Lucene search
K

1620 matches found

OSV
OSV
added 2025/11/24 4:15 p.m.5 views

UBUNTU-CVE-2025-40213

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: MGMT: fix crash in setmeshsync and setmeshcomplete There is a BUG: KASAN: stack-out-of-bounds in setmeshsync due to memcpy from badly declared on-stack flexible array. Another crash is in setmeshcomplete due to double...

5.7AI score0.00161EPSS
Exploits0References11
Tenable Nessus
Tenable Nessus
added 2025/11/05 12:0 a.m.6 views

Unity Linux 20.1070e Security Update: kernel (UTSA-2025-989595)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-989595 advisory. In the Linux kernel, the following vulnerability has been resolved: ext4: fix ext4mbmarkbb with flexbg with fastcommit In case of flexbg feature which is by default...

5.5CVSS5.7AI score0.00252EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2025/11/05 12:0 a.m.10 views

Unity Linux 20.1070a Security Update: kernel (UTSA-2025-988802)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-988802 advisory. In the Linux kernel, the following vulnerability has been resolved: ext4: fix ext4mbmarkbb with flexbg with fastcommit In case of flexbg feature which is by default...

5.5CVSS5.7AI score0.00252EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/29 6:30 p.m.8 views

EUVD-2025-36687

In Search Guard FLX versions 3.1.1 and earlier, Field-Level Security FLS rules are improperly enforced on object-valued fields. When an FLS exclusion rule e.g., field is applied to a field which contains an object as its value, the object is correctly removed from the source returned by search...

6CVSS6.3AI score0.0025EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/10/22 2:9 a.m.5 views

CVE-2025-9133

A missing authorization vulnerability in Zyxel ATP series firmware versions from V4.32 through V5.40, USG FLEX series firmware versions from V4.50 through V5.40, USG FLEX 50W series firmware versions from V4.16 through V5.40, and USG20W-VPN series firmware versions from V4.16 through V5.40 could...

8.1CVSS6.9AI score0.05462EPSS
Exploits0References1
OSV
OSV
added 2025/10/21 3:15 a.m.3 views

CVE-2025-9133

A missing authorization vulnerability in Zyxel ATP series firmware versions from V4.32 through V5.40, USG FLEX series firmware versions from V4.50 through V5.40, USG FLEX 50W series firmware versions from V4.16 through V5.40, and USG20W-VPN series firmware versions from V4.16 through V5.40 could...

8.1CVSS5.8AI score0.05462EPSS
Exploits0References1
NVD
NVD
added 2025/10/21 3:15 a.m.11 views

CVE-2025-9133

A missing authorization vulnerability in Zyxel ATP series firmware versions from V4.32 through V5.40, USG FLEX series firmware versions from V4.50 through V5.40, USG FLEX 50W series firmware versions from V4.16 through V5.40, and USG20W-VPN series firmware versions from V4.16 through V5.40 could...

8.1CVSS0.05462EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/10/21 1:57 a.m.5 views

CVE-2025-9133

A missing authorization vulnerability in Zyxel ATP series firmware versions from V4.32 through V5.40, USG FLEX series firmware versions from V4.50 through V5.40, USG FLEX 50W series firmware versions from V4.16 through V5.40, and USG20W-VPN series firmware versions from V4.16 through V5.40 could...

8.1CVSS6.7AI score0.05462EPSS
Exploits0References1
CVE
CVE
added 2025/10/21 1:57 a.m.16 views

CVE-2025-9133

Summary of CVE-2025-9133 (Zyxel devices) Technical details in the connected PT-2025-42828 entry show a missing authorization flaw in Zyxel ATP series, Zyxel USG FLEX series, and Zyxel USG20(W)-VPN devices. The vulnerability arises from insufficient input validation/logic in the CGI interface, spe...

8.1CVSS6.7AI score0.05462EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2025/10/21 1:49 a.m.3 views

CVE-2025-8078

A post-authentication command injection vulnerability in Zyxel ATP series firmware versions from V4.32 through V5.40, USG FLEX series firmware versions from V4.50 through V5.40, USG FLEX 50W series firmware versions from V4.16 through V5.40, and USG20W-VPN series firmware versions from V4.16...

