Lucene search
+L

146 matches found

Cvelist
Cvelist
added 2025/12/31 7:32 a.m.32 views

CVE-2025-2026

The NPort 6100-G2/6200-G2 Series is affected by a high-severity vulnerability CVE-2025-2026 that allows remote attackers to execute a null byte injection through the device’s web API. This may lead to an unexpected device reboot and result in a denial-of-service DoS condition. An authenticated...

7.1CVSS0.00378EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/12/31 12:0 a.m.10 views

PT-2025-54289

The NPort 6100-G2/6200-G2 Series is affected by a high-severity vulnerability CVE-2025-2026 that allows remote attackers to execute a null byte injection through the device’s web API. This may lead to an unexpected device reboot and result in a denial-of-service DoS condition. An authenticated...

7.7CVSS7.3AI score0.00378EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/12/24 9:39 a.m.12 views

CVE-2025-14388

The PhastPress plugin for WordPress is vulnerable to Unauthenticated Arbitrary File Read via null byte injection in all versions up to, and including, 3.7. This is due to a discrepancy between the extension validation in getExtensionForURL which operates on URL-decoded paths, and appendNormalized...

9.8CVSS6.4AI score0.00416EPSS
Exploits0References1
EUVD
EUVD
added 2025/12/23 12:30 p.m.7 views

EUVD-2025-204781

The PhastPress plugin for WordPress is vulnerable to Unauthenticated Arbitrary File Read via null byte injection in all versions up to, and including, 3.7. This is due to a discrepancy between the extension validation in getExtensionForURL which operates on URL-decoded paths, and appendNormalized...

9.8CVSS5.9AI score0.00416EPSS
Exploits0References7
NVD
NVD
added 2025/12/23 10:15 a.m.8 views

CVE-2025-14388

The PhastPress plugin for WordPress is vulnerable to Unauthenticated Arbitrary File Read via null byte injection in all versions up to, and including, 3.7. This is due to a discrepancy between the extension validation in getExtensionForURL which operates on URL-decoded paths, and appendNormalized...

9.8CVSS0.00416EPSS
Exploits0References6
Cvelist
Cvelist
added 2025/12/23 9:20 a.m.33 views

CVE-2025-14388 PhastPress <= 3.7 - Unauthenticated Arbitrary File Read via Null Byte Injection

The PhastPress plugin for WordPress is vulnerable to Unauthenticated Arbitrary File Read via null byte injection in all versions up to, and including, 3.7. This is due to a discrepancy between the extension validation in getExtensionForURL which operates on URL-decoded paths, and appendNormalized...

9.8CVSS0.00416EPSS
Exploits0References6
Vulnrichment
Vulnrichment
added 2025/12/23 9:20 a.m.2 views

CVE-2025-14388 PhastPress <= 3.7 - Unauthenticated Arbitrary File Read via Null Byte Injection

The PhastPress plugin for WordPress is vulnerable to Unauthenticated Arbitrary File Read via null byte injection in all versions up to, and including, 3.7. This is due to a discrepancy between the extension validation in getExtensionForURL which operates on URL-decoded paths, and appendNormalized...

9.8CVSS6AI score0.00416EPSS
Exploits0References6
CVE
CVE
added 2025/12/23 9:20 a.m.21 views

CVE-2025-14388

CVE-2025-14388 (PhastPress) is a WordPress plugin vulnerability: unauthenticated arbitrary file read via a null-byte injection. Root cause is a mismatch between URL decoding in getExtensionForURL() and null-byte stripping in appendNormalized(), enabling a crafted path to access sensitive files li...

9.8CVSS6AI score0.00416EPSS
Exploits0References6
CNNVD
CNNVD
added 2025/12/23 12:0 a.m.5 views

WordPress plugin PhastPress 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security...

9.8CVSS6.9AI score0.00416EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2025/12/23 12:0 a.m.9 views

PT-2025-52733

Name of the Vulnerable Software and Affected Versions PhastPress versions prior to 3.8 Description The PhastPress plugin for WordPress is susceptible to Unauthenticated Arbitrary File Read due to a null byte injection issue. A discrepancy exists between how the extension validation in the...

9.8CVSS6.8AI score0.00416EPSS
Exploits0References14
Redos
Redos
added 2025/12/03 12:0 a.m.11 views

ROS-20251203-09

A vulnerability in the ProxyCommand component of the OpenSSH cryptographic protection tool is related to the injection of a null byte %00 in the username string. Exploitation of the vulnerability could allow an attacker to execute arbitrary code...

