Lucene search
K

4316 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2025/11/20 2:29 p.m.5 views

Security Bulletin: Astronomer with IBM is vulnerable to local code execution due to the Helm package manager (CVE-2025-53547)

Summary Helm is used by Astronomer with IBM as part of service installation and management. Vulnerability Details CVEID:CVE-2025-53547 DESCRIPTION: Helm is a package manager for Charts for Kubernetes. Prior to 3.18.4, a specially crafted Chart.yaml file along with a specially linked Chart.lock fi...

8.6CVSS7.2AI score0.00363EPSS
Exploits1Affected Software1
Tenable Nessus
Tenable Nessus
added 2025/11/20 12:0 a.m.6 views

TencentOS Server 4: needrestart (TSSA-2024:1043)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2024:1043 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities...

7.8CVSS7.2AI score0.19924EPSS
Exploits16References5
OpenVAS
OpenVAS
added 2025/11/20 12:0 a.m.4 views

RaidenFTPD Server <= 2.4.4005 Buffer Overflow Vulnerability

RaidenFTPD v.2.4 build 4005 allows a local attacker to execute arbitrary code via the Server name field of the step by step setup wizard. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right...

7.8CVSS7.5AI score0.00433EPSS
Exploits2References2
Tenable Nessus
Tenable Nessus
added 2025/11/20 12:0 a.m.5 views

TencentOS Server 4: mozjs (TSSA-2025:0474)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2025:0474 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities...

8.1CVSS7.4AI score0.00398EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2025/11/20 12:0 a.m.5 views

TencentOS Server 4: firefox (TSSA-2025:0417)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2025:0417 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities...

8.1CVSS7.4AI score0.00398EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 2025/11/19 8:18 a.m.4 views

CVE-2025-10089

Uncontrolled Search Path Element Vulnerability in Setting and Operation Application for Lighting Control System MILCO.S Setting Application all versions, MILCO.S Setting Application IR all versions, MILCO.S Easy Setting Application IR all versions, and MILCO.S Easy Switch Application IR all...

7.7CVSS6.8AI score0.00123EPSS
Exploits0References1
NVD
NVD
added 2025/11/18 5:16 p.m.5 views

CVE-2025-47761

An Exposed IOCTL with Insufficient Access Control vulnerability CWE-782 vulnerability in Fortinet FortiClientWindows 7.4.0 through 7.4.3, FortiClientWindows 7.2.0 through 7.2.9 may allow an authenticated local user to execute unauthorized code via fortips driver. Success of the attack would requi...

7.8CVSS0.00142EPSS
Exploits0References1
CVE
CVE
added 2025/11/18 5:1 p.m.30 views

CVE-2025-47761

Fortinet FortiClientWindows is affected by a local Exposed IOCTL with Insufficient Access Control vulnerability (CWE-782) via the fortips driver. Affected versions: 7.2.0–7.2.9 and 7.4.0–7.4.3. An authenticated local user could execute unauthorized code, with exploitation requiring bypass of Wind...

7.8CVSS6.5AI score0.00142EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2025/11/18 7:39 a.m.8 views

CVE-2025-10089 Malicious Code Execution Vulnerability in Setting and Operation Application for Lighting Control System MILCO.S

Uncontrolled Search Path Element Vulnerability in Setting and Operation Application for Lighting Control System MILCO.S Setting Application all versions, MILCO.S Setting Application IR all versions, MILCO.S Easy Setting Application IR all versions, and MILCO.S Easy Switch Application IR all...

7.7CVSS0.00123EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/11/18 12:0 a.m.2 views

Fortinet FortiClientWindows 安全漏洞

Fortinet FortiClientWindows is a Windows-based mobile endpoint security solution from Fortinet, Inc. The solution provides IPsec and SSL encryption, WAN optimization, endpoint compliance, and two-factor authentication when connected to a FortiGate firewall appliance. A security vulnerability exis...

7.8CVSS7.5AI score0.00137EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2025/11/18 12:0 a.m.4 views

PT-2025-47354

Name of the Vulnerable Software and Affected Versions Fortinet FortiClientWindows versions 7.2.0 through 7.2.9 Fortinet FortiClientWindows versions 7.4.0 through 7.4.3 Description A flaw exists in Fortinet FortiClientWindows that involves an exposed IOCTL with insufficient access control. This...

