Lucene search
K

14 matches found

Vulnrichment
Vulnrichment
added 2026/04/09 9:32 p.m.5 views

CVE-2025-13914 Apstra: SSH host key validation vulnerability for managed devices

A Key Exchange without Entity Authentication vulnerability in the SSH implementation of Juniper Networks Apstra allows a unauthenticated, MITM attacker to impersonate managed devices. Due to insufficient SSH host key validation an attacker can perform a machine-in-the-middle attack on the SSH...

8.7CVSS5.8AI score0.00281EPSS
Exploits0References1
EUVD
EUVD
added 2025/11/07 1:8 p.m.4 views

EUVD-2025-38250

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection', CWE - 564 - SQL Injection: Hibernate vulnerability in GG Soft Software Services Inc. PaperWork allows Blind SQL Injection, SQL Injection.This issue affects PaperWork: from 6.1.0.9390 before 6.1.0.9398...

8.8CVSS7.2AI score0.00294EPSS
Exploits0References2
OSV
OSV
added 2025/09/23 6:15 p.m.4 views

CVE-2025-4993

Untrusted Pointer Dereference vulnerability in RTI Connext Professional Core Libraries allows Pointer Manipulation.This issue affects Connext Professional: from 7.4.0 before 7.6.0, from 7.0.0 before 7.3.0.10, from 6.1.0 before 6.1.2.27, from 6.0.0 before 6.0., from 5.3.0 before 5.3., from 4.4a...

9.1CVSS5.8AI score0.00345EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 5:35 a.m.8 views

CVE-2017-11197

In CyberArk Viewfinity 5.5.10.95 and 6.x before 6.1.1.220, a low privilege user can escalate to an administrative user via a bug within the "add printer" option...

7.8CVSS7.4AI score0.00985EPSS
Exploits3References1
Positive Technologies
Positive Technologies
added 2025/02/11 12:0 a.m.4 views

PT-2025-6175 · Wattsense · Wattsense Bridge

Name of the Vulnerable Software and Affected Versions: Wattsense Bridge versions prior to 6.1.0 Description: An authenticated attacker can use the Plugin Manager of the web interface to upload malicious Python files, enabling remote root access to the device. The attacker needs a valid user accou...

8.8CVSS7.3AI score0.00649EPSS
Exploits1References8
Positive Technologies
Positive Technologies
added 2023/07/12 12:0 a.m.5 views

PT-2023-4067 · Apache · Apache Airflow Hive Provider

Name of the Vulnerable Software and Affected Versions: Apache Airflow Apache Hive Provider versions prior to 6.1.2 Description: The issue is related to improper input validation, which can be exploited by a remote attacker to impact the confidentiality, integrity, and availability of protected...

9CVSS7.2AI score0.01151EPSS
Exploits0References9
Microsoft CVE
Microsoft CVE
added 2023/03/10 8:0 a.m.5 views

A flaw was found in the USB redirector device emulation of QEMU in versions prior to 6.1.0-rc2. It occurs when dropping packets during a bulk transfer from a SPICE client due to the packet queue being full. A malicious SPICE client could use this flaw to make QEMU call free() with faked heap chunk metadata resulting in a crash of QEMU or potential code execution with the privileges of the QEMU process on the host.

...

8.5CVSS7AI score0.02904EPSS
Exploits0
SUSE CVE
SUSE CVE
added 2023/02/15 5:31 a.m.3 views

SUSE CVE-2014-1290

WebKit, as used in Apple iOS before 7.1 and Apple TV before 6.1, allows remote attackers to execute arbitrary code or cause a denial of service memory corruption and application crash via a crafted web site, a different vulnerability than CVE-2014-1289, CVE-2014-1291, CVE-2014-1292, CVE-2014-1293...

6.8CVSS9.3AI score0.02133EPSS
Exploits0References3
OSV
OSV
added 2023/01/18 12:15 a.m.3 views

UBUNTU-CVE-2023-21885

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization component: Core. Supported versions that are affected are Prior to 6.1.42 and prior to 7.0.6. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox...

3.8CVSS6.8AI score0.0033EPSS
Exploits0References3
OSV
OSV
added 2021/01/20 3:15 p.m.2 views

CVE-2021-2123

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization component: Core. The supported version that is affected is Prior to 6.1.18. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromis...

3.2CVSS6.1AI score0.00504EPSS
Exploits0References2
CNNVD
CNNVD
added 2020/12/08 12:0 a.m.10 views

Siemens XHQ SQL注入漏洞

Siemens XHQ is a software platform that aggregates plant or pipeline operational data, processes it in a goal-oriented manner, and then makes decisions in real time to effectively improve plant or pipeline operational performance. A SQL injection vulnerability exists in Siemens XHQ versions prior...

7.2CVSS7.1AI score0.00886EPSS
Exploits0References4
CNVD
CNVD
added 2015/07/01 12:0 a.m.3 views

IBM Tivoli Storage Manager FastBack Arbitrary Command Execution Vulnerability (CNVD-2015-04167)

IBM Tivoli Storage Manager FastBack is a suite of software that provides continuous data protection and recovery management capabilities for Microsoft Windows and Linux servers. An arbitrary command execution vulnerability in IBM Tivoli Storage Manager FastBack version 6.1 prior to 6.1.12 allows...

10CVSS7.7AI score0.07804EPSS
Exploits0References1
OSV
OSV
added 2013/01/29 5:58 a.m.1 views

UBUNTU-CVE-2013-0948

WebKit, as used in Apple iOS before 6.1, allows remote attackers to execute arbitrary code or cause a denial of service memory corruption and application crash via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-01-28-1...

6.8CVSS6.2AI score0.02195EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2010/07/15 12:57 p.m.2 views

CVE-2010-1971

Cross-site request forgery CSRF vulnerability in HP Insight Software Installer for Windows before 6.1 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors, a different vulnerability than CVE-2010-1968...

6.8CVSS5.6AI score0.00936EPSS
Exploits0References5
Rows per page
Query Builder