Lucene search
K

2439 matches found

NVD
NVD
added 2025/08/13 9:15 p.m.8 views

CVE-2012-10055

ComSndFTP FTP Server version 1.3.7 Beta contains a format string vulnerability in its handling of the USER command. By sending a specially crafted username containing format specifiers, a remote attacker can overwrite a hardcoded function pointer in memory specifically WSACleanup from Ws232.dll...

9.3CVSS0.01993EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2025/08/13 3:28 p.m.5 views

CVE-2012-10039

ZEN Load Balancer versions 2.0 and 3.0-rc1 contain a command injection vulnerability in content2-2.cgi. The filelog parameter is passed directly into a backtick-delimited exec call without sanitation. An authenticated attacker can inject arbitrary shell commands, resulting in remote code executio...

9.4CVSS8.5AI score0.02451EPSS
Exploits0References1
Packet Storm
Packet Storm
added 2025/08/12 12:0 a.m.90 views

📄 VMware vSphere Client 8.0.3.0 Cross Site Scripting

VMware vSphere Client version 8.0.3.0 suffers from a cross site scripting vulnerability. VMware vSphere Client 8.0.3.0 - Reflected Cross-Site Scripting XSS - Exploit Title: VMware vSphere Client 8.0.3.0 - Reflected Cross-Site Scripting XSS - Date: 2025-08-08 - Exploit Author: Imraan Khan Lich-Sec...

4.3CVSS6.6AI score0.00785EPSS
Exploits2
Zero Day Initiative
Zero Day Initiative
added 2025/08/12 12:0 a.m.12 views

(0Day) Schneider Electric EcoStruxure Power Monitoring Expert GetFilteredSinkProvider Deserialization of Untrusted Data Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Schneider Electric EcoStruxure Power Monitoring Expert. Authentication is required to exploit this vulnerability. The specific flaw exists within the implementation of the GetFilteredSinkProvider...

8.8CVSS7.8AI score0.00618EPSS
Exploits0References2
Zero Day Initiative
Zero Day Initiative
added 2025/08/12 12:0 a.m.8 views

(0Day) Schneider Electric EcoStruxure Power Monitoring Expert HttpPostedFile Directory Traversal Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Schneider Electric EcoStruxure Power Monitoring Expert. Authentication is required to exploit this vulnerability. The specific flaw exists within the HttpPostedFile module. The issue results from the...

7.2CVSS7.7AI score0.00555EPSS
Exploits0References2
Zero Day Initiative
Zero Day Initiative
added 2025/08/12 12:0 a.m.9 views

(0Day) Schneider Electric EcoStruxure Power Monitoring Expert GetTgmlContent Directory Traversal Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Schneider Electric EcoStruxure Power Monitoring Expert. Authentication is required to exploit this vulnerability. The specific flaw exists within the GetTgmlContent method. The issue results...

4.9CVSS6.4AI score0.00847EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/08/08 6:11 p.m.12 views

CVE-2012-10046 E-Mail Security Virtual Appliance learn-msg.cgi Command Injection

The E-Mail Security Virtual Appliance ESVA tested on version ESVA2057 contains an unauthenticated command injection vulnerability in the learn-msg.cgi script. The CGI handler fails to sanitize user-supplied input passed via the id parameter, allowing attackers to inject arbitrary shell commands...

9.3CVSS0.03005EPSS
Exploits0References5
Zero Day Initiative
Zero Day Initiative
added 2025/08/06 12:0 a.m.6 views

(0Day) Vacron Camera ping Command Injection Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Vacron Camera devices. Authentication is required to exploit this vulnerability. The specific flaw exists within the webs.cgi endpoint. The issue results from the lack of proper validation of a...

7.2CVSS7.1AI score0.01251EPSS
Exploits0
NVD
NVD
added 2025/08/05 7:15 a.m.8 views

CVE-2025-8315

The WP Easy Contact plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘noaccessmsg’ parameter in all versions up to, and including, 4.0.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level...

6.4CVSS0.00223EPSS
Exploits0References4
Cvelist
Cvelist
added 2025/08/04 3:32 p.m.11 views

CVE-2025-8516 Kingdee Cloud-Starry-Sky Enterprise Edition IIS-K3CloudMiniApp FileUploadAction.class path traversal

A security vulnerability has been detected in Kingdee Cloud-Starry-Sky Enterprise Edition up to 8.2. This issue affects the function BaseServiceFactory.getFileUploadService.deleteFileAction of the file...

