Lucene search
K

1154 matches found

Positive Technologies
Positive Technologies
added 2026/01/13 12:0 a.m.7 views

PT-2026-2408

Name of the Vulnerable Software and Affected Versions Kyocera Command Center RX ECOSYS M2035dn affected versions not specified Description The Kyocera Command Center RX ECOSYS M2035dn device contains a directory traversal flaw. Unauthenticated attackers can read sensitive system files by...

8.7CVSS6.4AI score0.03534EPSS
Exploits1References7
RedhatCVE
RedhatCVE
added 2026/01/09 12:39 p.m.4 views

CVE-2023-29246

An attacker who has gained access to an admin account can perform RCE via null-byte injection Vendor: The Apache Software Foundation Versions Affected: Apache OpenMeetings from 2.0.0 before 7.1.0...

7.2CVSS7.3AI score0.0147EPSS
Exploits0References1
OSV
OSV
added 2026/01/05 3:38 p.m.5 views

CLSA-2026-1767627533 openssh: Fix of CVE-2025-61985

CVE-2025-61985: potential code execution using the ‘\0’ character in an ssh:// URI, when a ProxyCommand is used...

3.6CVSS6.4AI score0.00113EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/01 7:32 a.m.8 views

CVE-2025-2026

The NPort 6100-G2/6200-G2 Series is affected by a high-severity vulnerability CVE-2025-2026 that allows remote attackers to execute a null byte injection through the device’s web API. This may lead to an unexpected device reboot and result in a denial-of-service DoS condition. An authenticated...

7.1CVSS7.3AI score0.00378EPSS
Exploits0References1
NVD
NVD
added 2025/12/31 8:15 a.m.5 views

CVE-2025-2026

The NPort 6100-G2/6200-G2 Series is affected by a high-severity vulnerability CVE-2025-2026 that allows remote attackers to execute a null byte injection through the device’s web API. This may lead to an unexpected device reboot and result in a denial-of-service DoS condition. An authenticated...

7.1CVSS0.00378EPSS
Exploits0References1
CVE
CVE
added 2025/12/31 7:32 a.m.17 views

CVE-2025-2026

The CVE-2025-2026 entry affects the NPort 6100-G2/6200-G2 Series and is described in multiple sources (NVD, Red Hat advisories, others) as a high-severity issue where an authenticated remote attacker with web read-only privileges can perform a null byte injection via the device’s web API. Success...

7.1CVSS6.9AI score0.00378EPSS
Exploits0References1
EUVD
EUVD
added 2025/12/31 7:32 a.m.6 views

EUVD-2025-205901

The NPort 6100-G2/6200-G2 Series is affected by a high-severity vulnerability CVE-2025-2026 that allows remote attackers to execute a null byte injection through the device’s web API. This may lead to an unexpected device reboot and result in a denial-of-service DoS condition. An authenticated...

7.7CVSS6.8AI score0.00378EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/12/31 7:32 a.m.26 views

CVE-2025-2026

The NPort 6100-G2/6200-G2 Series is affected by a high-severity vulnerability CVE-2025-2026 that allows remote attackers to execute a null byte injection through the device’s web API. This may lead to an unexpected device reboot and result in a denial-of-service DoS condition. An authenticated...

7.1CVSS0.00378EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/12/31 7:32 a.m.4 views

CVE-2025-2026

The NPort 6100-G2/6200-G2 Series is affected by a high-severity vulnerability CVE-2025-2026 that allows remote attackers to execute a null byte injection through the device’s web API. This may lead to an unexpected device reboot and result in a denial-of-service DoS condition. An authenticated...

7.1CVSS6.6AI score0.00378EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/12/31 12:0 a.m.5 views

Moxa NPort 6100-G2 Series和Moxa NPort 6200-G2 Series 安全漏洞

The Moxa NPort 6100-G2 Series and Moxa NPort 6200-G2 Series are both a series of secure terminal servers from Moxa Corporation of Taiwan, China. A security vulnerability exists in the Moxa NPort 6100-G2 Series and Moxa NPort 6200-G2 Series that stems from a null byte injection in the device Web...

