Lucene search
K

1632 matches found

RedhatCVE
RedhatCVE
added 2026/01/07 9:41 a.m.10 views

CVE-1999-0058

Buffer overflow in PHP cgi program, php.cgi allows shell access...

7.5CVSS7.4AI score0.018EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/01/07 12:0 a.m.4 views

Columbia Weather Systems MicroServer 安全漏洞

Columbia Weather Systems MicroServer is a weather data server from Columbia Weather Systems, USA. A security vulnerability exists in Columbia Weather Systems MicroServer that stems from an unused webshell that allows unlimited login attempts, which could result in limited shell access being gaine...

8.6CVSS6.7AI score0.00415EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/01/06 3:52 p.m.3 views

CVE-2020-36915 Adtec Digital SignEdje Digital Signage Player v2.08.28 Default Credentials

Adtec Digital SignEdje Digital Signage Player v2.08.28 contains multiple hardcoded default credentials that allow unauthenticated remote access to web, telnet, and SSH interfaces. Attackers can exploit these credentials to gain root-level access and execute system commands across multiple Adtec...

8.7CVSS7.5AI score0.0033EPSS
Exploits1References6
Positive Technologies
Positive Technologies
added 2026/01/02 12:0 a.m.5 views

PT-2026-1135

Name of the Vulnerable Software and Affected Versions Nuvation Energy Multi-Stack Controller versions 2.3.8 through 2.5.0 Description A flaw exists in Nuvation Energy Multi-Stack Controller that allows for OS Command Injection. This issue could allow an attacker to execute arbitrary commands on t...

9.4CVSS7.4AI score0.009EPSS
Exploits0References6
SUSE CVE
SUSE CVE
added 2025/12/30 12:23 a.m.35 views

SUSE CVE-2025-68937

Forgejo before 13.0.2 allows attackers to write to unintended files, and possibly obtain server shell access, because of mishandling of out-of-repository symlink destinations for template repositories. This is also fixed for 11 LTS in 11.0.7 and later...

9.5CVSS7.1AI score0.00489EPSS
Exploits0References3
Snyk
Snyk
added 2025/12/26 12:12 a.m.4 views

UNIX Symbolic Link (Symlink) Following

Overview Affected versions of this package are vulnerable to UNIX Symbolic Link Symlink Following via the mishandling of symlink destinations while evaluating template repos. An attacker can write to unintended files and potentially gain shell access on the server by creating out-of-repository...

9.5CVSS6.8AI score0.00489EPSS
Exploits0References2
Snyk
Snyk
added 2025/12/26 12:12 a.m.2 views

UNIX Symbolic Link (Symlink) Following

Overview Affected versions of this package are vulnerable to UNIX Symbolic Link Symlink Following via the mishandling of symlink destinations while evaluating template repos. An attacker can write to unintended files and potentially gain shell access on the server by creating out-of-repository...

9.5CVSS7.1AI score0.00489EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/12/25 11:57 p.m.2 views

CVE-2025-68937

Forgejo before 13.0.2 allows attackers to write to unintended files, and possibly obtain server shell access, because of mishandling of out-of-repository symlink destinations for template repositories. This is also fixed for 11 LTS in 11.0.7 and later...

9.5CVSS6.6AI score0.00489EPSS
Exploits0References6
CVE
CVE
added 2025/12/25 11:57 p.m.38 views

CVE-2025-68937

Forgejo versions before 13.0.2 are affected by a vulnerability in handling of out-of-repository symlink destinations for template repositories, allowing writing to unintended files and potentially gaining server shell access. The issue is fixed in 13.0.2 and also in the 11 LTS line starting with ...

9.5CVSS6.6AI score0.00489EPSS
Exploits0References6
FreeBSD
FreeBSD
added 2025/12/25 12:0 a.m.6 views

Forgejo -- Symbolic Link (Symlink) Following

https://codeberg.org/forgejo/forgejo/src/branch/forgejo/release-notes-published/13.0.2.md reports: Forgejo before 13.0.2 allows attackers to write to unintended files, and possibly obtain server shell access, because of mishandling of out-of-repository symlink destinations for template...

