Lucene search
K

50 matches found

EUVD
EUVD
added 2026/05/08 9:31 p.m.35 views

EUVD-2026-28826

SmarterTools SmarterMail builds prior to 9560 contain a local file inclusion vulnerability in the /api/v1/report/summary/type API endpoint that allows authenticated users to read arbitrary .json files on the system. Attackers can exploit this vulnerability combined with weak encryption algorithms...

8.7CVSS5.9AI score0.00296EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/04/16 12:0 a.m.9 views

TP-Link Archer C7 安全漏洞

The TP-Link Archer C7 is a router produced by the TP-Link company. The TP-Link Archer C7 Build 20220715 and earlier versions have security vulnerabilities. These vulnerabilities stem from insufficient encryption strength, which may allow password recovery attacks to occur...

8.8CVSS5.8AI score0.00091EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/03/11 12:0 a.m.4 views

QNAP Systems QTS和QNAP Systems QuTS hero 安全漏洞

QNAP Systems QTS and QNAP Systems QuTS hero are software products with data storage and management functions developed by QNAP Systems, a company based in Taiwan, China. Both QNAP Systems QTS and QNAP Systems QuTS hero have security vulnerabilities; these vulnerabilities stem from command injecti...

7.8CVSS6.1AI score0.00624EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/03/10 12:0 a.m.7 views

PT-2026-24459

Name of the Vulnerable Software and Affected Versions Parse Server versions prior to 9.5.2-alpha.10 Parse Server versions prior to 8.6.23 Description Parse Server’s rate limiting middleware, applied at the Express middleware layer, is bypassed when processing sub-requests internally through the...

7.5CVSS5.8AI score0.00342EPSS
Exploits0References10
CVE
CVE
added 2025/12/17 12:0 a.m.10 views

CVE-2025-67781

DriveLock is affected across multiple tracks: versions 24.1 before 24.1.6, 24.2 before 24.2.7, and 25.1 before 25.1.5 on Windows suffer privilege escalation via local unprivileged users manipulating privileged processes. The root cause is not explicitly detailed in the provided documents beyond t...

9.9CVSS6.7AI score0.00237EPSS
Exploits0References1Affected Software1
RedhatCVE
RedhatCVE
added 2025/11/13 6:0 p.m.10 views

CVE-2025-20379

In Splunk Enterprise versions below 10.0.1, 9.4.5, 9.3.7, and 9.2.9 and Splunk Cloud Platform versions below 9.3.2411.116, 9.3.2408.124, 10.0.2503.5 and 10.1.2507.1, a low-privileged user that does not hold the “admin“ or “power“ Splunk roles could run a saved search with a risky command using th...

3.5CVSS6.8AI score0.00246EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/23 4:9 p.m.5 views

EUVD-2025-35702

OctoPrint-SpoolManager is a plugin for managing spools and all their usage metadata. In versions 1.8.0a2 and older of the testing branch and versions 1.7.7 and older of the stable branch, the APIs of the OctoPrint-SpoolManager plugin do not correctly enforce authentication or authorization checks...

8.1CVSS6.5AI score0.00433EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2025-26142

Malicious code in bioql PyPI...

10CVSS6.6AI score0.00759EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2025/09/12 12:0 a.m.15 views

Adobe Acrobat < 20.005.30793 / 24.001.30264 / 25.001.20693 Multiple Vulnerabilities (APSB25-85)

The version of Adobe Acrobat installed on the remote Windows host is a version prior to 20.005.30793, 24.001.30264, or 25.001.20693. It is, therefore, affected by multiple vulnerabilities. - Acrobat Reader versions 24.001.30254, 20.005.30774, 25.001.20672 and earlier are affected by a Use After...

7.8CVSS6.4AI score0.00331EPSS
Exploits0References3
NVD
NVD
added 2025/08/27 10:15 p.m.3 views

CVE-2025-34163

Dongsheng Logistics Software exposes an unauthenticated endpoint at /CommMng/Print/UploadMailFile that fails to enforce proper file type validation and access control. An attacker can upload arbitrary files, including executable scripts such as .ashx, via a crafted multipart/form-data POST reques...

