Lucene search
K

266 matches found

CNNVD
CNNVD
added 2025/12/08 12:0 a.m.4 views

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from an unverified inode pattern loaded from disk, which could lead to data corruption...

6.1AI score0.00171EPSS
Exploits0References10
NVD
NVD
added 2025/12/04 9:16 p.m.18 views

CVE-2025-66572

Loaded Commerce 6.6 contains a client-side template injection vulnerability via the search parameter that allows unauthenticated attackers to execute arbitrary code in the victim's browser context when they visit a crafted URL...

6.9CVSS0.00423EPSS
Exploits0References3
EUVD
EUVD
added 2025/12/04 8:44 p.m.4 views

EUVD-2025-201277

Loaded Commerce 6.6 contains a client-side template injection vulnerability that allows unauthenticated attackers to execute code on the server via the search parameter...

6.9CVSS7.4AI score0.00423EPSS
Exploits0References5
CVE
CVE
added 2025/12/04 8:44 p.m.11 views

CVE-2025-66572

Loaded Commerce 6.6 is affected by a client-side template injection vulnerability that allows unauthenticated attackers to execute code on the server via the search parameter . The root cause is CSTI in the template handling, enabling remote code execution. Public documentation notes there is cur...

6.9CVSS6AI score0.00423EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2025/12/04 8:44 p.m.8 views

CVE-2025-66572

Loaded Commerce 6.6 contains a client-side template injection vulnerability via the search parameter that allows unauthenticated attackers to execute arbitrary code in the victim's browser context when they visit a crafted URL...

6.9CVSS6.2AI score0.00423EPSS
Exploits0References3Affected Software1
Vulnrichment
Vulnrichment
added 2025/12/04 8:44 p.m.3 views

CVE-2025-66572 Loaded Commerce 6.6 Client-Side Template Injection (CSTI)

Loaded Commerce 6.6 contains a client-side template injection vulnerability via the search parameter that allows unauthenticated attackers to execute arbitrary code in the victim's browser context when they visit a crafted URL...

6.9CVSS6.2AI score0.00423EPSS
Exploits0References3
Cvelist
Cvelist
added 2025/12/04 8:44 p.m.22 views

CVE-2025-66572 Loaded Commerce 6.6 Client-Side Template Injection (CSTI)

Loaded Commerce 6.6 contains a client-side template injection vulnerability via the search parameter that allows unauthenticated attackers to execute arbitrary code in the victim's browser context when they visit a crafted URL...

6.9CVSS0.00423EPSS
Exploits0References3
CNNVD
CNNVD
added 2025/12/04 12:0 a.m.4 views

Loaded Commerce 操作系统命令注入漏洞

Loaded Commerce is an open source e-commerce platform from Loaded Commerce, Inc. An operating system command injection vulnerability exists in Loaded Commerce version 6.6, which stems from a client-side template injection vulnerability that could lead to code execution on the server via search...

6.9CVSS8AI score0.00423EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2025/12/04 12:0 a.m.7 views

PT-2025-49140

Name of the Vulnerable Software and Affected Versions Loaded Commerce version 6.6 Description Loaded Commerce version 6.6 has a client-side template injection issue. This allows unauthenticated attackers to execute code on the server through the search parameter. The issue allows for code...

6.9CVSS7.5AI score0.00423EPSS
Exploits0References7
SUSE CVE
SUSE CVE
added 2025/11/14 12:25 a.m.4 views

SUSE CVE-2025-40134

In the Linux kernel, the following vulnerability has been resolved: dm: fix NULL pointer dereference in dmsuspend There is a race condition between dm device suspend and table load that can lead to null pointer dereference. The issue occurs when suspend is invoked before table load completes: BUG...

