Lucene search
+L

134 matches found

Positive Technologies
Positive Technologies
added 2025/12/02 12:0 a.m.7 views

PT-2025-48677

Command injection vulnerability in the operating system in Circutor SGE-PLC1000/SGE-PLC50 v9.0.2 through the 'GetDNS', 'CheckPing' and 'TraceRoute' functions...

8.5CVSS7.5AI score0.00916EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/12/02 12:0 a.m.9 views

PT-2025-48670

Name of the Vulnerable Software and Affected Versions Circutor SGE-PLC1000/SGE-PLC50 version 9.0.2 Description A stack-based buffer overflow exists due to insufficient input validation. The GetParametermeter function retrieves user-supplied input, specifically the meter parameter, and copies it...

9.8CVSS7.1AI score0.00284EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2025/12/01 12:0 a.m.5 views

Linux Distros Unpatched Vulnerability : CVE-2025-64332

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Suricata is a network IDS, IPS and NSM engine developed by the OISF Open Information Security Foundation and the Suricata community. Prior to versions 7.0.13 an...

7.5CVSS5.8AI score0.00327EPSS
Exploits0References3
OSV
OSV
added 2025/11/26 11:15 p.m.6 views

UBUNTU-CVE-2025-64335

Suricata is a network IDS, IPS and NSM engine developed by the OISF Open Information Security Foundation and the Suricata community. In versions from 8.0.0 to before 8.0.2, a NULL dereference can occur when the entropy keyword is used in conjunction with base64data. This issue has been patched in...

7.5CVSS5.6AI score0.00367EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2025/11/20 12:0 a.m.5 views

CVE-2025-63888

The read function in file thinkphp\library\think\template\driver\File.php in ThinkPHP 5.0.24 contains a remote code execution vulnerability...

7.7AI score0.00506EPSS
Exploits0References2
SUSE CVE
SUSE CVE
added 2025/11/11 12:23 a.m.5 views

SUSE CVE-2025-62689

NULL pointer dereference vulnerability exists in GNU libmicrohttpd v1.0.2 and earlier. The vulnerability was fixed in commit ff13abc on the master branch of the libmicrohttpd Git repository, after the v1.0.2 tag. A specially crafted packet sent by an attacker could cause a denial-of-service DoS...

7.5CVSS6.8AI score0.00422EPSS
Exploits0References8
NVD
NVD
added 2025/11/10 5:15 a.m.4 views

CVE-2025-62689

NULL pointer dereference vulnerability exists in GNU libmicrohttpd v1.0.2 and earlier. The vulnerability was fixed in commit ff13abc on the master branch of the libmicrohttpd Git repository, after the v1.0.2 tag. A specially crafted packet sent by an attacker could cause a denial-of-service DoS...

8.7CVSS0.00422EPSS
Exploits0References3
CNNVD
CNNVD
added 2025/10/05 12:0 a.m.7 views

Open Asset Import Library Assimp 安全漏洞

Open Asset Import Library Assimp is an official Open Asset Import Library repository from Open Asset Import Library open source. It can load more than 40 3D file formats into a unified and clean data structure. A security vulnerability exists in Open Asset Import Library Assimp version 6.0.2, whi...

7.8CVSS5.5AI score0.00225EPSS
Exploits1References5
EUVD
EUVD
added 2025/10/03 8:7 p.m.9 views

EUVD-2025-29260

Malicious code in bioql PyPI...

8.8CVSS6.3AI score0.00473EPSS
Exploits0References5
NVD
NVD
added 2025/09/27 1:15 a.m.7 views

CVE-2025-59936

get-jwks contains fetch utils for JWKS keys. In versions prior to 11.0.2, a vulnerability in get-jwks can lead to cache poisoning in the JWKS key-fetching mechanism. When the iss issuer claim is validated only after keys are retrieved from the cache, it is possible for cached keys from an...

