Lucene search
+L

4536 matches found

nvd
nvd
added 2025/11/26 2:15 a.m.7 views

CVE-2025-66266

The RupsMon.exe service executable in UPSilon 2000 has insecure permissions, allowing the 'Everyone' group Full Control. A local attacker can replace the executable with a malicious binary to execute code with SYSTEM privileges or simply change the config path of the service to a command; startin...

9.3CVSS0.00122EPSS
Exploits0References1
cve
cve
added 2025/11/25 2:3 a.m.18 views

CVE-2025-59373

CVE-2025-59373 concerns a local privilege escalation in the ASUS System Control Interface (ASCI) restore mechanism, enabling an unprivileged user to copy files into protected system paths and cause arbitrary code to run as SYSTEM. Several sources (NVD/NIST, Red Hat, CIRCL enrichment, ZDI) identif...

8.5CVSS6AI score0.00119EPSS
Exploits0References1
redhatcve
redhatcve
added 2025/11/20 9:36 p.m.13 views

CVE-2025-34333

AudioCodes Fax Server and Auto-Attendant IVR appliances versions up to and including 2.6.23 configure the web document root at C:\\F2MAdmin\\F2E with overly permissive file system permissions. Authenticated local users have modify rights on this directory, while the associated web server process...

8.5CVSS7.3AI score0.00182EPSS
Exploits2References1
cvelist
cvelist
added 2025/11/20 4:39 p.m.9 views

CVE-2025-12121 CVE-2025-12121

Lite XL versions 2.1.8 and prior contain a vulnerability in the system.exec function, which allowed arbitrary command execution through unsanitized shell command construction. This function was used in project directory launching core.lua, drag-and-drop file handling rootview.lua, and the “open i...

0.00341EPSS
Exploits1References2
vulnrichment
vulnrichment
added 2025/11/19 4:23 p.m.3 views

CVE-2025-34334 AudioCodes Fax/IVR Appliance <= 2.6.23 Authenticated Command Injection via TestFax.php & LPE

AudioCodes Fax Server and Auto-Attendant IVR appliances versions up to and including 2.6.23 are vulnerable to an authenticated command injection in the fax test functionality implemented by AudioCodesfiles/TestFax.php. When a fax "send" test is requested, the application builds a faxsender comman...

8.7CVSS7AI score0.03188EPSS
Exploits2References4
cve
cve
added 2025/11/19 4:23 p.m.14 views

CVE-2025-34332

CVE-2025-34332 affects AudioCodes Fax Server and Auto-Attendant IVR appliances up to version 2.6.23. A web administration component runs Windows service actions via helper batch scripts in C:\F2MAdmin\F2E\AudioCodes_files\utils\Services. When service actions are requested through ajaxPost.php, PH...

8.5CVSS6.2AI score0.00182EPSS
Exploits2References4Affected Software2
cvelist
cvelist
added 2025/11/19 2:50 a.m.10 views

CVE-2025-13051 Windows service used an uncontrolled search path element will cause unauthorized code execution with localsystem privileges

When the service of ABP and AES is installed in a directory writable by non-administrative users, an attacker can replace or plant a DLL with the same name as one loaded by the service. Upon service restart, the malicious DLL is loaded and executed under the LocalSystem account, resulting in...

9.3CVSS0.00188EPSS
Exploits0References1
ptsecurity
ptsecurity
added 2025/11/19 12:0 a.m.10 views

PT-2025-47483

Name of the Vulnerable Software and Affected Versions AudioCodes Fax Server and Auto-Attendant IVR appliances versions up to and including 2.6.23 Description The software contains a flaw due to an authenticated command injection in the fax test functionality implemented by AudioCodes...

8.8CVSS7AI score0.03188EPSS
Exploits2References9
ptsecurity
ptsecurity
added 2025/11/19 12:0 a.m.10 views

PT-2025-47481

Name of the Vulnerable Software and Affected Versions AudioCodes Fax Server and Auto-Attendant IVR appliances versions up to and including 2.6.23 Description The web administration component of the software controls Windows services using batch scripts located under C:F2MAdminF2EAudioCodes...

