Lucene search
K

156 matches found

RedhatCVE
RedhatCVE
added 2025/06/01 3:36 p.m.29 views

CVE-2024-13917

An application "com.pri.applock", which is pre-loaded on Kruger smartphones, allows a user to encrypt any application using user-provided PIN code or by using biometric data. Exposed ”com.pri.applock.LockUI“ activity allows any other malicious application, with no granted Android system...

8.3CVSS6.5AI score0.00185EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 10:47 a.m.8 views

CVE-2024-47485

There is a CSV injection vulnerability in some HikCentral Master Lite versions. If exploited, an attacker could build malicious data to generate executable commands in the CSV file...

9.8CVSS7.3AI score0.00538EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/23 5:3 a.m.16 views

CVE-2023-36922

Due to programming error in function module and report, IS-OIL component in SAP ECC and SAP S/4HANA allows an authenticated attacker to inject an arbitrary operating system command into an unprotected parameter in a common default extension. On successful exploitation, the attacker can read or...

9.1CVSS6.8AI score0.007EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 8:6 p.m.12 views

CVE-2021-37670

TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can read from outside of bounds of heap allocated data by sending specially crafted illegal arguments to tf.rawops.UpperBound. The implementation does not validate the rank of sortedinput...

5.5CVSS6.6AI score0.00169EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 6:47 a.m.7 views

CVE-2018-17014

An issue was discovered on TP-Link TL-WR886N 6.0 2.3.4 and TL-WR886N 7.0 1.1.0 devices. Authenticated attackers can crash router services e.g., inetd, HTTP, DNS, and UPnP via long JSON data for ipmacbind name...

6.5CVSS7.1AI score0.0104EPSS
Exploits1References1
CVE
CVE
added 2025/05/13 8:49 p.m.70 views

CVE-2025-43564

Adobe ColdFusion (versions 2025.1, 2023.13, 2021.19 and earlier) is affected by an Improper Access Control vulnerability that can allow arbitrary file system read. The issue stems from improper access restrictions and could let a high-privileged attacker access or modify sensitive data without au...

9.1CVSS6.1AI score0.09517EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2025/05/13 8:49 p.m.64 views

CVE-2025-43563

CVE-2025-43563 affects Adobe ColdFusion versions 2025.1, 2023.13, 2021.19 and earlier. It is an Improper Access Control vulnerability that could enable an attacker with high privileges to perform an arbitrary file system read, potentially accessing or modifying sensitive data. Exploitation requir...

9.1CVSS6.1AI score0.09517EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2025/05/13 8:49 p.m.32 views

CVE-2025-43563 ColdFusion | Improper Access Control (CWE-284)

ColdFusion versions 2025.1, 2023.13, 2021.19 and earlier are affected by an Improper Access Control vulnerability that could result in arbitrary file system read. A high-privileged attacker could leverage this vulnerability to access or modify sensitive data without proper authorization...

9.1CVSS0.09517EPSS
Exploits0References1
Microsoft Secure
Microsoft Secure
added 2025/05/12 4:0 p.m.18 views

Marbled Dust leverages zero-day in Output Messenger for regional espionage

Since April 2024, the threat actor that Microsoft Threat Intelligence tracks as Marbled Dust has been observed exploiting user accounts that have not applied fixes to a zero-day vulnerability CVE-2025-27920 in the messaging app Output Messenger, a multiplatform chat software. These exploits have...

9.8CVSS7.3AI score0.01782EPSS
Exploits0
Microsoft Secure
Microsoft Secure
added 2025/05/12 4:0 p.m.16 views

Marbled Dust leverages zero-day in Output Messenger for regional espionage

Since April 2024, the threat actor that Microsoft Threat Intelligence tracks as Marbled Dust has been observed exploiting user accounts that have not applied fixes to a zero-day vulnerability CVE-2025-27920 in the messaging app Output Messenger, a multiplatform chat software. These exploits have...

7.2CVSS7.3AI score0.01782EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/04/27 12:7 a.m.14 views

CVE-2025-46546

In Sherpa Orchestrator 141851, multiple time-based blind SQL injections can be performed by an authenticated user. This affects api/gui/asset/list, /api/gui/files/export/csv/, /api/gui/files/list, /api/gui/process/export/csv, /api/gui/process/export/xlsx, /api/gui/process/listAll,...

