Lucene search
K

131 matches found

CVE
CVE
added 2025/04/28 9:37 a.m.100 views

CVE-2025-3200

CVE-2025-3200 affects the Com-Server component, where an unauthenticated remote attacker could exploit the use of insecure TLS 1.0 and TLS 1.1 to intercept and manipulate encrypted communications between the Com-Server and connected systems. The issue stems from weak cryptographic protocol suppor...

9.1CVSS7.1AI score0.00312EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/04/17 12:0 a.m.13 views

PT-2025-17168 · Unknown · Mapsvg Lite

Name of the Vulnerable Software and Affected Versions: MapSVG Lite versions prior to 8.5.35 Description: The issue allows for the unrestricted upload of files with dangerous types, enabling an attacker to upload a web shell to a web server. This can lead to further exploitation and potential...

9.9CVSS9.5AI score0.00488EPSS
Exploits2References3
NVD
NVD
added 2025/04/16 6:16 p.m.5 views

CVE-2025-32823

A vulnerability has been identified in TeleControl Server Basic All versions V3.1.2.2. The affected application is vulnerable to SQL injection through the internally used 'LockProject' method. This could allow an authenticated remote attacker to bypass authorization controls, to read from and wri...

8.8CVSS0.00683EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/04/16 12:0 a.m.13 views

CVE-2024-55372

Wallos =2.38.2 has a file upload vulnerability in the restore database function, which allows unauthenticated users to restore database by uploading a ZIP file. The contents of the ZIP file are extracted on the server. This functionality enables an unauthenticated attacker to upload malicious fil...

0.00554EPSS
Exploits1References1
CVE
CVE
added 2025/04/16 12:0 a.m.60 views

CVE-2024-55371

CVE-2024-55371 concerns Wallos

9.8CVSS7.3AI score0.00538EPSS
Exploits1References1Affected Software1
Positive Technologies
Positive Technologies
added 2025/03/28 12:0 a.m.8 views

PT-2025-13441 · Unknown · A-Blog Cms

Name of the Vulnerable Software and Affected Versions: a-blog cms affected versions not specified Description: A critical issue exists due to the deserialization of untrusted data in a-blog cms, allowing an attacker to store arbitrary files on the server. This can lead to the execution of arbitra...

7.5CVSS7.5AI score0.00474EPSS
Exploits0References15
Debian CVE
Debian CVE
added 2025/03/27 12:59 a.m.5 views

CVE-2025-30355

Synapse is an open source Matrix homeserver implementation. A malicious server can craft events which, when received, prevent Synapse version up to 1.127.0 from federating with other servers. The vulnerability has been exploited in the wild and has been fixed in Synapse v1.127.1. No known...

7.5CVSS5.2AI score0.01157EPSS
Exploits0
NVD
NVD
added 2025/03/20 10:15 a.m.9 views

CVE-2024-10361

An arbitrary file deletion vulnerability exists in danny-avila/librechat version v0.7.5-rc2, specifically within the /api/files endpoint. This vulnerability arises from improper input validation, allowing path traversal techniques to delete arbitrary files on the server. Attackers can exploit thi...

9.1CVSS0.00914EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2025/03/05 12:0 a.m.7 views

Linux Distros Unpatched Vulnerability : CVE-2021-31535

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - LookupCol.c in X.Org X through X11R7.7 and libX11 before 1.7.1 might allow remote attackers to execute arbitrary code. The libX11 XLookupColor request intended...

9.8CVSS8.6AI score0.10634EPSS
Exploits2References2
RedhatCVE
RedhatCVE
added 2025/02/26 12:24 a.m.10 views

CVE-2025-27364

In MITRE Caldera through 4.2.0 and 5.0.0 before 35bc06e, a Remote Code Execution RCE vulnerability was found in the dynamic agent implant compilation functionality of the server. This allows remote attackers to execute arbitrary code on the server that Caldera is running on via a crafted web...

