Lucene search
K

1154 matches found

Vulnrichment
Vulnrichment
added 2025/11/26 12:52 a.m.3 views

CVE-2025-66263 Unauthenticated Arbitrary File Read via Null Byte Injection

Unauthenticated Arbitrary File Read via Null Byte Injection in DB Electronica Telecomunicazioni S.p.A. Mozart FM Transmitter versions 30, 50, 100, 300, 500, 1000, 2000, 3000, 3500, 6000, 7000 allows an attacker to perform Null byte injection in downloadsetting.php allows reading arbitrary files...

8.9CVSS7.2AI score0.00344EPSS
Exploits1References1
CVE
CVE
added 2025/11/26 12:52 a.m.16 views

CVE-2025-66263

The CVE-2025-66263 entry describes an unauthenticated arbitrary file read due to a null byte injection in the Mozart FM Transmitter’s download_setting.php. The PHP code appends a forced .tgz extension to user-supplied $_GET['filename'], and on PHP 5.3.2 (pre-5.3.4) the null byte (%00) terminates ...

8.9CVSS7.2AI score0.00344EPSS
Exploits1References1Affected Software1
Positive Technologies
Positive Technologies
added 2025/11/26 12:0 a.m.7 views

PT-2025-48117

Unauthenticated Arbitrary File Read via Null Byte Injection in DB Electronica Telecomunicazioni S.p.A. Mozart FM Transmitter versions 30, 50, 100, 300, 500, 1000, 2000, 3000, 3500, 6000, 7000 allows an attacker to perform Null byte injection in download setting.php allows reading arbitrary files...

8.9CVSS7.6AI score0.00344EPSS
Exploits1References2
CNNVD
CNNVD
added 2025/11/26 12:0 a.m.4 views

DB Electronica Mozart FM Transmitter 安全漏洞

The DB Electronica Mozart FM Transmitter is a line of professional-grade FM radio transmitters from the Italian company DB Electronica. A security vulnerability exists in DB Electronica Mozart FM Transmitter versions 30, 50, 100, 300, 500, 1000, 2000, 3000, 3500, 6000, and 7000 that originates in...

8.9CVSS7AI score0.00344EPSS
Exploits1References2
Packet Storm
Packet Storm
added 2025/11/26 12:0 a.m.193 views

📄 7-Zip 25.00 Zip Slip Directory Traversal

7-Zip version 25.00 suffers from a symlink directory traversal vulnerability. This write up provides analysis with a proof of concept. ============================================================================================================================================= | Title : 7-Zip 25.0...

7.8CVSS7AI score0.27017EPSS
Exploits11
Veracode
Veracode
added 2025/11/17 9:19 a.m.5 views

Improper Input Validation

@nubosoftware/node-static is vulnerable to improper input validation.The vulnerability is due to the package failing to handle null-byte %00 input correctly, which allows an attacker to trigger an exception and crash the server...

7.5CVSS7AI score0.00489EPSS
Exploits0References3Affected Software2
OSV
OSV
added 2025/11/14 12:39 p.m.6 views

OESA-2025-2686 python-ldap security update

python-ldap: python-ldap provides an object-oriented API to access LDAP directory servers from Python programs. Mainly it wraps the OpenLDAP 2.x libs for that purpose. Additionally the package contains modules for other LDAP-related stuff e.g. processing LDIF, LDAPURLs, LDAPv3 schema, LDAPv3...

6.9CVSS6.9AI score0.00418EPSS
Exploits2References3
OSV
OSV
added 2025/11/14 12:39 p.m.5 views

OESA-2025-2685 python-ldap security update

python-ldap: python-ldap provides an object-oriented API to access LDAP directory servers from Python programs. Mainly it wraps the OpenLDAP 2.x libs for that purpose. Additionally the package contains modules for other LDAP-related stuff e.g. processing LDIF, LDAPURLs, LDAPv3 schema, LDAPv3...

6.9CVSS6.9AI score0.00418EPSS
Exploits2References3
RedHat Linux
RedHat Linux
added 2025/11/11 9:13 a.m.7 views

kernel: team: better TEAM_OPTION_TYPE_STRING validation

In the Linux kernel, the following vulnerability has been resolved: team: better TEAMOPTIONTYPESTRING validation syzbot reported following splat 1 Make sure user-provided data contains one nul byte. 1 BUG: KMSAN: uninit-value in stringnocheck lib/vsprintf.c:633 inline BUG: KMSAN: uninit-value in...

