Lucene search
K

19182 matches found

EUVD
EUVD
added 2025/10/31 12:30 a.m.4 views

EUVD-2021-34712

Seeyon Zhiyuan OA Web Application System versions up to and including 7.0 SP1 improperly decode and parse the enc parameter in thirdpartyController.do. The decoded map values can influence session attributes without sufficient authentication/authorization checks, enabling attackers to assign a...

9.3CVSS6.3AI score0.00602EPSS
Exploits0References5
Cvelist
Cvelist
added 2025/10/31 12:0 a.m.9 views

CVE-2025-23050

QLowEnergyController in Qt before 6.8.2 mishandles malformed Bluetooth ATT commands, leading to an out-of-bounds read or division by zero. This is fixed in 5.15.19, 6.5.9, and 6.8.2...

3.1CVSS0.00172EPSS
Exploits0References2
CNVD
CNVD
added 2025/10/31 12:0 a.m.3 views

Azure Access Technology BLU-IC2 and Azure Access Technology BLU-IC4 Elevation of Privilege Vulnerabilities (CNVD-2025-29084)

The Azure Access Technology BLU-IC2 and Azure Access Technology BLU-IC4 are both networked access controllers from Azure Access Technology, USA. The Azure Access Technology BLU-IC2 and Azure Access Technology BLU-IC4 are vulnerable to an elevation of privilege vulnerability that is caused by...

10CVSS7.1AI score0.00312EPSS
Exploits0References1
CNVD
CNVD
added 2025/10/31 12:0 a.m.4 views

Azure Access Technology BLU-IC2 and Azure Access Technology BLU-IC4 Cross-Site Request Forgery Vulnerabilities (CNVD-2025-29095)

The Azure Access Technology BLU-IC2 and Azure Access Technology BLU-IC4 are both networked access controllers from Azure Access Technology, USA. The Azure Access Technology BLU-IC2 and Azure Access Technology BLU-IC4 suffer from a cross-site request forgery vulnerability that is caused by imprope...

8.8CVSS6.7AI score0.00151EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/10/31 12:0 a.m.5 views

Azure Access Technology BLU-IC2和Azure Access Technology BLU-IC4 安全漏洞

The Azure Access Technology BLU-IC2 and Azure Access Technology BLU-IC4 are both networked access controllers from Azure Access Technology, USA. A security vulnerability exists in the Azure Access Technology BLU-IC2 and Azure Access Technology BLU-IC4 that stems from an insufficient password...

9.8CVSS6.8AI score0.00312EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/31 12:0 a.m.7 views

EUVD-2025-37272

QLowEnergyController in Qt before 6.8.2 mishandles malformed Bluetooth ATT commands, leading to an out-of-bounds read or division by zero. This is fixed in 5.15.19, 6.5.9, and 6.8.2...

3.1CVSS6.3AI score0.00172EPSS
Exploits0References3
OSV
OSV
added 2025/10/30 10:15 p.m.5 views

CVE-2021-4461

Seeyon Zhiyuan OA Web Application System versions up to and including 7.0 SP1 improperly decode and parse the enc parameter in thirdpartyController.do. The decoded map values can influence session attributes without sufficient authentication/authorization checks, enabling attackers to assign a...

9.3CVSS5.8AI score0.00602EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2025/10/30 9:16 p.m.5 views

CVE-2021-4461 Seeyon Zhiyuan OA Web Application System < 7.0 SP1 Authentication Bypass

Seeyon Zhiyuan OA Web Application System versions up to and including 7.0 SP1 improperly decode and parse the enc parameter in thirdpartyController.do. The decoded map values can influence session attributes without sufficient authentication/authorization checks, enabling attackers to assign a...

9.3CVSS6.5AI score0.00602EPSS
Exploits0References4
CVE
CVE
added 2025/10/30 9:16 p.m.27 views

CVE-2021-4461

CVE-2021-4461 affects Seeyon Zhiyuan OA Web Application System

9.3CVSS6.5AI score0.00602EPSS
In wildExploits0References4
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/10/30 5:38 p.m.4 views

Malicious code in com.apple.unityplugin.spatialcontroller (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8fc0ce1ef79c10b4d5b8ba64243eefffe9f16596e7b9d80eb7437755b1f547a9 The package com.apple.unityplugin.spatialcontroller was found to contain malicious code...

