Lucene search
K

29 matches found

EUVD
EUVD
added 2026/07/02 5:5 p.m.10 views

EUVD-2024-55647

Landray OA contains an unauthenticated HQL injection vulnerability that allows unauthenticated attackers to query arbitrary Hibernate entity classes by injecting malicious HQL syntax into the uid POST parameter of the wechatLoginHelper.do endpoint. Attackers can exploit the lack of input...

8.7CVSS6.2AI score0.00564EPSS
Exploits0References4
CVE
CVE
added 2026/07/02 5:3 p.m.28 views

CVE-2024-14037

CVE-2024-14037 describes an unauthenticated arbitrary file upload vulnerability in Redsea Cloud eHR via the PtFjk.mob servlet endpoint. An attacker can submit a multipart POST containing a JSP webshell disguised with a spoofed image/jpeg Content-Type, bypassing extension/MIME checks, resulting in...

9.8CVSS6.5AI score0.00708EPSS
In wildExploits0References4
NVD
NVD
added 2026/04/21 5:16 p.m.7 views

CVE-2019-25714

Seeyon OA A8 contains an unauthenticated arbitrary file write vulnerability in the /seeyon/htmlofficeservlet endpoint that allows remote attackers to write arbitrary files to the web application root by sending specially crafted POST requests with custom base64-encoded payloads. Attackers can wri...

9.3CVSS0.00653EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/04/07 12:0 a.m.10 views

PT-2026-30817

Name of the Vulnerable Software and Affected Versions Tianxin Internet Behavior Management System versions prior to NACFirmware 4.0.0.7 20210716.180815 topsec 0 basic.bin Description The Tianxin Internet Behavior Management System contains a command injection vulnerability in the Reporter compone...

9.8CVSS6.6AI score0.06165EPSS
Exploits1References9
EUVD
EUVD
added 2026/01/16 12:30 a.m.8 views

EUVD-2023-60535

Changjetong T+ versions up to and including 16.x contain a .NET deserialization vulnerability in an AjaxPro endpoint that can lead to remote code execution. A remote attacker can send a crafted request to /tplus/ajaxpro/Ufida.T.CodeBehind.PriorityLevel,AppCode.ashx?method=GetStoreWarehouseByStore...

9.3CVSS7.8AI score0.00988EPSS
Exploits1References7
RedhatCVE
RedhatCVE
added 2026/01/09 8:38 a.m.5 views

CVE-2017-20216

FLIR Thermal Camera PT-Series firmware version 8.0.0.64 contains multiple unauthenticated remote command injection vulnerabilities in the controllerFlirSystem.php script. Attackers can execute arbitrary system commands as root by exploiting unsanitized POST parameters in the execFlirSystem functi...

9.8CVSS8.6AI score0.1064EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2025/11/10 12:0 a.m.10 views

PT-2025-46220

PacsOne Server version 6.6.2 prior versions are likely affected contains a directory traversal vulnerability within the web-based DICOM viewer component. Successful exploitation allows a remote unauthenticated attacker to read arbitrary files via the 'nocache.php' endpoint with a crafted 'path'...

8.7CVSS6.9AI score0.00903EPSS
Exploits0References4
EUVD
EUVD
added 2025/11/08 12:31 a.m.6 views

EUVD-2020-30818

Various Ruijie Gateway EG and NBR models firmware versions 11.16B9P1 11.94B12P1 contain a code execution vulnerability in the EWEB management system that can be abused via front-end functionality. Attackers can exploit front-end code when features such as guest authentication, local server...

9.2CVSS7.3AI score0.00762EPSS
Exploits0References5
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2025-26142

Malicious code in bioql PyPI...

10CVSS6.6AI score0.00759EPSS
Exploits0References5
VulnCheck KEV
VulnCheck KEV
added 2025/06/26 12:0 a.m.3 views

VulnCheck KEV: CVE-2025-34048

A path traversal vulnerability exists in the web management interface of D-Link DSL-2730U, DSL-2750U, and DSL-2750E ADSL routers with firmware versions IN1.02, SEA1.04, and SEA1.07. The vulnerability is due to insufficient input validation on the getpage parameter within the /cgi-bin/webproc CGI...

8.7CVSS7.5AI score0.0059EPSS
In wildExploits0References16
OSV
OSV
added 2025/06/20 7:15 p.m.4 views

CVE-2025-34029

An OS command injection vulnerability exists in the Edimax EW-7438RPn Mini firmware version 1.13 and prior via the syscmd.asp form handler. The /goform/formSysCmd endpoint exposes a system command interface through the sysCmd parameter. A remote authenticated attacker can submit arbitrary shell...