5.5CVSS6.7AI score0.00225EPSS
Exploits0References5
Snyk
Snyk
added 2025/10/23 3:42 a.m.2 views

Improper Neutralization of Null Byte or NUL Character

Overview Affected versions of this package are vulnerable to Improper Neutralization of Null Byte or NUL Character in the LZ4FcreateCDictadvanced function, when processing LZ4 frames. An attacker can cause an application to crash or trigger unintended behavior by submitting specially crafted LZ4...

6.9CVSS6.8AI score
Exploits0References2
OSV
OSV
added 2025/10/20 12:41 p.m.4 views

USN-7828-1 python-ldap vulnerabilities

It was discovered that Python LDAP incorrectly handled special characters in the special character filtering function. A remote attacker could possibly use this issue to perform LDAP injection attacks. CVE-2025-61911 Arad Inbar discovered that Python LDAP incorrectly escaped NUL character bytes. ...

6.9CVSS6.7AI score0.00418EPSS
Exploits2References3
Snyk
Snyk
added 2025/10/10 10:53 p.m.5 views

Improper Encoding or Escaping of Output

Overview python-ldap is a Python modules for implementing LDAP clients Affected versions of this package are vulnerable to Improper Encoding or Escaping of Output via the escapednchars function. An attacker can cause client-side failures, such as unhandled exceptions or process crashes, by...

6.9CVSS6.9AI score0.00418EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2025/10/10 10:4 p.m.4 views

CVE-2025-61912 python-ldap Vulnerable to Improper Encoding or Escaping of Output and Improper Null Termination

python-ldap is a lightweight directory access protocol LDAP client API for Python. In versions prior to 3.4.5, ldap.dn.escapednchars escapes \x00 incorrectly by emitting a backslash followed by a literal NUL byte instead of the RFC-4514 hex form \00. Any application that uses this helper to...

6.9CVSS6.3AI score0.00418EPSS
Exploits1References3
CVE
CVE
added 2025/10/10 10:4 p.m.50 views

CVE-2025-61912

CVE-2025-61912 concerns python-ldap prior to 3.4.5, where ldap.dn.escape_dn_chars() escapes the NUL byte as a backslash-NUL instead of the RFC‑4514 form \00. This can cause client-side denial of service when untrusted input is used to construct DNs, as requests may be dropped before contacting an...

6.9CVSS6.3AI score0.00418EPSS
Exploits1References3Affected Software1
Tenable Nessus
Tenable Nessus
added 2025/10/08 12:0 a.m.4 views

Linux Distros Unpatched Vulnerability : CVE-2025-11149

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - This affects all versions of the package node-static; all versions of the package @nubosoftware/node- static. The package fails to catch an exception when user...

7.5CVSS5.8AI score0.00489EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2025/10/08 12:0 a.m.3 views

Linux Distros Unpatched Vulnerability : CVE-2025-61985

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - ssh in OpenSSH before 10.1 allows the '\0' character in an ssh:// URI, potentially leading to code execution when a ProxyCommand is used. CVE-2025-61985 Note th...

3.6CVSS6.2AI score0.00117EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2025/10/07 11:25 p.m.3 views

SUSE CVE-2025-61985

ssh in OpenSSH before 10.1 allows the '\0' character in an ssh:// URI, potentially leading to code execution when a ProxyCommand is used...

5.3CVSS7.6AI score0.00117EPSS
Exploits0References14
EUVD
EUVD
added 2025/10/07 12:30 a.m.7 views

EUVD-2012-2234

Malware in sbrugna...

5CVSS6.1AI score0.01505EPSS
Exploits0References11
EUVD
EUVD
added 2025/10/07 12:30 a.m.7 views

EUVD-2005-2539

Malware in sbrugna...

5CVSS6.4AI score0.01541EPSS
Exploits1References5
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2008-7027

Malware in sbrugna...

6.4CVSS6.1AI score0.01591EPSS
Exploits1References8
Rows per page
Query Builder