10CVSS0.0061EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2025/08/27 9:24 p.m.5 views

CVE-2025-34163

Dongsheng Logistics Software exposes an unauthenticated endpoint at /CommMng/Print/UploadMailFile that fails to enforce proper file type validation and access control. An attacker can upload arbitrary files, including executable scripts such as .ashx, via a crafted multipart/form-data POST reques...

10CVSS6.6AI score0.0061EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2025/08/27 9:22 p.m.3 views

CVE-2025-34160 AnyShare ServiceAgent API Unauthenticated RCE

AnyShare contains a critical unauthenticated remote code execution vulnerability in the ServiceAgent API exposed on port 10250. The endpoint /api/ServiceAgent/startservice accepts user-supplied input via POST and fails to sanitize command-like payloads. An attacker can inject shell syntax that is...

10CVSS8AI score0.00759EPSS
Exploits0References5
OSV
OSV
added 2025/05/26 2:15 p.m.3 views

ALPINE-CVE-2025-46804

A minor information leak when running Screen with setuid-root privileges allows unprivileged users to deduce information about a path that would otherwise not be available. Affected are older Screen versions, as well as version 5.0.0...

2CVSS6.6AI score0.00213EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/03/28 12:0 a.m.5 views

authentik 授权问题漏洞

authentik is an open source identity provisioning application from authentik open source. An authorization issue vulnerability exists in authentik versions prior to 2024.12.4 and 2025.2.3, which stems from a session deletion issue in the database session store that could cause a session to remain...

8CVSS6.4AI score0.00364EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2025/03/20 12:0 a.m.5 views

PT-2025-12354 · Luxion · Luxion Keyshot

Name of the Vulnerable Software and Affected Versions: Luxion KeyShot versions 2024 13.0.0 Build 92 and 4.10.171 Description: This vulnerability allows remote attackers to execute arbitrary code on affected installations of Luxion KeyShot. User interaction is required, as the target must visit a...

7.8CVSS7.4AI score0.00229EPSS
Exploits0References9
OSV
OSV
added 2025/03/17 8:15 p.m.7 views

AZL-58854 CVE-2025-0495 affecting package moby-buildx for versions less than 0.7.1-25

Buildx is a Docker CLI plugin that extends build capabilities using BuildKit. Cache backends support credentials by setting secrets directly as attribute values in cache-to/cache-from configuration. When supplied as user input, these secure values may be inadvertently captured in OpenTelemetry...

4.1CVSS7.1AI score0.0018EPSS
Exploits0References1
Packet Storm News
Packet Storm News
added 2025/01/14 12:0 a.m.8 views

Ivanti CVE-2025-0282 Checker

This script allows you to safely scan and test to see if you are vulnerable to CVE-2025-0282, a stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.5, Ivanti Policy Secure before version 22.7R1.2, and Ivanti Neurons for ZTA gateways before version 22.7R2.3 that allows a...

9CVSS8.5AI score0.99971EPSS
Exploits13
CNNVD
CNNVD
added 2025/01/02 12:0 a.m.4 views

Acronis Cyber Protect 代码问题漏洞

Acronis Cyber Protect is an all-in-one cyber protection solution for business and enterprise from Acronis Switzerland. Combining backup, anti-malware, network security and endpoint management features such as vulnerability assessment, URL filtering, patch management and more. A code issue...

7.8CVSS6.5AI score0.00162EPSS
Exploits0References1
CNNVD
CNNVD
added 2024/11/22 12:0 a.m.4 views

QNAP Systems QTS和QNAP Systems QuTS hero 安全漏洞

QNAP Systems QTS and QNAP Systems QuTS hero are both products of China Weilian Technology QNAP Systems.QNAP Systems QTS is a starter operating system.QNAP Systems QuTS hero is an operating system. A security vulnerability exists in QNAP QTS prior to version 5.2.1.2930 build 20241025 and QuTS hero...

7.2CVSS6.7AI score0.0083EPSS
Exploits0References1
OSV
OSV
added 2024/07/19 11:8 a.m.3 views

OESA-2024-1873 ffmpeg security update

FFmpeg is a complete and free Internet live audio and video broadcasting solution for Linux/Unix. It also includes a digital VCR. It can encode in real time in many formats including MPEG1 audio and video, MPEG4, h263, ac3, asf, avi, real, mjpeg, and flash. Security Fixes: An integer overflow...

8.1CVSS8AI score0.01512EPSS
Exploits3References4
Rows per page
Query Builder