Lucene search
+L

509 matches found

NVD
NVD
added 2025/08/29 6:15 p.m.5 views

CVE-2025-29894

An SQL injection vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to execute unauthorized code or commands. We have already fixed the vulnerability in the following version: Qsync Central 4.5.0.7 2025/04/23...

8.8CVSS0.00427EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/08/29 5:14 p.m.7 views

CVE-2025-29893 Qsync Central

An SQL injection vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to execute unauthorized code or commands. We have already fixed the vulnerability in the following version: Qsync Central 4.5.0.7 2025/04/23...

7.5CVSS0.00427EPSS
Exploits0References1
CNVD
CNVD
added 2025/08/20 12:0 a.m.3 views

GNU GRUB Buffer Overflow Vulnerability

GNU GRUB is a Linux system boot program from the GNU community. GNU GRUB suffers from a buffer overflow vulnerability, which originates in the UFS module, where the program does not properly manage memory allocation and release when processing data, and can be exploited by an attacker to obtain...

6.4CVSS7.3AI score0.00328EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/08/13 12:0 a.m.6 views

Foxit Reader 缓冲区错误漏洞

Foxit PDF Reader is a Chinese Foxit Foxit company's a PDF document reader. Foxit PDF Reader suffers from a buffer overflow vulnerability that originates from an uninitialized pointer, which can be exploited by an attacker to obtain system privileges and modify the system configuration by executin...

8.8CVSS7.2AI score0.00583EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2025/07/31 12:0 a.m.7 views

MCP Server Prompt Injection

Model Context Protocol MCP Server Prompt Injection occurs when malicious actors use tools response to inject malicious prompts to the calling LLM through the MCP client. This can lead to the execution of unauthorized commands, data corruption, or the deployment of malicious tools. Such...

7.8AI score
Exploits0References2
Snyk
Snyk
added 2025/07/25 1:44 a.m.1 views

Inclusion of Functionality from Untrusted Control Sphere

Overview @openai/codex is a OpenAI Codex CLI Lightweight coding agent that runs in your terminal Affected versions of this package are vulnerable to Inclusion of Functionality from Untrusted Control Sphere due to auto-approving ripgrep execution even when the --pre, --hostname-bin, --search-zip, ...

4.1CVSS7.5AI score0.00187EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/07/21 6:48 a.m.10 views

CVE-2025-7343 Digiwin|SFT - SQL Injection

The SFT developed by Digiwin has a SQL Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary SQL commands to read, modify, and delete database contents...

9.8CVSS0.00609EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2025/07/18 12:0 a.m.10 views

MCP Server Tool Poisoning

Model Context Protocol MCP Server Tool Poisoning occurs when malicious actors manipulate tool configurations or metadata on a malicious MCP server. This can lead to the execution of unauthorized commands, data corruption, or the deployment of malicious tools. Such vulnerabilities are particularly...

7.5AI score
Exploits0References1
CVE
CVE
added 2025/07/17 3:10 p.m.207 views

CVE-2025-25257

CVE-2025-25257 is a pre-auth, SQL Injection in Fortinet FortiWeb (Fabric Connector) affecting FortiWeb 7.6.0–7.6.3, 7.4.0–7.4.7, 7.2.0–7.2.10, and ≤7.0.10. The issue arises from unsafely constructing SQL with the Authorization: Bearer header in get_fabric_user_by_token(), enabling unauthenticated...

9.8CVSS9.7AI score0.9671EPSS
In wildExploits18References5Affected Software1
OSV
OSV
added 2025/07/16 4:7 p.m.13 views

CVE-2025-53943 VoidBot Open-Source Has Improper Permission Check That Allows Unauthorized Command Execution

VoidBot Open-Source is a customizable Discord bot. VoidBot Open-Source versions 0.0.1 through 0.8.1 contain a vulnerability in the command handler where permission checks are not properly enforced for certain administrative commands. This allows users without the required roles or privileges to...

