Lucene search
K

120932 matches found

CNNVD
CNNVD
added 2025/10/24 12:0 a.m.5 views

D-Link DIR600L 安全漏洞

D-Link DIR600L is a wireless router for home users, belonging to D-Link's "Cloud Router" series, with an external antenna design, supporting 802.11n standard, with a maximum wireless transmission rate of 150Mbps. The D-Link DIR600L suffers from a buffer overflow vulnerability, which originates fr...

9.8CVSS8AI score0.00376EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2025/10/24 12:0 a.m.3 views

EulerOS 2.0 SP13 : polkit (EulerOS-SA-2025-2274)

According to the versions of the polkit packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : A flaw was found in polkit. When processing an XML policy with 32 or more nested elements in depth, an out-of-bounds write can be triggered. This...

6.7CVSS6.4AI score0.00184EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/10/24 12:0 a.m.5 views

NewStart CGSL MAIN 7.02 : freetype Vulnerability (NS-SA-2025-0249)

The remote NewStart CGSL host, running version MAIN 7.02, has freetype packages installed that are affected by a vulnerability: - An out of bounds write exists in FreeType versions 2.13.0 and below newer versions of FreeType are not vulnerable when attempting to parse font subglyph structures...

8.1CVSS7.2AI score0.23357EPSS
Exploits0References3
NVD
NVD
added 2025/10/23 10:15 p.m.3 views

CVE-2025-62498

A relative path traversal ZipSlip vulnerability was discovered in Productivity Suite software version 4.4.1.19. The vulnerability allows an attacker who can tamper with a productivity project to execute arbitrary code on the machine where the project is opened...

8.8CVSS0.00506EPSS
Exploits0References3
CVE
CVE
added 2025/10/23 9:46 p.m.13 views

CVE-2025-62498

CVE-2025-62498 corresponds to a ZipSlip-style relative path traversal in AutomationDirect Productivity Suite 4.4.1.19. Multiple connected sources (Red Hat CVE entry, ENISA EUVD, CVE listing, and PT-Security) describe that an attacker who can tamper with a productivity project can cause arbitrary ...

8.8CVSS7.5AI score0.00506EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/23 6:31 p.m.3 views

EUVD-2025-35706

Cross site scripting XSS vulnerability in 17gz International Student service system 1.0 allows attackers to execute arbitrary code via the registration step...

6.1CVSS6.3AI score0.00213EPSS
Exploits0References2
The Hacker News
The Hacker News
added 2025/10/23 5:37 a.m.5 views

Critical Lanscope Endpoint Manager Bug Exploited in Ongoing Cyberattacks, CISA Confirms

The U.S. Cybersecurity and Infrastructure Security Agency CISA on Wednesday added a critical security flaw impacting Motex Lanscope Endpoint Manager to its Known Exploited Vulnerabilities KEV catalog, stating it has been actively exploited in the wild. The vulnerability, CVE-2025-61932 CVSS v4...

9.8CVSS9.3AI score0.02689EPSS
Exploits0
SUSE CVE
SUSE CVE
added 2025/10/23 12:9 a.m.5 views

SUSE CVE-2023-47113

BleachBit cleans files to free disk space and to maintain privacy. BleachBit for Windows up to version 4.4.2 is vulnerable to a DLL Hijacking vulnerability. By placing a DLL in the Folder c:\DLLs, an attacker can run arbitrary code on every execution of BleachBit for Windows. This issue has been...

7.3CVSS7.7AI score0.00247EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/10/23 12:0 a.m.2 views

CVE-2025-60859

Cross Site Scripting XSS vulnerability in Gnuboard 5.6.15 allows authenticated attackers to execute arbitrary code via crafted cid parameter in bbs/viewcomment.php...

6.1AI score0.00258EPSS
Exploits1References2
CNVD
CNVD
added 2025/10/23 12:0 a.m.2 views

ChanCMS Code Injection Vulnerability

ChanCMS is a content management system. A code injection vulnerability exists in ChanCMS 3.3.2 and earlier versions, which stems from the function getArticle in the file appmodulescmscontrollergather.js that fails to correctly filter the special elements of the constructed snippet. An attacker ca...

