Lucene search
K

3870 matches found

CVE
CVE
added 2025/12/04 1:32 p.m.8 views

CVE-2025-14004

Dayrui XunRuiCMS is affected up to version 4.7.1. The vulnerability lies in the Email Setting Handler component, specifically the file /admind45f74adbd95.php?c=email&m=add, where manipulation enables server-side request forgery. Remote exploitation is possible and exploits have been released publ...

9.8CVSS4.7AI score0.00362EPSS
Exploits1References4Affected Software1
RedHat Linux
RedHat Linux
added 2025/12/04 12:50 p.m.3 views

kernel: drm/gem: Acquire references on GEM handles for framebuffers

In the Linux kernel, the following vulnerability has been resolved: drm/gem: Acquire references on GEM handles for framebuffers A GEM handle can be released while the GEM buffer object is attached to a DRM framebuffer. This leads to the release of the dma-buf backing the buffer object, if any. 1...

5.5CVSS5.8AI score0.00148EPSS
Exploits0References5
CNNVD
CNNVD
added 2025/12/04 12:0 a.m.6 views

xunruicms 代码问题漏洞

xunruicms is a website builder framework for XunRuiCMS individual developers. A code issue vulnerability exists in xunruicms 4.7.1 and earlier versions, which stems from incorrect manipulation of the component Email Setting Handler in the file /admind45f74adbd95.php, which can lead to server-side...

9.8CVSS5AI score0.00362EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2025/12/04 12:0 a.m.6 views

PT-2025-49022

Name of the Vulnerable Software and Affected Versions XunRuiCMS versions up to 4.7.1 Description A security flaw exists in XunRuiCMS, specifically within the Email Setting Handler component. The issue involves server-side request forgery, potentially allowing remote exploitation. The flaw is...

9.8CVSS4.5AI score0.00362EPSS
Exploits1References9
CNNVD
CNNVD
added 2025/12/04 12:0 a.m.3 views

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from a failure to check the return value of a block size setting, which could cause the kernel to crash...

6.1AI score0.00176EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/12/02 10:31 p.m.7 views

CVE-2025-66305

Grav is a file-based Web platform. Prior to 1.8.0-beta.27, a Denial of Service DoS vulnerability was identified in the "Languages" submenu of the Grav admin configuration panel /admin/config/system. Specifically, the Supported parameter fails to properly validate user input. If a malformed value ...

6.9CVSS6.1AI score0.00337EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2025/12/02 4:54 p.m.3 views

CVE-2025-13828 Mautic user without privileged access to the Marketplace can install and uninstall composer packages

SummaryA non privileged user can install and remove arbitrary packages via composer for a composer based installed, even if the flag in update settings for enable composer based update is unticked. ImpactA low-privileged user of the platform can install malicious code to obtain higher privileges...

9CVSS6.9AI score0.00226EPSS
Exploits0References1
NVD
NVD
added 2025/12/01 10:15 p.m.3 views

CVE-2025-66305

Grav is a file-based Web platform. Prior to 1.8.0-beta.27, a Denial of Service DoS vulnerability was identified in the "Languages" submenu of the Grav admin configuration panel /admin/config/system. Specifically, the Supported parameter fails to properly validate user input. If a malformed value ...

6.9CVSS0.00337EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2025/12/01 9:43 p.m.1 views

CVE-2025-66305 Grav vulnerable to Denial of Service via Improper Input Handling in 'Supported' Parameter

Grav is a file-based Web platform. Prior to 1.8.0-beta.27, a Denial of Service DoS vulnerability was identified in the "Languages" submenu of the Grav admin configuration panel /admin/config/system. Specifically, the Supported parameter fails to properly validate user input. If a malformed value ...

6.9CVSS5.8AI score0.00337EPSS
Exploits1References2
RedhatCVE
RedhatCVE
added 2025/11/28 2:54 a.m.11 views

CVE-2025-12578

The Reuters Direct plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.0.0. This is due to missing or incorrect nonce validation on the the 'class-reuters-direct-settings.php' page. This makes it possible for unauthenticated attackers to reset...

4.3CVSS5.3AI score0.00106EPSS
Exploits0References1
Snyk
Snyk
added 2025/11/27 6:41 p.m.3 views

Incorrect Implementation of Authentication Algorithm

Overview Affected versions of this package are vulnerable to Incorrect Implementation of Authentication Algorithm. An attacker can gain unauthorized access to another user's account by leveraging a specially crafted email address when switching authentication methods and sending a request to the...