3.6CVSS9.3AI score0.00118EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/11/27 12:58 a.m.12 views

CVE-2025-66263

Unauthenticated Arbitrary File Read via Null Byte Injection in DB Electronica Telecomunicazioni S.p.A. Mozart FM Transmitter versions 30, 50, 100, 300, 500, 1000, 2000, 3000, 3500, 6000, 7000 allows an attacker to perform Null byte injection in downloadsetting.php allows reading arbitrary files...

8.9CVSS7.6AI score0.00351EPSS
Exploits1References1
NVD
NVD
added 2025/11/26 1:16 a.m.10 views

CVE-2025-66263

Unauthenticated Arbitrary File Read via Null Byte Injection in DB Electronica Telecomunicazioni S.p.A. Mozart FM Transmitter versions 30, 50, 100, 300, 500, 1000, 2000, 3000, 3500, 6000, 7000 allows an attacker to perform Null byte injection in downloadsetting.php allows reading arbitrary files...

8.9CVSS0.00351EPSS
Exploits1References1
EUVD
EUVD
added 2025/11/26 12:52 a.m.10 views

EUVD-2025-199670

Unauthenticated Arbitrary File Read via Null Byte Injection in DB Electronica Telecomunicazioni S.p.A. Mozart FM Transmitter versions 30, 50, 100, 300, 500, 1000, 2000, 3000, 3500, 6000, 7000 allows an attacker to perform Null byte injection in downloadsetting.php allows reading arbitrary files...

8.9CVSS7.1AI score0.00351EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2025/11/26 12:52 a.m.3 views

CVE-2025-66263 Unauthenticated Arbitrary File Read via Null Byte Injection

Unauthenticated Arbitrary File Read via Null Byte Injection in DB Electronica Telecomunicazioni S.p.A. Mozart FM Transmitter versions 30, 50, 100, 300, 500, 1000, 2000, 3000, 3500, 6000, 7000 allows an attacker to perform Null byte injection in downloadsetting.php allows reading arbitrary files...

8.9CVSS7.2AI score0.00351EPSS
Exploits1References1
Cvelist
Cvelist
added 2025/11/26 12:52 a.m.17 views

CVE-2025-66263 Unauthenticated Arbitrary File Read via Null Byte Injection

Unauthenticated Arbitrary File Read via Null Byte Injection in DB Electronica Telecomunicazioni S.p.A. Mozart FM Transmitter versions 30, 50, 100, 300, 500, 1000, 2000, 3000, 3500, 6000, 7000 allows an attacker to perform Null byte injection in downloadsetting.php allows reading arbitrary files...

8.9CVSS0.00351EPSS
Exploits1References1
CVE
CVE
added 2025/11/26 12:52 a.m.25 views

CVE-2025-66263

The CVE-2025-66263 entry describes an unauthenticated arbitrary file read due to a null byte injection in the Mozart FM Transmitter’s download_setting.php. The PHP code appends a forced .tgz extension to user-supplied $_GET['filename'], and on PHP 5.3.2 (pre-5.3.4) the null byte (%00) terminates ...

8.9CVSS7.2AI score0.00351EPSS
Exploits1References1Affected Software1
CNNVD
CNNVD
added 2025/11/26 12:0 a.m.6 views

DB Electronica Mozart FM Transmitter 安全漏洞

The DB Electronica Mozart FM Transmitter is a line of professional-grade FM radio transmitters from the Italian company DB Electronica. A security vulnerability exists in DB Electronica Mozart FM Transmitter versions 30, 50, 100, 300, 500, 1000, 2000, 3000, 3500, 6000, and 7000 that originates in...

8.9CVSS7AI score0.00351EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2025/11/26 12:0 a.m.9 views

PT-2025-48117

Unauthenticated Arbitrary File Read via Null Byte Injection in DB Electronica Telecomunicazioni S.p.A. Mozart FM Transmitter versions 30, 50, 100, 300, 500, 1000, 2000, 3000, 3500, 6000, 7000 allows an attacker to perform Null byte injection in download setting.php allows reading arbitrary files...

8.9CVSS7.6AI score0.00351EPSS
Exploits1References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2006-6466

Malware in sbrugna...

2.6CVSS6.4AI score0.02314EPSS
Exploits0References9
Rows per page
Query Builder