Lucene search
K

19182 matches found

RedhatCVE
RedhatCVE
added 2025/10/28 3:4 p.m.4 views

CVE-2025-12351

Honeywell S35 Series Cameras contains an authorization bypass Vulnerability through User controller key. An attacker could potentially exploit this vulnerability, leading to Privilege Escalation to admin privileged functionalities . Honeywell also recommends updating to the most recent version of...

6.8CVSS6.8AI score0.0021EPSS
Exploits0References1
CVE
CVE
added 2025/10/28 11:48 a.m.16 views

CVE-2025-40076

The CVE-2025-40076 entry describes a Linux kernel PCI issue in the rcar-host driver where the MSI parent IRQ domain could be NULL due to how irq_domain_info is passed during a transition to msi_create_parent_irq_domain(). This could cause a NULL pointer dereference in generic_handle_domain_irq() ...

6AI score0.0017EPSS
Exploits0References2
OSV
OSV
added 2025/10/28 11:48 a.m.3 views

CVE-2025-40043 net: nfc: nci: Add parameter validation for packet data

In the Linux kernel, the following vulnerability has been resolved: net: nfc: nci: Add parameter validation for packet data Syzbot reported an uninitialized value bug in nciinitreq, which was introduced by commit 5aca7966d2a7 "Merge tag 'perf-tools-fixes-for-v6.17-2025-09-16' of...

6.3AI score0.00202EPSS
Exploits0References9
Positive Technologies
Positive Technologies
added 2025/10/28 12:0 a.m.4 views

PT-2025-44225

Name of the Vulnerable Software and Affected Versions Supermicro BMC firmware versions affected versions not specified Description The Supermicro BMC firmware contains a flaw in its validation logic. An attacker can exploit this to update the system firmware with a specially crafted image...

7.2CVSS5.4AI score0.0012EPSS
Exploits0References9
NVD
NVD
added 2025/10/27 7:16 p.m.7 views

CVE-2025-12304

A vulnerability has been found in dulaiduwang003 TIME-SEA-PLUS up to fb299162f18498dd9cf17da906886d80a077d53b. This affects the function alipayIsSucceed of the file PayController.java of the component Order Status Handler. The manipulation leads to improper authorization. Remote exploitation of t...

5.3CVSS0.00236EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2025/10/27 6:32 p.m.3 views

CVE-2025-12305 quequnlong shiyi-blog Job SysJobController.java deserialization

A vulnerability was found in quequnlong shiyi-blog up to 1.2.1. This impacts an unknown function of the file src/main/java/com/mojian/controller/SysJobController.java of the component Job Handler. The manipulation results in deserialization. The attack can be executed remotely. The exploit has be...

6.5CVSS6.2AI score0.00461EPSS
Exploits1References5
Cvelist
Cvelist
added 2025/10/27 6:32 p.m.13 views

CVE-2025-12305 quequnlong shiyi-blog Job SysJobController.java deserialization

A vulnerability was found in quequnlong shiyi-blog up to 1.2.1. This impacts an unknown function of the file src/main/java/com/mojian/controller/SysJobController.java of the component Job Handler. The manipulation results in deserialization. The attack can be executed remotely. The exploit has be...

6.5CVSS0.00461EPSS
Exploits1References5
CVE
CVE
added 2025/10/27 6:32 p.m.10 views

CVE-2025-12304

TIME-SEA-PLUS (dulaiduwang003) up to fb299162f18498dd9cf17da906886d80a077d53b is affected. The vulnerability resides in the function alipayIsSucceed of PayController.java within the Order Status Handler, caused by improper authorization. Remote exploitation is possible, and the exploit has been d...

5.3CVSS6.3AI score0.00236EPSS
Exploits0References4
Cvelist
Cvelist
added 2025/10/27 6:32 p.m.9 views

CVE-2025-12304 dulaiduwang003 TIME-SEA-PLUS Order Status PayController.java alipayIsSucceed improper authorization

A vulnerability has been found in dulaiduwang003 TIME-SEA-PLUS up to fb299162f18498dd9cf17da906886d80a077d53b. This affects the function alipayIsSucceed of the file PayController.java of the component Order Status Handler. The manipulation leads to improper authorization. Remote exploitation of t...

