Lucene search
+L

743 matches found

RedhatCVE
RedhatCVE
added 2026/01/07 9:12 a.m.7 views

CVE-2024-2325

The Link Library plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the searchll parameter in all versions up to, and including, 7.6.6 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web...

6.1CVSS6.4AI score0.00409EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/01/07 12:0 a.m.5 views

PT-2026-1560

Name of the Vulnerable Software and Affected Versions WP Photo Album Plus plugin for WordPress versions up to and including 9.1.05.008 Description The WP Photo Album Plus plugin for WordPress is susceptible to Reflected Cross-Site Scripting through the shortcode parameter. Insufficient input...

7.1CVSS5.8AI score0.0023EPSS
Exploits0References10
NVD
NVD
added 2026/01/06 2:15 a.m.11 views

CVE-2025-20802

In geniezone, there is a possible memory corruption due to use after free. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10238968; Issue ID: MSV-4914...

6.7CVSS0.00071EPSS
Exploits0References1
OSV
OSV
added 2026/01/06 2:15 a.m.6 views

CVE-2025-20783

In display, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10182882; Issue ID: MSV-4684...

6.7CVSS5.8AI score0.00072EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/01/06 1:47 a.m.4 views

CVE-2025-20786

In display, there is a possible memory corruption due to use after free. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10149882; Issue ID: MSV-4673...

6.5AI score0.00072EPSS
Exploits0References1
CVE
CVE
added 2026/01/06 1:46 a.m.15 views

CVE-2025-20782

The CVE-2025-20782 issue affects MediaTek chipsets, involving an out-of-bounds write caused by a missing bounds check. The vulnerability could allow local escalation of privilege to System if an attacker already holds System privileges, with no user interaction required. A patch is identified as ...

6.7CVSS6.3AI score0.0008EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2026/01/06 1:46 a.m.19 views

CVE-2025-20762

CVE-2025-20762 affects MediaTek Modem with a vulnerability in error handling that can cause a system crash and remote denial of service when a UE connects to a rogue base station. Exploitation requires no user interaction and no additional privileges. The advisory lists Patch ID MOLY01685181 and ...

6.5CVSS6.5AI score0.00257EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2026/01/06 1:46 a.m.25 views

CVE-2025-20795

CVE-2025-20795 describes an out-of-bounds write in the KeyInstall component caused by a missing bounds check, enabling local escalation to System privileges. Exploitation does not require user interaction per the description. Public records reference a patch: ALPS10276761 (MSV-5141). The CVSS met...

7.8CVSS6.3AI score0.00076EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2026/01/02 9:41 p.m.27 views

CVE-2025-64123

The vulnerability CVE-2025-64123 concerns the Nuvation Energy Multi-Stack Controller (MSC) . Affected are MSC releases up to and including 2.5.1 , where an unintended proxy or intermediary behavior can enable a form of Network Boundary Bridging . The issue is described consistently across sources...

9.8CVSS6.2AI score0.00274EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2025/12/31 7:15 a.m.4 views

CVE-2025-15270

FontForge SFD File Parsing Improper Validation of Array Index Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of FontForge. User interaction is required to exploit this vulnerability in that the target must visit ...

8.8CVSS7.7AI score
Exploits0References1
Zero Day Initiative
Zero Day Initiative
added 2025/12/29 12:0 a.m.5 views

Trimble SketchUp SKP File Parsing Use-After-Free Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Trimble SketchUp. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of SK...

7.8CVSS7.2AI score0.00299EPSS
Exploits0
Zero Day Initiative
Zero Day Initiative
added 2025/12/29 12:0 a.m.6 views

GIMP PSP File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of PSP files. The...

7.8CVSS7.2AI score0.00744EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/12/24 10:29 p.m.4 views

CVE-2025-14402

PDFsam Enhanced DOC File Insufficient UI Warning Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDFsam Enhanced. User interaction is required to exploit this vulnerability in that the target must visit a...

7CVSS7.1AI score0.00215EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/12/24 10:29 p.m.5 views

CVE-2025-13707

Tencent HunyuanDiT modelresume Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Tencent HunyuanDiT. User interaction is required to exploit this vulnerability in that the target...

7.8CVSS7.9AI score0.00411EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/12/24 10:29 p.m.3 views

CVE-2025-13710

Tencent HunyuanVideo loadvae Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Tencent HunyuanVideo. User interaction is required to exploit this vulnerability in that the target...

7.8CVSS7.9AI score0.00411EPSS
Exploits0References1
EUVD
EUVD
added 2025/12/24 12:30 a.m.4 views

EUVD-2025-204990

Soda PDF Desktop PDF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Soda PDF Desktop. User interaction is required to exploit this vulnerability in that the target must...

3.3CVSS4.8AI score0.00146EPSS
Exploits0References2
OSV
OSV
added 2025/12/23 10:15 p.m.3 views

CVE-2025-14403

PDFsam Enhanced Launch Insufficient UI Warning Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDFsam Enhanced. User interaction is required to exploit this vulnerability in that the target must visit a malicio...

7.8CVSS6.3AI score0.00257EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/12/23 9:41 p.m.30 views

CVE-2025-12839 Academy Software Foundation OpenEXR EXR File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability

Academy Software Foundation OpenEXR EXR File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Academy Software Foundation OpenEXR. User interaction is required to exploit this...

7.8CVSS0.00158EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/12/23 9:33 p.m.3 views

CVE-2025-13716 Tencent MimicMotion create_pipeline Deserialization of Untrusted Data Remote Code Execution Vulnerability

Tencent MimicMotion createpipeline Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Tencent MimicMotion. User interaction is required to exploit this vulnerability in that the...

7.8CVSS7.3AI score0.00411EPSS
Exploits0References2
OSV
OSV
added 2025/12/23 9:33 p.m.4 views

CVE-2025-13716 Tencent MimicMotion create_pipeline Deserialization of Untrusted Data Remote Code Execution Vulnerability

Tencent MimicMotion createpipeline Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Tencent MimicMotion. User interaction is required to exploit this vulnerability in that the...

7.8CVSS7.6AI score0.00411EPSS
Exploits0References4
Rows per page
Query Builder