Lucene search
+L

268 matches found

cvelist
cvelist
added 2025/07/03 8:35 a.m.11 views

CVE-2025-38110 net/mdiobus: Fix potential out-of-bounds clause 45 read/write access

In the Linux kernel, the following vulnerability has been resolved: net/mdiobus: Fix potential out-of-bounds clause 45 read/write access When using publicly available tools like 'mdio-tools' to read/write data from/to network interface and its PHY via C45 clause 45 mdiobus, there is no verificati...

0.00161EPSS
Exploits0References4
bdu_fstec
bdu_fstec
added 2025/06/19 12:0 a.m.9 views

The vulnerability in the ZendTo web application for transferring files involves an incorrect restriction on the path to the restricted directory. This allows a malicious actor to gain read and write access to data, or cause a service failure.

The vulnerability in the web application for transferring files via ZendTo is related to an incorrect restriction on the path to the restricted directory during the processing of the tmpname parameter. Exploiting this vulnerability can allow an attacker to gain read and modify access to data, or...

6.5CVSS8AI score0.6424EPSS
Exploits0References2Affected Software1
cnnvd
cnnvd
added 2025/06/10 12:0 a.m.6 views

Keyoti SearchUnit 安全漏洞

Keyoti SearchUnit is a web search engine from Keyoti Canada. A security vulnerability exists in Keyoti SearchUnit versions prior to 9.0.0, which stems from a server-side request forgery issue that could result in configuration and log files being read or written...

5.4CVSS6.4AI score0.00208EPSS
Exploits0References3
redhatcve
redhatcve
added 2025/05/23 9:12 a.m.4 views

CVE-2024-21021

Vulnerability in the Oracle Complex Maintenance, Repair, and Overhaul product of Oracle E-Business Suite component: LOV. Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle...

6.1CVSS5.8AI score0.00395EPSS
Exploits0References1
redhatcve
redhatcve
added 2025/05/23 2:27 a.m.4 views

CVE-2023-27290

Docker based datastores for IBM Instana IBM Observability with Instana 239-0 through 239-2, 241-0 through 241-2, and 243-0 do not currently require authentication. Due to this, an attacker within the network could access the datastores with read/write access. IBM X-Force ID: 248737...

9.1CVSS6.5AI score0.08573EPSS
Exploits3References1
redhatcve
redhatcve
added 2025/05/22 3:21 p.m.7 views

CVE-2020-25257

An issue was discovered in Hyland OnBase 16.0.2.83 and below, 17.0.2.109 and below, 18.0.0.37 and below, 19.8.16.1000 and below and 20.3.10.1000 and below. It allows XXE attacks for read/write access to arbitrary files...

9.8CVSS7.1AI score0.01212EPSS
Exploits0
redhatcve
redhatcve
added 2025/05/22 7:8 a.m.12 views

CVE-2018-20090

An issue was discovered in Cloudera Data Science Workbench CDSW 1.4.0 through 1.4.2. Authenticated users can bypass project permission checks and gain read-write access to any project folder...

8.3CVSS7.1AI score0.00832EPSS
Exploits0References1
susecve
susecve
added 2025/04/20 11:24 p.m.7 views

SUSE CVE-2017-9466

The executable httpd on the TP-Link WR841N V8 router before TL-WR841NUNV8170210 contained a design flaw in the use of DES for block encryption. This resulted in incorrect access control, which allowed attackers to gain read-write access to system settings through the protected router configuratio...

9.8CVSS7.1AI score0.00488EPSS
Exploits2References3
osv
osv
added 2025/04/15 9:16 p.m.5 views

CVE-2025-30711

Vulnerability in the Oracle Applications Framework product of Oracle E-Business Suite component: Attachments, File Upload. Supported versions that are affected are 12.2.3-12.2.14. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle...

5.4CVSS5.8AI score0.00317EPSS
Exploits0References1
redhatcve
redhatcve
added 2025/02/05 5:24 a.m.15 views

CVE-2024-1638

The documentation specifies that the BTGATTPERMREADLESC and BTGATTPERMWRITELESC defines for a Bluetooth characteristic: Attribute read/write permission with LE Secure Connection encryption. If set, requires that LE Secure Connections is used for read/write access, however this is only true when i...

