Lucene search
K

3871 matches found

NVD
NVD
added 2025/11/18 8:15 a.m.8 views

CVE-2025-10089

Uncontrolled Search Path Element Vulnerability in Setting and Operation Application for Lighting Control System MILCO.S Setting Application all versions, MILCO.S Setting Application IR all versions, MILCO.S Easy Setting Application IR all versions, and MILCO.S Easy Switch Application IR all...

7.7CVSS0.00123EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/11/18 7:39 a.m.5 views

CVE-2025-10089 Malicious Code Execution Vulnerability in Setting and Operation Application for Lighting Control System MILCO.S

Uncontrolled Search Path Element Vulnerability in Setting and Operation Application for Lighting Control System MILCO.S Setting Application all versions, MILCO.S Setting Application IR all versions, MILCO.S Easy Setting Application IR all versions, and MILCO.S Easy Switch Application IR all...

7.7CVSS6.4AI score0.00123EPSS
Exploits0References2
CVE
CVE
added 2025/11/18 7:39 a.m.14 views

CVE-2025-10089

CVE-2025-10089 affects Mitsubishi Electric MILCO.S family (Setting/IR Setting/Easy Setting/Easy Switch) with an Uncontrolled Search Path Element vulnerability during installation. A local attacker could cause the installer to load a malicious DLL, enabling code execution. If MILCO.S Lighting Cont...

7.7CVSS6.4AI score0.00123EPSS
Exploits0References2
EUVD
EUVD
added 2025/11/18 7:39 a.m.4 views

EUVD-2025-197931

Uncontrolled Search Path Element Vulnerability in Setting and Operation Application for Lighting Control System MILCO.S Setting Application all versions, MILCO.S Setting Application IR all versions, MILCO.S Easy Setting Application IR all versions, and MILCO.S Easy Switch Application IR all...

7CVSS6.3AI score0.00123EPSS
Exploits0References3
Cvelist
Cvelist
added 2025/11/18 7:39 a.m.9 views

CVE-2025-10089 Malicious Code Execution Vulnerability in Setting and Operation Application for Lighting Control System MILCO.S

Uncontrolled Search Path Element Vulnerability in Setting and Operation Application for Lighting Control System MILCO.S Setting Application all versions, MILCO.S Setting Application IR all versions, MILCO.S Easy Setting Application IR all versions, and MILCO.S Easy Switch Application IR all...

7.7CVSS0.00123EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/11/18 12:0 a.m.3 views

WordPress plugin Download Panel 安全漏洞

WordPress Download Panel plugin is a tool for managing, tracking and controlling WordPress website file downloads, supports custom post types, drag-and-drop uploads, access control, etc. It allows you to set download speed, password protection and IP blocking, and provides rich download templates...

4.3CVSS6.6AI score0.00197EPSS
Exploits0References3
CNNVD
CNNVD
added 2025/11/18 12:0 a.m.3 views

Mitsubishi Electric多款产品 安全漏洞

Mitsubishi Electric MILCO.S Setting Application and Mitsubishi Electric MILCO.S Easy Switch Application are both products of Mitsubishi Electric Japan. Mitsubishi Electric MILCO.S Setting Application is a companion software for lighting control systems.Mitsubishi Electric MILCO.S Easy Switch...

7.7CVSS7.2AI score0.00123EPSS
Exploits0References2
EUVD
EUVD
added 2025/11/17 6:30 p.m.5 views

EUVD-2025-197817

A security vulnerability has been detected in Tenda CH22 1.0.0.1. This impacts the function fromPptpUserSetting of the file /goform/PPTPUserSetting. The manipulation of the argument delno leads to buffer overflow. The attack is possible to be carried out remotely. The exploit has been disclosed...

9CVSS8.9AI score0.00786EPSS
Exploits1References6
Vulnrichment
Vulnrichment
added 2025/11/17 3:32 p.m.3 views

CVE-2025-13288 Tenda CH22 PPTPUserSetting fromPptpUserSetting buffer overflow

A security vulnerability has been detected in Tenda CH22 1.0.0.1. This impacts the function fromPptpUserSetting of the file /goform/PPTPUserSetting. The manipulation of the argument delno leads to buffer overflow. The attack is possible to be carried out remotely. The exploit has been disclosed...

