Lucene search
+L

373 matches found

EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2025-6017

Malicious code in bioql PyPI...

7.5CVSS6.6AI score0.00587EPSS
Exploits1References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2024-31750

Malicious code in bioql PyPI...

8.8CVSS8.8AI score0.00569EPSS
Exploits1References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2021-34091

Malicious code in bioql PyPI...

7.5CVSS7.6AI score0.0083EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2022-27875

Malicious code in bioql PyPI...

7.5CVSS7.6AI score0.00268EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2025-17093

Malicious code in bioql PyPI...

9.4CVSS6.6AI score0.00151EPSS
Exploits0References2
NVD
NVD
added 2025/08/14 5:15 p.m.5 views

CVE-2025-20148

A vulnerability in the web-based management interface of Cisco Secure Firewall Management Center FMC Software could allow an authenticated, remote attacker to inject arbitrary HTML content into a device-generated document. This vulnerability is due to improper validation of user-supplied data. An...

8.5CVSS0.0043EPSS
Exploits0References1
NVD
NVD
added 2025/08/12 6:15 p.m.6 views

CVE-2025-53727

Improper neutralization of special elements used in an sql command 'sql injection' in SQL Server allows an authorized attacker to elevate privileges over a network...

8.8CVSS0.0109EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/07/12 4:22 p.m.6 views

CVE-2024-41169 Apache Zeppelin: raft directory listing and file read

The attacker can use the raft server protocol in an unauthenticated way. The attacker can see the server's resources, including directories and files. This issue affects Apache Zeppelin: from 0.10.1 up to 0.12.0. Users are recommended to upgrade to version 0.12.0, which fixes the issue by removin...

7.3AI score0.00564EPSS
Exploits0References3
OSV
OSV
added 2025/07/07 3:30 p.m.6 views

GHSA-2RHQ-96Q8-4VJQ LlamaIndex vulnerable to Path Traversal attack through its encode_image function

A path traversal vulnerability exists in run-llama/llamaindex versions 0.11.23 through 0.12.40, specifically within the encodeimage function in genericutils.py. This vulnerability allows an attacker to manipulate the imagepath input to read arbitrary files on the server, including sensitive syste...

7.5CVSS7.3AI score0.00545EPSS
Exploits1References5
CVE
CVE
added 2025/06/13 9:23 a.m.67 views

CVE-2025-29902

CVE-2025-29902 is described as remote code execution enabling unauthorized users to execute arbitrary code on the server. Connected documents link affected software as Bosch RTS VLink/Telex RDC Server and related components (e.g., Apache HTTP Server in PT-2025-25233), with remediation guidance no...

10CVSS9.8AI score0.00962EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/06/12 12:0 a.m.10 views

PT-2025-25338 · Unknown · Absolute Secure Access Server

Name of the Vulnerable Software and Affected Versions: Absolute Secure Access server versions 9.0 through 13.54 Description: The issue is related to a memory management vulnerability. Attackers with network access to the server can cause a Denial of Service by sending a specially crafted sequence...

8.7CVSS6.1AI score0.00315EPSS
Exploits0References9
Vulnrichment
Vulnrichment
added 2025/06/11 3:41 a.m.5 views

CVE-2025-4798 WP-DownloadManager <= 1.68.10 - Authenticated (Administrator+) Arbitrary File Read

The WP-DownloadManager plugin for WordPress is vulnerable to arbitrary file read in all versions up to, and including, 1.68.10. This is due to a lack of restriction on the directory an administrator can select for storing downloads. This makes it possible for authenticated attackers, with...

4.9CVSS6.9AI score0.00355EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2025/05/23 7:23 a.m.9 views

CVE-2024-26157

All versions of ETIC Telecom Remote Access Server RAS prior to 4.5.0 are vulnerable to reflected cross site scripting XSS attacks in get view method under view parameter. The ETIC RAS web server uses dynamic pages that get their input from the client side and reflect the input in their response t...

6.1CVSS5.9AI score0.00224EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 7:22 a.m.13 views

CVE-2024-26154

All versions of ETIC Telecom Remote Access Server RAS prior to 4.5.0 are vulnerable to reflected cross site scripting in the appliance site name. The ETIC RAS web server saves the site name and then presents it to the administrators in a few different pages...

6.1CVSS6.2AI score0.00217EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 7:6 a.m.8 views

CVE-2024-26155

All versions of ETIC Telecom Remote Access Server RAS prior to 4.5.0 expose clear text credentials in the web portal. An attacker can access the ETIC RAS web portal and view the HTML code, which is configured to be hidden, thus allowing a connection to the ETIC RAS ssh server, which could enable ...

8.6CVSS6.7AI score0.00231EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 7:6 a.m.10 views

CVE-2024-26156

All versions of ETIC Telecom Remote Access Server RAS prior to 4.5.0 are vulnerable to reflected cross site scripting XSS attacks in the method parameter. The ETIC RAS web server uses dynamic pages that gets their input from the client side and reflects the input in its response to the client...

6.1CVSS5.9AI score0.00217EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 10:46 p.m.8 views

CVE-2022-29509

Directory traversal vulnerability in T Data Server Japanese Edition Ver.2.22 and earlier, T Data Server English Edition Ver.2.30 and earlier, THERMO RECORDER DATA SERVER Japanese Edition Ver.2.13 and earlier, and THERMO RECORDER DATA SERVER English Edition Ver.2.13 and earlier allows a remote...

7.5CVSS7.1AI score0.03234EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 8:8 p.m.7 views

CVE-2021-3824

OpenVPN Access Server 2.9.0 through 2.9.4 allow remote attackers to inject arbitrary web script or HTML via the web login page URL...

6.1CVSS6.9AI score0.00746EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 4:48 a.m.11 views

CVE-2019-16517

An issue was discovered in ConnectWise Control formerly known as ScreenConnect 19.3.25270.7185. There is a CORS misconfiguration, which reflected the Origin provided by incoming requests. This allowed JavaScript running on any domain to interact with the server APIs and perform administrative...

9.8CVSS6.8AI score0.01327EPSS
Exploits1References1
NVD
NVD
added 2025/04/01 3:16 p.m.38 views

CVE-2025-31131

YesWiki is a wiki system written in PHP. The squelette parameter is vulnerable to path traversal attacks, enabling read access to arbitrary files on the server. This vulnerability is fixed in 4.5.2...

8.6CVSS0.05366EPSS
Exploits6References2
Rows per page
Query Builder