Lucene search
K

2438 matches found

CVE
CVE
added 2025/07/24 7:57 a.m.26 views

CVE-2025-26397

SolarWinds Observability Self-Hosted is affected by a Deserialization of Untrusted Data Local Privilege Escalation. A low-privilege attacker with local access and authentication can escalate to run code in a permission-protected folder. Connected sources provide concrete details: (1) root cause i...

7.8CVSS6.5AI score0.00288EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2025/07/24 7:57 a.m.10 views

CVE-2025-26397 SolarWinds Observability Self-Hosted Deserialization of Untrusted Data Local Privilege Escalation Vulnerability

SolarWinds Observability Self-Hosted is susceptible to Deserialization of Untrusted Data Local Privilege Escalation vulnerability. An attacker with low privileges can escalate privileges to run malicious files copied to a permission-protected folder. This vulnerability requires authentication fro...

7.8CVSS0.00288EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/07/24 12:0 a.m.4 views

PT-2025-30641 · Solarwinds · Solarwinds Observability Self-Hosted

Name of the Vulnerable Software and Affected Versions: SolarWinds Observability Self-Hosted affected versions not specified Description: SolarWinds Observability Self-Hosted is susceptible to a Deserialization of Untrusted Data Local Privilege Escalation issue. An attacker with low privileges can...

7.8CVSS6.6AI score0.00288EPSS
Exploits0References5
NVD
NVD
added 2025/07/22 10:15 a.m.10 views

CVE-2025-6213

The Nginx Cache Purge Preload plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 2.1.1 via the 'nppppreloadcacheonupdate' function. This is due to insufficient sanitization of the $SERVER'HTTPREFERERER' parameter passed from the...

7.2CVSS0.00683EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2025/07/21 3:10 a.m.10 views

CVE-2025-7661

The Partnerský systém Martinus plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'martinus' shortcode in all versions up to, and including, 1.7.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

6.4CVSS5.5AI score0.00182EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
added 2025/07/17 12:0 a.m.50 views

Cisco Identity Services Engine disableStrongSwanTunnel Deserialization of Untrusted Data Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Cisco Identity Services Engine. Authentication is required to exploit this vulnerability. The specific flaw exists within the implementation of the disableStrongSwanTunnel method. The issue results...

7.2CVSS7.7AI score0.06551EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
added 2025/07/17 12:0 a.m.3 views

Cisco Identity Services Engine handleStrongSwanTunnelStatus Deserialization of Untrusted Data Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Cisco Identity Services Engine. Authentication is required to exploit this vulnerability. The specific flaw exists within the implementation of the handleStrongSwanTunnelStatus method. The issue...

7.2CVSS7.7AI score0.12681EPSS
Exploits0References1
Snyk
Snyk
added 2025/07/15 7:27 p.m.2 views

Denial of Service (DoS)

Overview Affected versions of this package are vulnerable to Denial of Service DoS via the Optimizer component. An attacker can cause the server to hang or crash repeatedly by sending crafted requests over the network while authenticated with high privileges. Details Denial of Service DoS describ...

6.9CVSS6.9AI score0.00559EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2025/07/15 1:4 p.m.3 views

CVE-2025-34115

An authenticated command injection vulnerability exists in OP5 Monitor through version 7.1.9 via the 'cmdstr' parameter in the commandtest.php endpoint. A user with access to the web interface can exploit the 'Test this command' feature to execute arbitrary shell commands as the unprivileged web...

8.7CVSS6.1AI score0.02321EPSS
Exploits0References5
NCSC
NCSC
added 2025/07/14 6:6 a.m.10 views

Vulnerability fixed in Wing FTP Server

The developer of Wing FTP Server has fixed a vulnerability in version 7.4.4. The vulnerability is in the way Wing FTP Server processes null bytes in the user parameter. This allows a remote malicious person to inject arbitrary Lua code into session files, which can lead to the execution of...

10CVSS9.5AI score0.95343EPSS
Exploits23References2
RedhatCVE
RedhatCVE
added 2025/07/12 8:28 p.m.14 views

CVE-2025-53634

Chall-Manager is a platform-agnostic system able to start Challenges on Demand of a player. The HTTP Gateway processes headers, but with no timeout set. With a slow loris attack, an attacker could cause Denial of Service DoS. Exploitation does not require authentication nor authorization, so anyo...