8.8CVSS8.1AI score0.00748EPSS
Exploits1References1
CNNVD
CNNVD
added 2025/10/23 12:0 a.m.4 views

17gz International Student service system 安全漏洞

17gz International Student service system is an online system for the enrollment service process from 17gz Inc. A security vulnerability exists in 17gz International Student service system version 1.0, which originates from a cross-site scripting vulnerability in the enrollment step that could le...

6.1CVSS6.3AI score0.00213EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/10/23 12:0 a.m.3 views

AutomationDirect Productivity Suite 安全漏洞

AutomationDirect Productivity Suite is a programmable logic controller programming software from AutomationDirect, Inc. A security vulnerability exists in AutomationDirect Productivity Suite version 4.4.1.19, which stems from a relative path traversal vulnerability that could lead to the executio...

8.8CVSS6.8AI score0.00506EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2025/10/23 12:0 a.m.6 views

PT-2025-43472

Name of the Vulnerable Software and Affected Versions Android affected versions not specified Description A flaw exists in the Framework component of Android operating systems related to insufficient protection of service data. Remote attackers may be able to escalate privileges. Multiple functio...

7.8CVSS7.3AI score0.00081EPSS
Exploits0References8
RedHat Linux
RedHat Linux
added 2025/10/22 7:56 p.m.4 views

thunderbird: firefox: Memory safety bugs

A flaw was found in Thunderbird and Firefox. The Mozilla Foundation's Security Advisory describes the following issue: Memory safety bugs present in Firefox ESR 115.28, Firefox ESR 140.3, Thunderbird ESR 140.3, Firefox 143 and Thunderbird 143. Some of these bugs showed evidence of memory corrupti...

8.8CVSS7.4AI score0.00306EPSS
Exploits0References6
Debian
Debian
added 2025/10/22 4:59 p.m.3 views

[SECURITY] [DLA 4341-1] gegl security update

------------------------------------------------------------------------- Debian LTS Advisory DLA-4341-1 [email protected] https://www.debian.org/lts/security/ Sylvain Beucler October 22, 2025 https://wiki.debian.org/LTS -...

7.8CVSS8.1AI score0.01439EPSS
Exploits0
Snyk
Snyk
added 2025/10/22 4:45 p.m.6 views

Deserialization of Untrusted Data

Overview scapy is a Python-based interactive packet manipulation program and library. Affected versions of this package are vulnerable to Deserialization of Untrusted Data via the loadsession process. An attacker can execute arbitrary code by convincing a user to load a malicious .pkl.gz session...

7.3CVSS7.6AI score
Exploits0References3
EUVD
EUVD
added 2025/10/22 4:45 p.m.8 views

EUVD-2025-35596

Scapy Session Loading Vulnerable to Arbitrary Code Execution via Untrusted Pickle Deserialization...

6.7AI score
Exploits0References3
OSV
OSV
added 2025/10/22 4:45 p.m.4 views

GHSA-CQ46-M9X9-J8W2 Scapy Session Loading Vulnerable to Arbitrary Code Execution via Untrusted Pickle Deserialization

Summary An unsafe deserialization vulnerability in Scapy Internally, this triggers: python main.py SESSION = pickle.loadgzip.opensessionname, "rb" Since no validation or restriction is performed on the deserialized object, any code embedded via reduce will be executed immediately. This makes it...

5.4CVSS6.2AI score
Exploits0References3
NVD
NVD
added 2025/10/22 4:15 p.m.22 views

CVE-2025-23299

NVIDIA Bluefield and ConnectX contain a vulnerability in the management interface that could allow a malicious actor with high privilege access to execute arbitrary code...

6.7CVSS0.00163EPSS
Exploits0References3
NVD
NVD
added 2025/10/22 3:16 p.m.6 views

CVE-2025-62526

OpenWrt Project is a Linux operating system targeting embedded devices. Prior to version 24.10.4, ubusd contains a heap buffer overflow in the event registration parsing code. This allows an attacker to modify the head and potentially execute arbitrary code in the context of the ubus daemon. The...

7.9CVSS0.00245EPSS
Exploits0References7
Rows per page
Query Builder