Lucene search
+L

587 matches found

OSV
OSV
added 2025/12/25 6:15 p.m.7 views

CVE-2025-15083

A vulnerability was determined in TOZED ZLT M30s up to 1.47. The affected element is an unknown function of the component UART Interface. Executing manipulation can lead to on-chip debug and test interface with improper access control. The physical device can be targeted for the attack. Attacks o...

4.6CVSS5.1AI score
Exploits0References4
RedhatCVE
RedhatCVE
added 2025/12/16 4:57 a.m.6 views

CVE-2025-14702

A flaw has been found in Smartbit CommV Smartschool App up to 10.4.4. Impacted is an unknown function of the component be.smartschool.mobile.SplashActivity. Executing manipulation can lead to path traversal. The attack requires local access. The exploit has been published and may be used. The...

4.8CVSS5.9AI score0.00174EPSS
Exploits0References1
OSV
OSV
added 2025/12/11 7:15 p.m.6 views

CVE-2025-14534

A vulnerability was determined in UTT 进取 512W up to 3.1.7.7-171114. This impacts the function strcpy of the file /goform/formNatStaticMap of the component Endpoint. Executing manipulation of the argument NatBind can lead to buffer overflow. The attack can be launched remotely. The exploit has bee...

9.8CVSS6.2AI score0.05127EPSS
Exploits1References4
Cvelist
Cvelist
added 2025/12/08 6:32 a.m.38 views

CVE-2025-14220 ORICO CD3510 File Upload path traversal

A security vulnerability has been detected in ORICO CD3510 1.9.12. This affects an unknown function of the component File Upload. The manipulation leads to path traversal. The attack can be initiated remotely. The exploit has been disclosed publicly and may be used. The vendor was contacted early...

5.3CVSS0.00362EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2025/12/07 12:0 a.m.8 views

PT-2025-49404

Name of the Vulnerable Software and Affected Versions UTT 进取 512W versions through 1.7.7-171114 Description A buffer overflow issue exists in the strcpy function within the /goform/formP2PLimitConfig file. Manipulation of the except argument can lead to a buffer overflow. This issue is potentiall...

9.8CVSS8.9AI score0.00707EPSS
Exploits1References13
Positive Technologies
Positive Technologies
added 2025/12/06 12:0 a.m.10 views

PT-2025-49363

Name of the Vulnerable Software and Affected Versions Linksys RE6500, RE6250, RE6300, RE6350, RE7000 and RE9000 versions 1.0.013.001 through 1.2.07.001 Description A security flaw exists in Linksys RE series Wireless Repeaters. The issue involves a stack-based buffer overflow in the...

9CVSS9AI score0.0098EPSS
Exploits1References14
CVE
CVE
added 2025/12/05 3:32 p.m.17 views

CVE-2025-14089

Himool ERP up to 2.2 contains an improper authorization vulnerability in the AdminActionViewSet function update_account (file path: /api/admin/update_account/). The issue allows remote exploitation with publicly available tooling. Multiple sources (NVD, Red Hat, CVE listings, and others) confirm ...

6.5CVSS6.2AI score0.00209EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2025/12/02 7:22 a.m.7 views

CVE-2025-13813

A vulnerability was identified in moxi159753 Mogu Blog v2 up to 5.2. This issue affects some unknown processing of the file /storage/ of the component Storage Management Endpoint. The manipulation leads to missing authorization. The attack can be initiated remotely. The attack's complexity is rat...

8.1CVSS5.2AI score0.00409EPSS
Exploits1References1
EUVD
EUVD
added 2025/12/01 8:2 a.m.8 views

EUVD-2025-199960

A weakness has been identified in moxi159753 Mogu Blog v2 up to 5.2. The affected element is an unknown function of the file /file/pictures. This manipulation of the argument filedatas causes unrestricted upload. The attack may be initiated remotely. The exploit has been made available to the...

6.5CVSS6.1AI score0.00331EPSS
Exploits1References6
Vulnrichment
Vulnrichment
added 2025/12/01 6:2 a.m.2 views

CVE-2025-13810 jsnjfz WebStack-Guns KaptchaController.java renderPicture path traversal

A vulnerability was found in jsnjfz WebStack-Guns 1.0. This affects the function renderPicture of the file src/main/java/com/jsnjfz/manage/modular/system/controller/KaptchaController.java. Performing a manipulation results in path traversal. It is possible to initiate the attack remotely. The...

