Lucene search
K

3873 matches found

EUVD
EUVD
added 2025/11/26 12:52 a.m.10 views

EUVD-2025-199670

Unauthenticated Arbitrary File Read via Null Byte Injection in DB Electronica Telecomunicazioni S.p.A. Mozart FM Transmitter versions 30, 50, 100, 300, 500, 1000, 2000, 3000, 3500, 6000, 7000 allows an attacker to perform Null byte injection in downloadsetting.php allows reading arbitrary files...

8.9CVSS7.1AI score0.00344EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2025/11/26 12:0 a.m.5 views

PT-2025-48132

Name of the Vulnerable Software and Affected Versions Apache Hive versions 4.1.0 through 4.2.0 Description A SQL injection issue exists in the Hive Metastore Server HMS when handling delete column statistics requests through the Thrift APIs. This issue is exploitable only by authorized users or...

5.4CVSS7.7AI score0.00343EPSS
Exploits0References10
CNNVD
CNNVD
added 2025/11/26 12:0 a.m.4 views

DB Electronica Mozart FM Transmitter 安全漏洞

The DB Electronica Mozart FM Transmitter is a line of professional-grade FM radio transmitters from the Italian company DB Electronica. A security vulnerability exists in DB Electronica Mozart FM Transmitter versions 30, 50, 100, 300, 500, 1000, 2000, 3000, 3500, 6000, and 7000 that originates in...

8.9CVSS7AI score0.00344EPSS
Exploits1References2
Metasploit
Metasploit
added 2025/11/25 6:58 p.m.351 views

Linux Chmod

Runs chmod on the specified file with specified mode. Module Options msf use payload/linux/riscv32le/chmod msf payloadchmod show actions ...actions... msf payloadchmod set ACTION msf payloadchmod show options ...show and set options... msf payloadchmod run This module requires Metasploit:...

5.8AI score
Exploits0
RedHat Linux
RedHat Linux
added 2025/11/25 4:6 p.m.2 views

keycloak-server: Too long and not settings compliant session

A flaw was found in Keycloak. Keycloak does not immediately enforce the disabling of the "Remember Me" realm setting on existing user sessions. Sessions created while "Remember Me" was active retain their extended session lifetime until they expire, overriding the administrator's recent security...

5.4CVSS5.8AI score0.00214EPSS
Exploits0References7
Vulnrichment
Vulnrichment
added 2025/11/25 7:28 a.m.3 views

CVE-2025-13311 Just Highlight <= 1.0.3 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'Highlight Color' Setting

The Just Highlight plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Highlight Color' setting in all versions up to, and including, 1.0.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-lev...

4.4CVSS4.7AI score0.0019EPSS
Exploits0References3
CVE
CVE
added 2025/11/25 7:28 a.m.16 views

CVE-2025-13311

Affected product/engine: WordPress Just Highlight plugin (for code highlighting). Vulnerability: Stored Cross-Site Scripting via the “Highlight Color” setting. Versions impacted: all versions up to and including 1.0.3. Root cause/Vector: insufficient input sanitization and output escaping, enabli...

4.4CVSS4.7AI score0.0019EPSS
Exploits0References3
CVE
CVE
added 2025/11/25 7:28 a.m.20 views

CVE-2025-12025

CVE-2025-12025 affects the WordPress YouTube Subscribe plugin (versions

4.4CVSS4.7AI score0.00197EPSS
Exploits0References4
Patchstack
Patchstack
added 2025/11/25 12:1 a.m.5 views

WordPress Just Highlight plugin <= 1.0.3 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'Highlight Color' Setting vulnerability

Authenticated Administrator+ Stored Cross-Site Scripting via 'Highlight Color' Setting vulnerability discovered by Muhammad Nur Ibnu Hubab Ibnu - Pondok Teknologi in WordPress Plugin Just Highlight versions = 1.0.3...

4.4CVSS5.8AI score0.0019EPSS
Exploits0References1Affected Software1
Oracle linux
Oracle linux
added 2025/11/25 12:0 a.m.9 views

ipa security update

4.12.2-22.0.1.1 - Set IPAPLATFORM=rhel when build on Oracle Linux Orabug: 29516674 - Add bind to ipa-server-common Requires Orabug: 36518596 4.12.2-22.1 - Resolves: RHEL-118449 ipa: Privilege escalation from host to domain admin in FreeIPA 4.12.2-22 - Resolves: RHEL-107483 ipa-ca-install fails on...

