Lucene search
K

2886 matches found

The Hacker News
The Hacker News
added 2025/08/10 7:30 p.m.12 views

New Win-DDoS Flaws Let Attackers Turn Public Domain Controllers into DDoS Botnet via RPC, LDAP

A novel attack technique could be weaponized to rope thousands of public domain controllers DCs around the world to create a malicious botnet and use it to conduct powerful distributed denial-of-service DDoS attacks. The approach has been codenamed Win-DDoS by SafeBreach researchers Or Yair and...

7.5CVSS9.3AI score0.83642EPSS
Exploits6
CNVD
CNVD
added 2025/08/10 12:0 a.m.2 views

Wazifa System updatesettings.php file SQL injection vulnerability

Wazifa System is a content management system. Wazifa System suffers from a SQL injection vulnerability that originates from the lack of validation of externally entered SQL statements in the parameter Password in the file /controllers/updatesettings.php. An attacker can use this vulnerability to...

9.8CVSS8AI score0.00477EPSS
Exploits1References1
Tenable Nessus
Tenable Nessus
added 2025/08/10 12:0 a.m.4 views

Linux Distros Unpatched Vulnerability : CVE-2023-25012

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The Linux kernel through 6.1.9 has a Use-After-Free in bigbenremove in drivers/hid/hid-bigbenff.c via a crafted USB device because the LED controllers remain...

4.6CVSS6.7AI score0.00813EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2025/08/05 12:0 a.m.3 views

Linux Distros Unpatched Vulnerability : CVE-2024-42087

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - drm/panel: ilitek-ili9881c: Fix warning with GPIO controllers that sleep The ilitek-ili9881c controls the reset GPIO using the non-sleeping gpiodsetvalue...

5.5CVSS6.7AI score0.00228EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/08/01 12:0 a.m.2 views

Code-Projects Wazifa System 注入漏洞

Wazifa System is a content management system. Wazifa System suffers from a SQL injection vulnerability that originates from the lack of validation of the parameter post in the file /controllers/postpublish.php against externally entered SQL statements. An attacker can exploit this vulnerability t...

9.8CVSS8.1AI score0.00477EPSS
Exploits1References6
BDU FSTEC
BDU FSTEC
added 2025/08/01 12:0 a.m.5 views

The vulnerability of the Control Data Access component of the Honeywell OneWireless Wireless Device Manager and the microprogrammed logic controllers of the Honeywell Experion PKS allows a intruder to execute arbitrary code and cause a service failure.

The vulnerability of the Control Data Access component of the Honeywell OneWireless Wireless Device Manager and the microprogrammed logic controllers of the Honeywell Experion PKS is related to a countable degree of significance loss. Exploiting this vulnerability could allow an attacker to execu...

9.7CVSS6.3AI score0.00685EPSS
Exploits0References3Affected Software1
BDU FSTEC
BDU FSTEC
added 2025/08/01 12:0 a.m.7 views

The vulnerability of the Control Data Access component of the Honeywell OneWireless Wireless Device Manager and the microprogrammed logic controllers of the Honeywell Experion PKS allows a intruder to execute arbitrary code and cause a service failure.

The vulnerability of the Control Data Access component of the Honeywell OneWireless Wireless Device Manager and the microprogrammed logic controllers of the Honeywell Experion PKS is related to a countable degree of significance loss. Exploiting this vulnerability could allow an attacker to execu...

8.5CVSS6AI score0.00315EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2025/07/22 1:27 p.m.9 views

USN-7651-4 linux-gcp, linux-gcp-6.8 vulnerabilities

Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - PowerPC architecture; - S390 architecture; - Block layer subsystem; - Serial ATA and Parallel ATA drivers; - Driver...

7.8CVSS6.6AI score0.00259EPSS
Exploits0References118
CISA
CISA
added 2025/07/22 12:0 p.m.11 views

CISA Releases Nine Industrial Control Systems Advisories

CISA released nine Industrial Control Systems ICS advisories on July 22, 2025. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-25-203-01 DuraComm DP-10iN-100-MU ICSA-25-203-02 Lantronix Provisioning Manager...

7AI score
Exploits0References9
OSV
OSV
added 2025/07/21 3:15 p.m.4 views

CVE-2025-46120

An issue was discovered in CommScope Ruckus Unleashed prior to 200.15.6.212.27 and 200.18.7.1.323, and in Ruckus ZoneDirector prior to 10.5.1.0.282, where a path-traversal flaw in the web interface lets the server execute attacker-supplied EJS templates outside permitted directories, allowing a...

