Lucene search
K

118 matches found

ATTACKERKB
ATTACKERKB
added 2025/09/16 2:2 p.m.5 views

CVE-2025-8057

Authorization Bypass Through User-Controlled Key, Externally Controlled Reference to a Resource in Another Sphere, Improper Authorization vulnerability in Patika Global Technologies HumanSuite allows Exploiting Trust in Client. This issue affects HumanSuite: before 53.21.0...

6.5CVSS5.5AI score0.00263EPSS
Exploits0References3
CVE
CVE
added 2025/09/16 2:2 p.m.12 views

CVE-2025-8057

CVE-2025-8057 concerns an authorization bypass in Patika Global Technologies’ HumanSuite. The issue arises from a user‑controlled key that enables an externally controlled reference to a resource in another sphere, leading to improper authorization. Affected product/version: HumanSuite prior to 5...

6.5CVSS5.4AI score0.00263EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/09/05 1:28 p.m.8 views

CVE-2025-53693

Use of Externally-Controlled Input to Select Classes or Code 'Unsafe Reflection' vulnerability in Sitecore Sitecore Experience Manager XM, Sitecore Experience Platform XP allows Cache Poisoning.This issue affects Sitecore Experience Manager XM: from 9.0 through 9.3, from 10.0 through 10.4;...

9.8CVSS6.9AI score0.13782EPSS
Exploits3References1
Cvelist
Cvelist
added 2025/09/03 12:36 p.m.13 views

CVE-2025-53693 HTML Cache Poisoning through Unsafe Reflections

Use of Externally-Controlled Input to Select Classes or Code 'Unsafe Reflection' vulnerability in Sitecore Sitecore Experience Manager XM, Sitecore Experience Platform XP allows Cache Poisoning.This issue affects Sitecore Experience Manager XM: from 9.0 through 9.3, from 10.0 through 10.4;...

9.8CVSS0.13782EPSS
Exploits3References2
CVE
CVE
added 2025/09/03 12:36 p.m.44 views

CVE-2025-53693

CVE-2025-53693 is an HTML cache poisoning vulnerability in Sitecore Experience Manager (XM) and Experience Platform (XP) caused by using externally-controlled input to select classes or code (Unsafe Reflection). Affected products: XM 9.0–9.3 and 10.0–10.4; XP 9.0–9.3 and 10.0–10.4. The underlying...

9.8CVSS6.6AI score0.13782EPSS
Exploits3References2Affected Software4
Snyk
Snyk
added 2025/08/26 5:20 p.m.3 views

Use of Externally-Controlled Format String

Overview Magick.NET-Q8-x64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package are...

8.8CVSS7.7AI score0.04065EPSS
Exploits1References2
Snyk
Snyk
added 2025/08/26 5:20 p.m.6 views

Use of Externally-Controlled Format String

Overview Magick.NET-Q16-HDRI-arm64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package a...

8.8CVSS7.7AI score0.04065EPSS
Exploits1References2
Snyk
Snyk
added 2025/08/26 5:20 p.m.5 views

Use of Externally-Controlled Format String

Overview Magick.NET-Q16-HDRI-x86 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package are...

8.8CVSS7.7AI score0.04065EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2025/07/29 9:11 p.m.4 views

CVE-2025-40600

Use of Externally-Controlled Format String vulnerability in the SonicOS SSL VPN interface allows a remote unauthenticated attacker to cause service disruption...

7.3AI score0.00875EPSS
Exploits0References1
NVD
NVD
added 2025/06/06 4:15 p.m.9 views

CVE-2025-22482

A use of externally-controlled format string vulnerability has been reported to affect Qsync Central. If exploited, the vulnerability could allow remote attackers who have gained user access to obtain secret data or modify memory. We have already fixed the vulnerability in the following version:...

8.1CVSS0.00311EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/06/06 12:0 a.m.5 views

QNAP Qsync Central 格式化字符串错误漏洞

QNAP Qsync Central is a cloud-based file synchronization service on a NAS from Taiwan, China-based QNAP Technology QNAP. A Formatting String Error vulnerability exists in QNAP Qsync Central, which originates from an externally controlled formatting string and could allow a remote attacker to obta...

8.1CVSS6.8AI score0.00311EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/05/23 8:32 a.m.9 views

CVE-2024-50399

A use of externally-controlled format string vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained administrator access to obtain secret data or modify memory. We have already fixed the...

2.1CVSS6.9AI score0.00574EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 6:41 a.m.8 views

CVE-2024-50396

A use of externally-controlled format string vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers to obtain secret data or modify memory. We have already fixed the vulnerability in the following versions: QT...

7.7CVSS6.9AI score0.00638EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/23 3:3 a.m.4 views

CVE-2023-21420

Use of Externally-Controlled Format String vulnerabilities in STST TA prior to SMR Jan-2023 Release 1 allows arbitrary code execution...

7.8CVSS7.4AI score0.00205EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/05/14 8:46 a.m.5 views

CVE-2025-2875

CWE-610: Externally Controlled Reference to a Resource in Another Sphere vulnerability exists that could cause a loss of confidentiality when an unauthenticated attacker manipulates controller’s webserver URL to access resources...

8.7CVSS7.5AI score0.00345EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2025/02/11 5:15 p.m.0 views

CVE-2023-40721

A use of externally-controlled format string vulnerability CWE-134 vulnerability in Fortinet allows a privileged attacker to execute arbitrary code or commands via specially crafted requests...

6.7CVSS6.1AI score0.00242EPSS
Exploits0References2Affected Software4
OSV
OSV
added 2024/12/06 5:15 p.m.5 views

CVE-2024-50402

A use of externally-controlled format string vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained administrator access to obtain secret data or modify memory. We have already fixed the...

7.2CVSS5.8AI score0.00533EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2024/12/06 12:0 a.m.8 views

PT-2024-10311 · Qnap · Qnap Qts +1

Name of the Vulnerable Software and Affected Versions: QNAP QTS versions prior to 5.2.2.2950 build 20241114 QNAP QuTS hero versions prior to 5.2.2.2952 build 20241116 Description: A use of externally-controlled format string issue has been reported to affect several QNAP operating system versions...

2.1CVSS7.4AI score0.00465EPSS
Exploits0References7
BDU FSTEC
BDU FSTEC
added 2024/12/03 12:0 a.m.5 views

The vulnerability of the GENESIS64 SCADA system’s software packages for monitoring and data collection, developed by MC Works64, arises from the use of external control inputs for class selection. This allows a intruder to execute arbitrary code.

The vulnerability of the GENESIS64 SCADA system’s software packages for monitoring and data collection via MC Works64 is related to the use of externally controlled input data for class selection. Exploiting this vulnerability allows a perpetrator to execute arbitrary code...

6.7CVSS5.8AI score0.00192EPSS
Exploits0References3Affected Software2
NVD
NVD
added 2024/11/22 4:15 p.m.27 views

CVE-2024-50400

A use of externally-controlled format string vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained administrator access to obtain secret data or modify memory. We have already fixed the...

7.2CVSS0.00574EPSS
Exploits0References1
Rows per page
Query Builder