9.9CVSS7AI score0.0031EPSS
Exploits0References2
EUVD
EUVD
added 2025/11/26 10:59 p.m.9 views

EUVD-2025-199774

Suricata is a network IDS, IPS and NSM engine developed by the OISF Open Information Security Foundation and the Suricata community. Prior to versions 7.0.13 and 8.0.2, a stack overflow that causes Suricata to crash can occur if SWF decompression is enabled. This issue has been patched in version...

7.5CVSS6.5AI score0.0032EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/11/26 7:58 a.m.15 views

CVE-2025-13311

The Just Highlight plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Highlight Color' setting in all versions up to, and including, 1.0.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-lev...

4.4CVSS5AI score0.0019EPSS
Exploits0References1
NVD
NVD
added 2025/11/26 1:16 a.m.9 views

CVE-2025-66263

Unauthenticated Arbitrary File Read via Null Byte Injection in DB Electronica Telecomunicazioni S.p.A. Mozart FM Transmitter versions 30, 50, 100, 300, 500, 1000, 2000, 3000, 3500, 6000, 7000 allows an attacker to perform Null byte injection in downloadsetting.php allows reading arbitrary files...

8.9CVSS0.00344EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2025/11/26 12:52 a.m.3 views

CVE-2025-66263 Unauthenticated Arbitrary File Read via Null Byte Injection

Unauthenticated Arbitrary File Read via Null Byte Injection in DB Electronica Telecomunicazioni S.p.A. Mozart FM Transmitter versions 30, 50, 100, 300, 500, 1000, 2000, 3000, 3500, 6000, 7000 allows an attacker to perform Null byte injection in downloadsetting.php allows reading arbitrary files...

8.9CVSS7.2AI score0.00344EPSS
Exploits1References1
EUVD
EUVD
added 2025/11/26 12:52 a.m.8 views

EUVD-2025-199670

Unauthenticated Arbitrary File Read via Null Byte Injection in DB Electronica Telecomunicazioni S.p.A. Mozart FM Transmitter versions 30, 50, 100, 300, 500, 1000, 2000, 3000, 3500, 6000, 7000 allows an attacker to perform Null byte injection in downloadsetting.php allows reading arbitrary files...

8.9CVSS7.1AI score0.00344EPSS
Exploits1References2
Cvelist
Cvelist
added 2025/11/26 12:52 a.m.9 views

CVE-2025-66263 Unauthenticated Arbitrary File Read via Null Byte Injection

Unauthenticated Arbitrary File Read via Null Byte Injection in DB Electronica Telecomunicazioni S.p.A. Mozart FM Transmitter versions 30, 50, 100, 300, 500, 1000, 2000, 3000, 3500, 6000, 7000 allows an attacker to perform Null byte injection in downloadsetting.php allows reading arbitrary files...

8.9CVSS0.00344EPSS
Exploits1References1
CVE
CVE
added 2025/11/26 12:52 a.m.16 views

CVE-2025-66263

The CVE-2025-66263 entry describes an unauthenticated arbitrary file read due to a null byte injection in the Mozart FM Transmitter’s download_setting.php. The PHP code appends a forced .tgz extension to user-supplied $_GET['filename'], and on PHP 5.3.2 (pre-5.3.4) the null byte (%00) terminates ...

8.9CVSS7.2AI score0.00344EPSS
Exploits1References1Affected Software1
Positive Technologies
Positive Technologies
added 2025/11/26 12:0 a.m.5 views

PT-2025-48132

Name of the Vulnerable Software and Affected Versions Apache Hive versions 4.1.0 through 4.2.0 Description A SQL injection issue exists in the Hive Metastore Server HMS when handling delete column statistics requests through the Thrift APIs. This issue is exploitable only by authorized users or...

5.4CVSS7.7AI score0.00343EPSS
Exploits0References10
CNNVD
CNNVD
added 2025/11/26 12:0 a.m.4 views

DB Electronica Mozart FM Transmitter 安全漏洞

The DB Electronica Mozart FM Transmitter is a line of professional-grade FM radio transmitters from the Italian company DB Electronica. A security vulnerability exists in DB Electronica Mozart FM Transmitter versions 30, 50, 100, 300, 500, 1000, 2000, 3000, 3500, 6000, and 7000 that originates in...

8.9CVSS7AI score0.00344EPSS
Exploits1References2
Rows per page
Query Builder