Lucene search
K

404 matches found

CVE
CVE
added 2025/07/24 9:22 a.m.16 views

CVE-2025-7822

WP Wallcreeper (WordPress plugin)

4.3CVSS6AI score0.00295EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/07/20 12:0 a.m.5 views

PT-2025-30193

Name of the Vulnerable Software and Affected Versions Dunamu StockPlus App versions up to 7.62.10 Description A vulnerability exists in Dunamu StockPlus App on Android. The issue involves improper export of android application components due to manipulation of an unknown functionality within the...

5.5CVSS4.7AI score0.00277EPSS
Exploits1References10
Tenable Nessus
Tenable Nessus
added 2025/07/18 12:0 a.m.11 views

CrushFTP 10.x < 10.8.5 / 11.x < 11.3.4_23 Privilege Escalation (CVE-2025-54309)

The CrushFTP application installed on the remote host is missing a vendor-supplied patch. It is, therefore, affected by a vulnerability. CrushFTP 10 before 10.8.5 and 11 before 11.3.423, when the DMZ proxy feature is not used, mishandles AS2 validation and consequently allows remote attackers to...

9.8CVSS7.8AI score0.92034EPSS
Exploits7References3
NVD
NVD
added 2025/07/17 8:15 p.m.8 views

CVE-2025-53964

GoldenDict 1.5.0 and 1.5.1 has an exposed dangerous method that allows reading and modifying files when a user adds a crafted dictionary and then searches for any term included in that dictionary...

9.6CVSS0.00427EPSS
Exploits1References2
OSV
OSV
added 2025/07/16 5:15 p.m.5 views

CVE-2025-20284

A vulnerability in a specific API of Cisco ISE and Cisco ISE-PIC could allow an authenticated, remote attacker to execute arbitrary code on the underlying operating system as root. This vulnerability is due to insufficient validation of user-supplied input. An attacker with valid credentials coul...

7.2CVSS6.2AI score
Exploits0References1
CVE
CVE
added 2025/07/15 2:30 p.m.27 views

CVE-2025-30483

CVE-2025-30483 affects Dell ECS prior to 3.8.1.5 and Dell ObjectScale prior to 4.0.0.0, where an insertion of sensitive information into log files may allow a low-privilege, local attacker to disclose information. The NVD-derived CVSSv3.1 base score is 5.5 (Medium) with LOCAL, LOW complexity, and...

5.5CVSS6.1AI score0.00122EPSS
Exploits0References1Affected Software2
RedhatCVE
RedhatCVE
added 2025/07/15 10:24 a.m.5 views

CVE-2025-7525

A vulnerability was found in TOTOLINK T6 4.1.5cu.748B20211015. It has been declared as critical. This vulnerability affects the function setTracerouteCfg of the file /cgi-bin/cstecgi.cgi of the component HTTP POST Request Handler. The manipulation of the argument command leads to command injectio...

8.8CVSS6.9AI score0.03111EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2025/07/14 2:32 a.m.2 views

CVE-2025-7564 LB-LINK BL-AC3600 shadow hard-coded credentials

A vulnerability, which was classified as critical, has been found in LB-LINK BL-AC3600 1.0.22. Affected by this issue is some unknown functionality of the file /etc/shadow. The manipulation with the input root:blinkadmin leads to hard-coded credentials. Local access is required to approach this...

8.5CVSS6.9AI score0.00215EPSS
Exploits1References5
Vulnrichment
Vulnrichment
added 2025/07/12 6:2 a.m.3 views

CVE-2025-7463 Tenda FH1201 HTTP POST Request AdvSetWrlsafeset formWrlsafeset buffer overflow

A vulnerability was found in Tenda FH1201 1.2.0.14. It has been declared as critical. This vulnerability affects the function formWrlsafeset of the file /goform/AdvSetWrlsafeset of the component HTTP POST Request Handler. The manipulation of the argument mitssid leads to buffer overflow. The atta...

9CVSS7.3AI score0.00976EPSS
Exploits1References5
RedhatCVE
RedhatCVE
added 2025/07/10 9:27 a.m.12 views

CVE-2025-7170

A vulnerability classified as critical was found in code-projects Crime Reporting System 1.0. Affected by this vulnerability is an unknown functionality of the file /registration.php. The manipulation of the argument Name leads to sql injection. The attack can be launched remotely. The exploit ha...

