Lucene search
K

3869 matches found

Vulnrichment
Vulnrichment
added 2025/12/28 8:32 a.m.3 views

CVE-2025-15128 ZKTeco BioTime Endpoint safe_setting credentials storage

A vulnerability was detected in ZKTeco BioTime up to 9.0.3/9.0.4/9.5.2. This affects an unknown part of the file /base/safesetting/ of the component Endpoint. Performing a manipulation of the argument backupencryptionpassworddecrypt/exportencryptionpassworddecrypt results in unprotected storage o...

6.9CVSS5.5AI score0.00272EPSS
Exploits0References6
CVE
CVE
added 2025/12/28 8:32 a.m.22 views

CVE-2025-15128

ZKTeco BioTime Endpoint (affected: up to 9.0.3/9.0.4/9.5.2) contains a vulnerability in the file /base/safe_setting/ within the Endpoint component. Manipulating the arguments backup_encryption_password_decrypt/export_encryption_password_decrypt can lead to unprotected storage of credentials. Remo...

6.9CVSS5.5AI score0.00272EPSS
Exploits0References6
CNNVD
CNNVD
added 2025/12/28 12:0 a.m.3 views

Tenda WH450 安全漏洞

Tenda WH450 is a wireless access point from Tenda China. A security vulnerability exists in Tenda WH450 version 1.0.0.18, which originates from an incorrect operation of the parameter delno in the file /goform/PPTPUserSetting, which may result in a stack buffer overflow...

8.6CVSS7.4AI score0.01002EPSS
Exploits1References6
Positive Technologies
Positive Technologies
added 2025/12/24 12:0 a.m.3 views

PT-2025-53138

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A memory leak exists in the nsim bus dev new function within the netdevsim module of the Linux kernel. If device register fails during the execution of this function, the dev reference i...

6.4AI score0.00195EPSS
Exploits0References15
CNNVD
CNNVD
added 2025/12/24 12:0 a.m.25 views

LogicalDOC Enterprise 安全漏洞

LogicalDOC Enterprise is a document management system from LogicalDOC Italy. A security vulnerability exists in LogicalDOC Enterprise version 7.7.4, which originates from insufficient validation of binary paths when modifying system settings, and may result in the execution of operating system...

8.7CVSS6.9AI score0.0035EPSS
Exploits1References3
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/12/23 8:35 a.m.5 views

Malicious code in vite-react-setting (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a8a246e42e62b3ccd2cac32fc43c833154af9a78ee11e47c84bad10cf7895b25 The package vite-react-setting was found to contain malicious code...

7AI score
Exploits0
OSV
OSV
added 2025/12/23 8:35 a.m.1 views

MAL-2025-192884 Malicious code in vite-react-setting (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a8a246e42e62b3ccd2cac32fc43c833154af9a78ee11e47c84bad10cf7895b25 The package vite-react-setting was found to contain malicious code...

6.8AI score
Exploits0
NVD
NVD
added 2025/12/22 7:15 p.m.3 views

CVE-2025-26787

An error in the SignServer container startup logic was found in Keyfactor SignServer versions prior to 7.2. The Admin CLI command used to configure Certificate access to the initial startup of the container sets a property of "allowany" to allow any user with a valid and trusted client auth...

4.7CVSS0.0013EPSS
Exploits0References2
EUVD
EUVD
added 2025/12/21 6:31 a.m.3 views

EUVD-2025-204660

The Image Photo Gallery Final Tiles Grid plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Custom scripts' setting in all versions up to, and including, 3.6.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers,...

6.4CVSS4.7AI score0.00197EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2025/12/21 3:20 a.m.2 views

CVE-2025-13693 Image Photo Gallery Final Tiles Grid <= 3.6.8 - Authenticated (Author+) Stored Cross-Site Scripting via 'Custom Scripts' Setting

The Image Photo Gallery Final Tiles Grid plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Custom scripts' setting in all versions up to, and including, 3.6.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers,...

