Lucene search
K

45044 matches found

OSV
OSV
added 2025/12/03 2:35 p.m.4 views

BIT-ACTIVEMQ-2021-21345 XStream is vulnerable to a Remote Command Execution attack

XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability which may allow a remote attacker who has sufficient rights to execute commands of the host only by manipulating the processed input stream. No user is affected, who...

9.9CVSS7.7AI score0.72324EPSS
Exploits1References17
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/12/03 2:30 p.m.6 views

Malicious code in elf-stats-ginger-hammer-326 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b381aa5a37f1282740de384eeff72f5f4d3e57918e530d486989909249b8c821 The package elf-stats-ginger-hammer-326 was found to contain malicious code. Source: ossf-package-analysis...

7.1AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/12/03 2:20 p.m.5 views

Malicious code in elf-stats-sparkly-garland-970 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c51b40bdf891b2ad849d25f291b27e11a9c8dcae571ad90c75ee7d7f0696e248 The package elf-stats-sparkly-garland-970 was found to contain malicious code. Source: ossf-package-analysis...

7.1AI score
Exploits0
OSV
OSV
added 2025/12/03 2:20 p.m.2 views

MAL-2025-191983 Malicious code in elf-stats-nutmeg-chimney-245 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3f39faacdb6a0a95dc4e8db69c27bc4a0e06a7b11ac0f6c48bf35d1667cfa1cf The package elf-stats-nutmeg-chimney-245 was found to contain malicious code. Source: ossf-package-analysis...

7AI score
Exploits0
OSV
OSV
added 2025/12/03 1:55 p.m.1 views

MAL-2025-191978 Malicious code in elf-stats-cranberry-sleigh-853 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f85ae12d2f730c46ea2549c98a491f8ccccf2c8f7a484258398ce7dad89c137c The package elf-stats-cranberry-sleigh-853 was found to contain malicious code. Source: ossf-package-analysis...

7AI score
Exploits0
OSV
OSV
added 2025/12/03 1:31 a.m.4 views

MAL-2025-191968 Malicious code in karemm7 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector bb23140c87c50a27ae4e614762b9639f64ae2148777774915b5cd2ba94f104a0 The package karemm7 was found to contain malicious code. Source: ossf-package-analysis ea900c305547fbc90afe7dd06aac5431c244109fa63d688cb76e909cd3988f...

7AI score
Exploits0
OSV
OSV
added 2025/12/03 12:55 a.m.3 views

MAL-2025-191969 Malicious code in kkkaremn (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8be05818c3e6f94f41c611af1a16f1a88489f457de3d8b98cc9c4441eee9e557 The package kkkaremn was found to contain malicious code. Source: ossf-package-analysis...

7AI score
Exploits0
CNNVD
CNNVD
added 2025/12/03 12:0 a.m.7 views

Plugin Alliance Installation Manager 安全漏洞

Plugin Alliance Installation Manager is a plugin manager from US-based Plugin Alliance. A security vulnerability exists in Plugin Alliance Installation Manager version v1.4.0 that originates when the InstallationHelper service accepts an unauthenticated XPC connection, which could lead to the...

6.2CVSS6.9AI score0.00176EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2025/12/03 12:0 a.m.6 views

CVE-2025-65842

The Aquarius HelperTool 1.0.003 privileged XPC service on macOS contains multiple flaws that allow local privilege escalation. The service accepts XPC connections from any local process without validating the client's identity, and its authorization logic incorrectly calls AuthorizationCopyRights...

6.7AI score0.00141EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2025/12/03 12:0 a.m.7 views

PT-2025-48818

Name of the Vulnerable Software and Affected Versions AVTECH SECURITY Corporation DGM1104 FullImg-1015-1004-1006-1003 Description The software contains an authenticated command injection issue in the /Machine.cgi API endpoint. Attackers can execute arbitrary commands by providing a crafted input...

