Lucene search
K

120 matches found

Positive Technologies
Positive Technologies
added 2025/10/13 12:0 a.m.5 views

PT-2025-41741

Name of the Vulnerable Software and Affected Versions UTT HiPER 2620G versions through 3.1.4 Description A flaw exists in UTT HiPER 2620G up to version 3.1.4. The strcpy function within the /goform/fNTP file is susceptible to a buffer overflow when the NTPServerIP argument is manipulated. This...

9CVSS8AI score0.00677EPSS
Exploits1References12
EUVD
EUVD
added 2025/10/07 12:30 a.m.7 views

EUVD-2006-0648

Malware in sbrugna...

2.6CVSS6.4AI score0.00802EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2015-8217

Malware in sbrugna...

7.1CVSS7AI score0.00792EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2019-7291

Malware in sbrugna...

7.5CVSS7.5AI score0.01472EPSS
Exploits1References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2022-47147

Malicious code in bioql PyPI...

9.8CVSS9.4AI score0.01091EPSS
Exploits1References2
CVE
CVE
added 2025/09/18 1:2 a.m.23 views

CVE-2025-10634

CVE-2025-10634 affects D-Link DIR-823X routers (versions 240126, 240802, 250416). The issue is in the Environment Variable Handler’s /usr/sbin/goahead component, specifically function sub_412E7C, where manipulating arguments terminal_addr/server_ip/server_port enables remote command injection. Th...

8.8CVSS6.5AI score0.07359EPSS
Exploits1References6Affected Software1
Vulnrichment
Vulnrichment
added 2025/09/16 12:20 p.m.2 views

CVE-2025-55114 BMC Control-M/Agent improper IP address filtering order

The improper order of AUTHORIZEDCTMIP validation in the Control-M/Agent, where the Control-M/Server IP address is validated only after the SSL/TLS handshake is completed, exposes the Control-M/Agent to vulnerabilities in the SSL/TLS implementation under certain non-default conditions e.g...

6.9CVSS6.6AI score0.00362EPSS
Exploits0References2
CVE
CVE
added 2025/09/16 12:20 p.m.19 views

CVE-2025-55114

The CVE-2025-55114 entry concerns BMC Control-M/Agent. The root cause is the improper ordering of AUTHORIZED_CTM_IP validation, where the Server IP is validated only after an SSL/TLS handshake, exposing the agent to issues in the SSL/TLS implementation under certain non-default conditions (relate...

6.9CVSS6.3AI score0.00362EPSS
Exploits0References2
OSV
OSV
added 2025/07/25 9:15 p.m.5 views

CVE-2025-8170

A vulnerability classified as critical was found in TOTOLINK T6 4.1.5cu.748B20211015. This vulnerability affects the function tcpchecknet of the file /router/meshSlaveDlfw of the component MQTT Packet Handler. The manipulation of the argument serverIp leads to buffer overflow. The attack can be...

8.7CVSS6.2AI score0.01035EPSS
Exploits1References6
CNVD
CNVD
added 2025/07/25 12:0 a.m.2 views

TOTOLINK T6 serverIp Parameter Buffer Overflow Vulnerability

TOTOLINK T6 is a wireless dual-band router from China's Gion Electronics TOTOLINK. A buffer overflow vulnerability exists in TOTOLINK T6 version 4.1.5cu.748B20211015, which stems from the failure of the parameter serverIp in the MQTT Service to correctly validate the length and size of the input...

9CVSS8.1AI score0.00761EPSS
Exploits1References1
OSV
OSV
added 2025/07/21 12:15 a.m.7 views

CVE-2025-7913

A vulnerability, which was classified as critical, was found in TOTOLINK T6 4.1.5cu.748B20211015. Affected is the function updateWifiInfo of the component MQTT Service. The manipulation of the argument serverIp leads to buffer overflow. It is possible to launch the attack remotely. The exploit ha...

8.7CVSS6.1AI score0.00761EPSS
Exploits1References6
RedhatCVE
RedhatCVE
added 2025/05/22 3:27 p.m.11 views

CVE-2020-27621

The FileImporter extension in MediaWiki through 1.35.0 was not properly attributing various user actions to a specific user's IP address. Instead, for various actions, it would report the IP address of an internal Wikimedia Foundation server by omitting X-Forwarded-For data. This resulted in an...

4.3CVSS6.7AI score0.007EPSS
Exploits1
RedhatCVE
RedhatCVE
added 2025/04/28 7:11 p.m.10 views

CVE-2022-39178

Webvendome - webvendome Internal Server IP Disclosure. Send GET Request to the request which is shown in the picture. Internal Server IP and Full path disclosure...

5.3CVSS5.3AI score0.00583EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/04/17 8:15 p.m.23 views

CVE-2025-32012

Jellyfin is an open source self hosted media server. In versions 10.9.0 to before 10.10.7, the /System/Restart endpoint provides administrators the ability to restart their Jellyfin server. This endpoint is intended to be admins-only, but it also authorizes requests from any device in the same...

8.2CVSS7.6AI score0.00675EPSS
Exploits0References1
BDU FSTEC
BDU FSTEC
added 2025/04/11 12:0 a.m.8 views

The vulnerability of the meshSlaveUpdate() function in the microprogramming software for TOTOLINK T8 allows a hacker to execute arbitrary commands.

The vulnerability of the meshSlaveUpdate function in the microprogramming software for TOTOLINK T8 lies in the lack of measures taken to clean data at the control level when processing the serverIp parameter. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands...

10CVSS8.1AI score0.02109EPSS
Exploits1References2Affected Software1
OSV
OSV
added 2025/04/08 2:15 p.m.2 views

CVE-2024-32122

A storing passwords in a recoverable format in Fortinet FortiOS 7.4.0 through 7.4.8, FortiOS 7.2 all versions, FortiOS 7.0 all versions, FortiOS 6.4 all versions allows attacker to information disclosure via modification of LDAP server IP to point to a malicious server...

4.4CVSS5.8AI score0.00194EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/04/03 10:45 p.m.8 views

CVE-2025-31135

Go-Guerrilla SMTP Daemon is a lightweight SMTP server written in Go. Prior to 1.6.7, when ProxyOn is enabled, the PROXY command will be accepted multiple times, with later invocations overriding earlier ones. The proxy protocol only supports one initial PROXY header; anything after that is...

5.3CVSS7.3AI score0.00356EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/02/21 9:27 p.m.7 views

CVE-2025-27090

Sliver is an open source cross-platform adversary emulation/red team framework, it can be used by organizations of all sizes to perform security testing. The reverse port forwarding in sliver teamserver allows the implant to open a reverse tunnel on the sliver teamserver without verifying if the...

6.9CVSS6.7AI score0.00578EPSS
Exploits1References1
NVD
NVD
added 2025/02/19 10:15 p.m.52 views

CVE-2025-27090

Sliver is an open source cross-platform adversary emulation/red team framework, it can be used by organizations of all sizes to perform security testing. The reverse port forwarding in sliver teamserver allows the implant to open a reverse tunnel on the sliver teamserver without verifying if the...

6.9CVSS0.00578EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2025/02/19 9:11 p.m.7 views

CVE-2025-27090 Server-Side Request Forgery (SSRF) in sliver teamserver

Sliver is an open source cross-platform adversary emulation/red team framework, it can be used by organizations of all sizes to perform security testing. The reverse port forwarding in sliver teamserver allows the implant to open a reverse tunnel on the sliver teamserver without verifying if the...

6.9CVSS6.9AI score0.00578EPSS
Exploits1References3
Rows per page
Query Builder