4.7CVSS6.2AI score0.00188EPSS
Exploits0References21
Cvelist
Cvelist
added 2025/11/12 10:23 a.m.5 views

CVE-2025-40134 dm: fix NULL pointer dereference in __dm_suspend()

In the Linux kernel, the following vulnerability has been resolved: dm: fix NULL pointer dereference in dmsuspend There is a race condition between dm device suspend and table load that can lead to null pointer dereference. The issue occurs when suspend is invoked before table load completes: BUG...

0.00188EPSS
Exploits0References8
RedhatCVE
RedhatCVE
added 2025/11/07 5:32 p.m.6 views

CVE-2025-10885

A maliciously crafted file, when executed on the victim's machine, can lead to privilege escalation to NT AUTHORITY/SYSTEM due to an insufficient validation of loaded binaries. An attacker with local and low-privilege access could exploit this to execute code as SYSTEM...

7.8CVSS7.2AI score0.0015EPSS
Exploits0References1
EUVD
EUVD
added 2025/11/06 6:32 p.m.5 views

EUVD-2025-38147

A maliciously crafted file, when executed on the victim's machine, can lead to privilege escalation to NT AUTHORITY/SYSTEM due to an insufficient validation of loaded binaries. An attacker with local and low-privilege access could exploit this to execute code as SYSTEM...

7.8CVSS6.8AI score0.0015EPSS
Exploits0References3
NVD
NVD
added 2025/11/06 5:15 p.m.12 views

CVE-2025-10885

A maliciously crafted file, when executed on the victim's machine, can lead to privilege escalation to NT AUTHORITY/SYSTEM due to an insufficient validation of loaded binaries. An attacker with local and low-privilege access could exploit this to execute code as SYSTEM...

7.8CVSS0.0015EPSS
Exploits0References2
OSV
OSV
added 2025/11/06 5:15 p.m.5 views

CVE-2025-10885

A maliciously crafted file, when executed on the victim's machine, can lead to privilege escalation to NT AUTHORITY/SYSTEM due to an insufficient validation of loaded binaries. An attacker with local and low-privilege access could exploit this to execute code as SYSTEM...

7.8CVSS5.9AI score0.0015EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/11/06 5:1 p.m.9 views

CVE-2025-10885 Privilege Escalation Vulnerability

A maliciously crafted file, when executed on the victim's machine, can lead to privilege escalation to NT AUTHORITY/SYSTEM due to an insufficient validation of loaded binaries. An attacker with local and low-privilege access could exploit this to execute code as SYSTEM...

7.8CVSS6.9AI score0.0015EPSS
Exploits0References2
CVE
CVE
added 2025/11/06 5:1 p.m.29 views

CVE-2025-10885

CVE-2025-10885 – Autodesk Installer Privilege Escalation: A local, low-privilege attacker can craft a malicious file that is loaded during installation, taking advantage of insufficient validation of loaded binaries to execute code as NT AUTHORITY\SYSTEM. The linked Nessus/NASL entry confirms the...

7.8CVSS6.9AI score0.0015EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2025/11/06 12:0 a.m.6 views

PT-2025-45342

Name of the Vulnerable Software and Affected Versions affected versions not specified Description A maliciously crafted file, when executed on a victim’s machine, can lead to privilege escalation to NT AUTHORITY/SYSTEM. This occurs due to insufficient validation of loaded binaries. An attacker wi...

7.8CVSS6.7AI score0.0015EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2025/10/27 12:0 a.m.3 views

Linux Distros Unpatched Vulnerability : CVE-2025-39969

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - i40e: fix validation of VF state in get resources VF state I40EVFSTATEACTIVE is not the only state in which VF is actually active so it should not be used to...

6.8AI score0.00193EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2025/10/16 11:24 p.m.6 views

SUSE CVE-2025-39969

In the Linux kernel, the following vulnerability has been resolved: i40e: fix validation of VF state in get resources VF state I40EVFSTATEACTIVE is not the only state in which VF is actually active so it should not be used to determine if a VF is allowed to obtain resources. Use...

4.4CVSS6.4AI score0.00193EPSS
Exploits0References19
Rows per page
Query Builder