9.1CVSS9.2AI score0.0035EPSS
Exploits1References1
ptsecurity
ptsecurity
added 2025/01/27 12:0 a.m.8 views

PT-2025-5296 · Apple · Apple Macos

Name of the Vulnerable Software and Affected Versions: macOS versions prior to 13.7.3 macOS versions prior to 14.7.3 macOS versions prior to 15.3 Description: A downgrade issue affecting Intel-based Mac computers was addressed with additional code-signing restrictions. This issue allows an app to...

5.5CVSS6.4AI score0.00244EPSS
Exploits0References9
osv
osv
added 2024/11/15 5:15 p.m.5 views

CVE-2021-1483

A vulnerability in the web UI of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to gain read and write access to information that is stored on an affected system. This vulnerability is due to improper handling of XML External Entity XXE entries when the affected...

6.4CVSS5.8AI score0.00859EPSS
Exploits0References3
redhat
redhat
added 2024/11/08 3:4 p.m.37 views

buildah: Buildah allows arbitrary directory mount

A vulnerability was found in Buildah. Cache mounts do not properly validate that user-specified paths for the cache are within our cache directory, allowing a RUN instruction in a Container file to mount an arbitrary directory from the host read/write into the container as long as those files can...

7.8CVSS7.3AI score0.00392EPSS
Exploits0References4
redhat
redhat
added 2024/10/31 1:18 p.m.5 views

buildah: Buildah allows arbitrary directory mount

A vulnerability was found in Buildah. Cache mounts do not properly validate that user-specified paths for the cache are within our cache directory, allowing a RUN instruction in a Container file to mount an arbitrary directory from the host read/write into the container as long as those files can...

7.8CVSS7.3AI score0.00392EPSS
Exploits0References4
ptsecurity
ptsecurity
added 2024/10/17 12:0 a.m.5 views

PT-2024-15062

Name of the Vulnerable Software and Affected Versions Nokia SR OS routers affected versions not specified Description The issue allows low-privilege authenticated users with "access console" to gain read-write access to the entire file system via SFTP or SCP. This access enables them to read or...

7.3CVSS6.4AI score0.00147EPSS
Exploits0References8
osv
osv
added 2024/09/30 7:15 a.m.4 views

CVE-2024-8450

Certain switch models from PLANET Technology have a Hard-coded community string in the SNMPv1 service, allowing unauthorized remote attackers to use this community string to access the SNMPv1 service with read-write privileges...

9.8CVSS5.8AI score0.00384EPSS
Exploits0References2
ptsecurity
ptsecurity
added 2024/09/30 12:0 a.m.5 views

PT-2024-39020 · Planet Technology · Planet Technology Switch

Name of the Vulnerable Software and Affected Versions: PLANET Technology switch models affected versions not specified Description: The issue concerns a hard-coded community string in the SNMPv1 service of certain switch models from PLANET Technology. This allows unauthorized remote attackers to...

9.8CVSS9.4AI score0.00384EPSS
Exploits0References12
nessus
nessus
added 2024/09/24 12:0 a.m.13 views

Cisco IOS XR Software CLI Privilege Escalation (cisco-sa-iosxr-priv-esc-CrG5vhCq)

According to its self-reported version, Cisco IOS XR is affected by a vulnerability. - A vulnerability in the CLI of Cisco IOS XR Software could allow an authenticated, local attacker to obtain read/write file system access on the underlying operating system of an affected device. This...

8.8CVSS5.6AI score0.00212EPSS
Exploits0References4
githubexploit
githubexploit
added 2024/08/28 7:36 p.m.90 views

Exploit for CVE-2024-46310

CVE-2024-46310 POC for CVE-2024-46310 For FXServer version's v...

9.1CVSS7.4AI score0.02434EPSS
Exploits3
osv
osv
added 2024/08/08 11:15 a.m.11 views

UBUNTU-CVE-2024-3035

A permission check vulnerability in GitLab CE/EE affecting all versions starting from 8.12 prior to 17.0.6, 17.1 prior to 17.1.4, and 17.2 prior to 17.2.2 allowed for LFS tokens to read and write to the user owned repositories...

8.1CVSS5.8AI score0.00355EPSS
Exploits0References4
Rows per page
Query Builder