Lucene search
K

83 matches found

CNNVD
CNNVD
added 2025/08/27 12:0 a.m.6 views

CGM CLININET 代码注入漏洞

CGM CLININET is a hospital information management system from German company CGM. A code injection vulnerability exists in CGM CLININET, which originates when a system function receives unauthenticated user input and could lead to the execution of arbitrary code...

9CVSS7.2AI score0.00217EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/08/17 3:28 a.m.11 views

CVE-2025-6025

The Order Tip for WooCommerce plugin for WordPress is vulnerable to Unauthenticated Improper Input Validation in all versions up to, and including, 1.5.4. This is due to lack of server-side validation on the data-tip attribute, which makes it possible for unauthenticated attackers to apply an...

7.5CVSS7.1AI score0.00425EPSS
Exploits0References1
NVD
NVD
added 2025/08/15 3:15 a.m.7 views

CVE-2025-6025

The Order Tip for WooCommerce plugin for WordPress is vulnerable to Unauthenticated Improper Input Validation in all versions up to, and including, 1.5.4. This is due to lack of server-side validation on the data-tip attribute, which makes it possible for unauthenticated attackers to apply an...

7.5CVSS0.00425EPSS
Exploits0References4
CVE
CVE
added 2025/08/15 2:24 a.m.27 views

CVE-2025-6025

CVE-2025-6025 concerns the Order Tip for WooCommerce plugin (WordPress) with unauthenticated input validation failure on the data-tip attribute, affecting all versions up to 1.5.4. The issue enables callers to submit tip values (including negative amounts) that can yield unauthorized discounts, p...

7.5CVSS7AI score0.00425EPSS
Exploits0References4
Cisco
Cisco
added 2025/08/14 4:0 p.m.10 views

Cisco Secure Firewall Adaptive Security Appliance and Secure Firewall Threat Defense Software Remote Access SSL VPN Denial of Service Vulnerabilities

Multiple vulnerabilities in the management and VPN web servers for Cisco Secure Firewall Adaptive Security Appliance ASA Software and Cisco Secure Firewall Threat Defense FTD Software could allow an unauthenticated, remote attacker to cause the device to stop responding or reload unexpectedly,...

8.6CVSS7.7AI score0.00701EPSS
Exploits0References1
CVE
CVE
added 2025/08/08 6:11 p.m.17 views

CVE-2012-10044

MobileCartly 1.0 is affected by an arbitrary file creation vulnerability in the savepage.php script. The application fails to perform authentication/authorization before invoking file_put_contents() on attacker-controlled input, allowing an unauthenticated attacker to send crafted HTTP GET reques...

10CVSS7.7AI score0.01307EPSS
Exploits0References5
CNVD
CNVD
added 2025/07/18 12:0 a.m.98 views

Apache HTTP Server Server-Side Request Forgery Vulnerability (CNVD-2025-16609)

Apache HTTP Server is the United States Apache Apache Foundation of an open source web server . The server is fast, reliable and can be expanded through a simple API. Apache HTTP Server suffers from a server-side request forgery vulnerability that can be exploited by an attacker to disclose NTLM...

7.5CVSS6.9AI score0.01094EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/07/10 12:0 a.m.4 views

Apache HTTP Server 代码问题漏洞

Apache HTTP Server is the United States Apache Apache Foundation of an open source web server . The server is fast, reliable and can be expanded through a simple API. Apache HTTP Server suffers from a server-side request forgery vulnerability that can be exploited by an attacker to disclose NTLM...

7.5CVSS6.5AI score0.01094EPSS
Exploits0References3
CNNVD
CNNVD
added 2025/06/30 12:0 a.m.4 views

Red Hat Ansible Automation Platform 参数注入漏洞

Red Hat Ansible Automation Platform Red Hat AAP is a unified solution for enabling strategic automation from Red Hat USA. A parameter injection vulnerability exists in Red Hat Ansible Automation Platform that stems from an unauthenticated user-supplied Git URL, which could lead to command injecti...

