Lucene search
K

369 matches found

EUVD
EUVD
added 2026/01/13 9:2 p.m.18 views

EUVD-2026-2032

Improper Validation of Array Index CWE-129 exists in Metricbeat can allow an attacker to cause a Denial of Service through Input Data Manipulation CAPEC-153 via specially crafted, malformed payloads sent to the Graphite server metricset or Zookeeper server metricset. Additionally, Improper Input...

6.5CVSS6.3AI score0.00327EPSS
Exploits0References2
OSV
OSV
added 2026/01/09 12:15 a.m.3 views

CVE-2026-22712

Improper Encoding or Escaping of Output due to magic word replacement in ParserAfterTidy vulnerability in The Wikimedia Foundation Mediawiki - ApprovedRevs Extension allows Input Data Manipulation.This issue affects Mediawiki - ApprovedRevs Extension: 1.45, 1.44, 1.43, 1.39...

4.3CVSS5.8AI score
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/01/09 12:0 a.m.11 views

PT-2026-2257

Name of the Vulnerable Software and Affected Versions Mediawiki - ApprovedRevs Extension versions 1.39 through 1.45 Description The Mediawiki - ApprovedRevs Extension contains a flaw related to improper encoding or escaping of output due to magic word replacement in ParserAfterTidy. This can lead...

2.3CVSS6.5AI score0.00213EPSS
Exploits1References5
RedhatCVE
RedhatCVE
added 2026/01/07 9:17 a.m.4 views

CVE-2025-1035

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in Komtera Technolgies KLog Server allows Manipulating Web Input to File System Calls. This issue affects KLog Server: before 3.1.1...

5.7CVSS5.4AI score0.09676EPSS
Exploits0References1
NVD
NVD
added 2025/12/22 10:15 p.m.7 views

CVE-2023-53955

SOUND4 IMPACT/FIRST/PULSE/Eco v2.x contains an insecure direct object reference vulnerability that allows attackers to bypass authorization and access hidden system resources. Attackers can exploit the vulnerability by manipulating user-supplied input to execute privileged functionalities without...

9.8CVSS0.00758EPSS
Exploits2References4
RedHat Linux
RedHat Linux
added 2025/12/22 12:43 a.m.5 views

hdf5: HDF5 heap-based overflow

A vulnerability was found in the H5Creconstructcacheentry function of the H5Cimage.c file in HDF5. Input manipulation can occur, which leads to a heap-based buffer overflow. Exploitation of this vulnerability requires local system access...

5.3CVSS6AI score0.00209EPSS
Exploits1References10
Vulnrichment
Vulnrichment
added 2025/12/16 3:2 a.m.3 views

CVE-2025-14748 Ningyuanda TC155 ONVIF Device Management Service device_service access control

A vulnerability was determined in Ningyuanda TC155 57.0.2.0. This affects an unknown function of the file /onvif/deviceservice of the component ONVIF Device Management Service. Executing manipulation of the argument FactoryDefault with the input Hard can lead to improper access controls. The atta...

5.4CVSS5.8AI score0.00569EPSS
Exploits1References4
RedhatCVE
RedhatCVE
added 2025/12/12 3:13 a.m.5 views

CVE-2025-14485

A weakness has been identified in EFM ipTIME A3004T 14.19.0. This vulnerability affects the function showdebugscreen of the file /sess-bin/timepro.cgi of the component Administrator Password Handler. This manipulation of the argument aaksjdkfj with the input !@dnjsrureljrm& causes command...

5CVSS6.3AI score0.01578EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/12/11 3:2 a.m.26 views

CVE-2025-14485 EFM ipTIME A3004T Administrator Password timepro.cgi show_debug_screen command injection

A weakness has been identified in EFM ipTIME A3004T 14.19.0. This vulnerability affects the function showdebugscreen of the file /sess-bin/timepro.cgi of the component Administrator Password Handler. This manipulation of the argument aaksjdkfj with the input !@dnjsrureljrm& causes command...

5CVSS0.01578EPSS
Exploits0References5
OSV
OSV
added 2025/12/03 2:35 p.m.4 views

BIT-ACTIVEMQ-2021-21344 XStream is vulnerable to an Arbitrary Code Execution attack

XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability which may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream. No user is affected, who follow...