3.5CVSS7.5AI score0.00346EPSS
Exploits0References1
CNVD
CNVD
added 2025/04/25 12:0 a.m.8 views

IBM Sterling Control Center Cross-Site Scripting Vulnerability (CNVD-2025-09285)

IBM Sterling Control Center is an application system from International Business Machines IBM. A centralized monitoring and management system. IBM Sterling Control Center suffers from a cross-site scripting vulnerability that stems from the application's lack of effective filtering and escaping o...

5.4CVSS6.1AI score0.00202EPSS
Exploits0References1
CNVD
CNVD
added 2025/04/18 12:0 a.m.9 views

Adobe XMP Toolkit Buffer Overflow Vulnerability

Adobe XMP Toolkit is a toolkit from the American company Audobee Adobe. Adobe XMP Toolkit suffers from a buffer overflow vulnerability that originates from mishandling a malicious user-supplied file, causing the program to read memory data outside of boundaries, which can be exploited by an...

5.5CVSS6.9AI score0.00235EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/04/08 3:29 p.m.6 views

CVE-2025-3287 Local Code Execution Vulnerability in Arena®

A local code execution vulnerability exists in the Rockwell Automation Arena® due to a stack-based memory buffer overflow. The flaw is result of improper validation of user-supplied data. If exploited a threat actor can disclose information and execute arbitrary code on the system. To exploit the...

8.5CVSS7.7AI score0.00298EPSS
Exploits0References1
CNVD
CNVD
added 2025/03/28 12:0 a.m.6 views

Yonyou UFIDA ERP-NC /help/systop.jsp file cross-site scripting vulnerability

Yonyou UFIDA ERP-NC is a kind of Enterprise Resource Planning ERP software, which is mainly used for financial management, supply chain management, production management and customer relationship management of enterprises. Yonyou UFIDA ERP-NC suffers from a cross-site scripting vulnerability, whi...

6.1CVSS4.7AI score0.00872EPSS
Exploits1References1
Cvelist
Cvelist
added 2025/03/27 10:54 a.m.13 views

CVE-2025-30765 WordPress FlexStock plugin <= 3.13.1 - SQL Injection Vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in WPPOOL FlexStock stock-sync-with-google-sheet-for-woocommerce allows Blind SQL Injection.This issue affects FlexStock: from n/a through = 3.13.1...

7.6CVSS0.00596EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/03/26 12:0 a.m.5 views

PT-2025-12871 · WordPress · Advanced Iframe

Name of the Vulnerable Software and Affected Versions: Advanced iFrame plugin for WordPress versions up to and including 2024.5 Description: The issue allows unauthorized excessive creation of options on the aip map url callback function due to insufficient restrictions. This enables...

5.3CVSS9.4AI score0.00276EPSS
Exploits0References10
HackRead
HackRead
added 2025/03/22 7:5 p.m.10 views

How Cybercriminals Exploit Public Info for Attacks: Understanding Risks and Prevention

Cybercriminals are skilled at using public information to their advantage. Knowing how they gather this data can help…...

7AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2025/03/04 12:0 a.m.14 views

Linux Distros Unpatched Vulnerability : CVE-2016-10158

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The exifconvertanytoint function in ext/exif/exif.c in PHP before 5.6.30, 7.0.x before 7.0.15, and 7.1.x before 7.1.1 allows remote attackers to cause a denial ...

7.5CVSS7.8AI score0.07827EPSS
Exploits0References2
CVE
CVE
added 2025/02/27 6:26 p.m.54 views

CVE-2025-22624

CVE-2025-22624 affects FooGallery – Responsive Photo Gallery (WordPress plugin) up to version 2.4.29. The issue is a reflected XSS arising from unvalidated untrusted data in myapp/extensions/albums/admin/class-meta-boxes.php. Public references confirm the vulnerability and indicate a patch is ava...

5.1CVSS6.5AI score0.00384EPSS
Exploits0References2
Rows per page
Query Builder