9.1CVSS7.1AI score0.00523EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/11/22 11:12 p.m.6 views

CVE-2025-12888

Vulnerability in X25519 constant-time cryptographic implementations due to timing side channels introduced by compiler optimizations and CPU architecture limitations, specifically with the Xtensa-based ESP32 chips. If targeting Xtensa it is recommended to use the low memory implementations of...

7.5CVSS6.7AI score0.00268EPSS
Exploits0References1
OSV
OSV
added 2025/11/21 11:15 p.m.3 views

DEBIAN-CVE-2025-12888

Vulnerability in X25519 constant-time cryptographic implementations due to timing side channels introduced by compiler optimizations and CPU architecture limitations, specifically with the Xtensa-based ESP32 chips. If targeting Xtensa it is recommended to use the low memory implementations of...

7.5CVSS5.2AI score0.00268EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/11/20 9:37 p.m.12 views

CVE-2025-12814

The SiteSEO – SEO Simplified plugin for WordPress is vulnerable to unauthorized modification of data due to n incorrect capability check on the siteseoresetsettings function in all versions up to, and including, 1.3.2. This makes it possible for authenticated attackers, who have been granted acce...

5.3CVSS5.6AI score0.00229EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/11/20 1:32 p.m.7 views

CVE-2025-13469 Public Knowledge Project omp/ojs Payment Instructions Setting paymentForm.tpl cross site scripting

A security vulnerability has been detected in Public Knowledge Project omp and ojs 3.3.0/3.4.0/3.5.0. Impacted is an unknown function of the file plugins/paymethod/manual/templates/paymentForm.tpl of the component Payment Instructions Setting Handler. The manipulation of the argument...

4.8CVSS5.4AI score0.00218EPSS
Exploits0References6
CVE
CVE
added 2025/11/20 1:32 p.m.19 views

CVE-2025-13469

CVE-2025-13469 affects Public Knowledge Project platforms PKP OJS/OMP/Ops (versions 3.3.0/3.4.0/3.5.0) where an attacker can trigger a cross-site scripting (XSS) by manipulating the argument manualInstructions in the file plugins/paymethod/manual/templates/paymentForm.tpl under the Payment Instru...

4.8CVSS3.2AI score0.00218EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2025/11/20 8:10 a.m.3 views

python-kdcproxy: Unauthenticated SSRF via Realm‑Controlled DNS SRV

If kdcproxy receives a request for a realm which does not have server addresses defined in its configuration, by default, it will query SRV records in the DNS zone matching the requested realm name. This creates a server-side request forgery vulnerability, since an attacker could send a request f...

8.6CVSS5.9AI score0.00406EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2025/11/20 12:0 a.m.7 views

PT-2025-47575

A security vulnerability has been detected in Public Knowledge Project omp and ojs 3.3.0/3.4.0/3.5.0. Impacted is an unknown function of the file plugins/paymethod/manual/templates/paymentForm.tpl of the component Payment Instructions Setting Handler. The manipulation of the argument...

4.8CVSS3.3AI score0.00218EPSS
Exploits0References7
Cvelist
Cvelist
added 2025/11/19 6:52 p.m.11 views

CVE-2025-65100 Security Snapshot May Use Unintended Timestamp When Only ISAR_APT_SNAPSHOT_DATE Is Set

Isar is an integration system for automated root filesystem generation. In versions 0.11-rc1 and 0.11, defining ISARAPTSNAPSHOTDATE alone does not set the correct timestamp value for security distribution, leading to missed security updates. This issue has been patched via commit 738bcbb...

6.9CVSS0.00303EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/11/19 9:9 a.m.11 views

CVE-2025-12406

The Project Honey Pot Spam Trap plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.1. This is due to missing or incorrect nonce validation on the printAdminPage function. This makes it possible for unauthenticated attackers to update setting...

6.1CVSS5.3AI score0.00124EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/11/18 3:47 p.m.4 views

CVE-2025-13288

A security vulnerability has been detected in Tenda CH22 1.0.0.1. This impacts the function fromPptpUserSetting of the file /goform/PPTPUserSetting. The manipulation of the argument delno leads to buffer overflow. The attack is possible to be carried out remotely. The exploit has been disclosed...

9CVSS6.9AI score0.00786EPSS
Exploits1References1
Rows per page
Query Builder