Lucene search
K

6323 matches found

Zero Day Initiative
Zero Day Initiative
added 2025/03/13 12:0 a.m.10 views

X.Org Server PlayReleasedEvents Use-After-Free Local Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on affected installations of X.Org Server. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the handling of device...

7.8CVSS7.2AI score0.0035EPSS
Exploits0References1
CVE
CVE
added 2025/03/06 12:0 a.m.65 views

CVE-2025-25361

CVE-2025-25361 affects PublicCMS v4.0.202406, with an arbitrary file upload vulnerability in /cms/CmsWebFileAdminController.java that enables remote code execution by uploading crafted SVG/XML files. CVSSv3.1 vector: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H (score 9.8, CRITICAL). Exploitation context ...

9.8CVSS8AI score0.00649EPSS
Exploits1References1Affected Software1
Debian CVE
Debian CVE
added 2025/02/28 12:0 a.m.8 views

CVE-2025-25723

Buffer Overflow vulnerability in GPAC version 2.5 allows a local attacker to execute arbitrary code...

8.4CVSS5.8AI score0.00353EPSS
Exploits1
NVD
NVD
added 2025/02/26 3:15 p.m.9 views

CVE-2025-25783

An arbitrary file upload vulnerability in the component admin\plugin.php of Emlog Pro v2.5.3 allows attackers to execute arbitrary code via uploading a crafted Zip file...

9.8CVSS0.00774EPSS
Exploits0References3
CVE
CVE
added 2025/02/26 12:0 a.m.78 views

CVE-2025-25791

The CVE-2025-25791 entry describes an arbitrary file upload vulnerability in the plugin installation feature of YZNCMS v2.0.1. Attackers can upload a crafted Zip file to execute arbitrary code on the affected system. The impact is limited to code execution via the upload path, as per the descript...

4.4CVSS7.5AI score0.00253EPSS
Exploits1References3Affected Software1
Redos
Redos
added 2025/02/26 12:0 a.m.78 views

ROS-20250226-14

A vulnerability in the gzipdowrite function of the zlib compression library of the cURL command-line utility is related to an integer overflow. Exploitation of the vulnerability could allow an attacker acting remotely, bypass the ASLR protection mechanism, execute arbitrary code, or cause a denia...

7.3CVSS7.4AI score0.01168EPSS
Exploits2
Zero Day Initiative
Zero Day Initiative
added 2025/02/24 12:0 a.m.9 views

Microsoft Windows Installer Service Link Following Local Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the Windows...

7.8CVSS6.9AI score0.00749EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/02/23 12:22 a.m.17 views

CVE-2025-25766

An arbitrary file upload vulnerability in the component /file/savefile.do of MRCMS v3.1.2 allows attackers to execute arbitrary code via uploading a crafted .jsp file...

4.8CVSS7.7AI score0.00296EPSS
Exploits1References1
CNVD
CNVD
added 2025/02/19 12:0 a.m.6 views

Linux Ratfor Buffer Overflow Vulnerability

Linux Ratfor is a programming language implemented as a preprocessor for Fortran 66. A buffer overflow vulnerability exists in Linux Ratfor 1.06 and earlier versions, which stems from an application boundary error when handling untrusted input. An attacker could exploit the vulnerability to execu...

7CVSS7.8AI score0.00258EPSS
Exploits0References1
CNVD
CNVD
added 2025/02/17 12:0 a.m.611 views

Unspecified Vulnerability in Apple GarageBand (CNVD-2025-06484)

Apple GarageBand is an application from Apple USA. An unspecified vulnerability exists in Apple GarageBand, which can be exploited by an attacker to execute arbitrary code...

7.8CVSS7.1AI score0.00318EPSS
Exploits0References1
CNVD
CNVD
added 2025/02/17 12:0 a.m.9 views

Adobe Illustrator Memory Misreference Vulnerability (CNVD-2025-04203)

Adobe Illustrator is a set of vector-based image creation software from the American company Audobee Adobe. A memory misreference vulnerability exists in Adobe Illustrator, which can be exploited by an attacker to execute arbitrary code in the current user's environment...

7.8CVSS7.4AI score0.00391EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/02/14 7:46 a.m.14 views

CVE-2024-34930

A SQL injection vulnerability in /model/allevents1.php in Campcodes Complete Web-Based School Management System 1.0 allows attacker to execute arbitrary SQL commands via the month parameter...

5.3CVSS8.5AI score0.00221EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/02/14 6:15 a.m.8 views

CVE-2024-34935

A SQL injection vulnerability in /view/conversationhistoryadmin.php in Campcodes Complete Web-Based School Management System 1.0 allows an attacker to execute arbitrary SQL commands via the conversationid parameter...

9.8CVSS8.5AI score0.0051EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/02/14 12:3 a.m.8 views

CVE-2024-35621

A cross-site scripting XSS vulnerability in the Edit function of Formwork before 1.13.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Content field...

4.8CVSS5.6AI score0.00271EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/02/12 12:32 a.m.6 views

CVE-2024-57407

An arbitrary file upload vulnerability in the component /userPicture of Timo v2.0.3 allows attackers to execute arbitrary code via uploading a crafted file...

7.3CVSS7.7AI score0.00398EPSS
Exploits0References1
CVE
CVE
added 2025/02/11 7:56 p.m.59 views

CVE-2025-0902

PDF-XChange Editor is affected by a vulnerability in the XPS file parsing module that can cause an out-of-bounds read and information disclosure. Root cause: insufficient validation of user-supplied data during XPS parsing, leading to reading beyond an allocated object. Impact: information disclo...

8.8CVSS4.9AI score0.00624EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2025/02/11 3:0 p.m.40 views

CVE-2024-33659

The CVE-2024-33659 entry concerns AMI AptioV BIOS with an Improper Input Validation flaw that allows a local attacker to overwrite memory and execute arbitrary code at the System Management Mode (SMM) level, impacting confidentiality, integrity, and availability. Documents consistently identify t...

8.8CVSS7.4AI score0.00155EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2025/02/11 12:0 a.m.21 views

CVE-2025-25524

Buffer overflow vulnerability in TOTOLink X6000R routers V9.4.0cu.652B20230116 due to the lack of length verification, which is related to the addition of Wi-Fi filtering rules. Attackers who successfully exploit this vulnerability can cause the remote target device to crash or execute arbitrary...

0.00163EPSS
Exploits0References1
CNVD
CNVD
added 2025/02/10 12:0 a.m.2 views

Mozilla Firefox Memory Corruption Vulnerability (CNVD-2025-18674)

Mozilla Firefox is an open source WEB browser. Mozilla Firefox suffers from a memory corruption vulnerability that can be exploited by a remote attacker to submit a special Web request, which induces the user to parse it, and can be used in the context of the application to execute arbitrary code...

9.8CVSS7.5AI score0.00547EPSS
Exploits0References1
CVE
CVE
added 2025/02/10 12:0 a.m.47 views

CVE-2024-57407

CVE-2024-57407 affects Timo v2.0.3, with a vulnerability in the /userPicture component allowing an attacker to upload a crafted file and potentially execute arbitrary code. Documented impact per CVSSv3.1: High (7.3), network attack vector, low attack complexity, privileges required: Low, user int...

7.3CVSS7.4AI score0.00398EPSS
Exploits0References2
Rows per page
Query Builder