Lucene search
K

120958 matches found

EUVD
EUVD
added 2025/10/09 12:0 a.m.5 views

EUVD-2025-33355

Cross Site Scripting vulnerability in SVX Portal v.2.7A to execute arbitrary code via the TG parameter on lastheardpage.php component...

6.1CVSS6.7AI score0.00259EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2025/10/09 12:0 a.m.3 views

Ubuntu 20.04 LTS / 22.04 LTS / 24.04 LTS : FORT Validator vulnerabilities (USN-7813-1)

The remote Ubuntu 20.04 LTS / 22.04 LTS / 24.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-7813-1 advisory. Niklas Vogel and Haya Schulmann discovered that FORT Validator did not perform proper input validation when parsing certain RPKI...

9.8CVSS6.1AI score0.00481EPSS
Exploits0References8
Tenable Nessus
Tenable Nessus
added 2025/10/09 12:0 a.m.5 views

AlmaLinux 10 : git (ALSA-2025:11533)

The remote AlmaLinux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2025:11533 advisory. git: Git does not sanitize URLs when asking for credentials interactively CVE-2024-50349 git: Newline confusion in credential helpers can lead to...

8.6CVSS8.4AI score0.02775EPSS
Exploits9References9
OSV
OSV
added 2025/10/08 5:12 p.m.5 views

USN-7812-1 imagemagick vulnerabilities

Woojin Park, Hojun Lee, Yougin Won and Siyeon Han discovered that ImageMagick did not properly sanitize image file names. An attacker could possibly use this issue to cause a denial of service, obtain sensitive information, or execute arbitrary code. CVE-2025-55298 Lumina Mescuwa discovered that...

8.8CVSS7.3AI score0.04065EPSS
Exploits2References3
NVD
NVD
added 2025/10/08 3:16 p.m.3 views

CVE-2025-60834

A fastjson deserialization vulnerability in uzy-ssm-mall v1.1.0 allows attackers to execute arbitrary code via supplying a crafted input...

6.5CVSS0.00329EPSS
Exploits1References2
OSV
OSV
added 2025/10/08 3:16 p.m.3 views

CVE-2025-60834

A fastjson deserialization vulnerability in uzy-ssm-mall v1.1.0 allows attackers to execute arbitrary code via supplying a crafted input...

6.5CVSS6.1AI score0.00329EPSS
Exploits1References2
NVD
NVD
added 2025/10/08 2:15 p.m.8 views

CVE-2025-60833

An XML External Entity XXE vulnerability in the /mall/wxpay/pay component of uzy-ssm-mall v1.1.0 allows attackers to execute arbitrary code via supplying crafted XML data...

6.5CVSS0.00321EPSS
Exploits1References2
EUVD
EUVD
added 2025/10/08 12:32 a.m.6 views

EUVD-2025-31861

A vulnerability was detected in code-projects E-Commerce Website 1.0. Impacted is an unknown function of the file /pages/editorderdetails.php. The manipulation of the argument orderid results in sql injection. The attack may be launched remotely. The exploit is now public and may be used...

7.5CVSS7.3AI score0.00376EPSS
Exploits1References7
CVE
CVE
added 2025/10/08 12:0 a.m.13 views

CVE-2025-60834

The CVE-2025-60834 issue affects uzy-ssm-mall v1.1.0 and is caused by a fastjson deserialization flaw that allows arbitrary code execution when processing crafted input. Public references across NVD/Red Hat/CNNVD/CIRCL/CVE lists confirm the same description; exploitation status is not detailed in...

6.5CVSS7.5AI score0.00329EPSS
Exploits1References2Affected Software1
CVE
CVE
added 2025/10/08 12:0 a.m.13 views

CVE-2025-60833

CVE-2025-60833 (uzy-ssm-mall v1.1.0) : An XML External Entity (XXE) flaw in the /mall/wxpay/pay component allows an attacker to execute arbitrary code by supplying crafted XML data. Root cause: XXE in the XML parsing path. Affected software is uzy-ssm-mall v1.1.0; document does not provide a fixe...

