Lucene search
+L

690 matches found

Cvelist
Cvelist
added 2025/08/07 4:44 p.m.16 views

CVE-2025-34152 Shenzhen Aitemi M300 Wi-Fi Repeater OS Command Injection via Time Parameter

An unauthenticated OS command injection vulnerability exists in the Shenzhen Aitemi M300 Wi-Fi Repeater hardware model MT02 via the 'time' parameter of the '/protocol.csp?' endpoint. The input is processed by the internal date '-s' command without rebooting or disrupting HTTP service. Unlike othe...

9.4CVSS0.60875EPSS
Exploits5References3
Vulnrichment
Vulnrichment
added 2025/08/07 4:44 p.m.5 views

CVE-2025-34152 Shenzhen Aitemi M300 Wi-Fi Repeater OS Command Injection via Time Parameter

An unauthenticated OS command injection vulnerability exists in the Shenzhen Aitemi M300 Wi-Fi Repeater hardware model MT02 via the 'time' parameter of the '/protocol.csp?' endpoint. The input is processed by the internal date '-s' command without rebooting or disrupting HTTP service. Unlike othe...

9.4CVSS7.3AI score0.60875EPSS
Exploits5References3
EUVD
EUVD
added 2025/08/07 4:44 p.m.9 views

EUVD-2025-23927

An unauthenticated OS command injection vulnerability exists in the Shenzhen Aitemi M300 Wi-Fi Repeater hardware model MT02 via the 'time' parameter of the '/protocol.csp?' endpoint. The input is processed by the internal date '-s' command without rebooting or disrupting HTTP service. Unlike othe...

9.4CVSS7.3AI score0.60875EPSS
Exploits5References2
CVE
CVE
added 2025/08/07 4:44 p.m.54 views

CVE-2025-34152

The CVE-2025-34152 entry concerns the Shenzhen Aitemi M300 Wi‑Fi Repeater (MT02). The vulnerability is an unauthenticated OS command injection exposed via the time parameter of the /protocol.csp? endpoint. Reported impact is remote code execution with root privileges without requiring authenticat...

9.4CVSS7.3AI score0.60875EPSS
In wildExploits5References3
Positive Technologies
Positive Technologies
added 2025/08/07 12:0 a.m.10 views

PT-2025-32277 · Aitemi · Aitemi M300 Wi-Fi Repeater

Name of the Vulnerable Software and Affected Versions: Shenzhen Aitemi M300 Wi-Fi Repeater hardware model MT02 Description: An unauthenticated OS command injection vulnerability exists via the time parameter of the /protocol.csp? API endpoint. The input is processed by the internal date '-s'...

9.4CVSS7.1AI score0.60875EPSS
Exploits5References9
BDU FSTEC
BDU FSTEC
added 2025/07/17 12:0 a.m.28 views

The vulnerability of the setuptools project’s packaging simplification library arises from an incorrect limitation on the path to the restricted-access directory. This allows a malicious actor to compromise the vulnerable system.

The vulnerability of the setuptools project’s packaging simplification library is related to an incorrect restriction on the path name for the restricted access directory. Exploiting this vulnerability could allow a malicious actor to compromise the vulnerable system remotely...

9CVSS6.7AI score0.01454EPSS
Exploits4References15Affected Software21
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/06/10 3:17 a.m.7 views

Malicious code in ncftp (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 4bc7a5d34f3860004cbdbf4f622418fa2383dd3ba5ebff2ed2074a4a13d1b85d Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

6.9AI score
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/05/23 4:54 a.m.7 views

CVE-2023-24489

A vulnerability has been discovered in the customer-managed ShareFile storage zones controller which, if exploited, could allow an unauthenticated attacker to remotely compromise the customer-managed ShareFile storage zones controller...

9.8CVSS7AI score0.95076EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2025/05/22 9:2 p.m.4 views

CVE-2021-2075

Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware component: Samples. Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via IIOP...

