Lucene search
K

110 matches found

RedhatCVE
RedhatCVE
added 2025/05/22 7:58 p.m.13 views

CVE-2021-36260

A command injection vulnerability in the web server of some Hikvision product. Due to the insufficient input validation, attacker can exploit the vulnerability to launch a command injection attack by sending some messages with malicious commands...

9.8CVSS7.3AI score0.99869EPSS
Exploits23References1
CVE
CVE
added 2025/05/17 10:0 p.m.44 views

CVE-2025-4839

CVE-2025-4839 affects itwanger paicoding versions 1.0.0–1.0.3. Affects CrossUtil.java in the paicoding-core path, enabling a permissive cross-domain policy with untrusted domains. Vectors: remote exploitation with rather high complexity; exploitation described as difficult but publicly disclosed....

8.1CVSS4AI score0.00252EPSS
Exploits1References4Affected Software1
NVD
NVD
added 2025/05/02 12:15 a.m.9 views

CVE-2025-4186

A vulnerability, which was classified as critical, was found in Wangshen SecGate 3600 2024. Affected is an unknown function of the file /?g=routeispinfoexportsave. The manipulation of the argument filename leads to path traversal. It is possible to launch the attack remotely. The exploit has been...

6.5CVSS0.00381EPSS
Exploits0References4
Cvelist
Cvelist
added 2025/04/27 7:0 p.m.21 views

CVE-2025-3982 nortikin Sverchok Set Property Mk2 Node getsetprop_mk2.py SvSetPropNodeMK2 prototype pollution

A vulnerability, which was classified as problematic, was found in nortikin Sverchok 1.3.0. Affected is the function SvSetPropNodeMK2 of the file sverchok/nodes/objectnodes/getsetpropmk2.py of the component Set Property Mk2 Node. The manipulation leads to improperly controlled modification of...

5.3CVSS0.00523EPSS
Exploits1References4
OSV
OSV
added 2025/04/26 9:31 p.m.3 views

CVE-2025-3954 ChurchCRM Referer server-side request forgery

A vulnerability, which was classified as problematic, has been found in ChurchCRM 5.16.0. Affected by this issue is some unknown functionality of the component Referer Handler. The manipulation leads to server-side request forgery. The attack may be launched remotely. The complexity of an attack ...

6.3CVSS4.5AI score0.00483EPSS
Exploits1References6
CNVD
CNVD
added 2025/04/18 12:0 a.m.2 views

Dell Common Event Enabler Unauthorized Access Vulnerability

Dell Common Event Enabler is a framework from Dell USA. An unauthorized access vulnerability exists in Dell Common Event Enabler. The vulnerability stems from a communication channel that does not properly restrict the target endpoint, resulting in unauthorized access. An attacker could exploit...

8.3CVSS6.2AI score0.00255EPSS
Exploits0References1
CVE
CVE
added 2025/03/31 12:0 a.m.61 views

CVE-2025-2967

CVE-2025-2967 has been withdrawn/rejected across multiple catalogs (NVD, CVE List) per the initial and linked records. Connected sources describe a separate ConcreteCMS vulnerability (up to 9.3.9) involving XSS via the Save function in the HTML Block Handler, enabling remote exploitation and with...

4.3AI score
Exploits0
RedhatCVE
RedhatCVE
added 2025/03/22 11:12 a.m.7 views

CVE-2024-8789

Lunary-ai/lunary version git 105a3f6 is vulnerable to a Regular Expression Denial of Service ReDoS attack. The application allows users to upload their own regular expressions, which are then executed on the server side. Certain regular expressions can have exponential runtime complexity relative...

7.5CVSS7AI score0.00761EPSS
Exploits1References1
NVD
NVD
added 2025/03/21 8:15 a.m.20 views

CVE-2025-2584

A vulnerability was found in WebAssembly wabt 1.0.36. It has been declared as critical. This vulnerability affects the function BinaryReaderInterp::GetReturnCallDropKeepCount of the file wabt/src/interp/binary-reader-interp.cc. The manipulation leads to heap-based buffer overflow. The attack can ...

6.8CVSS0.0047EPSS
Exploits1References5
CVE
CVE
added 2025/03/21 7:31 a.m.64 views

CVE-2025-2584

CVE-2025-2584 affects WebAssembly wabt 1.0.36. The vulnerability targets BinaryReaderInterp::GetReturnCallDropKeepCount in wabt/src/interp/binary-reader-interp.cc, enabling a heap-based buffer overflow. It can be triggered remotely; exploitation is deemed high complexity, and user interaction is ...

