Lucene search
K

3869 matches found

CNNVD
CNNVD
added 2025/12/16 12:0 a.m.3 views

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from not setting the AXI clock as critical, which could lead to bus timeouts and system hangs...

6.1AI score0.00158EPSS
Exploits0References2
CVE
CVE
added 2025/12/15 11:18 p.m.14 views

CVE-2025-66482

Misskey CVE-2025-66482 affects the login rate-limiting mechanism via forged X-Forwarded-For headers. The vulnerability arises from an insecure default for trustProxy in the config, making instances vulnerable if not explicitly overridden. It is addressable starting with version 2025.9.1 by introd...

6.9CVSS6.5AI score0.00285EPSS
Exploits1References2Affected Software1
OSV
OSV
added 2025/12/15 11:18 p.m.6 views

CVE-2025-66482 Misskey has a login rate limit bypass via spoofed X-Forwarded-For header

Misskey is an open source, federated social media platform. Attackers who use an untrusted reverse proxy or not using a reverse proxy at all can bypass IP rate limiting by adding a forged X-Forwarded-For header. Starting with version 2025.9.1, an option trustProxy has been added in config file to...

6.9CVSS6.8AI score0.00285EPSS
Exploits1References4
Snyk
Snyk
added 2025/12/15 10:1 p.m.3 views

Improper Validation of Syntactic Correctness of Input

Overview Affected versions of this package are vulnerable to Improper Validation of Syntactic Correctness of Input via the webhook endpoint. An attacker can enumerate components and trigger updates for multiple repositories by sending crafted webhook payloads. Workaround This vulnerability can be...

6.9CVSS6.9AI score0.00235EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/12/15 1:25 p.m.2 views

CVE-2025-36752

Growatt ShineLan-X communication dongle has an undocumented backup account with undocumented credentials which allows significant level access to the device, such as allowing any attacker to access the Setting Center. This means that this is effectively backdoor for all devices utilizing a Growat...

9.4CVSS6.9AI score0.00285EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/12/15 12:0 a.m.10 views

PT-2025-51338

Name of the Vulnerable Software and Affected Versions Misskey versions 2025.9.1 through 2025.11.1 Misskey versions prior to 2025.12.0-alpha.2 Description Misskey is an open source, federated social media platform. Attackers can bypass IP rate limiting by adding a forged X-Forwarded-For header whe...

6.9CVSS6.4AI score0.00285EPSS
Exploits1References6
EUVD
EUVD
added 2025/12/13 6:30 p.m.6 views

EUVD-2025-203251

Growatt ShineLan-X communication dongle has an undocumented backup account with undocumented credentials which allows significant level access to the device, such as allowing any attacker to access the Setting Center. This means that this is effectively backdoor for all devices utilizing a Growat...

9.4CVSS6.4AI score0.00285EPSS
Exploits0References2
NVD
NVD
added 2025/12/13 4:16 p.m.4 views

CVE-2025-36752

Growatt ShineLan-X communication dongle has an undocumented backup account with undocumented credentials which allows significant level access to the device, such as allowing any attacker to access the Setting Center. This means that this is effectively backdoor for all devices utilizing a Growat...

9.8CVSS0.00285EPSS
Exploits0References1
OSV
OSV
added 2025/12/13 4:16 p.m.3 views

CVE-2025-36752

Growatt ShineLan-X communication dongle has an undocumented backup account with undocumented credentials which allows significant level access to the device, such as allowing any attacker to access the Setting Center. This means that this is effectively backdoor for all devices utilizing a Growat...

9.8CVSS5.8AI score0.00285EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/12/13 8:16 a.m.25 views

CVE-2025-36752 Undocumented backup Account and No Password Configuration Capability

Growatt ShineLan-X communication dongle has an undocumented backup account with undocumented credentials which allows significant level access to the device, such as allowing any attacker to access the Setting Center. This means that this is effectively backdoor for all devices utilizing a Growat...