9.8CVSS7.1AI score0.03804EPSS
Exploits0References1
Redos
Redos
added 2025/04/03 12:0 a.m.13 views

ROS-20250403-08

A vulnerability in the crun open source OCI container runtime environment is related to an insecure reference following in .krunconfig.json. Exploitation of the vulnerability could allow an attacker acting remotely to compromise a vulnerable system...

8.5CVSS7AI score0.00533EPSS
Exploits0
BDU FSTEC
BDU FSTEC
added 2025/03/27 12:0 a.m.8 views

The vulnerability of the aiohttp HTTP client, related to issues with symbolic links when processing static routes that contain files with compressed variants in the FileResponse class, allows a hacker to compromise the vulnerable system.

The vulnerability of the aiohttp HTTP client is related to problems with symbolic links when processing static routes that contain files with compressed variants in the FileResponse class. Exploiting this vulnerability can allow an attacker to compromise the vulnerable system remotely...

4.8CVSS6.5AI score0.00645EPSS
Exploits0References9Affected Software6
OSV
OSV
added 2025/03/07 5:15 p.m.2 views

CVE-2024-13086

An exposure of sensitive information vulnerability has been reported to affect product. If exploited, the vulnerability could allow remote attackers to compromise the security of the system. We have already fixed the vulnerability in the following version: QTS 5.2.0.2851 build 20240808 and later...

7.5CVSS5.8AI score
Exploits0References1
CNNVD
CNNVD
added 2025/03/07 12:0 a.m.4 views

QNAP Systems QTS和QNAP Systems QuTS hero 信息泄露漏洞

QNAP Systems QTS and QNAP Systems QuTS hero are both products of China's Weilian Technology QNAP Systems.QNAP Systems QTS is an entry operating system.QNAP Systems QuTS hero is an operating system. QNAP Systems QTS and QNAP Systems QuTS hero have an information disclosure vulnerability that...

5.3CVSS6.1AI score0.00389EPSS
Exploits0References3
CNNVD
CNNVD
added 2025/03/07 12:0 a.m.9 views

I-net Software HelpDesk 信任管理问题漏洞

I-net Software HelpDesk is a suite of service management helpdesk software from I-net Software, Germany. A trust management issue vulnerability exists in I-net Software HelpDesk versions prior to 3.3.3 that stems from improper certificate validation, which could allow a remote attacker to...

7.7CVSS6.6AI score0.00286EPSS
Exploits0References3
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/03/04 9:33 a.m.4 views

Malicious code in al-schematics (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware aa23abde2f15732ece6a95eca8e1692816abedb8fe470840b8d8fd6c1121f18d Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

6.9AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/02/28 4:0 p.m.4 views

Malicious code in semaphore-airdrop (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 99b7eadcb670e486e35e76a1c370a0443751d963b957d3e0ddd590e221703079 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

6.9AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/02/13 8:18 a.m.3 views

Malicious code in telegramclient-sdk (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 544758d4b45ebd5665b1bb9b068290cad56fe4f586df9ae5491321a32733dd26 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

6.9AI score
Exploits0References3
VulnCheck KEV
VulnCheck KEV
added 2025/02/13 12:0 a.m.3 views

VulnCheck KEV: CVE-2025-21535

Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware component: Core. Supported versions that are affected are 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via T3, IIOP to compromise Oracle...

9.8CVSS7.3AI score0.008EPSS
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/01/21 7:47 a.m.3 views

Malicious code in webpack-inline-constant-exports-plugin (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware eb8ae870fad74826ac57af33f27bdbe9e74f667ec62aac01b5c9e55a47d36001 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

6.9AI score
Exploits0References3
Positive Technologies
Positive Technologies
added 2025/01/21 12:0 a.m.9 views

PT-2025-4290 · Oracle · Oracle Hyperion Data Relationship Management

Name of the Vulnerable Software and Affected Versions: Oracle Hyperion Data Relationship Management version 11.2.19.0.000 Description: The issue is related to the Web Services component of Oracle Hyperion Data Relationship Management, allowing a high-privileged attacker with network access via HT...

7.1CVSS8.7AI score0.00473EPSS
Exploits0References7
Rows per page
Query Builder