6.9CVSS6AI score0.00871EPSS
Exploits1References5
OSV
OSV
added 2025/12/01 5:16 a.m.6 views

CVE-2025-13808

A flaw has been found in orionsec orion-ops up to 5925824997a3109651bbde07460958a7be249ed1. Affected by this vulnerability is the function update of the file orion-ops-api/orion-ops-web/src/main/java/cn/orionsec/ops/controller/UserController.java of the component User Profile Handler. This...

8.8CVSS5.3AI score0.00419EPSS
Exploits1References5
CVE
CVE
added 2025/12/01 1:32 a.m.25 views

CVE-2025-13800

The CVE-2025-13800 issue affects ADSLR NBR1005GPEV2 (version 250814-r037c). The vulnerability lies in the set_mesh_disconnect function of /send_order.cgi, where manipulating the mac argument enables command injection. It can be triggered remotely, and public exploits exist. Multiple sources corro...

9.8CVSS6.4AI score0.08583EPSS
Exploits1References4Affected Software1
Vulnrichment
Vulnrichment
added 2025/11/30 7:32 a.m.5 views

CVE-2025-13785 yungifez Skuul School Management System Image profile information disclosure

A security vulnerability has been detected in yungifez Skuul School Management System up to 2.6.5. This issue affects some unknown processing of the file /user/profile of the component Image Handler. Such manipulation leads to information disclosure. The attack may be performed from remote. The...

5.3CVSS5.9AI score0.00322EPSS
Exploits1References4
OSV
OSV
added 2025/11/25 10:3 p.m.2 views

JLSEC-2025-242 A vulnerability was found in libarchive up to 3.7.7

A vulnerability was found in libarchive up to 3.7.7. It has been classified as problematic. This affects the function list of the file bsdunzip.c. The manipulation leads to null pointer dereference. It is possible to launch the attack on the local host. The exploit has been disclosed to the publi...

5.5CVSS5.9AI score0.00321EPSS
Exploits1References4
EUVD
EUVD
added 2025/11/16 6:31 a.m.7 views

EUVD-2025-197717

A weakness has been identified in Bdtask Flight Booking Software 4. Affected by this vulnerability is an unknown functionality of the file /agent/profile/edit of the component Edit Profile Page. This manipulation causes unrestricted upload. The attack may be initiated remotely. The exploit has be...

6.5CVSS6.1AI score0.00312EPSS
Exploits1References5
NVD
NVD
added 2025/11/14 7:15 p.m.5 views

CVE-2025-13177

A vulnerability was detected in Bdtask/CodeCanyon SalesERP up to 20250728. This affects an unknown part. The manipulation results in cross-site request forgery. The attack can be executed remotely. The exploit is now public and may be used. The vendor was contacted early about this disclosure but...

8.8CVSS0.0024EPSS
Exploits1References4
NVD
NVD
added 2025/10/27 3:15 a.m.7 views

CVE-2025-12207

A vulnerability has been found in Kamailio 5.5. This affects the function yyerrorat of the file src/core/cfg.y of the component Grammar Rule Handler. Such manipulation leads to null pointer dereference. The attack needs to be performed locally. The exploit has been disclosed to the public and may...

5.5CVSS0.00211EPSS
Exploits1References9
Vulnrichment
Vulnrichment
added 2025/10/16 7:2 p.m.3 views

CVE-2025-11852 Apeman ID71 ONVIF Service device_service missing authentication

A vulnerability was found in Apeman ID71 218.53.203.117. The impacted element is an unknown function of the file /onvif/deviceservice of the component ONVIF Service. Performing manipulation results in missing authentication. The attack is possible to be carried out remotely. The exploit has been...

6.9CVSS6.2AI score0.0056EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2025/10/12 12:0 a.m.12 views

PT-2025-41735

Name of the Vulnerable Software and Affected Versions Tomofun Furbo 360 versions prior to FB0035 FW 036 Tomofun Furbo Mini versions prior to MC0020 FW 074 Description A flaw exists in Tomofun Furbo 360 and Furbo Mini related to the processing of the GATT Service component. Manipulation of the...

3.1CVSS3.5AI score0.00528EPSS
Exploits1References8
Positive Technologies
Positive Technologies
added 2025/10/12 12:0 a.m.14 views

PT-2025-41709

Name of the Vulnerable Software and Affected Versions RainyGao DocSys versions through 2.02.36 Description A flaw exists in RainyGao DocSys that allows for remote manipulation leading to SQL injection. The issue is related to the getUserList function within the /Manage/getUserList.do file. The...

6.5CVSS6.5AI score0.0038EPSS
Exploits1References8
Rows per page
Query Builder