7.2CVSS7.2AI score0.01484EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/10/21 1:49 a.m.10 views

CVE-2025-8078

A post-authentication command injection vulnerability in Zyxel ATP series firmware versions from V4.32 through V5.40, USG FLEX series firmware versions from V4.50 through V5.40, USG FLEX 50W series firmware versions from V4.16 through V5.40, and USG20W-VPN series firmware versions from V4.16...

7.2CVSS0.01484EPSS
Exploits0References1
CVE
CVE
added 2025/10/21 1:49 a.m.21 views

CVE-2025-8078

CVE-2025-8078 describes a post-authentication command-injection vulnerability in Zyxel devices: Zyxel ATP series firmware v4.32–v5.40, USG FLEX series v4.50–v5.40, USG FLEX 50(W) series v4.16–v5.40, and USG20(W)-VPN series v4.16–v5.40. An authenticated administrator can pass a crafted string as a...

7.2CVSS7.2AI score0.01484EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2025/10/21 12:0 a.m.9 views

PT-2025-42828

Name of the Vulnerable Software and Affected Versions Zyxel ATP series versions V4.32 through V5.40 Zyxel USG FLEX series versions V4.50 through V5.40 Zyxel USG FLEX 50W series versions V4.16 through V5.40 Zyxel USG20W-VPN series versions V4.16 through V5.40 Description A missing authorization fl...

8.1CVSS9.5AI score0.05462EPSS
Exploits0References15
VulnCheck KEV
VulnCheck KEV
added 2025/10/17 12:0 a.m.39 views

VulnCheck KEV: CVE-2022-0342

An authentication bypass vulnerability in the CGI program of Zyxel USG/ZyWALL series firmware versions 4.20 through 4.70, USG FLEX series firmware versions 4.50 through 5.20, ATP series firmware versions 4.32 through 5.20, VPN series firmware versions 4.30 through 5.20, and NSG series firmware...

9.8CVSS5.8AI score0.84839EPSS
In wildExploits0References30
NVD
NVD
added 2025/10/15 9:15 a.m.70 views

CVE-2025-10041

The Flex QR Code Generator plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in thesaveqrcodetodb function in all versions up to, and including, 1.2.5. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected...

9.8CVSS0.00878EPSS
Exploits3References4
EUVD
EUVD
added 2025/10/15 8:25 a.m.38 views

EUVD-2025-34561

The Flex QR Code Generator plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in thesaveqrcodetodb function in all versions up to, and including, 1.2.5. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected...

9.8CVSS7.1AI score0.00878EPSS
Exploits3References4
Vulnrichment
Vulnrichment
added 2025/10/15 8:25 a.m.6 views

CVE-2025-10041 Flex QR Code Generator <= 1.2.5 - Unauthenticated Arbitrary File Upload

The Flex QR Code Generator plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in thesaveqrcodetodb function in all versions up to, and including, 1.2.5. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected...

9.8CVSS7.2AI score0.00878EPSS
Exploits3References3
Cvelist
Cvelist
added 2025/10/15 8:25 a.m.44 views

CVE-2025-10041 Flex QR Code Generator <= 1.2.5 - Unauthenticated Arbitrary File Upload

The Flex QR Code Generator plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in thesaveqrcodetodb function in all versions up to, and including, 1.2.5. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected...

9.8CVSS0.00878EPSS
Exploits3References4
CVE
CVE
added 2025/10/15 8:25 a.m.35 views

CVE-2025-10041

The CVE-2025-10041 entry concerns the Flex QR Code Generator WordPress plugin. Affected versions include all up to and including 1.2.5, where missing file type validation in the save_qr_code_to_db() function allows unauthenticated arbitrary file uploads, potentially enabling remote code execution...

9.8CVSS7.2AI score0.00878EPSS
Exploits3References4
GithubExploit
GithubExploit
added 2025/10/15 7:51 a.m.233 views

Exploit for CVE-2025-10041

CVE-2025-10041 Flex QR Code Generator = 1.2.5 - Unauthenti...

7.6AI score0.00878EPSS
Exploits3
Rows per page
Query Builder