8.7CVSS7.2AI score0.00444EPSS
Exploits0References1
OSV
OSV
added 2025/07/11 3:15 p.m.3 views

CVE-2025-52958

A Reachable Assertion vulnerability in the routing protocol daemon rpd of Juniper Networks Junos OS and Junos OS Evolved allows an adjacent, unauthenticated attacker to cause a Denial of Service DoS.On all Junos OS and Junos OS Evolved devices, when route validation is enabled, a rare condition...

6CVSS5.8AI score0.00211EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2025/07/11 12:0 a.m.4 views

Fortinet FortiManager SQLi (FG-IR-24-437)

The version of FortiManager installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the FG-IR-24-437 advisory. - An Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability CWE-89 in FortiManag...

2.7CVSS5.8AI score0.00247EPSS
Exploits0References2
OSV
OSV
added 2025/07/10 5:58 p.m.4 views

GHSA-GGMV-J932-Q89Q Chall-Manager's HTTP Gateway is vulnerable to DoS due to missing header timeout

Impact The HTTP Gateway processes headers, but with no timeout set. With a Slowloris attack, an attacker could cause Denial of Service DoS. Exploitation does not require authentication nor authorization, so anyone can exploit it. It should nonetheless not be exploitable as it is highly recommende...

8.7CVSS6.2AI score0.00444EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2025/07/09 3:14 p.m.5 views

CVE-2025-6805

Marvell QConvergeConsole deleteEventLogFile Directory Traversal Arbitrary File Deletion Vulnerability. This vulnerability allows remote attackers to delete arbitrary files on affected installations of Marvell QConvergeConsole. Authentication is not required to exploit this vulnerability. The...

9.1CVSS6.9AI score0.01134EPSS
Exploits0References1
CVE
CVE
added 2025/07/08 3:2 p.m.25 views

CVE-2025-5451

CVE-2025-5451 involves a stack-based buffer overflow in Ivanti Connect Secure prior to 22.7R2.8 and Ivanti Policy Secure prior to 22.7R1.5 that allows a remote authenticated attacker with admin rights to trigger a denial of service. Multiple connected sources confirm the vulnerability details and...

4.9CVSS7.3AI score0.0065EPSS
Exploits0References1Affected Software2
Vulnrichment
Vulnrichment
added 2025/07/07 2:51 p.m.3 views

CVE-2025-6801 Marvell QConvergeConsole saveNICParamsToFile Directory Traversal Arbitrary File Write Vulnerability

Marvell QConvergeConsole saveNICParamsToFile Directory Traversal Arbitrary File Write Vulnerability. This vulnerability allows remote attackers to create arbitrary files on affected installations of Marvell QConvergeConsole. Authentication is not required to exploit this vulnerability. The specif...

8.2CVSS6.9AI score0.01224EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/06/27 6:18 p.m.10 views

CVE-2025-5823

Autel MaxiCharger AC Wallbox Commercial Serial Number Exposed Dangerous Method Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Autel MaxiCharger AC Wallbox Commercial EV chargers. Authentication is...

4.9CVSS4.7AI score0.00453EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/06/26 3:51 p.m.5 views

CVE-2025-34042 Beward N100 IP Camera Remote Command Execution

An authenticated command injection vulnerability exists in the Beward N100 IP Camera firmware version M2.1.6.04C014 via the ServerName and TimeZone parameters in the servetest CGI page. An attacker with access to the web interface can inject arbitrary system commands into these parameters, which...

9.4CVSS8.2AI score0.01763EPSS
Exploits1References7
NVD
NVD
added 2025/06/26 2:15 p.m.4 views

CVE-2025-6710

MongoDB Server may be susceptible to stack overflow due to JSON parsing mechanism, where specifically crafted JSON inputs may induce unwarranted levels of recursion, resulting in excessive stack space consumption. Such inputs can lead to a stack overflow that causes the server to crash which coul...

7.5CVSS0.00307EPSS
Exploits0References1
Rows per page
Query Builder