Lucene search
+L

268 matches found

nvd
nvd
added 2026/01/20 9:16 p.m.5 views

CVE-2025-55130

A flaw in Node.js’s Permissions model allows attackers to bypass --allow-fs-read and --allow-fs-write restrictions using crafted relative symlink paths. By chaining directories and symlinks, a script granted access only to the current directory can escape the allowed path and read sensitive files...

9.1CVSS0.01633EPSS
Exploits2References20
nessus
nessus
added 2026/01/15 12:0 a.m.3 views

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-002647)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-002647 advisory. The preparevmcs02 function in arch/x86/kvm/vmx.c in the Linux kernel through 4.13.3 does not ensure that the CR8-load exiting and CR8-store exiting L0 vmcs02 control...

7.1CVSS6.8AI score0.00512EPSS
Exploits0References14
redhatcve
redhatcve
added 2026/01/09 11:28 a.m.12 views

CVE-2021-33217

An issue was discovered in CommScope Ruckus IoT Controller 1.7.1.0 and earlier. The Web Application allows Arbitrary Read/Write actions by authenticated users. The API allows an HTTP POST of arbitrary content into any file on the filesystem as root...

9CVSS6.8AI score0.01376EPSS
Exploits2References1
redhatcve
redhatcve
added 2026/01/09 8:57 a.m.7 views

CVE-2023-31403

SAP Business One installation - version 10.0, does not perform proper authentication and authorization checks for SMB shared folder. As a result, any malicious user can read and write to the SMB shared folder. Additionally, the files in the folder can be executed or be used by the installation...

9.6CVSS7AI score0.00436EPSS
Exploits0References1
nvd
nvd
added 2025/12/16 11:15 a.m.5 views

CVE-2025-0836

Missing Authorization vulnerability in Milestone Systems XProtect VMS allows users with read-only access to Management Server to have full read/write access to MIP Webhooks API...

6.3CVSS0.00186EPSS
Exploits0References2
cve
cve
added 2025/12/16 11:2 a.m.13 views

CVE-2025-0836

CVE-2025-0836 – Milestone XProtect VMS is described as a Missing Authorization vulnerability where users with read-only access to the Management Server can obtain full read/write access to the MIP Webhooks API. The issue is documented across multiple feeds (NVD, Red Hat, ENISA EUVD, CVE and vendo...

6.3CVSS6.5AI score0.00186EPSS
Exploits0References2
cnnvd
cnnvd
added 2025/12/16 12:0 a.m.6 views

Milestone Systems XProtect VMS 安全漏洞

Milestone Systems XProtect VMS is a video management software from Milestone Systems, USA. A security vulnerability exists in Milestone Systems XProtect VMS that stems from an authorization gap that could result in a read-only user gaining full read and write access to the MIP Webhooks API...

6.3CVSS6.7AI score0.00186EPSS
Exploits0References2
cvelist
cvelist
added 2025/12/10 9:59 p.m.40 views

CVE-2025-66474 XWiki vulnerable to remote code execution through insufficient protection against {{/html}} injection

XWiki Rendering is a generic rendering system that converts textual input in a given syntax wiki syntax, HTML, etc into another syntax XHTML, etc. Versions 16.10.9 and below, 17.0.0-rc-1 through 17.4.2 and 17.5.0-rc-1 through 17.5.0 have insufficient protection against /html injection, which...

8.7CVSS0.00893EPSS
Exploits1References7
redhatcve
redhatcve
added 2025/12/10 11:33 a.m.15 views

CVE-2025-40830

A vulnerability has been identified in SINEC Security Monitor All versions V4.10.0. The affected application does not have proper authorization checks for the filetransfer feature in ssmctl-client command. This could allow an authenticated, lowly privileged local attacker to read or write to any...

8.4CVSS6.5AI score0.00137EPSS
Exploits0References1
redhatcve
redhatcve
added 2025/10/10 4:20 p.m.6 views

CVE-2025-59980

An Authentication Bypass by Primary Weakness in the FTP server of Juniper Networks Junos OS allows an unauthenticated, network-based attacker to get limited read-write access to files on the device. When the FTP server is enabled and a user named "ftp" or "anonymous" is configured, that user can...

