Lucene search
K

16979 matches found

AlmaLinux
AlmaLinux
added 2026/01/07 12:0 a.m.4 views

Important: mariadb:10.3 security update

MariaDB is a multi-user, multi-threaded SQL database server that is binary compatible with MySQL. Security Fixes: mariadb: MariaDB: mariadb-dump utility vulnerable to remote code execution via improper path validation CVE-2025-13699 For more details about the security issues, including the impact...

7CVSS8.6AI score0.00414EPSS
Exploits0References4
OSV
OSV
added 2026/01/05 5:34 p.m.4 views

MAL-2026-54 Malicious code in lium-4-96 (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 f30524e8a9ff2b7c5b43b57ea582beeba9d8f94da4097ecd572d26b4177e6626 This is a typosquatting/dependency confusion package that is part of a campaign embedding malicious code but was found before the malicious code was injected...

7.4AI score
Exploits0References4
CNNVD
CNNVD
added 2026/01/05 12:0 a.m.5 views

Craft CMS 安全漏洞

Craft CMS is an open source content management system CMS from Craft CMS. A security vulnerability exists in Craft CMS versions 5.0.0-RC1 through 5.8.20 and 4.0.0-RC1 through 4.16.16, which stems from a malicious add-on behavior that could lead to authenticated remote code execution...

8.6CVSS8.2AI score0.00812EPSS
Exploits1References5
Tenable Nessus
Tenable Nessus
added 2026/01/05 12:0 a.m.3 views

RHEL 9 : mariadb (RHSA-2026:0061)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:0061 advisory. MariaDB is a multi-user, multi-threaded SQL database server that is binary compatible with MySQL. Security Fixes: mariadb: MariaDB: mariadb-dump...

7CVSS7.7AI score0.00414EPSS
Exploits0References4
CNVD
CNVD
added 2026/01/04 12:0 a.m.1 views

Command Execution Vulnerability in U8 Cloud of UFIDA Network Technology Corporation (CNVD-C-2026-26052)

U8 Cloud is a new-generation cloud ERP Enterprise Resource Planning solution launched by UFIDA, mainly for growing and innovative enterprises, aiming to provide a comprehensive enterprise-level cloud ERP total solution. A command execution vulnerability exists in UFIDA U8 Cloud, which can be...

6.1AI score
Exploits0
RedhatCVE
RedhatCVE
added 2026/01/01 10:28 a.m.10 views

CVE-2025-15389

VPN Firewall developed by QNO Technology has an OS Command Injection vulnerability, allowing authenticated remote attackers to inject arbitrary OS commands and execute them on the server...

8.8CVSS7.7AI score0.01053EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/01/01 12:0 a.m.5 views

feast 代码问题漏洞

feast is an AI/ML open source function library from Feast Open Source. A code issue vulnerability exists in feast version 0.53.0, which stems from improper YAML deserialization and could lead to remote code execution...

7.8CVSS8AI score0.00264EPSS
Exploits0References2
UbuntuCve
UbuntuCve
added 2025/12/31 7:15 p.m.4 views

CVE-2025-34468

libcoap versions up to and including 4.3.5, prior to commit 30db3ea, contain a stack-based buffer overflow in address resolution when attacker-controlled hostname data is copied into a fixed 256-byte stack buffer without proper bounds checking. A remote attacker can trigger a crash and potentiall...

9.8CVSS6.9AI score0.00637EPSS
Exploits0References5
CVE
CVE
added 2025/12/31 6:39 p.m.9 views

CVE-2020-36904

CVE-2020-36904 affects Selea CarPlateServer 4.0.1.6. A remote code execution flaw exists via the NO_LIST_EXE_PATH config parameter, allowing bypass of authentication through the /cps/ endpoint and modification of server config, including admin passwords, and execution of system commands. Document...