7.8CVSS6.6AI score0.00142EPSS
Exploits0References7
OSV
OSV
added 2025/11/14 2:45 p.m.44 views

HSEC-2023-0009 git-annex command injection via malicious SSH hostname

git-annex command injection via malicious SSH hostname git-annex was vulnerable to the same class of security hole as git's CVE-2017-1000117. In several cases, git-annex parses a repository URL, and uses it to generate a ssh command, with the hostname to ssh to coming from the URL. If the hostnam...

10CVSS8.4AI score0.77823EPSS
Exploits12References2
OSV
OSV
added 2025/11/14 2:15 p.m.4 views

CVE-2025-11918

Rockwell Automation Arena® suffers from a stack-based buffer overflow vulnerability. The specific flaw exists within the parsing of DOE files. Local attackers are able to exploit this issue to potentially execute arbitrary code on affected installations of Arena®. Exploiting the vulnerability...

7.3CVSS6.4AI score0.00133EPSS
Exploits0References1
CVE
CVE
added 2025/11/14 1:28 p.m.20 views

CVE-2025-11918

The CVE-2025-11918 entry describes a stack-based buffer overflow in Rockwell Automation Arena® related to parsing DOE files. The vulnerability is local-only: a local attacker can trigger arbitrary code execution by opening a malicious DOE file on affected Arena installations. The connected source...

7.3CVSS7.5AI score0.00133EPSS
Exploits0References1Affected Software1
Tenable Nessus
Tenable Nessus
added 2025/11/14 12:0 a.m.5 views

Microsoft Azure Monitor Agent < 1.37.1 RCE (CVE-2025-59504)

The version of Microsoft Azure Monitor Agent installed on the remote host is prior to 1.37.1. It is, therefore, affected by a Heap-based buffer overflow vulnerability which potentially allows an unauthorized attacker to execute code locally. Note that Nessus has not tested for this issue but has...

7.3CVSS6.3AI score0.00309EPSS
Exploits0References2
OSV
OSV
added 2025/11/13 8:15 p.m.6 views

CVE-2025-46367

Dell Alienware Command Center 6.x AWCC, versions prior to 6.10.15.0, contain a Detection of Error Condition Without Action vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Arbitrary Code Execution...

7.8CVSS5.8AI score0.00118EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/11/13 1:0 a.m.8 views

CVE-2025-30506

Uncontrolled search path for some Intel Driver and Support Assistant before version 25.2 within Ring 3: User Applications may allow an escalation of privilege. Unprivileged software adversary with an authenticated user combined with a high complexity attack may enable local code execution. This...

6.7CVSS7.1AI score0.00115EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/11/13 12:0 a.m.3 views

Dell Alienware Command Center 安全漏洞

DELL Alienware Command Center is Dell's proprietary control software for Alienware-branded computers, which is used to customize hardware features, optimize performance and manage game settings. DELL Alienware Command Center suffers from a no action response error condition detection vulnerabilit...

7.8CVSS7.3AI score0.00118EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2025/11/13 12:0 a.m.4 views

HP Integrated Lights-Out Improper Input Validation (CVE-2022-28627)

A local arbitrary code execution vulnerability was discovered in HPE Integrated Lights-Out 5 iLO 5 firmware versions: Prior to 2.71. An unprivileged user could locally exploit this vulnerability to execute arbitrary code resulting in a complete loss of confidentiality, integrity, and availability...

8.4CVSS8.4AI score0.00218EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/11/13 12:0 a.m.6 views

Siemens SIMATIC S7-1500 Use After Free (CVE-2020-1712)

A heap use-after-free vulnerability was found in systemd before version v245-rc1, where asynchronous Polkit queries are performed while handling dbus messages. A local unprivileged attacker can abuse this flaw to crash systemd services or potentially execute code and elevate their privileges, by...

7.8CVSS6.7AI score0.0046EPSS
Exploits0References4
Rows per page
Query Builder