6.4CVSS4.7AI score0.00197EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2025/12/18 7:53 p.m.4 views

CVE-2024-58317 Kentico Xperience <= 13.0.164 Cookie Security Configuration

A cookie security configuration vulnerability in Kentico Xperience allows attackers to bypass SSL requirements when setting administration cookies via web.config. The vulnerability affects .NET Framework projects by incorrectly handling the 'requireSSL' attribute, potentially compromising session...

6.9CVSS6.7AI score0.00162EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/12/18 5:29 a.m.4 views

CVE-2025-47322 Use After Free in Automotive Linux OS

Memory corruption while handling IOCTL calls to set mode...

7.8CVSS6.7AI score0.00085EPSS
Exploits0References1
EUVD
EUVD
added 2025/12/17 9:30 p.m.3 views

EUVD-2025-203925

The Ultimate Member plugin for WordPress is vulnerable to Profile Privacy Setting Bypass in all versions up to, and including, 2.11.0. This is due to a flaw in the secure fields mechanism where field keys are stored in the allowed fields list before the requiredperm check is applied during...

4.3CVSS5.3AI score0.00288EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2025/12/17 7:0 p.m.7 views

CVE-2025-46294

To enhance security, the FileMaker Server 22.0.4 installer now includes an option to disable IIS short filename enumeration by setting NtfsDisable8dot3NameCreation in the Windows registry. This prevents attackers from using the tilde character to discover hidden files and directories. This...

5.3CVSS6.7AI score0.00197EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/12/17 8:7 a.m.4 views

CVE-2025-14284

A flaw was found in @tiptap/extension-link. This vulnerability allows an attacker to execute arbitrary JavaScript JS code via unsanitized user input when setting or toggling links, by injecting a javascript: Uniform Resource Locator URL payload. Mitigation Mitigation for this issue is either not...

6.1CVSS6.8AI score0.00302EPSS
Exploits1References7
RedhatCVE
RedhatCVE
added 2025/12/16 11:55 p.m.5 views

CVE-2025-66482

Misskey is an open source, federated social media platform. Attackers who use an untrusted reverse proxy or not using a reverse proxy at all can bypass IP rate limiting by adding a forged X-Forwarded-For header. Starting with version 2025.9.1, an option trustProxy has been added in config file to...

6.9CVSS6.9AI score0.00285EPSS
Exploits1References1
Cvelist
Cvelist
added 2025/12/16 6:7 p.m.28 views

CVE-2025-46294

To enhance security, the FileMaker Server 22.0.4 installer now includes an option to disable IIS short filename enumeration by setting NtfsDisable8dot3NameCreation in the Windows registry. This prevents attackers from using the tilde character to discover hidden files and directories. This...

0.00197EPSS
Exploits0References1
CVE
CVE
added 2025/12/16 6:7 p.m.16 views

CVE-2025-46294

The CVE describes a vulnerability in FileMaker Server relating to IIS short filename enumeration (8.3) that could enable information disclosure. Affected: FileMaker Server, prior to/including version 22.0.4; remediation is addressed in 22.0.4 with an option to disable 8.3 name creation. Root caus...

5.3CVSS6.3AI score0.00197EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2025/12/16 12:16 a.m.14 views

CVE-2025-58173

FreshRSS is a self-hosted RSS feed aggregator. In versions 1.23.0 through 1.27.0, using a path traversal inside the language user configuration parameter, it's possible to call install.php and perform various administrative actions as an unprivileged user. These actions include logging in as the...

8.8CVSS0.0059EPSS
Exploits1References7
NVD
NVD
added 2025/12/16 12:16 a.m.10 views

CVE-2025-66482

Misskey is an open source, federated social media platform. Attackers who use an untrusted reverse proxy or not using a reverse proxy at all can bypass IP rate limiting by adding a forged X-Forwarded-For header. Starting with version 2025.9.1, an option trustProxy has been added in config file to...

6.9CVSS0.00285EPSS
Exploits1References2
Rows per page
Query Builder