Lucene search
K

120932 matches found

CVE
CVE
added 2025/10/29 12:0 a.m.17 views

CVE-2025-60595

CVE-2025-60595 affects SPH Engineering UgCS 5.13.0 and enables arbitrary code execution. The included metrics indicate a network-exposed, low-Complexity attack with no privileges required and no user interaction, resulting in high integrity impact and low confidentiality impact. The sources confi...

8.2CVSS7.2AI score0.00291EPSS
Exploits0References2
Debian
Debian
added 2025/10/28 7:36 p.m.7 views

[SECURITY] [DSA 6043-1] gimp security update

------------------------------------------------------------------------- Debian Security Advisory DSA-6043-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff October 28, 2025 https://www.debian.org/security/faq -...

7.8CVSS8.7AI score0.06312EPSS
Exploits0
Veracode
Veracode
added 2025/10/28 9:53 a.m.6 views

Deserialization Of Untrusted Data

h2o is vulnerable to Deserialization Of Untrusted Data. The vulnerability is due to improper handling of JDBC connection parameters with insufficient input validation, which allows an attacker to bypass regular expression checks using double URL encoding and subsequently read arbitrary files or...

9.8CVSS9.6AI score0.00839EPSS
Exploits1References4Affected Software2
RedHat Linux
RedHat Linux
added 2025/10/28 8:49 a.m.4 views

libtiff: Libtiff Write-What-Where

A flaw was found in Libtiff. This vulnerability is a "write-what-where" condition, triggered when the library processes a specially crafted TIFF image file. By providing an abnormally large image height value in the file's metadata, an attacker can trick the library into writing attacker-controll...

8.8CVSS7.6AI score0.00739EPSS
Exploits0References8
Nuclei
Nuclei
added 2025/10/28 12:38 a.m.13 views

Adobe Experience Manager Forms - Insecure Deserialization

Adobe Experience Manager versions 6.5.23 and earlier are affected by a Misconfiguration vulnerability that could result in arbitrary code execution. An attacker could leverage this vulnerability to bypass security mechanisms and execute code. Exploitation of this issue does not require user...

10CVSS7.8AI score0.89824EPSS
Exploits7References1
RedHat Linux
RedHat Linux
added 2025/10/28 12:30 a.m.3 views

libtiff: Libtiff Write-What-Where

A flaw was found in Libtiff. This vulnerability is a "write-what-where" condition, triggered when the library processes a specially crafted TIFF image file. By providing an abnormally large image height value in the file's metadata, an attacker can trick the library into writing attacker-controll...

8.8CVSS7.6AI score0.00739EPSS
Exploits0References8
RedhatCVE
RedhatCVE
added 2025/10/28 12:28 a.m.11 views

CVE-2025-52263

An issue in the Web Configuration module of Startcharge Artemis AC Charger 7-22 kW v1.0.4 allows authenticated network-adjacent attackers to upload crafted firmware, leading to arbitrary code execution...

8CVSS7.4AI score0.00159EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2025/10/28 12:0 a.m.7 views

VulnCheck KEV: CVE-2025-6204

An Improper Control of Generation of Code Code Injection vulnerability affecting DELMIA Apriso from Release 2020 through Release 2025 could allow an attacker to execute arbitrary code...

8CVSS6.1AI score0.75306EPSS
In wildExploits0References4
CISA KEV Catalog
CISA KEV Catalog
added 2025/10/28 12:0 a.m.7 views

Dassault Systèmes DELMIA Apriso Code Injection Vulnerability

Dassault Systèmes DELMIA Apriso contains a code injection vulnerability that could allow an attacker to execute arbitrary code...

8CVSS8AI score0.75306EPSS
In wildExploits0
CNNVD
CNNVD
added 2025/10/28 12:0 a.m.3 views

WAVLINK QUANTUM D3G和WAVLINK WL-WN530HG3 安全漏洞

WAVLINK QUANTUM D3G and WAVLINK WL-WN530HG3 are both products of China RuiYin WAVLINK company.WAVLINK QUANTUM D3G is a router.WAVLINK WL-WN530HG3 is a WiFi router. A security vulnerability exists in the WAVLINK QUANTUM D3G and WAVLINK WL-WN530HG3 that originates from a stack-based buffer overflow...

