3052 matches found
The vulnerability of the web interface of the cross-platform FTP server CrushFTP allows a hacker to execute arbitrary code with elevated privileges.
The vulnerability of the cross-platform FTP server CrushFTP lies in the use of an unprotected alternative channel. Exploiting this vulnerability allows a malicious actor to execute arbitrary code with elevated privileges by replacing the administrative user with the default user...
pcs security update
0.10.18-2.0.1.6 - Replace HAM-logo.png with a generic one 0.10.18-2.el810.6 - Fixed CVE-2024-49761 by updating rubygem rexml Resolves: RHEL-98708...
[SECURITY] Fedora 42 Update: luajit-2.1.1748459687-2.fc42
LuaJIT implements the full set of language features defined by Lua 5.1. The virtual machine VM is API- and ABI-compatible to the standard Lua interpreter and can be deployed as a drop-in replacement...
[SECURITY] Fedora 41 Update: rust-procs-0.14.10-2.fc41
A modern replacement for ps...
CVE-2025-38295 perf/amlogic: Replace smp_processor_id() with raw_smp_processor_id() in meson_ddr_pmu_create()
In the Linux kernel, the following vulnerability has been resolved: perf/amlogic: Replace smpprocessorid with rawsmpprocessorid in mesonddrpmucreate The Amlogic DDR PMU driver mesonddrpmucreate function incorrectly uses smpprocessorid, which assumes disabled preemption. This leads to kernel...
CVE-2025-41667 Phoenix Contact: File access due to the replacement of a critical file used by the arp-preinit script
A low privileged remote attacker with file access can replace a critical file used by the arp-preinit script to get read, write and execute access to any file on the device...
CVE-2025-41667
Phoenix Contact devices (e.g., AXC F 1152 and related products) are listed under CVE-2025-41667. A low-privileged remote attacker with file access can replace a critical file used by the arp-preinit script, enabling read, write, and execute access to arbitrary files on the device. Impact is descr...
CVE-2025-41666 Phoenix Contact: File access due to the replacement of a critical file used by the watchdog
A low privileged remote attacker with file access can replace a critical file used by the watchdog to get read, write and execute access to any file on the device after the watchdog has been initialized...
CVE-2025-41666 Phoenix Contact: File access due to the replacement of a critical file used by the watchdog
A low privileged remote attacker with file access can replace a critical file used by the watchdog to get read, write and execute access to any file on the device after the watchdog has been initialized...
CVE-2025-41666
The CVE-2025-41666 entry concerns Phoenix Contact devices (e.g., AXC F 1152 and related products) where a low-privileged, remote attacker with file access can replace a critical watchdog file, enabling read/write/execute access to arbitrary files after watchdog initialization. Affected component ...
AIDE 0.19.1
AIDE Advanced Intrusion Detection Environment is a free replacement for Tripwiretm. It generates a database that can be used to check the integrity of files on server. It uses regular expressions for determining which files get added to the database. You can use several message digest algorithms ...
Attention Slipping: a Mechanistic Understanding of Jailbreak Attacks and Defenses in LLMs
As large language models LLMs become more integral to society and technology, ensuring their safety becomes essential. Jailbreak attacks exploit vulnerabilities to bypass safety guardrails, posing a significant threat. However, the mechanisms enabling these attacks are not well understood. In thi...
LF Edge eKuiper vulnerable to File Path Traversal leading to file replacement
Summary Path traversal is also known as directory traversal. These vulnerabilities enable an attacker to read arbitrary files on the server that is running an application. In this case, an attacker might be able to write to arbitrary files on the server, allowing them to modify application data o...
uri: userinfo leakage in URI#join, URI#merge and URI#+
A flaw was found in the URI ruby gem package, where userinfo leakage can occur in the uri gem. The methods URIjoin, URImerge, and URI+ retained userinfo, such as user:password, even after the host is replaced. When generating a URL to a malicious host from a URL containing secret userinfo using...
vBulletin replaceAdTemplate Remote Code Execution
This module exploits a design flaw in vBulletin's AJAX API handler and template rendering system, present in versions 5.0.0 through 6.0.3. The vulnerability allows unauthenticated attackers to invoke protected controller methods via the ajax/api/ad/replaceAdTemplate endpoint, due to improper use ...
CVE-2025-6559
Multiple wireless router models from Sapido have an OS Command Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary OS commands and execute them on the server. The affected models are out of support; replacing the device is recommended...
CVE-2025-6560
Multiple wireless router models from Sapido have an Exposure of Sensitive Information vulnerability, allowing unauthenticated remote attackers to directly access a system configuration file and obtain plaintext administrator credentials. The affected models are out of support; replacing the devic...
Parsons Utility Enterprise Data Management 跨站脚本漏洞
Parsons Utility Enterprise Data Management is an operational data solution from Parsons, Inc. A cross-site scripting vulnerability exists in Parsons Utility Enterprise Data Management, which can be exploited by an unauthenticated user to replace an RSS feed URL with a malicious URL...
CodeGuard: a Generalized and Stealthy Backdoor Watermarking for Generative Code Models
Generative code models GCMs significantly enhance development efficiency through automated code generation and code summarization. However, building and training these models require computational resources and time, necessitating effective digital copyright protection to prevent unauthorized lea...
CVE-2025-32978
Quest KACE Systems Management Appliance SMA 13.0.x before 13.0.385, 13.1.x before 13.1.81, 13.2.x before 13.2.183, 14.0.x before 14.0.341 Patch 5, and 14.1.x before 14.1.101 Patch 4 allows unauthenticated users to replace system licenses through a web interface intended for license renewal...