9.8CVSS8.8AI score0.7598EPSS
Exploits1References16
Vulnrichment
Vulnrichment
added 2025/11/20 2:2 a.m.3 views

CVE-2025-13445 Tenda AC21 SetIpMacBind stack-based overflow

A flaw has been found in Tenda AC21 16.03.08.16. This affects an unknown part of the file /goform/SetIpMacBind. Executing a manipulation of the argument list can lead to stack-based buffer overflow. The attack can be executed remotely. The exploit has been published and may be used...

9CVSS8.8AI score0.03473EPSS
Exploits1References5
CNNVD
CNNVD
added 2025/10/27 12:0 a.m.6 views

User-Management-PHP-MYSQL 代码问题漏洞

User-Management-PHP-MYSQL is a secure user management system by Ajay Randhawa Personal Developer. A code issue vulnerability exists in User-Management-PHP-MYSQL that stems from incorrect manipulation of the parameter image in the file /admin/edit-user.php, which could lead to arbitrary file uploa...

7.2CVSS5.1AI score0.00513EPSS
Exploits1References4
RedhatCVE
RedhatCVE
added 2025/10/14 9:46 a.m.3 views

CVE-2025-9336

A stack buffer overflow has been identified in the AsIO3.sys driver. This vulnerability can be triggered by input manipulation, may leading to a system crash BSOD or other potentially undefined execution. Refer to the 'Security Update for Armoury Crate App' section on the ASUS Security Advisory f...

6.8CVSS7.5AI score0.00138EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/13 12:31 p.m.5 views

EUVD-2025-34060

A stack buffer overflow has been identified in the AsIO3.sys driver. This vulnerability can be triggered by input manipulation, may leading to a system crash BSOD or other potentially undefined execution. Refer to the 'Security Update for Armoury Crate App' section on the ASUS Security Advisory f...

6.8CVSS7AI score0.00138EPSS
Exploits0References2
NVD
NVD
added 2025/10/13 10:15 a.m.5 views

CVE-2025-9336

A stack buffer overflow has been identified in the AsIO3.sys driver. This vulnerability can be triggered by input manipulation, may leading to a system crash BSOD or other potentially undefined execution. Refer to the 'Security Update for Armoury Crate App' section on the ASUS Security Advisory f...

6.8CVSS0.00138EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/10/13 9:24 a.m.2 views

CVE-2025-9336

A stack buffer overflow has been identified in the AsIO3.sys driver. This vulnerability can be triggered by input manipulation, may leading to a system crash BSOD or other potentially undefined execution. Refer to the 'Security Update for Armoury Crate App' section on the ASUS Security Advisory f...

6.8CVSS7.2AI score0.00138EPSS
Exploits0References1
CVE
CVE
added 2025/10/13 9:24 a.m.9 views

CVE-2025-9336

The CVE-2025-9336 entry concerns the ASUS Armoury Crate software, specifically the AsIO3.sys driver. Multiple sources confirm a stack buffer overflow in AsIO3.sys that can be triggered by input manipulation, potentially leading to a system crash (BSOD) or other undefined execution. Consequences n...

6.8CVSS7.2AI score0.00138EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/10/13 9:24 a.m.7 views

CVE-2025-9336

A stack buffer overflow has been identified in the AsIO3.sys driver. This vulnerability can be triggered by input manipulation, may leading to a system crash BSOD or other potentially undefined execution. Refer to the 'Security Update for Armoury Crate App' section on the ASUS Security Advisory f...

6.8CVSS0.00138EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/10/13 12:0 a.m.5 views

PT-2025-41781

Name of the Vulnerable Software and Affected Versions ASUS AsIO3.sys driver affected versions not specified Description A stack buffer overflow exists in the AsIO3.sys driver. This issue is triggered by input manipulation and could result in a system crash, also known as a Blue Screen of Death...

6.8CVSS6.8AI score0.00138EPSS
Exploits0References4
Cvelist
Cvelist
added 2025/10/12 8:2 a.m.12 views

CVE-2025-11631 RainyGao DocSys deleteDoc.do path traversal

A vulnerability was determined in RainyGao DocSys up to 2.02.36. Affected by this vulnerability is an unknown functionality of the file /Doc/deleteDoc.do. Executing manipulation of the argument path can lead to path traversal. The attack can be launched remotely. The exploit has been publicly...

5.5CVSS0.0074EPSS
Exploits1References4
Rows per page
Query Builder