5.3CVSS0.00236EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2025/10/27 6:32 p.m.2 views

CVE-2025-12304 dulaiduwang003 TIME-SEA-PLUS Order Status PayController.java alipayIsSucceed improper authorization

A vulnerability has been found in dulaiduwang003 TIME-SEA-PLUS up to fb299162f18498dd9cf17da906886d80a077d53b. This affects the function alipayIsSucceed of the file PayController.java of the component Order Status Handler. The manipulation leads to improper authorization. Remote exploitation of t...

5.3CVSS4.5AI score0.00236EPSS
Exploits0References4
NVD
NVD
added 2025/10/27 5:15 p.m.3 views

CVE-2025-12297

A vulnerability was detected in atjiu pybbs up to 6.0.0. This affects an unknown function of the file UserApiController.java. The manipulation results in information disclosure. The attack may be launched remotely. The exploit is now public and may be used...

5.3CVSS0.00327EPSS
Exploits1References4
OSV
OSV
added 2025/10/27 5:15 p.m.3 views

CVE-2025-12297

A vulnerability was detected in atjiu pybbs up to 6.0.0. This affects an unknown function of the file UserApiController.java. The manipulation results in information disclosure. The attack may be launched remotely. The exploit is now public and may be used...

5.3CVSS4.6AI score
Exploits0References4
Cvelist
Cvelist
added 2025/10/27 4:32 p.m.10 views

CVE-2025-12297 atjiu pybbs UserApiController.java information disclosure

A vulnerability was detected in atjiu pybbs up to 6.0.0. This affects an unknown function of the file UserApiController.java. The manipulation results in information disclosure. The attack may be launched remotely. The exploit is now public and may be used...

5.3CVSS0.00327EPSS
Exploits1References4
Vulnrichment
Vulnrichment
added 2025/10/27 4:32 p.m.2 views

CVE-2025-12297 atjiu pybbs UserApiController.java information disclosure

A vulnerability was detected in atjiu pybbs up to 6.0.0. This affects an unknown function of the file UserApiController.java. The manipulation results in information disclosure. The attack may be launched remotely. The exploit is now public and may be used...

5.3CVSS4.6AI score0.00327EPSS
Exploits1References4
CVE
CVE
added 2025/10/27 4:32 p.m.11 views

CVE-2025-12297

CVE-2025-12297 affects atjiu pybbs up to v6.0.0, involving an unknown function in UserApiController.java. The manipulation causes information disclosure and can be exploited remotely; the exploit is publicly available (PoC in some sources). Multiple connected sources corroborate the surface and i...

5.3CVSS4.7AI score0.00327EPSS
Exploits1References4Affected Software1
NVD
NVD
added 2025/10/27 3:15 p.m.5 views

CVE-2025-12351

Honeywell S35 Series Cameras contains an authorization bypass Vulnerability through User controller key. An attacker could potentially exploit this vulnerability, leading to Privilege Escalation to admin privileged functionalities . Honeywell also recommends updating to the most recent version of...

6.8CVSS0.0021EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/10/27 3:3 p.m.8 views

CVE-2025-12351 Inadequate access control measure allows unauthorized users to access restricted administrative functions

Honeywell S35 Series Cameras contains an authorization bypass Vulnerability through User controller key. An attacker could potentially exploit this vulnerability, leading to Privilege Escalation to admin privileged functionalities . Honeywell also recommends updating to the most recent version of...

6.8CVSS0.0021EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/27 3:3 p.m.5 views

EUVD-2025-36196

Honeywell S35 Series Cameras contains an authorization bypass Vulnerability through User controller key. An attacker could potentially exploit this vulnerability, leading to Privilege Escalation to admin privileged functionalities . Honeywell also recommends updating to the most recent version of...

6.8CVSS6.3AI score0.0021EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/10/27 3:3 p.m.4 views

CVE-2025-12351 Inadequate access control measure allows unauthorized users to access restricted administrative functions

Honeywell S35 Series Cameras contains an authorization bypass Vulnerability through User controller key. An attacker could potentially exploit this vulnerability, leading to Privilege Escalation to admin privileged functionalities . Honeywell also recommends updating to the most recent version of...

6.8CVSS6.5AI score0.0021EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/10/27 1:32 p.m.14 views

CVE-2025-34502

Deck Mate 2 lacks a verified secure-boot chain and runtime integrity validation for its controller and display modules. Without cryptographic boot verification, an attacker with physical access can modify or replace the bootloader, kernel, or filesystem and gain persistent code execution on reboo...

7CVSS7.4AI score0.00197EPSS
Exploits0References1
Rows per page
Query Builder