9.3CVSS7.5AI score0.0043EPSS
Exploits1References4
Vulnrichment
Vulnrichment
added 2025/12/31 6:39 p.m.3 views

CVE-2020-36904 Selea CarPlateServer 4.0.1.6 Remote Program Execution via Configuration Endpoint

Selea CarPlateServer 4.0.1.6 contains a remote program execution vulnerability that allows attackers to execute arbitrary Windows binaries by manipulating the NOLISTEXEPATH configuration parameter. Attackers can bypass authentication through the /cps/ endpoint and modify server configuration,...

9.3CVSS7.5AI score0.0043EPSS
Exploits1References4
OSV
OSV
added 2025/12/31 3:0 p.m.1 views

MAL-2025-193008 Malicious code in telegreph (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 cca72e5a6a205d657e13d29aee3f5448061afd17f222f11db168ef8a20744992 The package, distinguished as a speed testing or typosquatted Telegram library, contains a Telegram bot to perform remote control of the computer --- Category:...

7AI score
Exploits0References2
NVD
NVD
added 2025/12/31 9:15 a.m.5 views

CVE-2025-15388

VPN Firewall developed by QNO Technology has an OS Command Injection vulnerability, allowing authenticated remote attackers to inject arbitrary OS commands and execute them on the server...

8.8CVSS0.00872EPSS
Exploits0References2
OSV
OSV
added 2025/12/31 7:15 a.m.3 views

UBUNTU-CVE-2025-15279

FontForge GUtils BMP File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of FontForge. User interaction is required to exploit this vulnerability in that the target must visit a...

7.8CVSS7.7AI score0.00259EPSS
Exploits0References3
Debian CVE
Debian CVE
added 2025/12/31 6:59 a.m.5 views

CVE-2025-15275

FontForge SFD File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of FontForge. User interaction is required to exploit this vulnerability in that the target must visit a...

8.8CVSS8.4AI score0.0058EPSS
Exploits0
Debian CVE
Debian CVE
added 2025/12/31 6:58 a.m.3 views

CVE-2025-15270

FontForge SFD File Parsing Improper Validation of Array Index Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of FontForge. User interaction is required to exploit this vulnerability in that the target must visit ...

8.8CVSS8.4AI score0.00581EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/12/31 6:8 a.m.4 views

CVE-2025-15222

A vulnerability has been found in Dromara Sa-Token up to 1.44.0. This issue affects the function ObjectInputStream.readObject of the file SaSerializerTemplateForJdkUseBase64.java. Such manipulation leads to deserialization. The attack can be executed remotely. This attack is characterized by high...

5CVSS6.4AI score0.0022EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/12/31 12:2 a.m.11 views

CVE-2025-15211

A flaw has been found in code-projects Refugee Food Management System 1.0. Impacted is an unknown function of the file /home/refugee.php. Executing manipulation of the argument refNo/Fname/Lname/sex/age/contact/nationalitynid can lead to sql injection. The attack can be executed remotely. The...

9.8CVSS6.9AI score0.00315EPSS
Exploits1References1
CNNVD
CNNVD
added 2025/12/31 12:0 a.m.0 views

FontForge 输入验证错误漏洞

FontForge is an open source font editing tool from fontforge that supports multiple languages. An input validation error vulnerability exists in FontForge that stems from improper validation of array indexes when parsing SFD files, which could lead to out-of-bounds writes and remote code executio...

8.8CVSS8.9AI score0.00581EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/12/31 12:0 a.m.5 views

PT-2025-54295

Name of the Vulnerable Software and Affected Versions QNO Technology VPN Firewall affected versions not specified Description The VPN Firewall developed by QNO Technology contains an OS Command Injection issue. Authenticated remote attackers can inject arbitrary OS commands and execute them on th...

8.8CVSS7.5AI score0.00872EPSS
Exploits0References11
Positive Technologies
Positive Technologies
added 2025/12/31 12:0 a.m.6 views

PT-2025-54427

meterN 1.2.3 contains an authenticated remote code execution vulnerability in admin meter2.php and admin indicator2.php scripts. Attackers can exploit the 'COMMANDx' and 'LIVECOMMANDx' POST parameters to execute arbitrary system commands with administrative privileges...

8.8CVSS8.6AI score0.0061EPSS
Exploits1References5
Rows per page
Query Builder