9.4CVSS0.00285EPSS
Exploits0References1
CVE
CVE
added 2025/12/13 8:16 a.m.20 views

CVE-2025-36752

CVE-2025-36752 affects Growatt ShineLan-X communication dongle. The vulnerability arises from an undocumented backup account with undocumented credentials, enabling high-privilege access and potentially full control of the device, including the Setting Center. Multiple sources corroborate a backd...

9.8CVSS6.5AI score0.00285EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2025/12/13 8:16 a.m.3 views

CVE-2025-36752 Undocumented backup Account and No Password Configuration Capability

Growatt ShineLan-X communication dongle has an undocumented backup account with undocumented credentials which allows significant level access to the device, such as allowing any attacker to access the Setting Center. This means that this is effectively backdoor for all devices utilizing a Growat...

9.4CVSS6.5AI score0.00285EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/12/13 3:59 a.m.5 views

CVE-2025-13320

The WP User Manager plugin for WordPress is vulnerable to Arbitrary File Deletion in all versions up to, and including, 2.9.12. This is due to insufficient validation of user-supplied file paths in the profile update functionality combined with improper handling of array inputs by PHP's filterinp...

6.8CVSS7.3AI score0.00687EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/12/13 12:0 a.m.5 views

PT-2025-51101

Name of the Vulnerable Software and Affected Versions Growatt ShineLan-X communication dongle affected versions not specified Description The Growatt ShineLan-X communication dongle contains an undocumented backup account with undocumented credentials. This allows significant access to the device...

9.4CVSS6.5AI score0.00285EPSS
Exploits0References9
EUVD
EUVD
added 2025/12/12 9:31 p.m.5 views

EUVD-2025-26484

Liferay Portal and DXP Instance Admin can execute code using Objects Actions and Validations...

7.5CVSS6.8AI score0.00389EPSS
Exploits0References6
Github Security Blog
Github Security Blog
added 2025/12/12 9:31 p.m.11 views

Liferay Portal and DXP Instance Admin can execute code using Objects Actions and Validations

In Liferay Portal 7.4.3.27 through 7.4.3.42, and Liferay DXP 2024.Q1.1 through 2024.Q1.20, 2023.Q4.0 through 2023.Q4.10, 2023.Q3.1 through 2023.Q3.10, 7.4 update 27 through update 42 Liferay PaaS, and Liferay Self-Hosted, the Objects module does not restrict the use of Groovy scripts in Object...

7.5CVSS7.9AI score0.00389EPSS
Exploits0References7Affected Software1
RedhatCVE
RedhatCVE
added 2025/12/12 12:7 p.m.6 views

CVE-2025-64995

A privilege escalation vulnerability was discovered in TeamViewer DEX former 1E DEX, specifically within the 1E-Exchange-NomadClientHealth-ConfigureGeneralSetting instruction prior V3.4. Improper protection of the execution path on the local device allows attackers, with local access to the devic...

6.7CVSS7.8AI score0.00139EPSS
Exploits0References1
CVE
CVE
added 2025/12/12 7:10 a.m.22 views

CVE-2025-67728

Fireshare is affected by an OS command injection in versions 1.2.30 and earlier. The vulnerability arises when a malicious filename, supplied during video uploads (authenticated user or public uploads enabled), is concatenated directly into a shell command, enabling path traversal to arbitrary di...

9.8CVSS7.1AI score0.00589EPSS
Exploits0References2Affected Software1
EUVD
EUVD
added 2025/12/12 6:31 a.m.3 views

EUVD-2025-202974

The TWW Protein Calculator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Header' setting in all versions up to, and including, 1.0.24 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-lev...

4.4CVSS4.6AI score0.00195EPSS
Exploits0References6
NVD
NVD
added 2025/12/12 4:15 a.m.7 views

CVE-2025-13971

The TWW Protein Calculator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Header' setting in all versions up to, and including, 1.0.24 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-lev...

4.4CVSS0.00195EPSS
Exploits0References5
Rows per page
Query Builder