Lucene search
K

2230 matches found

CVE
CVE
added 2025/06/23 10:0 p.m.26 views

CVE-2025-6526

CVE-2025-6526 affects 70mai M300 up to 20250611, specifically the HTTP Server component. The vulnerability arises from insufficient protection of credentials, enabling an attack that can be performed from within the local network. The documented attack complexity is high and exploitation is descr...

5.3CVSS6.7AI score0.00501EPSS
Exploits1References4Affected Software1
Vulnrichment
Vulnrichment
added 2025/06/23 9:31 p.m.3 views

CVE-2025-6525 70mai 1S Configuration Config.cgi improper authorization

A vulnerability classified as problematic was found in 70mai 1S up to 20250611. This vulnerability affects unknown code of the file /cgi-bin/Config.cgi?action=set of the component Configuration Handler. The manipulation leads to improper authorization. The attack needs to be approached within the...

5.3CVSS7AI score0.00236EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2025/06/23 8:40 a.m.6 views

CVE-2025-5476

Sony XAV-AX8500 Bluetooth Improper Isolation Authentication Bypass Vulnerability. This vulnerability allows network-adjacent attackers to bypass authentication on affected Sony XAV-AX8500 devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the...

8.8CVSS7.1AI score0.00311EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/06/23 12:0 a.m.6 views

PT-2025-26649

Name of the Vulnerable Software and Affected Versions: 70mai M300 versions up to 20250611 Description: A problematic issue has been found in the HTTP Server component, leading to insufficiently protected credentials. The attack can only be done within the local network and has a high complexity,...

5.3CVSS3.1AI score0.00501EPSS
Exploits1References8
Positive Technologies
Positive Technologies
added 2025/06/23 12:0 a.m.10 views

PT-2025-26650

Name of the Vulnerable Software and Affected Versions: 70mai M300 versions up to 20250611 Description: A problematic issue was found in the Web Server component, affecting an unknown function. This leads to improper access controls. The attack can only be initiated within the local network and ha...

3.1CVSS2.9AI score0.00489EPSS
Exploits1References8
CVE
CVE
added 2025/06/21 12:10 a.m.26 views

CVE-2025-5477

Sony XAV-AX8500 Bluetooth L2CAP Protocol Heap-based Buffer Overflow is disclosed as CVE-2025-5477. The flaw is in the Bluetooth L2CAP data length validation, leading to heap-based buffer overflow in the elysian-bt-service process. Attack requires proximity to pair a malicious Bluetooth device, en...

7.5CVSS7.9AI score0.00325EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2025/06/16 9:0 p.m.5 views

CVE-2025-6139 TOTOLINK T10 shadow.sample hard-coded password

A vulnerability, which was classified as problematic, has been found in TOTOLINK T10 4.1.8cu.5207. Affected by this issue is some unknown functionality of the file /etc/shadow.sample. The manipulation leads to use of hard-coded password. The attack can only be initiated within the local network...

3.9CVSS4.1AI score0.00331EPSS
Exploits1References5
CVE
CVE
added 2025/06/16 9:0 p.m.34 views

CVE-2025-6139

CVE-2025-6139 affects TOTOLINK T10, version 4.1.8cu.5207. A vulnerability in the file /etc/shadow.sample allows use of a hard-coded password due to trust-management weaknesses. Attack requires proximity (local network) with high complexity, and the vulnerability potentially impacts confidentialit...

3.9CVSS4.2AI score0.00331EPSS
Exploits1References5Affected Software1
Tenable Nessus
Tenable Nessus
added 2025/06/16 12:0 a.m.3 views

TencentOS Server 3: edk2 (TSSA-2024:0190)

The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2024:0190 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities...

8.8CVSS7.9AI score0.02084EPSS
Exploits1References9
Tenable Nessus
Tenable Nessus
added 2025/06/13 12:0 a.m.3 views

B&R Automation Runtime Allocation of Resources Without Limits or Throttling (CVE-2023-3242)

Improper initialization implementation in Portmapper used in B&R Industrial Automation Automation Runtime G4.93 allows unauthenticated network-based attackers to cause permanent denial-of-service conditions. This plugin only works with Tenable.ot. Please visit...

8.6CVSS6AI score0.00454EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/06/12 5:25 p.m.5 views

CVE-2025-49081 Input validation vulnerability in the Secure Access prior to version 13.55

There is an insufficient input validation vulnerability in the warehouse component of Absolute Secure Access prior to server version 13.55. Attackers with system administrator permissions can impair the availability of the Secure Access administrative UI by writing invalid data to the warehouse...

6.9CVSS7AI score0.0041EPSS
Exploits0References1
OSV
OSV
added 2025/06/12 5:15 p.m.4 views

CVE-2025-49080

There is a memory management vulnerability in Absolute Secure Access server versions 9.0 to 13.54. Attackers with network access to the server can cause a Denial of Service by sending a specially crafted sequence of packets to the server. The attack complexity is low, there are no attack...

7.5CVSS5.7AI score0.00315EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/06/12 5:6 p.m.8 views

CVE-2025-47166

Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network...

8.8CVSS8.6AI score0.12606EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2025/06/12 5:6 p.m.4 views

CVE-2025-47172

Improper neutralization of special elements used in an sql command 'sql injection' in Microsoft Office SharePoint allows an authorized attacker to execute code over a network...

8.8CVSS8.6AI score0.0151EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2025/06/12 12:0 a.m.6 views

Security Updates for Microsoft Visual Studio 2022 Products (June 2025)

The Microsoft Visual Studio Products are missing security updates. They are, therefore, affected by multiple vulnerabilities, including: - Untrusted search path in .NET and Visual Studio allows an unauthorized attacker to execute code over a network. CVE-2025-30399 - Improper neutralization of...

7.5CVSS7.1AI score0.05409EPSS
Exploits0References6
GithubExploit
GithubExploit
added 2025/06/11 10:27 a.m.353 views

Exploit for Use After Free in Apple Ipados

CVE-2025-24252 iOS "Airborne" Vulnerabilities - Log Artifact E...

9.8CVSS6.1AI score0.0127EPSS
Exploits2
Zero Day Initiative
Zero Day Initiative
added 2025/06/11 12:0 a.m.7 views

(Pwn2Own) Autel MaxiCharger AC Wallbox Commercial ble_process_esp32_msg Stack-based Buffer Overflow Remote Code Execution Vulnerability

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Autel MaxiCharger AC Wallbox Commercial EV chargers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the bleprocessesp32msg function. The issue...

8.8CVSS7.5AI score0.00326EPSS
Exploits0
OSV
OSV
added 2025/06/10 5:23 p.m.4 views

CVE-2025-47163

Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network...

8.8CVSS5.9AI score0.11509EPSS
Exploits0References1
OSV
OSV
added 2025/06/10 5:22 p.m.1 views

CVE-2025-33071

Use after free in Windows KDC Proxy Service KPSSVC allows an unauthorized attacker to execute code over a network...

8.1CVSS7.6AI score0.13548EPSS
Exploits0References1
OSV
OSV
added 2025/06/10 5:22 p.m.2 views

CVE-2025-33066

Heap-based buffer overflow in Windows Routing and Remote Access Service RRAS allows an unauthorized attacker to execute code over a network...

8.8CVSS6.2AI score0.00951EPSS
Exploits0References1
Rows per page
Query Builder