8.5CVSS6.5AI score0.00182EPSS
Exploits2References8
ptsecurity
ptsecurity
added 2025/11/19 12:0 a.m.8 views

PT-2025-47478

Name of the Vulnerable Software and Affected Versions AudioCodes Fax Server and Auto-Attendant IVR appliances versions up to and including 2.6.23 Description The software contains an unauthenticated backup upload endpoint located at /AudioCodes files/ajaxBackupUploadFile.php within the F2MAdmin w...

9.3CVSS7.2AI score0.01039EPSS
Exploits2References7
nessus
nessus
added 2025/11/14 12:0 a.m.6 views

Autodesk Installer Privilege Escalation (CVE-2025-10885)

This vulnerability is a privilege escalation flaw in the Autodesk Installer, where improper validation of files loaded during the installation process allows a local, low-privileged attacker to craft a malicious file that is executed with elevated permissions, ultimately enabling arbitrary code...

7.8CVSS6.3AI score0.0015EPSS
Exploits0References2
euvd
euvd
added 2025/11/13 6:31 p.m.5 views

EUVD-2025-175303

An unauthenticated command injection vulnerability exists in the ToToLink LR1200GB Router firmware V9.1.0u.6619B20230130 within the cstecgi.cgi binary sub41EC68 function. The binary reads the "imei" parameter from a web request and verifies only that it is 15 characters long. The parameter is the...

6.5CVSS7.8AI score0.06641EPSS
Exploits1References4
vulnrichment
vulnrichment
added 2025/11/13 12:0 a.m.3 views

CVE-2025-60675

A command injection vulnerability exists in the D-Link DIR-823G router firmware DIR823GV1.0.2B0520181207.bin in the timelycheck and sysconf binaries, which process the /tmp/newqos.rule configuration file. The vulnerability occurs because parsed fields from the configuration file are concatenated...

7.8AI score0.01495EPSS
Exploits1References3
ptsecurity
ptsecurity
added 2025/11/13 12:0 a.m.13 views

PT-2025-46888

A command injection vulnerability exists in the D-Link DIR-823G router firmware DIR823G V1.0.2B05 20181207.bin in the timelycheck and sysconf binaries, which process the /tmp/new qos.rule configuration file. The vulnerability occurs because parsed fields from the configuration file are concatenat...

5.4CVSS8.2AI score0.01495EPSS
Exploits1References5
cert
cert
added 2025/11/11 12:0 a.m.7 views

Lite XL Arbitrary Code Execution via Project Module and Legacy system.exec Function

Overview Lite XL is a lightweight text editor derived from the lite project, written primarily in Lua and C. It supports Windows, Linux, and macOS, and is designed for extensibility through plugins and project‑specific modules. Description Two vulnerabilities were identified Lite XL: CVE-2025-121...

7.3CVSS8.2AI score0.00341EPSS
Exploits2References4
osv
osv
added 2025/10/29 8:15 p.m.8 views

CVE-2025-9869

Razer Synapse 3 Macro Module Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Razer Synapse 3. An attacker must first obtain the ability to execute low-privileged code on the target system in ord...

7.8CVSS6.2AI score0.00175EPSS
Exploits0References1
zdi
zdi
added 2025/10/27 12:0 a.m.6 views

Veeam Agent for Microsoft Windows Link Following Local Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on affected installations of Veeam Agent for Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. User interaction on the part of an...

7.3CVSS8.3AI score0.0016EPSS
Exploits0References1
euvd
euvd
added 2025/10/07 12:30 a.m.4 views

EUVD-2020-1520

Malware in sbrugna...

7.2CVSS6.6AI score0.00173EPSS
Exploits0References2
euvd
euvd
added 2025/10/07 12:30 a.m.4 views

EUVD-2020-17935

Malware in sbrugna...

7.8CVSS7.6AI score0.00342EPSS
Exploits0References3
euvd
euvd
added 2025/10/07 12:30 a.m.4 views

EUVD-2021-26009

Malware in sbrugna...

6.7CVSS6.6AI score0.00123EPSS
Exploits0References2
Rows per page
Query Builder