Lucene search
K

19186 matches found

RedhatCVE
RedhatCVE
added 2025/10/15 8:47 p.m.11 views

CVE-2025-62157

Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. Argo Workflows versions prior to 3.6.12 and versions 3.7.0 through 3.7.2 expose artifact repository credentials in plaintext in workflow-controller pod logs. An attacker with permissio...

8.5CVSS6.1AI score0.00441EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 2025/10/15 5:44 p.m.6 views

CVE-2025-37136

Arbitrary file deletion vulnerabilities have been identified in the command-line interface of an AOS-8 Controller/Mobility Conductor. Successful exploitation of these vulnerabilities could allow an authenticated remote malicious actor to delete arbitrary files within the affected system...

6.5CVSS7.1AI score0.00333EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/10/15 5:44 p.m.4 views

CVE-2025-37141

Arbitrary file download vulnerabilities exist in the CLI binary of AOS-10 GW and AOS-8 Controller/Mobility Conductor operating systems. Successful exploitation could allow an authenticated malicious actor to download arbitrary files through carefully constructed exploits...

4.9CVSS6.9AI score0.00319EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/10/15 5:44 p.m.3 views

CVE-2025-37143

An arbitrary file download vulnerability exists in the web-based management interface of AOS-10 GW and AOS-8 Controller/Mobility Conductor operating systems. Successful exploitation could allow an Authenticated malicious actor to download arbitrary files through carefully constructed exploits...

4.9CVSS6.9AI score0.00347EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/10/15 5:44 p.m.3 views

CVE-2025-37142

Arbitrary file download vulnerabilities exist in the CLI binary of AOS-10 GW and AOS-8 Controller/Mobility Conductor operating systems. Successful exploitation could allow an authenticated malicious actor to download arbitrary files through carefully constructed exploits...

4.9CVSS6.9AI score0.00319EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/10/15 5:44 p.m.5 views

CVE-2025-37140

Arbitrary file download vulnerabilities exist in the CLI binary of AOS-10 GW and AOS-8 Controller/Mobility Conductor operating systems. Successful exploitation could allow an authenticated malicious actor to download arbitrary files through carefully constructed exploits...

4.9CVSS6.9AI score0.00319EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/10/15 5:44 p.m.4 views

CVE-2025-37137

Arbitrary file deletion vulnerabilities have been identified in the command-line interface of an AOS-8 Controller/Mobility Conductor. Successful exploitation of these vulnerabilities could allow an authenticated remote malicious actor to delete arbitrary files within the affected system...

6.5CVSS7.1AI score0.00333EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/10/15 5:44 p.m.4 views

CVE-2025-37135

Arbitrary file deletion vulnerabilities have been identified in the command-line interface of an AOS-8 Controller/Mobility Conductor. Successful exploitation of these vulnerabilities could allow an authenticated remote malicious actor to delete arbitrary files within the affected system...

6.5CVSS7.1AI score0.00333EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/10/15 5:44 p.m.4 views

CVE-2025-37132

An arbitrary file write vulnerability exists in the web-based management interface of both the AOS-10 GW and AOS-8 Controller/Mobility Conductor operating systems. Successful exploitation could allow an authenticated malicious actor to upload arbitrary files and execute arbitrary commands on the...

7.2CVSS7.5AI score0.00501EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/10/15 5:44 p.m.4 views

CVE-2025-37134

An authenticated command injection vulnerability exists in the CLI binary of an AOS-8 Controller/Mobility Conductor operating system. Successful exploitation could allow an authenticated malicious actor to execute arbitrary commands as a privileged user on the underlying operating system...

7.2CVSS7.9AI score0.01274EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/10/15 5:44 p.m.5 views

CVE-2025-37133

An authenticated command injection vulnerability exists in the CLI binary of an AOS-8 Controller/Mobility Conductor operating system. Successful exploitation could allow an authenticated malicious actor to execute arbitrary commands as a privileged user on the underlying operating system...