9.5CVSS7AI score0.00489EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/12/24 12:0 a.m.10 views

PT-2025-53358

FLIR AX8 Thermal Camera 1.32.16 contains hard-coded SSH and web panel credentials that cannot be changed through normal camera operations. Attackers can exploit these persistent credentials to gain unauthorized shell access and login to multiple camera interfaces using predefined username and...

9.3CVSS7.8AI score0.00523EPSS
Exploits2References4
CNNVD
CNNVD
added 2025/12/24 12:0 a.m.6 views

FLIR AX8 Thermal Camera 安全漏洞

FLIR AX8 Thermal Camera is a monitoring thermal imaging sensor from FLIR, Inc. A security vulnerability exists in the FLIR AX8 Thermal Camera version 1.32.16, which stems from the presence of hard-coded SSH and web panel credentials that could lead to unauthorized access...

9.8CVSS6.7AI score0.00523EPSS
Exploits2References3
OSV
OSV
added 2025/12/19 7:16 a.m.5 views

CVE-2025-66173

There is a privilege escalation vulnerability in some Hikvision DVR products. Due to the improper implementation of authentication for the serial port, an attacker with physical access could exploit this vulnerability by connecting to the affected products and gaining access to an unrestricted...

6.2CVSS5.8AI score0.00188EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/12/18 12:0 a.m.6 views

PT-2025-53429

Name of the Vulnerable Software and Affected Versions Forgejo versions prior to 13.0.2 Forgejo version 11.0.7 and later Description The software contains a flaw related to the handling of symlinks within template repositories. This mishandling could allow attackers to write to unintended files,...

9.5CVSS7.4AI score0.00489EPSS
Exploits0References12
RedhatCVE
RedhatCVE
added 2025/12/12 10:17 p.m.5 views

CVE-2024-58300

Siklu MultiHaul TG series devices before version 2.0.0 contain an unauthenticated vulnerability that allows remote attackers to retrieve randomly generated credentials via a network request. Attackers can send a specific hex-encoded command to port 12777 to obtain username and password, enabling...

8.7CVSS7.2AI score0.00347EPSS
Exploits0References1
EUVD
EUVD
added 2025/12/12 12:30 a.m.7 views

EUVD-2024-55337

FreePBX 16 contains an authenticated remote code execution vulnerability in the API module that allows attackers with valid session credentials to execute arbitrary commands. Attackers can exploit the 'generatedocs' endpoint by crafting malicious POST requests with bash command injection to...

8.7CVSS8.4AI score0.03118EPSS
Exploits1References5
Vulnrichment
Vulnrichment
added 2025/12/11 9:36 p.m.4 views

CVE-2024-58294 FreePBX 16 Authenticated Remote Code Execution via API Module

FreePBX 16 contains an authenticated remote code execution vulnerability in the API module that allows attackers with valid session credentials to execute arbitrary commands. Attackers can exploit the 'generatedocs' endpoint by crafting malicious POST requests with bash command injection to...

8.7CVSS8.6AI score0.03118EPSS
Exploits1References4
CNNVD
CNNVD
added 2025/12/11 12:0 a.m.5 views

FreePBX 操作系统命令注入漏洞

FreePBX formerly known as Asterisk Management Portal is a suite of tools for configuring Asterisk an IP telephony system via a GUI web-based graphical interface from the FreePBX project. An operating system command injection vulnerability exists in FreePBX version 16, which stems from remote code...

8.8CVSS8.5AI score0.03118EPSS
Exploits1References4
CNNVD
CNNVD
added 2025/12/11 12:0 a.m.7 views

Siklu MultiHaul TG Series 访问控制错误漏洞

The Siklu MultiHaul TG Series is a series of wireless transmission devices from Siklu designed to provide a reliable high-speed data transmission solution specifically suited for fixed wireless access and connectivity needs in dense urban environments. An Access Control Error vulnerability exists...

8.7CVSS6.7AI score0.00347EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2025/12/11 12:0 a.m.7 views

PT-2025-50748

Name of the Vulnerable Software and Affected Versions FreePBX version 16 Description FreePBX version 16 contains an authenticated remote code execution issue in the API module. An attacker with valid session credentials can execute arbitrary commands. The issue is exploitable through the...

8.8CVSS8.1AI score0.03118EPSS
Exploits1References6
Rows per page
Query Builder