Lucene search
K

54841 matches found

OSV
OSV
added 2025/12/07 5:15 p.m.5 views

CVE-2025-14199

A flaw has been found in Verysync 微力同步 up to 2.21.3. This impacts an unknown function of the file /rest/f/api/resources/f96956469e7be39d/tmp/text.txt?override=false of the component Web Administration Module. Executing manipulation can lead to unrestricted upload. The attack may be performed from...

9.8CVSS5.3AI score0.00309EPSS
Exploits1References4
Vulnrichment
Vulnrichment
added 2025/12/07 5:2 p.m.2 views

CVE-2025-14199 Verysync 微力同步 Web Administration text.txt unrestricted upload

A flaw has been found in Verysync 微力同步 up to 2.21.3. This impacts an unknown function of the file /rest/f/api/resources/f96956469e7be39d/tmp/text.txt?override=false of the component Web Administration Module. Executing manipulation can lead to unrestricted upload. The attack may be performed from...

6.5CVSS5.9AI score0.00309EPSS
Exploits1References4
Vulnrichment
Vulnrichment
added 2025/12/07 4:32 p.m.2 views

CVE-2025-14198 Verysync 微力同步 Web Administration download information disclosure

A vulnerability was detected in Verysync 微力同步 2.21.3. This affects an unknown function of the file /safebrowsing/clientreport/download?key=dummytoken of the component Web Administration Module. Performing manipulation results in information disclosure. The attack is possible to be carried out...

6.9CVSS6AI score0.00396EPSS
Exploits1References4
Cvelist
Cvelist
added 2025/12/07 4:32 p.m.17 views

CVE-2025-14198 Verysync 微力同步 Web Administration download information disclosure

A vulnerability was detected in Verysync 微力同步 2.21.3. This affects an unknown function of the file /safebrowsing/clientreport/download?key=dummytoken of the component Web Administration Module. Performing manipulation results in information disclosure. The attack is possible to be carried out...

6.9CVSS0.00396EPSS
Exploits1References4
OSV
OSV
added 2025/12/07 4:20 p.m.2 views

MINI-RPWM-X463-P83X

Bulletin has no description...

6.5CVSS6.9AI score0.0027EPSS
Exploits0
NVD
NVD
added 2025/12/07 4:15 p.m.3 views

CVE-2025-14197

A security vulnerability has been detected in Verysync 微力同步 up to 2.21.3. The impacted element is an unknown function of the file /rest/f/api/resources/f96956469e7be39d of the component Web Administration Module. Such manipulation leads to information disclosure. The attack can be executed...

6.9CVSS0.00346EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2025/12/07 12:0 a.m.4 views

PT-2025-49412

Name of the Vulnerable Software and Affected Versions Verysync versions up to 2.21.3 Description A flaw exists in Verysync that allows for unrestricted file upload. This impacts an unknown function within the Web Administration Module, specifically related to the file...

9.8CVSS6.1AI score0.00309EPSS
Exploits1References9
CNNVD
CNNVD
added 2025/12/07 12:0 a.m.7 views

Verysync 访问控制错误漏洞

Verysync is a private file synchronization and backup software from China-based Weili Synchronization Verysync. An access control error vulnerability exists in Verysync version 2.21.3, which stems from incorrect manipulation of the file /safebrowsing/clientreport/download?key=dummytoken in the...

6.9CVSS5.2AI score0.00396EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2025/12/07 12:0 a.m.5 views

PT-2025-49410

A security vulnerability has been detected in Verysync 微力同步 up to 2.21.3. The impacted element is an unknown function of the file /rest/f/api/resources/f96956469e7be39d of the component Web Administration Module. Such manipulation leads to information disclosure. The attack can be executed...

6.9CVSS6.3AI score0.00346EPSS
Exploits0References7
CNNVD
CNNVD
added 2025/12/07 12:0 a.m.8 views

Verysync 访问控制错误漏洞

Verysync is a private file synchronization and backup software from China-based Weili Synchronization Verysync. An access control error vulnerability exists in Verysync 2.21.3 and earlier versions, which stems from incorrect manipulation of the file /rest/f/api/resources/f96956469e7be39d in the...

