Lucene search
K

120951 matches found

OSV
OSV
added 2025/10/09 5:59 p.m.6 views

USN-7817-1 webkit2gtk vulnerabilities

Several security issues were discovered in the WebKitGTK Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and...

9.8CVSS6.3AI score0.00952EPSS
Exploits0References5
NVD
NVD
added 2025/10/09 4:15 p.m.4 views

CVE-2025-61532

Cross Site Scripting vulnerability in SVX Portal v.2.7A to execute arbitrary code via the TG parameter on lastheardpage.php component...

6.1CVSS0.00259EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2025/10/09 10:52 a.m.9 views

libtiff: Libtiff Write-What-Where

A flaw was found in Libtiff. This vulnerability is a "write-what-where" condition, triggered when the library processes a specially crafted TIFF image file. By providing an abnormally large image height value in the file's metadata, an attacker can trick the library into writing attacker-controll...

8.8CVSS7.6AI score0.00739EPSS
Exploits0References8
ICS
ICS
added 2025/10/09 6:0 a.m.5 views

Rockwell Automation Stratix

RISK EVALUATION Successful exploitation of this vulnerability could result in arbitrary code execution. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability, such as: Minimize network exposure for all control system...

7.7CVSS7.8AI score0.37613EPSS
Exploits1References11
ICS
ICS
added 2025/10/09 6:0 a.m.8 views

Rockwell Automation Lifecycle Services with Cisco

RISK EVALUATION Successful exploitation of this vulnerability could result in arbitrary code execution. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability, such as: Minimize network exposure for all control system...

7.7CVSS7.8AI score0.37613EPSS
Exploits1References11
Cvelist
Cvelist
added 2025/10/09 5:23 a.m.9 views

CVE-2025-7634 WP Travel Engine – Tour Booking Plugin – Tour Operator Software <= 6.6.7 - Unauthenticated Local File Inclusion

The WP Travel Engine – Tour Booking Plugin – Tour Operator Software plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 6.6.7 via the mode parameter. This makes it possible for unauthenticated attackers to include and execute arbitrary .php files on th...

9.8CVSS0.00761EPSS
Exploits0References3
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2025/10/09 4:39 a.m.6 views

Multiple vulnerabilities in FUJI Electric V-SFT

Overview V-SFT provided by FUJI ELECTRIC CO., LTD. contains multiple vulnerabilities listed below. Stack-based buffer overflow in VS6ComFile!CV7BaseMap::WriteV7DataToRom CWE-121 - CVE-2025-61856 Out-of-bounds write in VS6ComFile!CItemExChange::WinFontDynStrCheck CWE-787 - CVE-2025-61857...

8.4CVSS7.6AI score0.00181EPSS
Exploits0References15
RedhatCVE
RedhatCVE
added 2025/10/09 12:14 a.m.8 views

CVE-2025-60834

A fastjson deserialization vulnerability in uzy-ssm-mall v1.1.0 allows attackers to execute arbitrary code via supplying a crafted input...

6.5CVSS7.8AI score0.00329EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/10/09 12:14 a.m.11 views

CVE-2025-60833

An XML External Entity XXE vulnerability in the /mall/wxpay/pay component of uzy-ssm-mall v1.1.0 allows attackers to execute arbitrary code via supplying crafted XML data...

6.5CVSS7.9AI score0.00321EPSS
Exploits1References1
CVE
CVE
added 2025/10/09 12:0 a.m.12 views

CVE-2025-45095

CVE-2025-45095 affects Lavasoft Web Companion (Ad-Aware WebCompanion) versions 8.9.0.1091 through 12.1.3.1037. The root cause is an unquoted service path in the DCIService.exe service, which could allow an attacker with filesystem write access to place a malicious executable and execute arbitrary...

7.3CVSS7.3AI score0.00269EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/10/09 12:0 a.m.1 views

CVE-2025-56683

A cross-site scripting XSS vulnerability in the component /app/marketplace.html of Logseq v0.10.9 allows attackers to execute arbitrary code via injecting arbitrary Javascript into a crafted README.md file...

6AI score0.00422EPSS
Exploits1References4
CNNVD
CNNVD
added 2025/10/09 12:0 a.m.2 views

Newforma Project Center Server 安全漏洞

Newforma Project Center Server is a project information management solution for the Architecture, Engineering and Construction AEC industry from Newforma for centralized storage and management of project documents and collaboration. A code execution vulnerability exists in Newforma Project Center...

9.8CVSS7.7AI score0.00772EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2025/10/09 12:0 a.m.4 views

CVE-2025-61532

Cross Site Scripting vulnerability in SVX Portal v.2.7A to execute arbitrary code via the TG parameter on lastheardpage.php component...

6.8AI score0.00259EPSS
Exploits0References3
CVE
CVE
added 2025/10/09 12:0 a.m.22 views

CVE-2025-61532

CVE-2025-61532 describes a Cross Site Scripting vulnerability in SVX Portal v2.7A affecting the last_heard_page.php component, exploitable via the TG parameter to execute arbitrary code. The issue is documented across multiple feeds (NVD, Red Hat, CNNVD, CVE records) with an impact described as a...

6.1CVSS6.8AI score0.00259EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/09 12:0 a.m.5 views

EUVD-2025-33355

Cross Site Scripting vulnerability in SVX Portal v.2.7A to execute arbitrary code via the TG parameter on lastheardpage.php component...

6.1CVSS6.7AI score0.00259EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2025/10/09 12:0 a.m.3 views

Ubuntu 20.04 LTS / 22.04 LTS / 24.04 LTS : FORT Validator vulnerabilities (USN-7813-1)

The remote Ubuntu 20.04 LTS / 22.04 LTS / 24.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-7813-1 advisory. Niklas Vogel and Haya Schulmann discovered that FORT Validator did not perform proper input validation when parsing certain RPKI...

9.8CVSS6.1AI score0.00481EPSS
Exploits0References8
Tenable Nessus
Tenable Nessus
added 2025/10/09 12:0 a.m.5 views

AlmaLinux 10 : git (ALSA-2025:11533)

The remote AlmaLinux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2025:11533 advisory. git: Git does not sanitize URLs when asking for credentials interactively CVE-2024-50349 git: Newline confusion in credential helpers can lead to...

8.6CVSS8.4AI score0.02775EPSS
Exploits9References9
OSV
OSV
added 2025/10/08 5:12 p.m.5 views

USN-7812-1 imagemagick vulnerabilities

Woojin Park, Hojun Lee, Yougin Won and Siyeon Han discovered that ImageMagick did not properly sanitize image file names. An attacker could possibly use this issue to cause a denial of service, obtain sensitive information, or execute arbitrary code. CVE-2025-55298 Lumina Mescuwa discovered that...

8.8CVSS7.3AI score0.04065EPSS
Exploits2References3
NVD
NVD
added 2025/10/08 3:16 p.m.3 views

CVE-2025-60834

A fastjson deserialization vulnerability in uzy-ssm-mall v1.1.0 allows attackers to execute arbitrary code via supplying a crafted input...

6.5CVSS0.00329EPSS
Exploits1References2
OSV
OSV
added 2025/10/08 3:16 p.m.3 views

CVE-2025-60834

A fastjson deserialization vulnerability in uzy-ssm-mall v1.1.0 allows attackers to execute arbitrary code via supplying a crafted input...

6.5CVSS6.1AI score0.00329EPSS
Exploits1References2
Rows per page
Query Builder