Lucene search
K

345 matches found

OSV
OSV
added 2025/08/06 2:15 a.m.2 views

CVE-2025-8643

Kenwood DMX958XR Firmware Update Command Injection Vulnerability. This vulnerability allows physically present attackers to execute arbitrary code on affected installations of Kenwood DMX958XR devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within t...

6.8CVSS6.2AI score0.009EPSS
Exploits0References1
OSV
OSV
added 2025/08/06 2:15 a.m.6 views

CVE-2025-8628

Kenwood DMX958XR Firmware Update Command Injection Vulnerability. This vulnerability allows physically present attackers to execute arbitrary code on affected installations of Kenwood DMX958XR devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within t...

6.8CVSS6.2AI score0.0094EPSS
Exploits0References1
SUSE CVE
SUSE CVE
added 2025/07/23 11:23 p.m.3 views

SUSE CVE-2025-46811

A Missing Authorization vulnerability in SUSE Linux Manager allows anyone with the ability to connect to port 443 of SUSE Manager is able to run any command as root on any client. This issue affects Container suse/manager/5.0/x8664/server:5.0.5.7.30.1: from ? before 5.0.27-150600.3.33.1; Image...

9.8CVSS7AI score0.10353EPSS
Exploits1References6
CNVD
CNVD
added 2025/07/08 12:0 a.m.3 views

Google ChromeOS Elevation of Privilege Vulnerability

Google ChromeOS is an operating system from the American company Google. Google ChromeOS suffers from an elevation of privilege vulnerability that originates from debug shell accessibility, which can be exploited by an attacker to access restricted system functions and data via elevation of...

7.4CVSS7.4AI score0.00084EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/07/01 2:46 p.m.7 views

CVE-2025-34055 AVTECH IP camera, DVR, and NVR Devices Authenticated Root Command Execution

An OS command injection vulnerability exists in AVTECH DVR, NVR, and IP camera devices within the adcommand.cgi endpoint, which interfaces with the ActionD daemon. Authenticated users can invoke the DoShellCmd operation, passing arbitrary input via the strCmd parameter. This input is executed...

9.4CVSS8.3AI score0.01531EPSS
Exploits0References5
VulnCheck KEV
VulnCheck KEV
added 2025/06/26 12:0 a.m.3 views

VulnCheck KEV: CVE-2025-34042

An authenticated command injection vulnerability exists in the Beward N100 IP Camera firmware version M2.1.6.04C014 via the ServerName and TimeZone parameters in the servetest CGI page. An attacker with access to the web interface can inject arbitrary system commands into these parameters, which...

9.4CVSS6.6AI score0.01763EPSS
In wildExploits1References30
OSV
OSV
added 2025/06/20 7:15 p.m.4 views

CVE-2025-34029

An OS command injection vulnerability exists in the Edimax EW-7438RPn Mini firmware version 1.13 and prior via the syscmd.asp form handler. The /goform/formSysCmd endpoint exposes a system command interface through the sysCmd parameter. A remote authenticated attacker can submit arbitrary shell...

8.8CVSS6.2AI score0.0347EPSS
Exploits1References4
Amazon
Amazon
added 2025/06/10 12:0 a.m.4 views

Medium: ecs-init

Issue Overview: containerd is an open-source container runtime. A bug was found in containerd prior to versions 1.6.38, 1.7.27, and 2.0.4 where containers launched with a User set as a UID:GID larger than the maximum 32-bit signed integer can cause an overflow condition where the container...

7.8CVSS7.7AI score0.00275EPSS
Exploits1
Amazon
Amazon
added 2025/06/02 12:0 a.m.5 views

Medium: docker

Issue Overview: containerd is an open-source container runtime. A bug was found in containerd prior to versions 1.6.38, 1.7.27, and 2.0.4 where containers launched with a User set as a UID:GID larger than the maximum 32-bit signed integer can cause an overflow condition where the container...

7.8CVSS7.7AI score0.00275EPSS
Exploits1
SUSE CVE
SUSE CVE
added 2025/05/29 2:9 a.m.3 views

SUSE CVE-2025-32801

Kea configuration and API directives can be used to load a malicious hook library. Many common configurations run Kea as root, leave the API entry points unsecured by default, and/or place the control sockets in insecure paths. This issue affects Kea versions 2.4.0 through 2.4.1, 2.6.0 through...