6.9CVSS7AI score0.00275EPSS
Exploits0References1
euvd
euvd
added 2025/10/09 6:30 p.m.4 views

EUVD-2025-33387

An Authentication Bypass by Primary Weakness in the FTP server of Juniper Networks Junos OS allows an unauthenticated, network-based attacker to get limited read-write access to files on the device. When the FTP server is enabled and a user named "ftp" or "anonymous" is configured, that user can...

6.9CVSS6.6AI score0.00275EPSS
Exploits0References2
nvd
nvd
added 2025/10/09 5:15 p.m.5 views

CVE-2025-59980

An Authentication Bypass by Primary Weakness in the FTP server of Juniper Networks Junos OS allows an unauthenticated, network-based attacker to get limited read-write access to files on the device. When the FTP server is enabled and a user named "ftp" or "anonymous" is configured, that user can...

6.9CVSS0.00275EPSS
Exploits0References1
osv
osv
added 2025/10/09 5:15 p.m.3 views

CVE-2025-59980

An Authentication Bypass by Primary Weakness in the FTP server of Juniper Networks Junos OS allows an unauthenticated, network-based attacker to get limited read-write access to files on the device. When the FTP server is enabled and a user named "ftp" or "anonymous" is configured, that user can...

6.9CVSS5.8AI score0.00275EPSS
Exploits0References1
cvelist
cvelist
added 2025/10/09 4:5 p.m.12 views

CVE-2025-59980 Junos OS: When a user with the name ftp or anonymous is configured unauthenticated filesystem access is allowed

An Authentication Bypass by Primary Weakness in the FTP server of Juniper Networks Junos OS allows an unauthenticated, network-based attacker to get limited read-write access to files on the device. When the FTP server is enabled and a user named "ftp" or "anonymous" is configured, that user can...

6.9CVSS0.00275EPSS
Exploits0References1
cve
cve
added 2025/10/09 4:5 p.m.15 views

CVE-2025-59980

Summary of CVE-2025-59980 : Juniper Networks Junos OS FTP server contains an authentication bypass. When the FTP server is enabled and a user named “ftp” or “anonymous” exists, an unauthenticated attacker can log in without a password and gain read/write access to the user’s home directory. Affec...

6.9CVSS6.7AI score0.00275EPSS
Exploits0References1Affected Software1
vulnrichment
vulnrichment
added 2025/10/09 4:5 p.m.4 views

CVE-2025-59980 Junos OS: When a user with the name ftp or anonymous is configured unauthenticated filesystem access is allowed

An Authentication Bypass by Primary Weakness in the FTP server of Juniper Networks Junos OS allows an unauthenticated, network-based attacker to get limited read-write access to files on the device. When the FTP server is enabled and a user named "ftp" or "anonymous" is configured, that user can...

6.9CVSS6.7AI score0.00275EPSS
Exploits0References1
ptsecurity
ptsecurity
added 2025/10/09 12:0 a.m.8 views

PT-2025-41416

Name of the Vulnerable Software and Affected Versions Juniper Networks Junos OS versions prior to 22.4R3-S8 Juniper Networks Junos OS versions 23.2 through 23.2R2-S3 Juniper Networks Junos OS versions 23.4 through 23.4R2 Description An authentication bypass exists in the FTP server of Juniper...

6.9CVSS7AI score0.00275EPSS
Exploits0References3
euvd
euvd
added 2025/10/08 12:31 a.m.5 views

EUVD-2025-31868

EUVD-2025-31868...

6.5CVSS6.5AI score0.00306EPSS
Exploits1References6
huntr
huntr
added 2025/10/07 8:15 a.m.8 views

MLFlow server is exposed to data exfiltration and destruction due to lack of Origin validation

The MLFlow REST server is vulnerable to DNS rebinding attacks, allowing malicious websites to bypass Same-Origin Policy protections and execute unauthorized calls against REST endpoints. Once rebinding is successful, the attacker can: Query for experiments via the 2.0/mlflow/experiments/search...

8.1CVSS6AI score0.00193EPSS
Exploits1
euvd
euvd
added 2025/10/07 12:30 a.m.6 views

EUVD-2001-0203

Malware in sbrugna...

10CVSS6.4AI score0.02301EPSS
Exploits1References4
Rows per page
Query Builder