7.7CVSS6.7AI score0.00378EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/12/31 12:0 a.m.6 views

PT-2025-54289

The NPort 6100-G2/6200-G2 Series is affected by a high-severity vulnerability CVE-2025-2026 that allows remote attackers to execute a null byte injection through the device’s web API. This may lead to an unexpected device reboot and result in a denial-of-service DoS condition. An authenticated...

7.7CVSS7.3AI score0.00378EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/12/31 12:0 a.m.4 views

EulerOS Virtualization 2.13.0 : openssh (EulerOS-SA-2025-2612)

According to the versions of the openssh packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : ssh in OpenSSH before 10.1 allows control characters in usernames that originate from certain possibly untrusted sources,...

3.6CVSS6.3AI score0.00211EPSS
Exploits2References3
RedhatCVE
RedhatCVE
added 2025/12/24 9:39 a.m.11 views

CVE-2025-14388

The PhastPress plugin for WordPress is vulnerable to Unauthenticated Arbitrary File Read via null byte injection in all versions up to, and including, 3.7. This is due to a discrepancy between the extension validation in getExtensionForURL which operates on URL-decoded paths, and appendNormalized...

9.8CVSS6.4AI score0.00416EPSS
Exploits0References1
Patchstack
Patchstack
added 2025/12/24 6:41 a.m.8 views

WordPress PhastPress plugin <= 3.7 - Unauthenticated Arbitrary File Read via Null Byte Injection vulnerability

Unauthenticated Arbitrary File Read via Null Byte Injection vulnerability discovered by shark3y in WordPress Plugin PhastPress versions = 3.7...

9.8CVSS7AI score0.00416EPSS
Exploits0References1Affected Software1
EUVD
EUVD
added 2025/12/23 12:30 p.m.5 views

EUVD-2025-204781

The PhastPress plugin for WordPress is vulnerable to Unauthenticated Arbitrary File Read via null byte injection in all versions up to, and including, 3.7. This is due to a discrepancy between the extension validation in getExtensionForURL which operates on URL-decoded paths, and appendNormalized...

9.8CVSS5.9AI score0.00416EPSS
Exploits0References7
NVD
NVD
added 2025/12/23 10:15 a.m.8 views

CVE-2025-14388

The PhastPress plugin for WordPress is vulnerable to Unauthenticated Arbitrary File Read via null byte injection in all versions up to, and including, 3.7. This is due to a discrepancy between the extension validation in getExtensionForURL which operates on URL-decoded paths, and appendNormalized...

9.8CVSS0.00416EPSS
Exploits0References6
Cvelist
Cvelist
added 2025/12/23 9:20 a.m.26 views

CVE-2025-14388 PhastPress <= 3.7 - Unauthenticated Arbitrary File Read via Null Byte Injection

The PhastPress plugin for WordPress is vulnerable to Unauthenticated Arbitrary File Read via null byte injection in all versions up to, and including, 3.7. This is due to a discrepancy between the extension validation in getExtensionForURL which operates on URL-decoded paths, and appendNormalized...

9.8CVSS0.00416EPSS
Exploits0References6
CVE
CVE
added 2025/12/23 9:20 a.m.18 views

CVE-2025-14388

CVE-2025-14388 (PhastPress) is a WordPress plugin vulnerability: unauthenticated arbitrary file read via a null-byte injection. Root cause is a mismatch between URL decoding in getExtensionForURL() and null-byte stripping in appendNormalized(), enabling a crafted path to access sensitive files li...

9.8CVSS6AI score0.00416EPSS
Exploits0References6
Vulnrichment
Vulnrichment
added 2025/12/23 9:20 a.m.2 views

CVE-2025-14388 PhastPress <= 3.7 - Unauthenticated Arbitrary File Read via Null Byte Injection

The PhastPress plugin for WordPress is vulnerable to Unauthenticated Arbitrary File Read via null byte injection in all versions up to, and including, 3.7. This is due to a discrepancy between the extension validation in getExtensionForURL which operates on URL-decoded paths, and appendNormalized...

9.8CVSS6AI score0.00416EPSS
Exploits0References6
CNNVD
CNNVD
added 2025/12/23 12:0 a.m.4 views

WordPress plugin PhastPress 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security...

9.8CVSS6.9AI score0.00416EPSS
Exploits0References7
Rows per page
Query Builder