8.8CVSS7.6AI score0.02325EPSS
Exploits1References9
Positive Technologies
Positive Technologies
added 2025/12/03 12:0 a.m.6 views

PT-2025-48819

Name of the Vulnerable Software and Affected Versions AVTECH SECURITY Corporation DGM1104 FullImg-1015-1004-1006-1003 Description The software contains an authenticated command injection flaw in the NetFailDetectD binary. This allows attackers to execute arbitrary commands via a crafted input...

8.8CVSS7.6AI score0.0296EPSS
Exploits2References9
Vulnrichment
Vulnrichment
added 2025/12/03 12:0 a.m.3 views

CVE-2025-57200

AVTECH SECURITY Corporation DGM1104 FullImg-1015-1004-1006-1003 was discovered to contain an authenticated command injection vulnerability in the testmail function. This vulnerability allows attackers to execute arbitrary commands via a crafted input...

8AI score0.02088EPSS
Exploits2References3
Vulnrichment
Vulnrichment
added 2025/12/03 12:0 a.m.3 views

CVE-2025-57198

AVTECH SECURITY Corporation DGM1104 FullImg-1015-1004-1006-1003 was discovered to contain an authenticated command injection vulnerability in the Machine.cgi endpoint. This vulnerability allows attackers to execute arbitrary commands via a crafted input...

8AI score0.02325EPSS
Exploits1References3
CVE
CVE
added 2025/12/03 12:0 a.m.13 views

CVE-2025-55076

The CVE-2025-55076 entry describes a local privilege escalation in Plugin Alliance Installation Manager v1.4.0 for macOS, via the InstallationHelper service that accepts unauthenticated XPC connections and passes input to system(). This could allow a local user to execute arbitrary commands with ...

6.2CVSS7.4AI score0.00176EPSS
Exploits1References1Affected Software1
CNNVD
CNNVD
added 2025/12/03 12:0 a.m.5 views

AVTech DGM1104 安全漏洞

AVTech DGM1104 is a network video recorder from AVTech Corporation of Taiwan, China. A security vulnerability exists in the AVTech DGM1104 FullImg-1015-1004-1006-1003 version, which stems from a command injection in the Machine.cgi endpoint that could lead to the execution of arbitrary commands...

8.8CVSS7.5AI score0.02325EPSS
Exploits1References4
Cvelist
Cvelist
added 2025/12/03 12:0 a.m.15 views

CVE-2025-57199

AVTECH SECURITY Corporation DGM1104 FullImg-1015-1004-1006-1003 was discovered to contain an authenticated command injection vulnerability in the NetFailDetectD binary. This vulnerability allows attackers to execute arbitrary commands via a crafted input...

0.0296EPSS
Exploits2References3
Tenable Nessus
Tenable Nessus
added 2025/12/03 12:0 a.m.3 views

Linux Distros Unpatched Vulnerability : CVE-2025-66399

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Cacti is an open source performance and fault management framework. Prior to 1.2.29, there is an input- validation flaw in the SNMP device configuration...

8.8CVSS7.5AI score0.10941EPSS
Exploits1References3
NVD
NVD
added 2025/12/02 6:15 p.m.9 views

CVE-2025-66399

Cacti is an open source performance and fault management framework. Prior to 1.2.29, there is an input-validation flaw in the SNMP device configuration functionality. An authenticated Cacti user can supply crafted SNMP community strings containing control characters including newlines that are...

8.8CVSS0.10941EPSS
Exploits1References1
OSV
OSV
added 2025/12/02 6:15 p.m.4 views

UBUNTU-CVE-2025-66399

Cacti is an open source performance and fault management framework. Prior to 1.2.29, there is an input-validation flaw in the SNMP device configuration functionality. An authenticated Cacti user can supply crafted SNMP community strings containing control characters including newlines that are...

8.8CVSS6AI score0.10941EPSS
Exploits1References3
CVE
CVE
added 2025/12/02 5:57 p.m.72 views

CVE-2025-66399

Cacti (prior to 1.2.29) is affected by an input-validation flaw in the SNMP device configuration functionality. An authenticated Cacti user can supply crafted SNMP community strings containing control characters (including newlines) that are stored verbatim in the database and later embedded into...

8.8CVSS6.4AI score0.10941EPSS
Exploits1References1Affected Software1
Rows per page
Query Builder