Lucene search
K

714 matches found

EUVD
EUVD
added 2026/02/25 3:41 a.m.7 views

EUVD-2026-8612

FreeScout is a free help desk and shared inbox built with PHP's Laravel framework. Prior to version 1.8.206, FreeScout's file upload restriction list in app/Misc/Helper.php does not include .htaccess or .user.ini files. On Apache servers with AllowOverride All a common configuration, an...

9.8CVSS5.7AI score0.02121EPSS
Exploits4References3
Positive Technologies
Positive Technologies
added 2026/02/25 12:0 a.m.6 views

PT-2026-21853

Name of the Vulnerable Software and Affected Versions FreeScout versions prior to 1.8.206 Description FreeScout, a PHP-based help desk and shared inbox application built on the Laravel framework, contains a flaw in its file upload restrictions. Prior to version 1.8.206, the application does not...

8.8CVSS5.7AI score0.02121EPSS
Exploits3References30
CVE
CVE
added 2026/02/18 9:55 p.m.9 views

CVE-2019-25358

FileOptimizer 14.00.2524 contains a denial-of-service vulnerability where the TempDirectory parameter in FileOptimizer32.ini can be overwritten with a 5000-character buffer, causing the application to crash when opening the options dialog. Affected component: FileOptimizer (Windows). Root cause: ...

8.7CVSS5.7AI score0.00384EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/02/18 9:55 p.m.2 views

CVE-2019-25358 FileOptimizer 14.00.2524 - Denial of Service

FileOptimizer 14.00.2524 contains a denial of service vulnerability that allows attackers to crash the application by manipulating the FileOptimizer32.ini configuration file. Attackers can overwrite the TempDirectory parameter with a 5000-character buffer to cause the application to crash when...

8.7CVSS5.7AI score0.00384EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/02/18 9:55 p.m.22 views

CVE-2019-25358 FileOptimizer 14.00.2524 - Denial of Service

FileOptimizer 14.00.2524 contains a denial of service vulnerability that allows attackers to crash the application by manipulating the FileOptimizer32.ini configuration file. Attackers can overwrite the TempDirectory parameter with a 5000-character buffer to cause the application to crash when...

8.7CVSS0.00384EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/02/18 12:0 a.m.7 views

FileOptimizer 安全漏洞

FileOptimizer is a file compression tool developed by Javier Gutiérrez Chamorro. Version 14.00.2524 of FileOptimizer contains a security vulnerability. This vulnerability allows attackers to cause the application to crash by manipulating the FileOptimizer32.ini configuration file, potentially...

8.7CVSS5.8AI score0.00384EPSS
Exploits0References4
Packet Storm
Packet Storm
added 2026/01/26 12:0 a.m.141 views

📄 Juniper JunOS 23.4 Module Scanner / Exploitation Framework

This PHP script is a modular scanner and exploitation framework targeting Juniper JunOS CVE‑2023‑36846, an arbitrary file upload vulnerability due to missing authentication.. It is designed with a clear separation of responsibilities and supports single‑target testing, interactive exploitation, a...

5.3CVSS5.9AI score0.94205EPSS
Exploits4
NVD
NVD
added 2026/01/21 6:16 p.m.7 views

CVE-2021-47850

Mini Mouse 9.2.0 contains a path traversal vulnerability that allows remote attackers to access arbitrary system files and directories through crafted HTTP requests. Attackers can retrieve sensitive files like win.ini and list contents of system directories such as C:\Users\Public by manipulating...

8.7CVSS0.012EPSS
Exploits1References3
EUVD
EUVD
added 2026/01/21 5:27 p.m.5 views

EUVD-2026-3610

Mini Mouse 9.2.0 contains a path traversal vulnerability that allows remote attackers to access arbitrary system files and directories through crafted HTTP requests. Attackers can retrieve sensitive files like win.ini and list contents of system directories such as C:\Users\Public by manipulating...

8.7CVSS5.7AI score0.012EPSS
Exploits1References4
Tenable Nessus
Tenable Nessus
added 2026/01/20 12:0 a.m.3 views

MiracleLinux 7 : rh-nodejs14-nodejs-nodemon-2.0.3-5.el7, rh-nodejs14-nodejs-14.17.5-1.el7 (AXSA:2021-2387:02)

The remote MiracleLinux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2021-2387:02 advisory. nodejs: Use-after-free on close http2 on stream canceling CVE-2021-22930 nodejs: Use-after-free on close http2 on stream canceling CVE-2021-22940...