8.8CVSS6.2AI score0.0347EPSS
Exploits1References4
HackRead
HackRead
added 2024/11/22 6:31 p.m.20 views

Operation Lunar Peek: More Than 2,000 Palo Alto Network Firewalls Hacked

The Shadowserver Foundation reports over 2,000 Palo Alto Networks firewalls have been hacked via two zero-day vulnerabilities: CVE-2024-0012…...

5.9CVSS7.1AI score0.99698EPSS
Exploits15
The Hacker News
The Hacker News
added 2024/09/13 11:4 a.m.44 views

Progress WhatsUp Gold Exploited Just Hours After PoC Release for Critical Flaw

Malicious actors are likely leveraging publicly available proof-of-concept PoC exploits for recently disclosed security flaws in Progress Software WhatsUp Gold to conduct opportunistic attacks. The activity is said to have commenced on August 30, 2024, a mere five hours after a PoC was released f...

10CVSS8.2AI score0.99984EPSS
Exploits35
The Hacker News
The Hacker News
added 2024/08/08 5:13 a.m.61 views

Critical Security Flaw in WhatsUp Gold Under Active Attack - Patch Now

A critical security flaw impacting Progress Software WhatsUp Gold is seeing active exploitation attempts, making it essential that users move quickly to apply the latest. The vulnerability in question is CVE-2024-4885 CVSS score: 9.8, an unauthenticated remote code execution bug impacting version...

9.8CVSS9.6AI score0.99288EPSS
Exploits4
The Hacker News
The Hacker News
added 2024/01/23 9:34 a.m.100 views

~40,000 Attacks in 3 Days: Critical Confluence RCE Under Active Exploitation

Malicious actors have begun to actively exploit a recently disclosed critical security flaw impacting Atlassian Confluence Data Center and Confluence Server, within three days of public disclosure. Tracked as CVE-2023-22527 CVSS score: 10.0, the vulnerability impacts out-of-date versions of the...

10CVSS8.2AI score0.99984EPSS
Exploits32
The Hacker News
The Hacker News
added 2023/11/01 4:53 a.m.86 views

Alert: F5 Warns of Active Attacks Exploiting BIG-IP Vulnerability

F5 is warning of active abuse of a critical security flaw in BIG-IP less than a week after its public disclosure, resulting in the execution of arbitrary system commands as part of an exploit chain. Tracked as CVE-2023-46747 CVSS score: 9.8, the vulnerability allows an unauthenticated attacker wi...

9.8CVSS9.6AI score0.96515EPSS
Exploits18
The Hacker News
The Hacker News
added 2023/08/16 4:20 a.m.190 views

Nearly 2,000 Citrix NetScaler Instances Hacked via Critical Vulnerability

Nearly 2,000 Citrix NetScaler instances have been compromised with a backdoor by weaponizing a recently disclosed critical security vulnerability as part of a large-scale attack. "An adversary appears to have exploited CVE-2023-3519 in an automated fashion, placing web shells on vulnerable...

9.8CVSS8.9AI score0.99445EPSS
Exploits16
The Hacker News
The Hacker News
added 2023/03/08 6:30 a.m.135 views

CISA's KEV Catalog Updated with 3 New Flaws Threatening IT Management Systems

The U.S. Cybersecurity and Infrastructure Security Agency CISA has added three security flaws to its Known Exploited Vulnerabilities KEV catalog, citing evidence of active exploitation. The list of vulnerabilities is below - CVE-2022-35914 CVSS score: 9.8 - Teclib GLPI Remote Code Execution...

9.8CVSS0.4AI score0.99628EPSS
Exploits40
The Hacker News
The Hacker News
added 2023/02/22 5:38 a.m.179 views

U.S. Cybersecurity Agency CISA Adds Three New Vulnerabilities in KEV Catalog

The U.S. Cybersecurity and Infrastructure Security Agency CISA on Tuesday added three security flaws to its Known Exploited Vulnerabilities KEV catalog, based on evidence of active exploitation. The list of shortcomings is as follows - CVE-2022-47986 CVSS score: 9.8 - IBM Aspera Faspex Code...

9.8CVSS1.9AI score0.99999EPSS
Exploits19
Krebs on Security
Krebs on Security
added 2021/03/28 5:40 p.m.190 views

No, I Did Not Hack Your MS Exchange Server

New data suggests someone has compromised more than 21,000 Microsoft Exchange Server email systems worldwide and infected them with malware that invokes both KrebsOnSecurity and Yours Truly by name. Lets just get this out of the way right now: It wasnt me. The Shadowserver Foundation, a nonprofit...

7AI score
Exploits0
Rows per page
Query Builder