Lucene search
K

48 matches found

NVD
NVD
added 2026/06/01 5:16 p.m.13 views

CVE-2022-4991

Tychon includes an OpenSSL component that specifies an OPENSSLDIR variable as a subdirectory that may be controllable by an unprivileged user on Windows. Tychon contains a privileged service that uses this OpenSSL component. A user who can place a specially-crafted openssl.cnf file at an...

7.4CVSS0.00254EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/13 6:30 p.m.11 views

EUVD-2026-29935

ELECOM wireless LAN access point devices use a hard-coded cryptographic key when creating backups of configuration files. An attacker who knows the encryption key can tamper the configuration file of the product, and a victim administrator may be tricked to use a crafted configuration file...

6.9CVSS6.6AI score0.00124EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/05/07 8:21 p.m.11 views

CVE-2026-30814

A stack-based buffer overflow in the tmpServer module of TP-Link Archer AX53 v1.0 allows an authenticated adjacent attacker to trigger a segmentation fault and potentially execute arbitrary code via a specially crafted configuration file. Successful exploitation may cause a crash and could allow...

8CVSS6.5AI score0.00418EPSS
Exploits0References1
Snyk
Snyk
added 2026/04/10 4:9 p.m.4 views

Use of Less Trusted Source

Overview Affected versions of this package are vulnerable to Use of Less Trusted Source via the nspawn process. An attacker can gain unauthorized access to the host system by supplying a crafted optional configuration file. Remediation A fix was pushed into the master branch but not yet published...

7.1CVSS5.8AI score0.00072EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/04/10 3:18 p.m.2 views

CVE-2026-40226

In nspawn in systemd 233 through 259 before 260, an escape-to-host action can occur via a crafted optional config file...

6.4CVSS5.8AI score0.00072EPSS
Exploits0References2Affected Software1
EUVD
EUVD
added 2026/04/08 9:33 p.m.1 views

EUVD-2026-20542

A stack-based buffer overflow in the tmpServer module of TP-Link Archer AX53 v1.0 allows an authenticated adjacent attacker to trigger a segmentation fault and potentially execute arbitrary code via a specially crafted configuration file. Successful exploitation may cause a crash and could allow...

7.3CVSS6.6AI score0.00418EPSS
Exploits0References5
CVE
CVE
added 2026/04/08 5:52 p.m.16 views

CVE-2026-30814

Affects TP-Link Archer AX53 v1.0. The vulnerability is a stack-based buffer overflow in the tmpServer module, allowing an authenticated adjacent attacker to trigger a segmentation fault and potentially execute arbitrary code via a crafted configuration file. Exploitation may crash the device and ...

8CVSS6.6AI score0.00418EPSS
Exploits0References5Affected Software1
NVD
NVD
added 2026/03/02 6:16 p.m.6 views

CVE-2026-0654

Improper input handling in the administration web interface on TP-Link Deco BE25 v1.0 allows crafted input to be executed as part of an OS command. An authenticated adjacent attacker may execute arbitrary commands via crafted configuration file, impacting confidentiality, integrity and availabili...

8.5CVSS0.00291EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/03/02 5:39 p.m.20 views

CVE-2026-0654 Command injection on TP-Link Deco BE25

Improper input handling in the administration web interface on TP-Link Deco BE25 v1.0 allows crafted input to be executed as part of an OS command. An authenticated adjacent attacker may execute arbitrary commands via crafted configuration file, impacting confidentiality, integrity and availabili...

8.5CVSS0.00291EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/01/31 3:21 p.m.4 views

CVE-2025-13176

Planting a custom configuration file in ESET Inspect Connector allow load a malicious DLL...

8.4CVSS5.9AI score0.00151EPSS
Exploits0References1
OSV
OSV
added 2025/11/06 11:15 p.m.4 views

CVE-2025-62630

Due to insufficient sanitization, an attacker can upload a specially crafted configuration file to traverse directories and achieve remote code execution with system-level permissions...

9.8CVSS6AI score0.00661EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/10/27 7:26 a.m.6 views

CVE-2025-12200

No description is available for this CVE. Mitigation No mitigation is currently available that meets Red Hat Product Security’s standards for usability, deployment, applicability, or stability. To reduce the risk, restrict write access to the dnsmasq.conf file and related configuration directorie...

4.1AI score0.00012EPSS
Exploits0References7
RedhatCVE
RedhatCVE
added 2025/10/15 12:51 a.m.14 views

CVE-2025-60536

An issue in the Configure New Cluster interface of kafka-ui v0.6.0 to v0.7.2 allows attackers to cause a Denial of Service DoS via uploading a crafted configuration file...

7.5CVSS6.8AI score0.00594EPSS
Exploits0References1
OSV
OSV
added 2025/10/14 6:15 p.m.6 views

CVE-2025-60536

An issue in the Configure New Cluster interface of kafka-ui v0.6.0 to v0.7.2 allows attackers to cause a Denial of Service DoS via uploading a crafted configuration file...

7.5CVSS5.8AI score0.00594EPSS
Exploits0References3
NVD
NVD
added 2025/10/14 6:15 p.m.6 views

CVE-2025-60536

An issue in the Configure New Cluster interface of kafka-ui v0.6.0 to v0.7.2 allows attackers to cause a Denial of Service DoS via uploading a crafted configuration file...

7.5CVSS0.00594EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2025/10/14 12:0 a.m.4 views

CVE-2025-60536

An issue in the Configure New Cluster interface of kafka-ui v0.6.0 to v0.7.2 allows attackers to cause a Denial of Service DoS via uploading a crafted configuration file...

6.4AI score0.00594EPSS
Exploits0References3
CVE
CVE
added 2025/10/14 12:0 a.m.14 views

CVE-2025-60536

The CVE-2025-60536 entry affects kafka-ui, specifically the Configure New Cluster interface in versions v0.6.0 through v0.7.2. The issue allows an attacker to trigger a Denial of Service by uploading a crafted configuration file. The available connected documents confirm the affected product/vers...

7.5CVSS6.4AI score0.00594EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/05/23 6:41 a.m.5 views

CVE-2024-51366

An arbitrary file upload vulnerability in the component \Roaming\Omega of OmegaT v6.0.1 allows attackers to execute arbitrary code via uploading a crafted .conf file...

9.8CVSS7.8AI score0.00699EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 5:51 a.m.4 views

CVE-2023-22917

A buffer overflow vulnerability in the “sdwanifaceipc” binary of Zyxel ATP series firmware versions 5.10 through 5.32, USG FLEX series firmware versions 5.00 through 5.32, USG FLEX 50W firmware versions 5.10 through 5.32, USG20W-VPN firmware versions 5.10 through 5.32, and VPN series firmware...

7.5CVSS7.3AI score0.00879EPSS
Exploits0References1
OSV
OSV
added 2025/04/22 3:15 a.m.3 views

CVE-2025-1732

An improper privilege management vulnerability in the recovery function of the Zyxel USG FLEX H series uOS firmware version V1.31 and earlier could allow an authenticated local attacker with administrator privileges to upload a crafted configuration file and escalate privileges on a vulnerable...

6.7CVSS5.8AI score
Exploits0References1
Rows per page
Query Builder