9.8CVSS7.7AI score0.00399EPSS
Exploits1References1
OSV
OSV
added 2025/07/04 6:15 p.m.4 views

CVE-2025-7067

A vulnerability classified as problematic was found in HDF5 1.14.6. This vulnerability affects the function H5FSsinfoserializenodecb of the file src/H5FScache.c. The manipulation leads to heap-based buffer overflow. Local access is required to approach this attack. The exploit has been disclosed ...

5.5CVSS3.8AI score
Exploits0References5
Positive Technologies
Positive Technologies
added 2025/07/01 12:0 a.m.6 views

PT-2025-27526 · Dell · Dell Networker

Name of the Vulnerable Software and Affected Versions: Dell NetWorker versions 19.12.0.1 and prior Description: The issue is related to a Selection of Less-Secure Algorithm During Negotiation, also known as an 'Algorithm Downgrade'. This could allow an unauthenticated attacker with remote access ...

7.5CVSS6.2AI score0.00218EPSS
Exploits0References7
CVE
CVE
added 2025/06/30 7:2 a.m.24 views

CVE-2025-6896

CVE-2025-6896 affects D-Link DI-7300G+ (0) with firmware version 19.12.25A1. The vulnerability is in an unknown function of wget_test.asp, where improper handling of the url parameter enables os command injection. Impact is remote, with exploitation disclosed publicly. Several sources (NVD/Red Ha...

8.8CVSS7AI score0.0406EPSS
Exploits1References5Affected Software1
Positive Technologies
Positive Technologies
added 2025/06/29 12:0 a.m.4 views

PT-2025-27339 · Unknown · Position Department Service Quality Evaluation System

Name of the Vulnerable Software and Affected Versions: Conjure Position Department Service Quality Evaluation System versions up to 1.0.11 Description: A critical vulnerability has been found in the Conjure Position Department Service Quality Evaluation System. The issue affects the eval function...

6.5CVSS7.1AI score0.00263EPSS
Exploits0References9
Positive Technologies
Positive Technologies
added 2025/06/28 12:0 a.m.5 views

PT-2025-27308 · Volkswagen · Mib3

Name of the Vulnerable Software and Affected Versions: MIB3 infotainment unit affected versions not specified Description: A logic flaw in the bootloader component of the MIB3 infotainment unit leads to a RAM buffer overflow, allowing an attacker with physical access to the MIB3 ECU to bypass...

5.2CVSS7.4AI score0.00297EPSS
Exploits0References9
RedhatCVE
RedhatCVE
added 2025/06/27 10:18 p.m.11 views

CVE-2025-6443

Mikrotik RouterOS VXLAN Source IP Improper Access Control Vulnerability. This vulnerability allows remote attackers to bypass access restrictions on affected installations of Mikrotik RouterOS. Authentication is not required to exploit this vulnerability. The specific flaw exists within the...

7.2CVSS7.2AI score0.00466EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/06/23 8:38 a.m.5 views

CVE-2025-51381

An authentication bypass vulnerability exists in KCM3100 Ver1.4.2 and earlier. If this vulnerability is exploited, an attacker may bypass the authentication of the product from within the LAN to which the product is connected...

9.8CVSS7.4AI score0.00631EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/06/23 12:0 a.m.12 views

CVE-2025-6496 HTACG tidy-html5 parser.c InsertNodeAsParent null pointer dereference

A vulnerability was found in HTACG tidy-html5 5.8.0. It has been declared as problematic. This vulnerability affects the function InsertNodeAsParent of the file src/parser.c. The manipulation leads to null pointer dereference. Local access is required to approach this attack. The exploit has been...

4.8CVSS0.00134EPSS
Exploits0References5
NVD
NVD
added 2025/06/22 7:15 p.m.7 views

CVE-2025-6490

A vulnerability was found in sparklemotion nokogiri c29c920907366cb74af13b4dc2230e9c9e23b833 and classified as problematic. This issue affects the function hashmapsetwithhash of the file gumbo-parser/src/hashmap.c. The manipulation leads to heap-based buffer overflow. An attack has to be approach...

4.8CVSS0.00149EPSS
Exploits0References7
Vulnrichment
Vulnrichment
added 2025/06/20 3:4 p.m.2 views

CVE-2025-50008 WordPress WooCommerce Manager – Customize and Control Cart page, Add to Cart button, Checkout fields easily plugin <= 1.2.4.5 - Broken Access Control Vulnerability

Missing Authorization vulnerability in cscode WooCommerce Manager – Customize and Control Cart page, Add to Cart button, Checkout fields easily innovs-woo-manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WooCommerce Manager – Customize and Control...

5.4CVSS5.8AI score0.00259EPSS
Exploits0References1
Rows per page
Query Builder