8.7CVSS7.3AI score0.00325EPSS
Exploits0References2
OSV
OSV
added 2025/07/11 12:21 p.m.7 views

OESA-2025-1788 cloud-init security update

Cloud-init is the defacto multi-distribution package that handles early initialization of a cloud instance. Security Fixes: cloud-init is an industry-standard multi-distribution method for cross-platform cloud instance initialization by Canonical. There is a security vulnerability in cloud-init...

8.8CVSS6.8AI score0.00205EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2025/06/23 12:0 a.m.7 views

CVE-2025-23092

Mitel OpenScape Accounting Management through V5 R1.1.0 could allow an authenticated attacker with administrative privileges to conduct a path traversal attack due to insufficient sanitization of user input. A successful exploit could allow an attacker to upload arbitrary files and execute...

7.3AI score0.00819EPSS
Exploits0References2
VulnCheck KEV
VulnCheck KEV
added 2025/06/02 12:0 a.m.5 views

VulnCheck KEV: CVE-2025-21479

Multiple Qualcomm chipsets contain an incorrect authorization vulnerability. This vulnerability allows for memory corruption due to unauthorized command execution in GPU micronode while executing specific sequence of commands...

8.6CVSS6AI score0.00778EPSS
Exploits3References1
VulnCheck KEV
VulnCheck KEV
added 2025/06/02 12:0 a.m.5 views

VulnCheck KEV: CVE-2025-21480

Multiple Qualcomm chipsets contain an incorrect authorization vulnerability. This vulnerability allows for memory corruption due to unauthorized command execution in GPU micronode while executing specific sequence of commands...

8.6CVSS6AI score0.00435EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 9:44 a.m.9 views

CVE-2024-21762

A out-of-bounds write in Fortinet FortiOS versions 7.4.0 through 7.4.2, 7.2.0 through 7.2.6, 7.0.0 through 7.0.13, 6.4.0 through 6.4.14, 6.2.0 through 6.2.15, 6.0.0 through 6.0.17, FortiProxy versions 7.4.0 through 7.4.2, 7.2.0 through 7.2.8, 7.0.0 through 7.0.14, 2.0.0 through 2.0.13, 1.2.0...

9.8CVSS9.7AI score0.83428EPSS
Exploits12References1
RedhatCVE
RedhatCVE
added 2025/05/23 4:52 a.m.9 views

CVE-2023-46892

The radio frequency communication protocol being used by Meross MSH30Q 4.5.23 is vulnerable to replay attacks, allowing attackers to record and replay previously captured communication to execute unauthorized commands or actions e.g., thermostat's temperature...

8.8CVSS7.4AI score0.0028EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/23 1:51 a.m.10 views

CVE-2023-2993

A valid, authenticated user with limited privileges may be able to use specifically crafted web management server API calls to execute a limited number of commands on SMM v1, SMM v2, and FPC that the user does not normally have sufficient privileges to execute...

6.3CVSS7.2AI score0.00288EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 12:36 a.m.12 views

CVE-2022-40679

An improper neutralization of special elements used in an OS command vulnerability CWE-78 in FortiADC 5.x all versions, 6.0 all versions, 6.1 all versions, 6.2.0 through 6.2.4, 7.0.0 through 7.0.3, 7.1.0; FortiDDoS 4.x all versions, 5.0 all versions, 5.1 all versions, 5.2 all versions, 5.3 all...

7.8CVSS7.3AI score0.0024EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 12:1 a.m.7 views

CVE-2022-43953

A use of externally-controlled format string in Fortinet FortiOS version 7.2.0 through 7.2.4, FortiOS all versions 7.0, FortiOS all versions 6.4, FortiOS all versions 6.2, FortiProxy version 7.2.0 through 7.2.1, FortiProxy version 7.0.0 through 7.0.7 allows attacker to execute unauthorized code o...

7.8CVSS7.4AI score0.00249EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 7:32 p.m.9 views

CVE-2021-27877

An issue was discovered in Veritas Backup Exec before 21.2. It supports multiple authentication schemes: SHA authentication is one of these. This authentication scheme is no longer used in current versions of the product, but hadn't yet been disabled. An attacker could remotely exploit this schem...

9.8CVSS7.3AI score0.6491EPSS
Exploits5References1
Rows per page
Query Builder