6.9CVSS5.1AI score0.00346EPSS
Exploits0References7
CNNVD
CNNVD
added 2025/12/07 12:0 a.m.7 views

Verysync 代码问题漏洞

Verysync is a private file synchronization and backup software from China-based Weili Synchronization Verysync. A code issue vulnerability exists in Verysync 2.21.3 and prior versions that originates from the file /rest/f/api/resources/f96956469e7be39d/tmp/text.txt?override=false in the component...

9.8CVSS6.5AI score0.00309EPSS
Exploits1References5
RedhatCVE
RedhatCVE
added 2025/12/06 5:54 p.m.5 views

CVE-2025-14094

A flaw has been found in Edimax BR-6478AC V3 1.0.15. The affected element is the function sub44CCE4 of the file /boafrm/formSysCmd. This manipulation of the argument sysCmd causes os command injection. The attack may be initiated remotely. The exploit has been published and may be used. The vendo...

9.8CVSS6.6AI score0.17904EPSS
Exploits1References1
NVD
NVD
added 2025/12/06 1:15 p.m.5 views

CVE-2025-14136

A security flaw has been discovered in Linksys RE6500, RE6250, RE6300, RE6350, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001. This vulnerability affects the function RE2000v2RepeatergetwiredclientlistsetClientsName of the file modform.so. The manipulation of the argume...

9CVSS0.00963EPSS
Exploits1References6
OSV
OSV
added 2025/12/06 1:15 p.m.3 views

CVE-2025-14136

A security flaw has been discovered in Linksys RE6500, RE6250, RE6300, RE6350, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001. This vulnerability affects the function RE2000v2RepeatergetwiredclientlistsetClientsName of the file modform.so. The manipulation of the argume...

8.7CVSS6.5AI score
Exploits0References6
Cvelist
Cvelist
added 2025/12/06 1:2 p.m.18 views

CVE-2025-14136 Linksys RE6500/RE6250/RE6300/RE6350/RE7000/RE9000 mod_form.so stack-based overflow

A security flaw has been discovered in Linksys RE6500, RE6250, RE6300, RE6350, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001. This vulnerability affects the function RE2000v2RepeatergetwiredclientlistsetClientsName of the file modform.so. The manipulation of the argume...

9CVSS0.00963EPSS
Exploits1References6
EUVD
EUVD
added 2025/12/06 12:31 p.m.5 views

EUVD-2025-201545

A vulnerability was determined in Linksys RE6500, RE6250, RE6300, RE6350, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001. Affected by this issue is the function RE2000v2RepeatergetwirelessclientlistsetClientsName of the file modform.so. Executing manipulation of the...

9CVSS8.9AI score0.00747EPSS
Exploits1References7
RedhatCVE
RedhatCVE
added 2025/12/05 10:33 p.m.8 views

CVE-2025-6946

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in WatchGuard Fireware OS allows Stored XSS via the IPS module. This vulnerability requires an authenticated administrator session to a locally managed Firebox. This issue affects Firebox: from...

4.8CVSS5.4AI score0.00152EPSS
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/12/05 4:58 p.m.6 views

Malicious code in rendom (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 1effe6d94e0635864c22ea960a22b40294c3f2e510550046139bcd78f62a33fa The package contains a Telegram bot to perform remote control of the computer. The package name additionally suggests typosquatting against standard random...

7.1AI score
Exploits0References2
OSV
OSV
added 2025/12/05 4:58 p.m.6 views

MAL-2025-192323 Malicious code in rendom (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 1effe6d94e0635864c22ea960a22b40294c3f2e510550046139bcd78f62a33fa The package contains a Telegram bot to perform remote control of the computer. The package name additionally suggests typosquatting against standard random...

7AI score
Exploits0References2
The Hacker News
The Hacker News
added 2025/12/05 4:23 p.m.15 views

Critical XXE Bug CVE-2025-66516 (CVSS 10.0) Hits Apache Tika, Requires Urgent Patch

A critical security flaw has been disclosed in Apache Tika that could result in an XML external entity XXE injection attack. The vulnerability, tracked as CVE-2025-66516 , is rated 10.0 on the CVSS scoring scale, indicating maximum severity. "Critical XXE in Apache Tika tika-core 1.13-3.2.1,...

10CVSS8.4AI score0.79807EPSS
Exploits6
Rows per page
Query Builder