Lucene search
K

3052 matches found

BDU FSTEC
BDU FSTEC
added 2025/07/21 12:0 a.m.5 views

The vulnerability of the web interface of the cross-platform FTP server CrushFTP allows a hacker to execute arbitrary code with elevated privileges.

The vulnerability of the cross-platform FTP server CrushFTP lies in the use of an unprotected alternative channel. Exploiting this vulnerability allows a malicious actor to execute arbitrary code with elevated privileges by replacing the administrative user with the default user...

9CVSS8AI score0.92034EPSS
Exploits7References3Affected Software1
Oracle linux
Oracle linux
added 2025/07/15 12:0 a.m.7 views

pcs security update

0.10.18-2.0.1.6 - Replace HAM-logo.png with a generic one 0.10.18-2.el810.6 - Fixed CVE-2024-49761 by updating rubygem rexml Resolves: RHEL-98708...

8.7CVSS7.9AI score0.01429EPSS
Exploits0
Fedora
Fedora
added 2025/07/12 1:46 a.m.13 views

[SECURITY] Fedora 42 Update: luajit-2.1.1748459687-2.fc42

LuaJIT implements the full set of language features defined by Lua 5.1. The virtual machine VM is API- and ABI-compatible to the standard Lua interpreter and can be deployed as a drop-in replacement...

9.8CVSS6.3AI score0.00536EPSS
Exploits2
Fedora
Fedora
added 2025/07/10 4:30 p.m.7 views

[SECURITY] Fedora 41 Update: rust-procs-0.14.10-2.fc41

A modern replacement for ps...

7.4AI score
Exploits0
Cvelist
Cvelist
added 2025/07/10 7:42 a.m.10 views

CVE-2025-38295 perf/amlogic: Replace smp_processor_id() with raw_smp_processor_id() in meson_ddr_pmu_create()

In the Linux kernel, the following vulnerability has been resolved: perf/amlogic: Replace smpprocessorid with rawsmpprocessorid in mesonddrpmucreate The Amlogic DDR PMU driver mesonddrpmucreate function incorrectly uses smpprocessorid, which assumes disabled preemption. This leads to kernel...

0.00153EPSS
Exploits0References4
Cvelist
Cvelist
added 2025/07/08 7:3 a.m.7 views

CVE-2025-41667 Phoenix Contact: File access due to the replacement of a critical file used by the arp-preinit script

A low privileged remote attacker with file access can replace a critical file used by the arp-preinit script to get read, write and execute access to any file on the device...

8.8CVSS0.00502EPSS
Exploits0References1
CVE
CVE
added 2025/07/08 7:3 a.m.17 views

CVE-2025-41667

Phoenix Contact devices (e.g., AXC F 1152 and related products) are listed under CVE-2025-41667. A low-privileged remote attacker with file access can replace a critical file used by the arp-preinit script, enabling read, write, and execute access to arbitrary files on the device. Impact is descr...

8.8CVSS6.8AI score0.00502EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/07/08 7:3 a.m.9 views

CVE-2025-41666 Phoenix Contact: File access due to the replacement of a critical file used by the watchdog

A low privileged remote attacker with file access can replace a critical file used by the watchdog to get read, write and execute access to any file on the device after the watchdog has been initialized...

8.8CVSS0.00502EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/07/08 7:3 a.m.2 views

CVE-2025-41666 Phoenix Contact: File access due to the replacement of a critical file used by the watchdog

A low privileged remote attacker with file access can replace a critical file used by the watchdog to get read, write and execute access to any file on the device after the watchdog has been initialized...

8.8CVSS7.4AI score0.00502EPSS
Exploits0References1
CVE
CVE
added 2025/07/08 7:3 a.m.21 views

CVE-2025-41666

The CVE-2025-41666 entry concerns Phoenix Contact devices (e.g., AXC F 1152 and related products) where a low-privileged, remote attacker with file access can replace a critical watchdog file, enabling read/write/execute access to arbitrary files after watchdog initialization. Affected component ...