8.8CVSS7.3AI score0.00484EPSS
Exploits0References3
CNNVD
CNNVD
added 2025/05/20 12:0 a.m.5 views

Langroid 代码注入漏洞

Langroid is a Langroid open source tool for developing LLMs using multi-agent programming. A code injection vulnerability exists in Langroid versions prior to 0.53.15, which stems from TableChatAgent's use of pandas eval to process unauthenticated user input, which could lead to code injection...

9.8CVSS7.1AI score0.00741EPSS
Exploits1References2
NVD
NVD
added 2024/11/22 11:15 p.m.14 views

CVE-2024-47407

A parameter within a command does not properly validate input within myPRO Manager which could be exploited by an unauthenticated remote attacker to inject arbitrary operating system commands...

10CVSS0.64168EPSS
Exploits4References1
CNNVD
CNNVD
added 2024/11/22 12:0 a.m.6 views

Cohesive Networks VNS3 操作系统命令注入漏洞

Cohesive Networks VNS3 is a VPN Virtual Private Network solution from Cohesive Networks, Inc. Cohesive Networks VNS3 suffers from an operating system command injection vulnerability that stems from a lack of proper authentication before executing a system call using a user-supplied string. An...

9.8CVSS10AI score0.01627EPSS
Exploits0References2
CNNVD
CNNVD
added 2024/11/07 12:0 a.m.4 views

Logpoint 安全漏洞

Logpoint is a network security application from the Danish company Logpoint. A security vulnerability exists in Logpoint versions prior to 7.5.0 that originates from an authenticated user entering unauthenticated input during EventHub Collector setup, which can lead to remote code execution...

6.4CVSS7.8AI score0.00418EPSS
Exploits0References3
CNNVD
CNNVD
added 2024/10/29 12:0 a.m.4 views

WordPress plugin Crypto 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...

9.8CVSS6.8AI score0.0108EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2024/05/10 12:0 a.m.9 views

PT-2024-25681 · Froxlor +1 · Froxlor +1

Name of the Vulnerable Software and Affected Versions: Froxlor versions prior to 2.1.9 Description: A Stored Blind Cross-Site Scripting XSS vulnerability has been identified in the Failed Login Attempts Logging Feature of the Froxlor Application. An unauthenticated user can inject malicious scrip...

9.6CVSS6AI score0.00963EPSS
Exploits2References11
OSV
OSV
added 2024/05/03 2:15 a.m.5 views

CVE-2023-34275

D-Link DIR-2150 SetNTPServerSettings Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-2150 routers. Although authentication is required to exploit this vulnerability, the...

8CVSS6.2AI score0.0176EPSS
Exploits0References1
CNNVD
CNNVD
added 2024/01/02 12:0 a.m.8 views

Silicon Labs TrustZone Security Vulnerability

Silicon Labs TrustZone is a security software technology from Silicon Labs, Inc. A security vulnerability exists in Silicon Labs TrustZone v4.3.x and earlier versions that originated from allowing unauthenticated input and can be exploited by an attacker to gain access to trusted memory from...

9.8CVSS7AI score0.00403EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2023/08/25 3:15 p.m.5 views

CVE-2023-40800

The compareparentcontroltime function does not authenticate user input parameters, resulting in a post-authentication stack overflow vulnerability in Tenda AC23 v16.03.07.45cn...

8.8CVSS7.4AI score0.00787EPSS
Exploits1References2
OSV
OSV
added 2023/08/25 3:15 p.m.6 views

CVE-2023-40800

The compareparentcontroltime function does not authenticate user input parameters, resulting in a post-authentication stack overflow vulnerability in Tenda AC23 v16.03.07.45cn...

8.8CVSS5.9AI score0.00787EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2023/04/18 12:0 a.m.6 views

PT-2023-2647 · Oracle · Oracle Health Sciences Inform

Name of the Vulnerable Software and Affected Versions: Oracle Health Sciences InForm versions prior to 6.3.1.3 Oracle Health Sciences InForm versions prior to 7.0.0.1 Description: The issue is related to insufficient input validation in the Core component of Oracle Health Sciences InForm, allowin...

5.3CVSS8.6AI score0.00633EPSS
Exploits0References6
Rows per page
Query Builder