10CVSS8.4AI score0.23813EPSS
Exploits2References1
Github Security Blog
Github Security Blog
added 2025/02/03 4:2 p.m.13 views

TShock allows chat while not fully connected, possible ban evasion

This issue was reported to TShock by @ohayo, but was found by the Discord user by the name of sofurry.com. Please note that this user does not own this domain on the internet, just the discord handle. TShock overrides certain Terraria vanilla systems, including chat, and the connection handling,...

7AI score
Exploits0References3Affected Software1
Vulnrichment
Vulnrichment
added 2025/01/14 5:57 p.m.9 views

CVE-2024-12087 Rsync: path traversal vulnerability in rsync

A path traversal vulnerability exists in rsync. It stems from behavior enabled by the --inc-recursive option, a default-enabled option for many client options and can be enabled by the server even if not explicitly enabled by the client. When using the --inc-recursive option, a lack of proper...

6.5CVSS8AI score0.02224EPSS
Exploits1References16
Positive Technologies
Positive Technologies
added 2025/01/01 12:0 a.m.4 views

PT-2025-22321

Name of the Vulnerable Software and Affected Versions libsoup versions 2.4 through 3 Description A flaw was found in the libsoup package due to its failure to correctly verify the termination of multipart HTTP messages. This can allow a remote attacker to send a specially crafted multipart HTTP...

6.5CVSS6.9AI score0.00765EPSS
Exploits0References90
OSV
OSV
added 2024/10/16 7:15 a.m.3 views

CVE-2021-4451

The NinjaFirewall plugin for WordPress is vulnerable to Authenticated PHAR Deserialization in versions up to, and including, 4.3.3. This allows authenticated attackers to perform phar deserialization on the server. This deserialization can allow other plugin or theme exploits if vulnerable softwa...

7.2CVSS5.8AI score0.00618EPSS
Exploits0References2
CVE
CVE
added 2024/08/14 11:57 a.m.143 views

CVE-2024-39397

Adobe Commerce (Magento) is affected by CVE-2024-39397: Unrestricted Upload of File with Dangerous Type that could lead to arbitrary code execution. Affected versions include 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier. The issue arises from uploading a dangerous file that is then executed...

9CVSS9.2AI score0.01096EPSS
Exploits0References1Affected Software1
Veracode
Veracode
added 2024/06/18 6:12 a.m.13 views

Code Injection

nukeviet/nukeviet is vulnerable to Code Injection. The vulnerability is due to improper validation in the /admin/extensions/upload.php component. An attacker can exploit this vulnerability to execute arbitrary code on the server...

5.7CVSS7.8AI score0.00433EPSS
Exploits1References2Affected Software1
GithubExploit
GithubExploit
added 2024/04/23 9:31 a.m.527 views

Exploit for Code Injection in Crushftp

CVE-2024-4040 - exploit scanners This repository contains fil...

10CVSS8.1AI score0.99539EPSS
Exploits22
hivepro
hivepro
added 2024/03/21 5:54 a.m.23 views

Earth Krahang APT Campaign Targeting Global Governments

Summary: Earth Krahang, an APT campaign since 2022, targets global government entities, employing spear phishing and server exploitation tactics. Operating independently but with potential links to Chinese threat actors, it utilizes malware like Cobalt Strike and XDealer for espionage, urging...

7.4AI score
Exploits0
Prion
Prion
added 2024/01/18 3:15 p.m.18 views

Design/Logic Flaw

This issue affects Progress Application Server PAS for OpenEdge in versions 11.7 prior to 11.7.18, 12.2 prior to 12.2.13, and innovation releases prior to 12.8.0. An attacker can formulate a request for a WEB transport that allows unintended file uploads to a server directory path on the system...

6.5CVSS7.1AI score0.00557EPSS
Exploits0References2Affected Software2
RedHat Linux
RedHat Linux
added 2023/07/18 8:33 a.m.4 views

curl: HTTP multi-header compression denial of service

A flaw was found in the Curl package. A malicious server can insert an unlimited number of compression steps. This decompression chain could result in out-of-memory errors...

6.5CVSS6.8AI score0.01703EPSS
Exploits1References5
Rows per page
Query Builder