8.8CVSS6.8AI score0.00502EPSS
Exploits0References1
Packet Storm News
Packet Storm News
added 2025/07/07 12:0 a.m.4 views

AIDE 0.19.1

AIDE Advanced Intrusion Detection Environment is a free replacement for Tripwiretm. It generates a database that can be used to check the integrity of files on server. It uses regular expressions for determining which files get added to the database. You can use several message digest algorithms ...

7AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/07/06 12:0 a.m.3 views

Attention Slipping: a Mechanistic Understanding of Jailbreak Attacks and Defenses in LLMs

As large language models LLMs become more integral to society and technology, ensuring their safety becomes essential. Jailbreak attacks exploit vulnerabilities to bypass safety guardrails, posing a significant threat. However, the mechanisms enabling these attacks are not well understood. In thi...

7.4AI score
Exploits0
Github Security Blog
Github Security Blog
added 2025/07/03 2:18 p.m.3 views

LF Edge eKuiper vulnerable to File Path Traversal leading to file replacement

Summary Path traversal is also known as directory traversal. These vulnerabilities enable an attacker to read arbitrary files on the server that is running an application. In this case, an attacker might be able to write to arbitrary files on the server, allowing them to modify application data o...

7.3AI score
Exploits0References3Affected Software2
RedHat Linux
RedHat Linux
added 2025/07/02 2:32 p.m.6 views

uri: userinfo leakage in URI#join, URI#merge and URI#+

A flaw was found in the URI ruby gem package, where userinfo leakage can occur in the uri gem. The methods URIjoin, URImerge, and URI+ retained userinfo, such as user:password, even after the host is replaced. When generating a URL to a malicious host from a URL containing secret userinfo using...

5.3CVSS5.8AI score0.00472EPSS
Exploits0References6
Metasploit
Metasploit
added 2025/06/29 6:53 p.m.586 views

vBulletin replaceAdTemplate Remote Code Execution

This module exploits a design flaw in vBulletin's AJAX API handler and template rendering system, present in versions 5.0.0 through 6.0.3. The vulnerability allows unauthenticated attackers to invoke protected controller methods via the ajax/api/ad/replaceAdTemplate endpoint, due to improper use ...

5.9AI score
Exploits0
RedhatCVE
RedhatCVE
added 2025/06/26 3:12 a.m.18 views

CVE-2025-6559

Multiple wireless router models from Sapido have an OS Command Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary OS commands and execute them on the server. The affected models are out of support; replacing the device is recommended...

9.8CVSS8.4AI score0.01672EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/06/26 3:12 a.m.8 views

CVE-2025-6560

Multiple wireless router models from Sapido have an Exposure of Sensitive Information vulnerability, allowing unauthenticated remote attackers to directly access a system configuration file and obtain plaintext administrator credentials. The affected models are out of support; replacing the devic...

9.8CVSS7.4AI score0.00557EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/06/25 12:0 a.m.1 views

Parsons Utility Enterprise Data Management 跨站脚本漏洞

Parsons Utility Enterprise Data Management is an operational data solution from Parsons, Inc. A cross-site scripting vulnerability exists in Parsons Utility Enterprise Data Management, which can be exploited by an unauthenticated user to replace an RSS feed URL with a malicious URL...

8.8CVSS6AI score0.00346EPSS
Exploits0References2
Packet Storm News
Packet Storm News
added 2025/06/25 12:0 a.m.1 views

CodeGuard: a Generalized and Stealthy Backdoor Watermarking for Generative Code Models

Generative code models GCMs significantly enhance development efficiency through automated code generation and code summarization. However, building and training these models require computational resources and time, necessitating effective digital copyright protection to prevent unauthorized lea...

7.1AI score
Exploits0
NVD
NVD
added 2025/06/24 3:15 p.m.4 views

CVE-2025-32978

Quest KACE Systems Management Appliance SMA 13.0.x before 13.0.385, 13.1.x before 13.1.81, 13.2.x before 13.2.183, 14.0.x before 14.0.341 Patch 5, and 14.1.x before 14.1.101 Patch 4 allows unauthenticated users to replace system licenses through a web interface intended for license renewal...

7.5CVSS0.00906EPSS
Exploits0References4
Rows per page
Query Builder