Lucene search
K

206161 matches found

OSV
OSV
added 2026/01/12 4:16 p.m.3 views

CVE-2025-66939

Cross Site Scripting vulnerability in 66biolinks by AltumCode v.61.0.1 allows an attacker to execute arbitrary code via a crafted favicon file...

5.4CVSS6.1AI score0.00223EPSS
Exploits1References2
Cvelist
Cvelist
added 2026/01/12 12:0 a.m.22 views

CVE-2025-29329

Buffer Overflow in the ippprint Internet Printing Protocol service in Sagemcom F@st 3686 MAGYAR4.121.0 allows remote attacker to execute arbitrary code by sending a crafted HTTP request...

0.01183EPSS
Exploits2References3
CVE
CVE
added 2026/01/12 12:0 a.m.13 views

CVE-2025-66939

CVE-2025-66939 is a Cross Site Scripting vulnerability in AltumCode’s 66biolinks, version 61.0.1, where specially crafted favicon files can cause an attacker to execute arbitrary code. The root cause is described as improper handling of favicon files that triggers XSS. The affected software is 66...

5.4CVSS6.6AI score0.00223EPSS
Exploits1References2Affected Software1
Zero Day Initiative
Zero Day Initiative
added 2026/01/12 12:0 a.m.9 views

(0Day) npm cli Uncontrolled Search Path Element Local Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on affected installations of npm cli. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the handling of modules. The...

7.8CVSS7.5AI score0.00286EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2026/01/11 7:33 a.m.10 views

CVE-2026-0821

A flaw was found in quickjs-ng. A remote attacker can exploit a heap-based buffer overflow vulnerability in the jstypedarrayconstructor function of the quickjs.c file by executing a specially crafted manipulation. This vulnerability may lead to information disclosure, denial of service, or...

9.8CVSS7.4AI score0.00443EPSS
Exploits1References10
CNNVD
CNNVD
added 2026/01/11 12:0 a.m.3 views

UTT 520W 安全漏洞

The UTT 520W is a wireless router from China Aitai UTT. A security vulnerability exists in the UTT 520W version 1.7.7-180627, which originates from a buffer overflow in the operation of the function strcpy on the parameter timestart in the file /goform/formConfigNoticeConfig, which could lead to...

9CVSS9.1AI score0.03707EPSS
Exploits1References4
CNNVD
CNNVD
added 2026/01/11 12:0 a.m.3 views

UTT 520W 安全漏洞

The UTT 520W is a wireless router from China Aitai UTT. A security vulnerability exists in the UTT 520W version 1.7.7-180627, which originates from a buffer overflow in the operation of the function strcpy on the parameter wepkey1 in the file /goform/APSecurity, which could lead to the execution ...

9CVSS9.1AI score0.00975EPSS
Exploits1References4
CNNVD
CNNVD
added 2026/01/11 12:0 a.m.5 views

UTT 520W 安全漏洞

UTT 520W is a wireless router from China Aitai UTT. A security vulnerability exists in the UTT 520W version 1.7.7-180627, which originates from a buffer overflow in the operation of the function strcpy on the parameter GroupName in the file /goform/formFireWall, which could lead to the execution ...

9CVSS9.1AI score0.03409EPSS
Exploits1References4
RedhatCVE
RedhatCVE
added 2026/01/10 5:41 a.m.6 views

CVE-2025-66715

A DLL hijacking vulnerability in Axtion ODISSAAS ODIS v1.8.4 allows attackers to execute arbitrary code via a crafted DLL file...

6.5CVSS7.8AI score0.00211EPSS
Exploits0References1
Debian
Debian
added 2026/01/10 3:32 a.m.9 views

[SECURITY] [DSA 6097-1] chromium security update

------------------------------------------------------------------------- Debian Security Advisory DSA-6097-1 [email protected] https://www.debian.org/security/ Andres Salomon January 09, 2026 https://www.debian.org/security/faq -...

8.8CVSS7.1AI score0.06545EPSS
Exploits2
NVD
NVD
added 2026/01/10 2:15 a.m.4 views

CVE-2026-22609

Fickling is a Python pickling decompiler and static analyzer. Prior to version 0.1.7, the unsafeimports method in Fickling's static analyzer fails to flag several high-risk Python modules that can be used for arbitrary code execution. Malicious pickles importing these modules will not be detected...

9.3CVSS0.00554EPSS
Exploits1References6
CNNVD
CNNVD
added 2026/01/10 12:0 a.m.5 views

QuickJS 安全漏洞

QuickJS is QuickJS open source a small and embeddable Javascript engine . A security vulnerability exists in QuickJS 0.11.0 and earlier versions, which is caused by a heap buffer overflow in the function jstypedarrayconstructor in the file quickjs.c, which could lead to the execution of arbitrary...

9.8CVSS7.6AI score0.00443EPSS
Exploits1References8
Snyk
Snyk
added 2026/01/09 10:52 p.m.2 views

Arbitrary Code Injection

Overview uni2ts is an Unified Training of Universal Time Series Forecasting Transformers Affected versions of this package are vulnerable to Arbitrary Code Injection via the decodedistroutput function. An attacker can execute arbitrary code by supplying crafted input that is improperly handled...

9.8CVSS8AI score0.00372EPSS
Exploits0References2
Snyk
Snyk
added 2026/01/09 10:29 p.m.4 views

Deserialization of Untrusted Data

Overview fickling is an A static analyzer and interpreter for Python pickle data Affected versions of this package are vulnerable to Deserialization of Untrusted Data in the analysis of pickle files, where import nodes for certain modules such as builtins are not emitted in the abstract syntax...

9.3CVSS7.6AI score0.00264EPSS
Exploits0References2
OSV
OSV
added 2026/01/09 8:15 p.m.5 views

CVE-2025-66715

A DLL hijacking vulnerability in Axtion ODISSAAS ODIS v1.8.4 allows attackers to execute arbitrary code via a crafted DLL file...

6.5CVSS6.2AI score0.00211EPSS
Exploits0References2
NVD
NVD
added 2026/01/09 5:15 p.m.7 views

CVE-2025-70161

EDIMAX BR-6208AC V21.02 is vulnerable to Command Injection. This arises because the pppUserName field is directly passed to a shell command via the system function without proper sanitization. An attacker can exploit this by injecting malicious commands into the pppUserName field, allowing...

9.8CVSS0.24101EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/01/09 12:47 p.m.8 views

CVE-2005-1632

Cheetah 0.9.15 and 0.9.16 searches the /tmp directory for modules before using the paths in the PYTHONPATH variable, which allows local users to execute arbitrary code via a malicious module in /tmp/...

7.2CVSS7.5AI score0.00433EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 12:47 p.m.8 views

CVE-2005-1434

Multiple unknown vulnerabilities in OpenView Network Node Manager OV NNM 6.2, 6.4, 7.01, and 7.50 allow attackers to cause a denial of service or execute arbitrary code...

7.5CVSS7.8AI score0.03954EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 12:46 p.m.12 views

CVE-2005-1580

users.ini.php in BoastMachine 3.0 does not properly restrict the types of files that can be uploaded, which allows remote attackers to execute arbitrary code...

7.5CVSS7.8AI score0.02688EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 12:45 p.m.9 views

CVE-2005-1881

upload.php in YaPiG 0.92b, 0.93u and 0.94u does not properly restrict the file extension for uploaded image files, which allows remote attackers to upload arbitrary files and execute arbitrary PHP code...

7.5CVSS7.8AI score0.03429EPSS
Exploits1References1
Rows per page
Query Builder