6.5CVSS7.6AI score0.00321EPSS
Exploits1References2Affected Software1
CNNVD
CNNVD
added 2025/10/08 12:0 a.m.4 views

uzy-ssm-mall 安全漏洞

uzy-ssm-mall yuzu cloud e-commerce is an SSM framework by ghostxbh individual developer for building e-commerce, bookstore malls, customer management, and more. A security vulnerability exists in uzy-ssm-mall version 1.1.0, which stems from improper fastjson deserialization and could lead to the...

6.5CVSS7AI score0.00329EPSS
Exploits1References3
Cvelist
Cvelist
added 2025/10/08 12:0 a.m.8 views

CVE-2025-60834

A fastjson deserialization vulnerability in uzy-ssm-mall v1.1.0 allows attackers to execute arbitrary code via supplying a crafted input...

0.00329EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2025/10/08 12:0 a.m.3 views

PT-2025-41267

Name of the Vulnerable Software and Affected Versions uzy-ssm-mall version 1.1.0 Description A fastjson deserialization issue exists in uzy-ssm-mall version 1.1.0. This allows attackers to execute arbitrary code by providing a specially crafted input. The vulnerability relates to how the software...

6.5CVSS7.4AI score0.00329EPSS
Exploits1References5
Vulnrichment
Vulnrichment
added 2025/10/08 12:0 a.m.2 views

CVE-2025-60834

A fastjson deserialization vulnerability in uzy-ssm-mall v1.1.0 allows attackers to execute arbitrary code via supplying a crafted input...

7.5AI score0.00329EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2025/10/08 12:0 a.m.5 views

CVE-2025-60833

An XML External Entity XXE vulnerability in the /mall/wxpay/pay component of uzy-ssm-mall v1.1.0 allows attackers to execute arbitrary code via supplying crafted XML data...

7.6AI score0.00321EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2025/10/08 12:0 a.m.2 views

Ubuntu 16.04 LTS / 18.04 LTS : GStreamer Base Plugins vulnerabilities (USN-7807-1)

The remote Ubuntu 16.04 LTS / 18.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-7807-1 advisory. Michael Randrianantenaina discovered that GStreamer Base Plugins did not correctly handle certain integer operations. An attacker could...

9.8CVSS7.4AI score0.01812EPSS
Exploits2References11
RedhatCVE
RedhatCVE
added 2025/10/07 11:13 p.m.5 views

CVE-2025-60956

Cross Site Request Forgery CSRF vulnerability in EndRun Technologies Sonoma D12 Network Time Server GPS F/W 6010-0071-000 Ver 4.00 allows attackers to execute arbitrary code, cause a denial of service, gain escalated privileges, and gain sensitive information...

8CVSS7.5AI score0.00204EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/10/07 7:22 p.m.4 views

CVE-2025-60960

OS Command Injection vulnerability in EndRun Technologies Sonoma D12 Network Time Server GPS F/W 6010-0071-000 Ver 4.00 allows attackers to execute arbitrary code, cause a denial of service, gain escalated privileges, and gain sensitive information...

8.2CVSS7.9AI score0.01221EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/10/07 7:22 p.m.5 views

CVE-2025-60957

OS Command Injection vulnerability in EndRun Technologies Sonoma D12 Network Time Server GPS F/W 6010-0071-000 Ver 4.00 allows attackers to execute arbitrary code, cause a denial of service, gain escalated privileges, and gain sensitive information...

9.9CVSS7.9AI score0.01617EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/07 2:31 p.m.2 views

EUVD-2023-58462

A potential security vulnerability has been identified in HP Sure Start’s protection of the Intel Flash Descriptor in certain HP PC products, which might allow security bypass, arbitrary code execution, loss of integrity or confidentiality, or denial of service. HP is releasing BIOS updates to...

7.2CVSS6.9AI score0.00205EPSS
Exploits1References2
Rows per page
Query Builder