6.9CVSS0.00852EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 2025/08/02 8:22 p.m.4 views

CVE-2013-10039

A command injection vulnerability exists in GestioIP 3.0 commit ac67be and earlier in ipcheckhost.cgi. Crafted input to the 'ip' parameter allows attackers to execute arbitrary shell commands on the server via embedded base64-encoded payloads. Authentication may be required depending on deploymen...

8.7CVSS7.8AI score0.03268EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
added 2025/07/31 12:0 a.m.8 views

(Pwn2Own) QNAP QHora-322 gRPC WAN_ADDR6 Command Injection Remote Code Execution Vulnerability

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of QNAP QHora-322 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of gRPC messages. The issue results from the lack of prope...

7.5CVSS7.2AI score
Exploits0References1
Zero Day Initiative
Zero Day Initiative
added 2025/07/31 12:0 a.m.4 views

(Pwn2Own) QNAP QHora-322 Improper Restriction of Communication Channel to Intended Endpoints Vulnerability

This vulnerability allows network-adjacent attackers to access the management interface on affected installations of QNAP QHora-322 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the configuration of the management interface. The issue resul...

6.3CVSS7.2AI score
Exploits0References1
Zero Day Initiative
Zero Day Initiative
added 2025/07/29 12:0 a.m.5 views

(Pwn2Own) Tesla Wall Connector Firmware Downgrade Vulnerability

This vulnerability allows physically present attackers to execute arbitrary code on affected installations of Tesla Wall Connector devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the firmware upgrade feature. The issue results from the lack o...

6.8CVSS6.7AI score0.00365EPSS
Exploits0
RedHat Linux
RedHat Linux
added 2025/07/28 7:45 p.m.20 views

redis: Redis Hyperloglog Out-of-Bounds Write Vulnerability

A flaw was found in Redis. This flaw allows an authenticated user to trigger an integer overflow by sending a specially crafted string, resulting in a stack or heap out-of-bounds write during hyperloglog operations. This issue potentially results in remote code execution...

7.8CVSS7.7AI score0.03877EPSS
Exploits4References10
NVD
NVD
added 2025/07/28 9:15 a.m.5 views

CVE-2025-27801

The Episerver Content Management System CMS by Optimizely was affected by multiple Stored Cross-Site Scripting XSS vulnerabilities. This allowed an authenticated attacker to execute malicious JavaScript code in the victim's browser. ContentReference properties, which could be used in the "Edit"...

4.8CVSS0.00348EPSS
Exploits1References4
Zero Day Initiative
Zero Day Initiative
added 2025/07/28 12:0 a.m.5 views

Samsung MagicINFO 9 Server DeviceLogUploadServlet Directory Traversal Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Samsung MagicINFO 9 Server. Authentication is required to exploit this vulnerability. The specific flaw exists within the DeviceLogUploadServlet class. The issue results from the lack of proper...

7.2CVSS6.9AI score0.00589EPSS
Exploits0References1
Gitee
Gitee
added 2025/07/27 4:17 a.m.81 views

Exploit for CVE-2011-3918

This repository is an Android Exploits collection, containing various exploits and hacks for Android devices. The exploits are categorized into different types, including Denial of Service DoS and remote code execution. The DoS exploits include: Android FTPServer 1.9.0 Remote DoS CVE-2011-3918...

7.8CVSS9.9AI score0.02399EPSS
Exploits7
NVD
NVD
added 2025/07/24 10:15 a.m.3 views

CVE-2025-4608

The Structured Content plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's scfslocalbusiness shortcode in all versions up to, and including, 1.6.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

6.4CVSS0.00393EPSS
Exploits0References5
CVE
CVE
added 2025/07/24 9:22 a.m.25 views

CVE-2025-6262

CVE-2025-6262 : The WordPress plugin muse.ai video embedding is affected by a Stored Cross-Site Scripting (Stored XSS) flaw in the plugin’s shortcodes (muse-ai). Affected versions: all up to and including 0.4. The issue arises from insufficient input sanitization and inadequate output escaping on...

6.4CVSS5.5AI score0.0038EPSS
Exploits0References3
Rows per page
Query Builder