.00333EPSS
Exploits0References1
NVD
NVD
added 2025/12/09 4:18 p.m.8 views

CVE-2025-61075

Multiple Incorrect Access Control vulnerabilities in adata Software GmbH Mitarbeiterportal 2.15.2.0 allow remote authenticated, low-privileged users to carry out administrative functions and manipulate data of other users via unauthorized API calls...

8.1CVSS0.00472EPSS
Exploits1References2
CVE
CVE
added 2025/12/09 4:1 p.m.18 views

CVE-2025-13661

CVE-2025-13661 is a path-traversal vulnerability in Ivanti Endpoint Manager (prior to 2024 SU4 SR1). An authenticated remote attacker can write arbitrary files outside the intended directory, with user interaction required. Multiple sources (NVD/Red Hat EUVD, Nessus plugin, and related advisories...

8CVSS6.5AI score0.01171EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2025/12/08 8:56 a.m.30 views

CVE-2025-26489 Improper input validation in Netconf service in Infinera MTC-9

Improper input validation in the Netconf service in Infinera MTC-9 allows remote authenticated users to crash the service and reboot the appliance, thus causing a DoS condition, via crafted XML payloads.This issue affects MTC-9: from R22.1.1.0275 before R23.0...

6.5CVSS0.00291EPSS
Exploits0References1
CVE
CVE
added 2025/12/08 8:56 a.m.13 views

CVE-2025-26489

The CVE-2025-26489 entry concerns Infinera MTC-9, where the Netconf service suffers from improper input validation. The root cause is input validation flaws in the Netconf interface, allowing remote authenticated users to crash the service and reboot the appliance, causing a DoS. Affected version...

6.5CVSS6.4AI score0.00291EPSS
Exploits0References1Affected Software1
EUVD
EUVD
added 2025/12/08 8:56 a.m.4 views

EUVD-2025-201681

Improper input validation in the Netconf service in Infinera MTC-9 allows remote authenticated users to crash the service and reboot the appliance, thus causing a DoS condition, via crafted XML payloads.This issue affects MTC-9: from R22.1.1.0275 before R23.0...

6.5CVSS6.3AI score0.00291EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/12/05 3:27 p.m.6 views

CVE-2025-29846

A vulnerability in portenable cgi allows remote authenticated users to get the status of installed packages...

7.2CVSS6.8AI score0.00627EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/12/05 3:27 p.m.4 views

CVE-2025-29844

A vulnerability in FileStation file cgi allows remote authenticated users to read file metadata and path information...

4.3CVSS6.7AI score0.00422EPSS
Exploits0References1
OSV
OSV
added 2025/12/04 3:15 p.m.5 views

CVE-2024-5401

Improper control of dynamically-managed code resources vulnerability in WebAPI component in Synology DiskStation Manager DSM before 7.1.1-42962-8 and 7.2.1-69057-2 and 7.2.2-72806 and Synology Unified Controller DSMUC before 3.1.4-23079 allows remote authenticated users to obtain privileges witho...

8.8CVSS5.9AI score0.00333EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/12/04 3:0 p.m.3 views

CVE-2025-29844

A vulnerability in FileStation file cgi allows remote authenticated users to read file metadata and path information...

4.3CVSS6.3AI score0.00422EPSS
Exploits0References1
CVE
CVE
added 2025/12/04 3:0 p.m.11 views

CVE-2025-29844

CVE-2025-29844 describes a vulnerability in the Synology FileStation file cgi that enables remote authenticated users to read file metadata and path information. The issue has a CVSS v3.1 base score of 4.3 (Medium) with vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N. Connected sources confi...

4.3CVSS6.3AI score0.00422EPSS
Exploits0References1Affected Software1
EUVD
EUVD
added 2025/12/04 3:0 p.m.5 views

EUVD-2025-201176

A vulnerability in FileStation thumb cgi allows remote authenticated users to read/write image files...

5.4CVSS6.3AI score0.00359EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/12/04 3:0 p.m.20 views

CVE-2025-29843

A vulnerability in FileStation thumb cgi allows remote authenticated users to read/write image files...

5.4CVSS0.00359EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/12/04 2:20 p.m.3 views

CVE-2024-5401

Improper control of dynamically-managed code resources vulnerability in WebAPI component in Synology DiskStation Manager DSM before 7.1.1-42962-8 and 7.2.1-69057-2 and 7.2.2-72806 and Synology Unified Controller DSMUC before 3.1.4-23079 allows remote authenticated users to obtain privileges witho...

4.3CVSS6.6AI score0.00333EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/12/04 12:0 a.m.7 views

Synology Router Manager 路径遍历漏洞

Synology Router Manager SRM is a software used to configure and manage Synology routers from China-based Synology. A path traversal vulnerability exists in Synology Router Manager SRM, which originates from the FileStation file cgi that allows remote authenticated users to read file metadata and...

4.3CVSS6.4AI score0.00422EPSS
Exploits0References1
CVE
CVE
added 2025/11/17 8:7 p.m.35 views

CVE-2025-36357

IBM Planning Analytics Local (Workspace) versions 2.1.0–2.1.14 are affected by a directory traversal vulnerability that allows a remote authenticated user to view, read, or write arbitrary files by sending crafted URLs containing absolute path sequences. The issue is caused by improper handling o...

8CVSS7.2AI score0.00686EPSS
Exploits0References1Affected Software2
Tenable Nessus
Tenable Nessus
added 2025/11/13 12:0 a.m.7 views

HP Integrated Lights-Out Information Disclosure (CVE-2013-4843)

Unspecified vulnerability in HP Integrated Lights-Out 4 iLO4 with firmware before 1.32 allows remote authenticated users to obtain sensitive information via unknown vectors. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information...

6.8CVSS5.8AI score0.01825EPSS
Exploits0References2
Veracode
Veracode
added 2025/11/05 6:45 a.m.7 views

Information Disclosure

com.liferay:com.liferay.portal.security.audit.event.generators.user.management is vulnerable to Information Disclosure. The vulnerability is due to audit events recording users’ password reminder answers in audit logs, which allows remote authenticated users to retrieve those answers via the audi...

6.9CVSS7AI score0.00328EPSS
Exploits0References6Affected Software1
EUVD
EUVD
added 2025/10/20 7:56 a.m.6 views

EUVD-2025-35042

An unrestricted upload of file with dangerous type vulnerability in the upload file function of Galaxy Software Services Corporation Vitals ESP Forum Module through 1.3 version allows remote authenticated users to execute arbitrary system commands via a malicious file...

9.3CVSS7AI score0.00469EPSS
Exploits0References2
Rows per page
Query Builder