9.8CVSS8AI score0.37286EPSS
Exploits7References11
Tenable Nessus
Tenable Nessus
added 2026/01/20 12:0 a.m.7 views

MiracleLinux 7 : rh-nodejs12-nodejs-nodemon-2.0.3-5.el7, rh-nodejs12-nodejs-12.22.5-1.el7 (AXSA:2021-2386:03)

The remote MiracleLinux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2021-2386:03 advisory. nodejs: Use-after-free on close http2 on stream canceling CVE-2021-22930 nodejs: Use-after-free on close http2 on stream canceling CVE-2021-22940...

9.8CVSS8AI score0.37286EPSS
Exploits7References11
Tenable Nessus
Tenable Nessus
added 2026/01/20 12:0 a.m.5 views

MiracleLinux 8 : nodejs:10 (AXSA:2021-1501:01)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2021-1501:01 advisory. libuv: buffer overflow in realpath CVE-2020-8252 nodejs-npm-user-validate: improper input validation when validating user emails leads to ReDoS...

9.8CVSS7.9AI score0.69062EPSS
Exploits8References11
Tenable Nessus
Tenable Nessus
added 2026/01/20 12:0 a.m.7 views

MiracleLinux 7 : rh-nodejs12-nodejs-nodemon-2.0.3-1.el7, rh-nodejs12-nodejs-12.20.1-1.el7 (AXSA:2021-1451:01)

The remote MiracleLinux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2021-1451:01 advisory. nodejs-mixin-deep: prototype pollution in function mixin-deep CVE-2019-10746 nodejs-set-value: prototype pollution in function set-value...

9.8CVSS7.7AI score0.16296EPSS
Exploits7References7
Tenable Nessus
Tenable Nessus
added 2026/01/20 12:0 a.m.4 views

MiracleLinux 7 : rh-nodejs14-nodejs-14.15.4-2.el7 (AXSA:2021-1397:01)

The remote MiracleLinux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2021-1397:01 advisory. nodejs-npm-user-validate: improper input validation when validating user emails leads to ReDoS CVE-2020-7754 nodejs-y18n: prototype pollution...

9.8CVSS7AI score0.69062EPSS
Exploits6References8
Tenable Nessus
Tenable Nessus
added 2026/01/20 12:0 a.m.4 views

MiracleLinux 8 : nodejs:14 (AXSA:2021-1510:01)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2021-1510:01 advisory. nodejs-npm-user-validate: improper input validation when validating user emails leads to ReDoS CVE-2020-7754 nodejs-y18n: prototype pollution...

9.8CVSS7AI score0.69062EPSS
Exploits6References8
RedhatCVE
RedhatCVE
added 2026/01/15 12:23 a.m.8 views

CVE-2025-65397

An insecure authentication mechanism in the safeexec.sh startup script of Blurams Flare Camera version 24.1114.151.929 and earlier allows an attacker with physical access to the device to execute arbitrary commands with root privileges, if file /opt/images/publickey.der is not present in the file...

6.8CVSS7.5AI score0.00269EPSS
Exploits0References1
NVD
NVD
added 2026/01/14 6:16 p.m.7 views

CVE-2025-65397

An insecure authentication mechanism in the safeexec.sh startup script of Blurams Flare Camera version 24.1114.151.929 and earlier allows an attacker with physical access to the device to execute arbitrary commands with root privileges, if file /opt/images/publickey.der is not present in the file...

6.8CVSS0.00269EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/01/14 12:0 a.m.9 views

PT-2026-2920

Name of the Vulnerable Software and Affected Versions Blurams Flare Camera versions prior to 24.1114.151.929 Description An insecure authentication mechanism exists in the safe exec.sh startup script. This allows an attacker with physical access to the device to execute arbitrary commands with ro...

8.4CVSS7.2AI score0.00269EPSS
Exploits0References6
EUVD
EUVD
added 2026/01/13 7:2 p.m.6 views

EUVD-2026-1864

ComfyUI-Manager is Vulnerable to CRLF Injection in Configuration Handler...

7.5CVSS6.6AI score0.00311EPSS
Exploits0References4
OSV
OSV
added 2026/01/10 6:43 a.m.8 views

CVE-2026-22777 ComfyUI-Manager is Vulnerable to CRLF Injection in Configuration Handler

ComfyUI-Manager is an extension designed to enhance the usability of ComfyUI. Prior to versions 3.39.2 and 4.0.5, an attacker can inject special characters into HTTP query parameters to add arbitrary configuration values to the config.ini file. This can lead to security setting tampering or...

7.5CVSS6.8AI score0.00311EPSS
Exploits0References4
Rows per page
Query Builder