9.1CVSS7.3AI score0.00674EPSS
Exploits0References2
OSV
OSV
added 2025/10/28 12:0 a.m.4 views

UBUNTU-CVE-2025-62229

A flaw was found in the X.Org X server and Xwayland when processing X11 Present extension notifications. Improper error handling during notification creation can leave dangling pointers that lead to a use-after-free condition. This can cause memory corruption or a crash, potentially allowing an...

7.3CVSS6.1AI score0.00481EPSS
Exploits0References3
Kaspersky
Kaspersky
added 2025/10/28 12:0 a.m.6 views

KLA89736 ACE vulnerability in Mozilla Firefox

Use-after-free vulnerability was found in Mozilla Firefox. Malicious users can exploit this vulnerability to execute arbitrary code. Original advisories MFSA2025-86 Related products Mozilla-Firefox CVE list CVE-2025-12380 unknown Solution Update to the latest version Download Firefox Impacts ACE...

9.8CVSS8AI score0.00308EPSS
Exploits0References3
CNNVD
CNNVD
added 2025/10/28 12:0 a.m.4 views

Mozilla Firefox 安全漏洞

Mozilla Firefox is an open source web browser from the Mozilla Foundation in the United States. Mozilla Firefox suffers from a code execution vulnerability that is caused by the use of a WebGPU internal release triggered by an infected child process. An attacker could exploit the vulnerability to...

9.8CVSS7.8AI score0.00308EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/10/28 12:0 a.m.9 views

Debian dsa-6043 : gimp - security update

The remote Debian 12 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-6043 advisory. - ------------------------------------------------------------------------- Debian Security Advisory DSA-6043-1 [email protected] https://www.debian.org/securit...

7.8CVSS8.4AI score0.06312EPSS
Exploits0References8
NVD
NVD
added 2025/10/27 5:15 p.m.3 views

CVE-2025-27224

TRUfusion Enterprise through 7.10.4.0 uses the /trufusionPortal/fileupload endpoint to upload files. However, the application doesn't properly sanitize the input to this endpoint, ultimately allowing path traversal sequences to be included. This can be used to write to any filename with any file...

9.8CVSS0.00803EPSS
Exploits1References3
EUVD
EUVD
added 2025/10/27 3:30 p.m.4 views

EUVD-2025-36188

An issue in the Web Configuration module of Startcharge Artemis AC Charger 7-22 kW v1.0.4 allows authenticated network-adjacent attackers to upload crafted firmware, leading to arbitrary code execution...

8CVSS7.3AI score0.00159EPSS
Exploits0References3
NVD
NVD
added 2025/10/27 2:15 p.m.3 views

CVE-2025-52263

An issue in the Web Configuration module of Startcharge Artemis AC Charger 7-22 kW v1.0.4 allows authenticated network-adjacent attackers to upload crafted firmware, leading to arbitrary code execution...

8CVSS0.00159EPSS
Exploits0References2
Debian
Debian
added 2025/10/27 6:46 a.m.4 views

[SECURITY] [DLA 4351-1] thunderbird security update

------------------------------------------------------------------------- Debian LTS Advisory DLA-4351-1 [email protected] https://www.debian.org/lts/security/ Emilio Pozuelo Monfort October 27, 2025 https://wiki.debian.org/LTS -...

9.8CVSS7.4AI score0.00465EPSS
Exploits0
CNNVD
CNNVD
added 2025/10/27 12:0 a.m.4 views

StarCharge Artemis AC Charger 安全漏洞

StarCharge Artemis AC Charger is an AC charger from StarCharge Singapore. A security vulnerability exists in the StarCharge Artemis AC Charger version 7-22 kW v1.0.4, which stems from a Web Configuration module that allows the upload of specially crafted firmware, which could lead to the executio...

8CVSS7AI score0.00159EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2025/10/27 12:0 a.m.3 views

CVE-2025-52263

An issue in the Web Configuration module of Startcharge Artemis AC Charger 7-22 kW v1.0.4 allows authenticated network-adjacent attackers to upload crafted firmware, leading to arbitrary code execution...

7.4AI score0.00159EPSS
Exploits0References2
Rows per page
Query Builder