Lucene search
K

19189 matches found

Positive Technologies
Positive Technologies
added 2025/10/14 12:0 a.m.5 views

PT-2025-41984

Arbitrary file download vulnerabilities exist in the CLI binary of AOS-10 GW and AOS-8 Controller/Mobility Conductor operating systems. Successful exploitation could allow an authenticated malicious actor to download arbitrary files through carefully constructed exploits...

4.9CVSS6.9AI score0.00319EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/10/14 12:0 a.m.5 views

PT-2025-41977

Name of the Vulnerable Software and Affected Versions AOS-8 Controller/Mobility Conductor affected versions not specified Description An authenticated command injection flaw exists in the Command Line Interface CLI binary. Exploitation allows an attacker with valid credentials to execute arbitrar...

7.2CVSS7.6AI score0.01274EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2025/10/14 12:0 a.m.4 views

PT-2025-41976

Name of the Vulnerable Software and Affected Versions AOS-10 GW affected versions not specified AOS-8 Controller/Mobility Conductor affected versions not specified Description An arbitrary file write issue exists in the web-based management interface. Successful exploitation could allow an...

7.2CVSS7AI score0.00501EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2025/10/14 12:0 a.m.3 views

PT-2025-41979

Arbitrary file deletion vulnerabilities have been identified in the command-line interface of an AOS-8 Controller/Mobility Conductor. Successful exploitation of these vulnerabilities could allow an authenticated remote malicious actor to delete arbitrary files within the affected system...

6.5CVSS7.1AI score0.00333EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/10/13 6:26 a.m.4 views

CVE-2025-0636 Arbitrary Code Execution vulnerability in Ericsson RAN Compute and Site Controller

EMCLI contains a high severity vulnerability where improper neutralization of special elements used in an OS command could be exploited leading to Arbitrary Code Execution...

8.4CVSS6.7AI score0.00266EPSS
Exploits0References1
CVE
CVE
added 2025/10/13 6:26 a.m.25 views

CVE-2025-0636

CVE-2025-0636 affects Ericsson RAN Compute and Ericsson Site Controller (EMCLI). The issue is a high-severity vulnerability arising from improper neutralization of special elements used in an OS command, potentially enabling Arbitrary Code Execution. The publicly documented details across multipl...

8.4CVSS6.7AI score0.00266EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/10/13 5:29 a.m.18 views

CVE-2025-60268

An arbitrary file upload vulnerability exists in JeeWMS 20250820, which is caused by the lack of file checking in the saveFiles function in /jeewms/cgUploadController.do. An attacker with normal privileges was able to upload a malicious file that would lead to remote code execution...

6.5CVSS7.8AI score0.00329EPSS
Exploits1References1
CNNVD
CNNVD
added 2025/10/13 12:0 a.m.3 views

Ericsson RAN Compute和Ericsson Site Controller 6610 安全漏洞

Ericsson RAN Compute and Ericsson Site Controller 6610 are both products of Ericsson, a Swedish company.Ericsson RAN Compute is a cloud-native software solution for handling computing functions in a RAN.Ericsson Site Controller 6610 is an intelligent power management controller for site...

8.4CVSS6.9AI score0.00266EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/10/13 12:0 a.m.4 views

PT-2025-46754

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A flaw exists in the Linux kernel related to device minor number handling. Specifically, the device minor number is cleared after the device is released, which is incorrect. This issue...

5.5CVSS6.7AI score0.08942EPSS
Exploits3References198
RedhatCVE
RedhatCVE
added 2025/10/11 7:20 p.m.13 views

CVE-2025-11581

A security vulnerability has been detected in PowerJob up to 5.1.2. This vulnerability affects unknown code of the file /openApi/runJob of the component OpenAPIController. Such manipulation leads to missing authorization. The attack can be launched remotely. The exploit has been disclosed publicl...

7.5CVSS6.7AI score0.00416EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2025/10/10 9:31 p.m.8 views

PowerJob OpenAPIController is missing authorization

A security vulnerability has been detected in PowerJob up to 5.1.2. This vulnerability affects unknown code of the file /openApi/runJob of the component OpenAPIController. Such manipulation leads to missing authorization. The attack can be launched remotely. The exploit has been disclosed publicl...

7.5CVSS5.5AI score0.00416EPSS
Exploits0References6Affected Software1
RedhatCVE
RedhatCVE
added 2025/10/10 8:22 p.m.4 views

CVE-2025-11554

A security vulnerability has been detected in Portabilis i-Educar up to 2.9.10. Affected by this issue is some unknown functionality of the file app/Http/Controllers/AccessLevelController.php of the component User Type Handler. The manipulation leads to insecure inherited permissions. The attack...

8.8CVSS6.6AI score0.00343EPSS
Exploits1References1
Snyk
Snyk
added 2025/10/10 7:41 p.m.15 views

Missing Authorization

Overview Affected versions of this package are vulnerable to Missing Authorization via multiple APIs in OpenAPIController. An attacker can gain unauthorized access to sensitive information by sending crafted requests to the endpoints. Remediation There is no fixed version for...

7.5CVSS6.8AI score0.00416EPSS
Exploits0References2
NVD
NVD
added 2025/10/10 7:15 p.m.4 views

CVE-2025-11581

A security vulnerability has been detected in PowerJob up to 5.1.2. This vulnerability affects unknown code of the file /openApi/runJob of the component OpenAPIController. Such manipulation leads to missing authorization. The attack can be launched remotely. The exploit has been disclosed publicl...

7.5CVSS0.00416EPSS
Exploits0References5
EUVD
EUVD
added 2025/10/10 6:31 p.m.15 views

EUVD-2025-33761

An arbitrary file upload vulnerability exists in JeeWMS 20250820, which is caused by the lack of file checking in the saveFiles function in /jeewms/cgUploadController.do. An attacker with normal privileges was able to upload a malicious file that would lead to remote code execution...

6.5CVSS7.7AI score0.00329EPSS
Exploits1References3
NVD
NVD
added 2025/10/10 5:15 p.m.6 views

CVE-2025-60269

JEEWMS 20250820 is vulnerable to SQL Injection in the exportXls function located in the src/main/java/org/jeecgframework/web/cgreport/controller/excel/CgExportExcelController.java file...

9.4CVSS0.00299EPSS
Exploits1References2
Cvelist
Cvelist
added 2025/10/10 12:0 a.m.10 views

CVE-2025-60269

JEEWMS 20250820 is vulnerable to SQL Injection in the exportXls function located in the src/main/java/org/jeecgframework/web/cgreport/controller/excel/CgExportExcelController.java file...

0.00299EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2025/10/10 12:0 a.m.5 views

PT-2025-41576

Name of the Vulnerable Software and Affected Versions JEEWMS version 20250820 Description The software is susceptible to a SQL Injection issue within the exportXls function. This function is located in the file...

9.4CVSS7.4AI score0.00299EPSS
Exploits1References7
Vulnrichment
Vulnrichment
added 2025/10/10 12:0 a.m.4 views

CVE-2025-60269

JEEWMS 20250820 is vulnerable to SQL Injection in the exportXls function located in the src/main/java/org/jeecgframework/web/cgreport/controller/excel/CgExportExcelController.java file...

7.6AI score0.00299EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2025/10/10 12:0 a.m.5 views

PT-2025-46641

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The Linux kernel contains a flaw within the drm/xe/guc subsystem. Specifically, the issue relates to the handling of exec queue deregistration when the GuC Graphics Unit Controller is no...

3.5CVSS5.2AI score0.00164EPSS
Exploits0
Rows per page
Query Builder