6.8CVSS5.2AI score0.0047EPSS
Exploits1References5Affected Software1
CVE
CVE
added 2025/03/21 6:31 a.m.77 views

CVE-2025-2583

The CVE-2025-2583 entry concerns SimpleMachines SMF 2.1.4, with a cross-site scripting flaw in ManageNews.php triggered by manipulating the subject/message argument. Exploitation is described as possible remotely, and public PoCs are referenced, but the real existence of the vulnerability is expl...

6.1CVSS4.9AI score0.00362EPSS
Exploits1References5Affected Software1
Cvelist
Cvelist
added 2025/02/27 5:31 p.m.13 views

CVE-2025-1745 LinZhaoguan pb-cms Logout cross-site request forgery

A vulnerability has been found in LinZhaoguan pb-cms 2.0 and classified as problematic. This vulnerability affects unknown code of the component Logout. The manipulation leads to cross-site request forgery. The attack can be initiated remotely. The exploit has been disclosed to the public and may...

5.3CVSS0.0026EPSS
Exploits1References4
Cvelist
Cvelist
added 2025/02/11 5:37 p.m.24 views

CVE-2025-24407 Adobe Commerce | Incorrect Authorization (CWE-863)

Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by an Incorrect Authorization vulnerability that could result in a security feature bypass. A low privileged attacker could exploit this vulnerability to perform actions with permissions that we...

7.1CVSS0.00726EPSS
Exploits0References1
Hacker One
Hacker One
added 2025/01/10 12:59 p.m.835 views

Cosmos: Attacker can use any non-enabled capability

The Capabilites implementation in CosmWasm contracts was found to have a vulnerability. Even if the executing chain did not allow a specific capability, a CosmWasm contract could still execute actions that required that capability. This was due to a naive implementation of capabilities and...

7.1AI score
Exploits0
CNVD
CNVD
added 2025/01/03 12:0 a.m.6 views

Google Android Denial of Service Vulnerability (CNVD-2025-03020)

Google Android is a Linux-based open source operating system from Google. Google Android suffers from a denial of service vulnerability that can be exploited by attackers to cause a denial of service...

6.5CVSS7.9AI score0.00208EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/12/31 10:31 p.m.8 views

CVE-2024-13085 PHPGurukul Land Record System login.php sql injection

A vulnerability, which was classified as critical, has been found in PHPGurukul Land Record System 1.0. Affected by this issue is some unknown functionality of the file /admin/login.php. The manipulation of the argument username leads to sql injection. The attack may be launched remotely. The...

7.5CVSS7.6AI score0.00496EPSS
Exploits0References4
NVD
NVD
added 2024/12/22 8:15 a.m.17 views

CVE-2024-12893

A vulnerability, which was classified as problematic, has been found in Portabilis i-Educar up to 2.9. Affected by this issue is some unknown functionality of the file /usuarios/tipos/2 of the component Tipo de Usuário Page. The manipulation of the argument name leads to cross site scripting. The...

5.4CVSS0.00472EPSS
Exploits1References4
CNVD
CNVD
added 2024/12/18 12:0 a.m.9 views

SQL Injection Vulnerability in OA System of Jiangsu Wave Information Consulting Co.

Jiangsu Wave Information Consulting Co. A SQL injection vulnerability exists in the OA system of Jiangsu Wave Information Consulting Co. Ltd, which can be exploited by attackers to obtain sensitive information from the database...

7.5AI score
Exploits0
CNVD
CNVD
added 2024/11/21 12:0 a.m.6 views

Open5GS Denial of Service Vulnerability (CNVD-2025-08920)

Open5GS is an open source implementation in C of 5G Core and Epc, the core network of the Lte/Nr network. A denial of service vulnerability exists in Open5GS. An attacker could exploit this vulnerability to cause a denial of service in the system...

7.5CVSS6.7AI score0.01028EPSS
Exploits1References1
CNVD
CNVD
added 2024/10/31 12:0 a.m.8 views

Denial of Service Vulnerability in Cisco Firepower Threat Defense and Cisco FirePOWER Services

Cisco Firepower Threat Defense FTD and Cisco FirePOWER Services are both products of Cisco, Inc. Cisco Firepower Threat Defense is a suite of unified software that provides next-generation firewall services. Cisco FirePOWER Services is a comprehensive security solution designed to enhance network...

8.6CVSS7.1AI score0.00736EPSS
Exploits0References1
Rows per page
Query Builder