7AI score
Exploits0
EUVD
EUVD
added 2025/10/30 5:38 p.m.3 views

EUVD-2025-37183

Malicious code in com.apple.unityplugin.spatialcontroller npm...

6.6AI score
Exploits0
NVD
NVD
added 2025/10/30 5:15 p.m.14 views

CVE-2025-60319

PerfreeBlog v4.0.11 is vulnerable to Server-Side Request Forgery due to a missing authorization check in the uploadAttachByUrl API endpoint AttachController.java...

6.5CVSS0.00241EPSS
Exploits0References2
Snyk
Snyk
added 2025/10/30 3:2 p.m.2 views

Command Injection

Overview Affected versions of this package are vulnerable to Command Injection via the enforcer that uses environment variables without sanitation. An attacker can execute arbitrary commands or cause a buffer overflow by supplying crafted input to the affected component. Remediation Upgrade...

9.9CVSS8.3AI score0.0043EPSS
Exploits0References3
Snyk
Snyk
added 2025/10/30 3:2 p.m.2 views

Command Injection

Overview Affected versions of this package are vulnerable to Command Injection via the enforcer that uses environment variables without sanitation. An attacker can execute arbitrary commands or cause a buffer overflow by supplying crafted input to the affected component. Remediation Upgrade...

9.9CVSS8.3AI score0.0043EPSS
Exploits0References3
Snyk
Snyk
added 2025/10/30 3:2 p.m.2 views

Command Injection

Overview Affected versions of this package are vulnerable to Command Injection via the enforcer that uses environment variables without sanitation. An attacker can execute arbitrary commands or cause a buffer overflow by supplying crafted input to the affected component. Remediation Upgrade...

9.9CVSS8.3AI score0.0043EPSS
Exploits0References3
Snyk
Snyk
added 2025/10/30 3:2 p.m.2 views

Command Injection

Overview Affected versions of this package are vulnerable to Command Injection via the enforcer that uses environment variables without sanitation. An attacker can execute arbitrary commands or cause a buffer overflow by supplying crafted input to the affected component. Remediation Upgrade...

9.9CVSS8.3AI score0.0043EPSS
Exploits0References3
Fedora
Fedora
added 2025/10/30 4:36 a.m.5 views

[SECURITY] Fedora 42 Update: qt6-qtserialbus-6.9.3-1.fc42

Qt Serial Bus API provides classes and functions to access the various industrial serial buses and protocols, such as CAN, ModBus, and others...

9.4CVSS7AI score0.00204EPSS
Exploits0
Microsoft CVE
Microsoft CVE
added 2025/10/30 1:1 a.m.5 views

ata: libata-sff: Ensure that we cannot write outside the allocated buffer

...

5.5CVSS8.9AI score0.00192EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2025/10/30 12:0 a.m.8 views

PT-2025-44429

Name of the Vulnerable Software and Affected Versions PerfreeBlog version 4.0.11 Description The software contains a Server-Side Request Forgery condition resulting from a missing authorization check. This issue affects the uploadAttachByUrl API endpoint located in the AttachController.java file...

6.5CVSS6.5AI score0.00241EPSS
Exploits0References7
CNNVD
CNNVD
added 2025/10/30 12:0 a.m.4 views

Seeyon Zhiyuan OA Web Application System 安全漏洞

Seeyon Zhiyuan OA Web Application System is a comprehensive office automation platform from Seeyon. A security vulnerability exists in Seeyon Zhiyuan OA Web Application System 7.0 SP1 and prior versions, which stems from improper encoding and parsing of parameters in thirdpartyController.do, whic...

9.3CVSS6.7AI score0.00602EPSS
Exploits0References4
Rows per page
Query Builder