7.2CVSS7.9AI score0.01274EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/10/15 9:54 a.m.7 views

CVE-2011-20002

A vulnerability has been identified in SIMATIC S7-1200 CPU V1 family incl. SIPLUS variants All versions V2.0.2, SIMATIC S7-1200 CPU V2 family incl. SIPLUS variants All versions V2.0.2. Affected controllers are vulnerable to capture-replay in the communication with the engineering software. This...

8.3CVSS7.4AI score0.00288EPSS
Exploits0References1
NVD
NVD
added 2025/10/15 8:15 a.m.4 views

CVE-2025-39985

In the Linux kernel, the following vulnerability has been resolved: can: mcbausb: populate ndochangemtu to prevent buffer overflow Sending an PFPACKET allows to bypass the CAN framework logic and to directly reach the xmit function of a CAN driver. The only check which is performed by the PFPACKE...

0.0022EPSS
Exploits0References8
OSV
OSV
added 2025/10/15 8:15 a.m.3 views

UBUNTU-CVE-2025-39983

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hcievent: Fix UAF in hciconntxdequeue This fixes the following UAF caused by not properly locking hdev when processing HCIEVNUMCOMPPKTS: BUG: KASAN: slab-use-after-free in hciconntxdequeue+0x1be/0x220...

7.7CVSS5.7AI score0.0017EPSS
Exploits0References5
CVE
CVE
added 2025/10/15 7:56 a.m.19 views

CVE-2025-39987

The CVE-2025-39987 issue is in Linux kernel CAN drivers where sun4i_can did not implement net_device_ops->ndo_change_mtu(), allowing an attacker to set an invalid MTU (e.g., ip link set can0 mtu 9999) and inject CAN XL frames via PF_PACKET (ETH_P_CANXL). The payload could reach hi3110_hard_sta...

6.6AI score0.0022EPSS
Exploits0References8
CVE
CVE
added 2025/10/15 7:56 a.m.24 views

CVE-2025-39985

In CVE-2025-39985, the Linux kernel’s mcba_usb CAN driver could bypass MTU enforcement via PF_PACKET, allowing a malformed CAN XL frame to reach xmit() and trigger a buffer overflow. The root cause is that mcba_usb does not populate net_device_ops->ndo_change_mtu(), so a user can set an invali...

6.7AI score0.0022EPSS
Exploits0References8
CNNVD
CNNVD
added 2025/10/15 12:0 a.m.6 views

Dahua IPC和Dahua SD 安全漏洞

Dahua IPC and Dahua SD are both products of Dahua, a Chinese company.Dahua IPC is a series of industrial controllers from Dahua.Dahua SD is a series of PTZ dome cameras. A security vulnerability exists in the Dahua IPC and Dahua SD. The vulnerability originates from a third-party malicious attack...

6.8CVSS6.7AI score0.00275EPSS
Exploits1References2
UbuntuCve
UbuntuCve
added 2025/10/15 12:0 a.m.4 views

CVE-2025-10230

A flaw was found in Samba, in the front-end WINS hook handling: NetBIOS names from registration packets are passed to a shell without proper validation or escaping. Unsanitized NetBIOS name data from WINS registration packets are inserted into a shell command and executed by the Samba Active...

10CVSS7.5AI score0.39677EPSS
Exploits2References3
CNNVD
CNNVD
added 2025/10/15 12:0 a.m.5 views

Azure Access Technology BLU-IC2和Azure Access Technology BLU-IC4 安全漏洞

The Azure Access Technology BLU-IC2 and Azure Access Technology BLU-IC4 are both networked access controllers from Azure Access Technology, USA. A security vulnerability exists in Azure Access Technology BLU-IC2 and Azure Access Technology BLU-IC4 that stems from unrestricted resource allocation ...

10CVSS6.5AI score0.00337EPSS
Exploits1References2
Samba
Samba
added 2025/10/15 12:0 a.m.7 views

Command injection via WINS server hook script

Description If a Samba server has WINS support enabled it is off by default, and it has a 'wins hook' parameter specified, the program specified by that parameter will be run whenever a WINS name is changed. The WINS server used by the Samba Active Directory Domain Controller did not validate the...

10CVSS7AI score0.39677EPSS
Exploits2
Rows per page
Query Builder