9.8CVSS6.1AI score0.00998EPSS
Exploits1References2
OSV
OSV
added 2025/07/21 3:15 p.m.3 views

CVE-2025-46118

An issue was discovered in CommScope Ruckus Unleashed prior to 200.15.6.212.14 and 200.17.7.0.139 and in Ruckus ZoneDirector prior to 10.5.1.0.279, where hard-coded credentials for the ftpuser account provide FTP access to the controller, enabling a remote attacker to upload or retrieve arbitrary...

5.3CVSS6AI score0.00501EPSS
Exploits1References2
VulnCheck KEV
VulnCheck KEV
added 2025/07/21 12:0 a.m.14 views

VulnCheck KEV: CVE-2019-3495

An issue was discovered on Wifi-soft UniBox controller 0.x through 2.x devices. network/mesh/edit-nds.php is vulnerable to arbitrary file upload, allowing an attacker to upload .php files and execute code on the server with root user privileges. Authentication for accessing this component can be...

9CVSS6AI score0.05037EPSS
In wildExploits1References2
BDU FSTEC
BDU FSTEC
added 2025/07/16 12:0 a.m.4 views

The vulnerability of the EPA component of the Honeywell Experion PKS programmable logic controllers allows a intruder to trigger a service failure.

The vulnerability of the Epic Platform Analyzer EPA component of Honeywell Experion PKS programmable logic controllers is related to the use of an uninitialized variable. Exploiting this vulnerability could allow a malicious actor to cause a service failure remotely...

7.8CVSS5.4AI score0.00362EPSS
Exploits0References3
CISA
CISA
added 2025/07/15 12:0 p.m.4 views

CISA Releases Six Industrial Control Systems Advisories

CISA released six Industrial Control Systems ICS advisories on July 15, 2025. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-25-196-01 Hitachi Energy Asset Suite ICSA-25-196-02 ABB RMC-100 ICSA-25-196-03 LITEON IC48A...

7AI score
Exploits0References6
Vulnrichment
Vulnrichment
added 2025/07/13 11:42 p.m.4 views

CVE-2025-1384 Least Privilege Violation Vulnerability in the communications functions of NJ/NX-series Machine Automation Controllers

Least Privilege Violation CWE-272 Vulnerability exists in the communication function between the NJ/NX-series Machine Automation Controllers and the Sysmac Studio Software. An attacker may use this vulnerability to perform unauthorized access and to execute unauthorized code remotely to the...

7CVSS7.5AI score0.00221EPSS
Exploits0References2
CVE
CVE
added 2025/07/13 11:42 p.m.28 views

CVE-2025-1384

CVE-2025-1384 affects Omron NJ/NX-series Machine Automation Controllers and Sysmac Studio Software. The issue is a Least Privilege Violation (CWE-272) in the communications function between these products, allowing a remote attacker to gain unauthorized access and potentially execute arbitrary co...

7CVSS7AI score0.00221EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/07/13 12:0 a.m.3 views

PT-2025-29396 · Omron · Machine Automation Controller Nj Series +1

Name of the Vulnerable Software and Affected Versions: NJ/NX-series Machine Automation Controllers affected versions not specified Sysmac Studio Software affected versions not specified Description: A least privilege violation exists in the communication function between the NJ/NX-series Machine...

7CVSS6.7AI score0.00221EPSS
Exploits0References6
Nvidia
Nvidia
added 2025/07/10 12:0 a.m.33 views

Security Notice: Rowhammer - July 2025

NVIDIA has released this security notice in response to customer inquiries about potential impacts to NVIDIA GPUs from Rowhammer attacks. Go to NVIDIA Product Security. Details NVIDIA has received new research related to the industry-wide DRAM issue known as “Rowhammer”. The research demonstrates...

7.4AI score
Exploits0
OSV
OSV
added 2025/07/08 5:20 p.m.11 views

USN-7594-3 linux-aws, linux-oracle vulnerabilities

Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - ARM32 architecture; - ARM64 architecture; - PowerPC architecture; - RISC-V architecture; - User-Mode Linux UML; - x...

8.8CVSS6.5AI score0.23278EPSS
Exploits0References333
Ubuntu
Ubuntu
added 2025/07/04 2:24 p.m.7 views

USN-7605-2: Linux kernel (Low Latency) vulnerabilities

It was discovered that the CIFS network file system implementation in the Linux kernel did not properly verify the target namespace when handling upcalls. An attacker could use this to expose sensitive information. CVE-2025-2312 Several security issues were discovered in the Linux kernel. An...

8.8CVSS7.4AI score0.23278EPSS
Exploits0
Rows per page
Query Builder