Lucene search
+L

3129 matches found

Vulnrichment
Vulnrichment
added 2025/12/17 6:20 a.m.3 views

CVE-2025-14817 Factory Mode App Exists Privilege Escalation Issue Allowing Third-Party Apps to Open ADB

The component com.transsion.tranfacmode.entrance.main.MainActivity in com.transsion.tranfacmode has no permission control and can be accessed by third-party apps which can construct intents to directly open adb debugging functionality without user interaction...

6.5AI score0.00172EPSS
Exploits0References2
CVE
CVE
added 2025/12/13 8:16 a.m.30 views

CVE-2025-36751

CVE-2025-36751 affects Growatt ShineLan-X and MIC 3300TL-X. The root cause is missing encryption on the configuration interface, enabling an attacker with network access to intercept and potentially manipulate the communication between the inverter and its cloud endpoint. The available connected ...

9.4CVSS6.4AI score0.00067EPSS
Exploits0References1
CNVD
CNVD
added 2025/12/10 12:0 a.m.5 views

Currency Exchange System /editotheraccount.php File SQL Injection Vulnerability

Currency Exchange System is a currency exchange system. The Currency Exchange System suffers from a SQL injection vulnerability that stems from a lack of validation of externally entered SQL statements in the parameter ID of the file /editotheraccount.php. An attacker can exploit this vulnerabili...

9.8CVSS7.9AI score0.00339EPSS
Exploits1References1
CNVD
CNVD
added 2025/12/10 12:0 a.m.20 views

Student Management System /edit_user.php File SQL Injection Vulnerability

Student Management System is a student management system. Student Management System suffers from a SQL injection vulnerability that originates from the lack of validation of an externally-entered SQL statement in the parameter fname in the file /edituser.php. The vulnerability can be exploited to...

9.8CVSS8.3AI score0.00339EPSS
Exploits1References1
OSV
OSV
added 2025/12/09 4:17 p.m.3 views

DEBIAN-CVE-2025-14306

A directory traversal vulnerability exists in the CacheCleaner component of Robocode version 1.9.3.6. The recursivelyDelete method fails to properly sanitize file paths, allowing attackers to traverse directories and delete arbitrary files on the system. This vulnerability can be exploited by...

9.1CVSS5.6AI score0.00932EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/12/09 12:0 a.m.5 views

WordPress plugin Page View Count 安全漏洞

...

5.4CVSS5.8AI score0.00217EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/12/09 12:0 a.m.3 views

WordPress plugin ListingPro Lead Form 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerabili...

5.3CVSS6.6AI score0.00282EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/12/09 12:0 a.m.3 views

WordPress plugin Xagio SEO 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to set up personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security...

4.3CVSS6.5AI score0.00192EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/11/21 12:0 a.m.5 views

WordPress plugin PPOM for WooCommerce 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to set up personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security...

4.3CVSS6.6AI score0.00197EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/11/21 12:0 a.m.6 views

WordPress plugin AuthorSure 跨站请求伪造漏洞

WordPress AuthorSure plugin is an open source plugin designed for the WordPress platform, mainly used to manage the submission process of multi-author sites. WordPress AuthorSure plugin has a cross-site request forgery vulnerability, the vulnerability stems from the lack of random number validati...

6.1CVSS6.8AI score0.00101EPSS
Exploits0References3
CNNVD
CNNVD
added 2025/11/21 12:0 a.m.6 views

WordPress plugin WpEvently 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security...

5.3CVSS6.4AI score0.00227EPSS
Exploits0References1
CNVD
CNVD
added 2025/11/18 12:0 a.m.5 views

WordPress Qi Blocks plugin cross-site scripting vulnerability

WordPress Qi Blocks plugin is a WordPress block plugin developed by QodeInteractive, providing 48 free blocks and 33 premium blocks 81 in total, covering categories such as typography, infographics, form styles, content display, etc., and supporting highly customizable and flexible website buildi...

6.5CVSS6.1AI score0.00155EPSS
Exploits0References1
CNVD
CNVD
added 2025/11/18 12:0 a.m.20 views

Student Record System admin-profile.php File SQL Injection Vulnerability

Student Record System is a software application. Student Record System suffers from a SQL injection vulnerability that stems from the lack of validation of externally entered SQL statements in the adminname and aemailid parameters of admin-profile.php. An attacker can exploit this vulnerability t...

6.5CVSS8.3AI score0.00192EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/11/17 12:0 a.m.9 views

PHPGurukul Online Shopping Portal 安全漏洞

Online Shopping Portal is an online store system. A SQL injection vulnerability exists in Online Shopping Portal due to a lack of validation of an externally entered SQL statement in the username parameter of the admin page. An attacker can exploit this vulnerability to execute illegal SQL comman...

6.5CVSS8.2AI score0.00235EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2025/11/14 12:0 a.m.9 views

PT-2025-47029

Name of the Vulnerable Software and Affected Versions Brightpick versions affected versions not specified Description The Brightpick Internal Logic Control web interface is accessible without user authentication. This allows an unauthorized user to manipulate robot control functions. These...

7.1CVSS5.8AI score0.00233EPSS
Exploits0References9
CNNVD
CNNVD
added 2025/11/13 12:0 a.m.10 views

WordPress plugin Survey Maker 安全漏洞

WordPress Survey Maker plugin is a tool for creating questionnaires with support for multiple question types and data analysis features for businesses or individuals to collect user feedback. A lack of authorization vulnerability exists in WordPress Survey Maker plugin, which can be exploited by ...

6.5CVSS6.5AI score0.00233EPSS
Exploits0References1
The Hacker News
The Hacker News
added 2025/11/12 11:7 a.m.7 views

Active Directory Under Siege: Why Critical Infrastructure Needs Stronger Security

Active Directory remains the authentication backbone for over 90% of Fortune 1000 companies. AD's importance has grown as companies adopt hybrid and cloud infrastructure, but so has its complexity. Every application, user, and device traces back to AD for authentication and authorization, making ...

7.2AI score
Exploits0
RedhatCVE
RedhatCVE
added 2025/11/12 7:47 a.m.9 views

CVE-2025-8108

An ACAP configuration file has improper permissions and lacks input validation, which could potentially lead to privilege escalation. This vulnerability can only be exploited if the Axis device is configured to allow the installation of unsigned ACAP applications, and if an attacker convinces the...

6.7CVSS6.9AI score0.00126EPSS
Exploits0References1
CNVD
CNVD
added 2025/11/05 12:0 a.m.28 views

Azure Access Technology BLU-IC2 and Azure Access Technology BLU-IC4 Information Disclosure Vulnerabilities (CNVD-2025-29078)

The Azure Access Technology BLU-IC2 and Azure Access Technology BLU-IC4 are both networked access controllers from Azure Access Technology, USA. A security vulnerability exists in Azure Access Technology BLU-IC2 and Azure Access Technology BLU-IC4 that stems from a lack of authentication. An...

10CVSS6.5AI score0.00312EPSS
Exploits0References1
NVD
NVD
added 2025/11/04 2:15 p.m.7 views

CVE-2025-41341

A lack of authorisation vulnerability has been detected in CanalDenuncia.app. This vulnerability allows an attacker to access other users' information by sending a POST through the parameters 'iddenuncia' and 'seguro' in '/backend/api/buscarUsuarioByDenuncia.php'...

8.7CVSS0.0027EPSS
Exploits0References1
Rows per page
Query Builder