9.4CVSS0.00372EPSS
Exploits0References2
CVE
CVE
added 2025/09/26 8:31 a.m.12 views

CVE-2025-60139

CVE-2025-60139 is a Cross-Site Request Forgery (CSRF) vulnerability in the WordPress plugin official-sendle-shipping-method (Sendle Shipping). It affects Sendle Shipping versions from n/a up to and including 6.02. The associated CVSS 3.1 metrics indicate a Medium risk (4.3) with network attack ve...

4.3CVSS5.9AI score0.00131EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/09/22 12:0 a.m.18 views

PT-2025-38899

Name of the Vulnerable Software and Affected Versions JoomSky JS Job Manager versions through 2.0.2 Description The software contains a flaw related to improper input handling during web page generation, which can lead to Cross-site Scripting XSS. This specific instance is a Stored XSS issue. The...

6.5CVSS5.2AI score0.00197EPSS
Exploits0References4
CVE
CVE
added 2025/09/15 8:32 p.m.30 views

CVE-2025-59145

The CVE-2025-59145 affects color-name (npm package) version 2.0.1 where a malware payload was introduced via an attacker‑compromised npm account, targeting browser contexts to redirect cryptocurrency transactions (e.g., MetaMask). Local/server/CLI environments are not affected. npm removed the co...

8.8CVSS6.3AI score0.00473EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2025/09/10 12:0 a.m.4 views

Linux Distros Unpatched Vulnerability : CVE-2018-9019

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - SQL Injection vulnerability in Dolibarr before version 7.0.2 allows remote attackers to execute arbitrary SQL commands via the sortfield parameter to...

9.8CVSS8.8AI score0.03959EPSS
Exploits0References2
CVE
CVE
added 2025/09/05 1:45 p.m.15 views

CVE-2025-58815

CVE-2025-58815 is a WordPress plugin vulnerability in the Aitasi Coming Soon plugin (versions

7.2CVSS5.9AI score0.00436EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/09/05 1:45 p.m.10 views

CVE-2025-58815 WordPress Aitasi Coming Soon Plugin <= 2.0.2 - Deserialization of untrusted data Vulnerability

Deserialization of Untrusted Data vulnerability in Rubel Miah Aitasi Coming Soon aitasi-coming-soon allows Object Injection.This issue affects Aitasi Coming Soon: from n/a through = 2.0.2...

7.2CVSS0.00436EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/06/13 12:0 a.m.3 views

OpenC3 COSMOS 安全漏洞

OpenC3 COSMOS is an OpenC3 open source application. A security vulnerability exists in OpenC3 COSMOS versions prior to v6.0.2, which stems from the disclosure of service credentials stored in an environment variable, which could lead to an attacker accessing the credentials...

7.5CVSS6.2AI score0.00437EPSS
Exploits1References5
CVE
CVE
added 2025/06/06 12:54 p.m.44 views

CVE-2025-28954

CVE-2025-28954 (Backwp) is a CSRF vulnerability in the Backwp plugin for WordPress, affecting versions up to 2.0.2. The CVSS 3.1 base score is 7.4 (HIGH) with network access, require user interaction, and impact limited to availability (C) with availability impact HIGH. Root cause and exact explo...

7.4CVSS5.9AI score0.00166EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/06/06 12:54 p.m.15 views

CVE-2025-30938 WordPress Broadly for WordPress plugin <= 3.0.2 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in broadly Broadly for WordPress broadly allows Stored XSS.This issue affects Broadly for WordPress: from n/a through = 3.0.2...

5.9CVSS0.00225EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/28 1:46 p.m.27 views

CVE-2025-40663

Stored Cross-Site Scripting XSS vulnerability in i2A-Cronos version 23.02.01.17, from i2A. It allows an authenticated attacker to upload a malicious SVG image into the user's personal space in /CronosWeb/Modules/Persons/PersonalDocuments/PersonalDocuments. There is no reported fix at this time...

5.1CVSS5.5AI score0.003EPSS
Exploits0References1
Rows per page
Query Builder