9CVSS6.8AI score0.00786EPSS
Exploits1References5
CVE
CVE
added 2025/11/17 3:32 p.m.13 views

CVE-2025-13288

CVE-2025-13288 affects Tenda CH22 firmware 1.0.0.1. The vulnerability is in the fromPptpUserSetting function (file /goform/PPTPUserSetting); manipulating the delno argument triggers a buffer overflow. This condition enables remote, unauthenticated access with high impact on confidentiality, integ...

9CVSS8.7AI score0.00786EPSS
Exploits1References5Affected Software1
RedhatCVE
RedhatCVE
added 2025/11/15 8:40 a.m.6 views

CVE-2025-41436

Mattermost versions 11.0 fail to properly enforce the "Allow users to view archived channels" setting which allows regular users to access archived channel content and files via the "Open in Channel" functionality from followed threads...

4.3CVSS6.8AI score0.00147EPSS
Exploits0References1
OSV
OSV
added 2025/11/14 8:15 a.m.3 views

CVE-2025-41436

Mattermost versions 11.0 fail to properly enforce the "Allow users to view archived channels" setting which allows regular users to access archived channel content and files via the "Open in Channel" functionality from followed threads...

4.3CVSS5.8AI score
Exploits0References1
Snyk
Snyk
added 2025/11/13 10:38 p.m.3 views

Cross-site Scripting (XSS)

Overview astro is an Astro is a modern site builder with web best practices, performance, and DX front-of-mind. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the corrected variable in the error page template when the trailingSlash configuration is set to 'always...

6.1CVSS5.3AI score0.00209EPSS
Exploits1References2
CVE
CVE
added 2025/11/13 7:55 p.m.20 views

CVE-2025-64726

Socket Firewall (sfw) is affected for binary versions prior to 0.15.5. The vulnerability allows arbitrary code execution when run in an untrusted project directory by placing a malicious .sfw.config; loading the file populates environment variables into the Node.js process, enabling an attacker t...

7.3CVSS7.7AI score0.0013EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/11/13 7:55 p.m.3 views

CVE-2025-64726 External Control of System or Configuration Setting and Uncontrolled Search Path Element in sfw

Socket Firewall is an HTTP/HTTPS proxy server that intercepts package manager requests and enforces security policies by blocking dangerous packages. Socket Firewall binary versions separate from installers prior to 0.15.5 are vulnerable to arbitrary code execution when run in untrusted project...

7.3CVSS7.7AI score0.0013EPSS
Exploits0References2
OSV
OSV
added 2025/11/13 6:15 p.m.4 views

CVE-2025-60700

A command injection vulnerability exists in the D-Link DIR-882 Router firmware DIR882A1FW102B02 within the prog.cgi and librcm.so binaries. The sub4455BC function in prog.cgi stores user-supplied SetDMZSettings/IPAddress values in NVRAM via nvramsafeset"dmzipaddr", .... These values are later...

6.5CVSS6.2AI score0.0273EPSS
Exploits1References4
RedhatCVE
RedhatCVE
added 2025/11/13 4:40 p.m.3 views

CVE-2025-40157

A flaw was found in the Linux kernel's i10nmedac driver. A local user with elevated privileges could trigger a denial of service when the driver is loaded on systems where a memory controller is disabled by the BIOS due to unpopulated memory modules DIMMs. This specific condition causes a...

4.4CVSS7.7AI score0.00199EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2025/11/13 12:0 a.m.5 views

CVE-2025-60698

A command injection vulnerability exists in the D-Link DIR-882 Router firmware DIR882A1FW102B02 within the prog.cgi and rc binaries. The sub432F60 function in prog.cgi stores user-supplied SetSysLogSettings/IPAddress values in NVRAM via nvramsafeset"SysLogRemoteIPAddress", .... These values are...

8.1AI score0.03402EPSS
Exploits1References4
EUVD
EUVD
added 2025/11/12 6:31 p.m.4 views

EUVD-2025-131921

If kdcproxy receives a request for a realm which does not have server addresses defined in its configuration, by default, it will query SRV records in the DNS zone matching the requested realm name. This creates a server-side request forgery vulnerability, since an attacker could send a request f...

8.6CVSS6.1AI score0.00397EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2025/11/12 6:1 p.m.5 views

python-kdcproxy: Unauthenticated SSRF via Realm‑Controlled DNS SRV

If kdcproxy receives a request for a realm which does not have server addresses defined in its configuration, by default, it will query SRV records in the DNS zone matching the requested realm name. This creates a server-side request forgery vulnerability, since an attacker could send a request f...

8.6CVSS5.9AI score0.00397EPSS
Exploits0References5
Rows per page
Query Builder