7.8CVSS7AI score0.00233EPSS
Exploits0References6
SUSE CVE
SUSE CVE
added 2025/05/29 2:9 a.m.4 views

SUSE CVE-2025-32802

Kea configuration and API directives can be used to overwrite arbitrary files, subject to permissions granted to Kea. Many common configurations run Kea as root, leave the API entry points unsecured by default, and/or place the control sockets in insecure paths. This issue affects Kea versions...

6.1CVSS7.1AI score0.00195EPSS
Exploits0References6
OSV
OSV
added 2025/05/28 12:0 a.m.2 views

UBUNTU-CVE-2025-32801

Kea configuration and API directives can be used to load a malicious hook library. Many common configurations run Kea as root, leave the API entry points unsecured by default, and/or place the control sockets in insecure paths. This issue affects Kea versions 2.4.0 through 2.4.1, 2.6.0 through...

7.8CVSS5.8AI score0.00233EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2025/05/22 7:25 p.m.8 views

CVE-2021-25311

condorcredd in HTCondor before 8.9.11 allows Directory Traversal outside the SECCREDENTIALDIRECTORYOAUTH directory, as demonstrated by creating a file under /etc that will later be executed by root...

9.9CVSS6.8AI score0.03164EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 5:1 p.m.12 views

CVE-2020-27151

An issue was discovered in Kata Containers through 1.11.3 and 2.x through 2.0-rc1. The runtime will execute binaries given using annotations without any kind of validation. Someone who is granted access rights to a cluster will be able to have kata-runtime execute arbitrary binaries as root on th...

9CVSS7.4AI score0.0202EPSS
Exploits1
RedhatCVE
RedhatCVE
added 2025/05/22 3:22 p.m.8 views

CVE-2020-25758

An issue was discovered on D-Link DSR-250 3.17 devices. Insufficient validation of configuration file checksums could allow a remote, authenticated attacker to inject arbitrary crontab entries into saved configurations before uploading. These entries are executed as root...

9CVSS6.8AI score0.01236EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/22 7:4 a.m.4 views

CVE-2019-14920

Billion Smart Energy Router SG600R2 Firmware v3.02.rc6 allows an authenticated attacker to gain root execution privileges over the device via a hidden etcro/web/adm/systemcommand.asp shell feature...

9CVSS7.1AI score0.02238EPSS
Exploits1References1
NVD
NVD
added 2025/04/19 7:15 p.m.23 views

CVE-2025-43917

In Pritunl Client before 1.3.4220.57, an administrator with access to /Applications can escalate privileges after uninstalling the product. Specifically, an administrator can insert a new file at the pathname of the removed pritunl-service file. This file then is executed by a LaunchDaemon as roo...

8.2CVSS0.00138EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2025/04/11 1:15 p.m.4 views

CVE-2024-13861

A code injection vulnerability in the Debian package component of Taegis Endpoint Agent Linux versions older than 1.3.10 allows local users arbitrary code execution as root. Redhat-based systems using RPM packages are not affected...

7.8CVSS6.3AI score0.00181EPSS
Exploits0References2
OSV
OSV
added 2025/03/29 6:24 a.m.5 views

OESA-2025-1349 containerd security update

containerd is an industry-standard container runtime with an emphasis on simplicity, robustness and portability. It is available as a daemon for Linux and Windows, which can manage the complete container lifecycle of its host system: image transfer and storage, container execution and supervision...

7.8CVSS7.1AI score0.00275EPSS
Exploits1References2
OSV
OSV
added 2025/03/21 1:19 p.m.4 views

OESA-2025-1325 containerd security update

containerd is an industry-standard container runtime with an emphasis on simplicity, robustness and portability. It is available as a daemon for Linux and Windows, which can manage the complete container lifecycle of its host system: image transfer and storage, container execution and supervision...

7.8CVSS7.1AI score0.00275EPSS
Exploits1References2
Rows per page
Query Builder