Lucene search
+L

24 matches found

redhatcve
redhatcve
added 2026/05/09 2:21 a.m.12 views

CVE-2025-69691

Netgate pfSense CE 2.8.0 allows code execution in the XMLRPC API via pfsense.execphp. NOTE: the Supplier disputes this because the API call is only available to admins and they are intentionally allowed to execute PHP code...

9.9CVSS6.3AI score0.0053EPSS
Exploits4References1
euvd
euvd
added 2026/05/08 9:31 a.m.36 views

EUVD-2025-209739

Netgate pfSense CE 2.8.0 allows code execution in the XMLRPC API via pfsense.execphp. NOTE: the Supplier disputes this because the API call is only available to admins and they are intentionally allowed to execute PHP code...

9.9CVSS6.3AI score0.0053EPSS
Exploits4References3
nvd
nvd
added 2026/05/08 7:16 a.m.38 views

CVE-2025-67886

Bitrix24 through 25.100.300 allows Remote Code Execution because an actor with SOURCE/WRITE permissions for the Translate Module can upload and execute code by sending a PHP file and a .htaccess file. NOTE: this is disputed by the Supplier because this is intended behavior for the high-privileged...

6.3CVSS0.01028EPSS
Exploits3References6
ptsecurity
ptsecurity
added 2026/05/08 12:0 a.m.27 views

PT-2026-38672

Name of the Vulnerable Software and Affected Versions Netgate pfSense CE version 2.7.2 Description Netgate pfSense CE allows code execution through the module installer. This occurs when a backup file containing a serialized PHP object with the post reboot commands property is used. Recommendatio...

9.1CVSS6.2AI score0.00634EPSS
Exploits4References6
attackerkb
attackerkb
added 2025/12/22 12:0 a.m.2 views

CVE-2025-67288

An arbitrary file upload vulnerability in Umbraco CMS v16.3.3 allows attackers to execute arbitrary code by uploading a crafted PDF file. NOTE: this is disputed by the Supplier because the responsibility for file validation as shown in the documentation belongs to the system administrator who is...

10CVSS6.3AI score0.00502EPSS
Exploits0References3
osv
osv
added 2025/12/22 12:0 a.m.6 views

CVE-2025-67288

An arbitrary file upload vulnerability in Umbraco CMS v16.3.3 allows attackers to execute arbitrary code by uploading a crafted PDF file. NOTE: this is disputed by the Supplier because the responsibility for file validation as shown in the documentation belongs to the system administrator who is...

10CVSS6.3AI score0.00502EPSS
Exploits0References3
euvd
euvd
added 2025/10/03 8:7 p.m.6 views

EUVD-2025-9489

Malicious code in bioql PyPI...

7.5CVSS6.3AI score0.00907EPSS
Exploits0References3
mscve
mscve
added 2025/09/04 3:30 a.m.7 views

pyjwt v2.10.1 was discovered to contain weak encryption. NOTE: this is disputed by the Supplier because the key length is chosen by the application that uses the library (admittedly, library users may benefit from a minimum value and a mechanism for opting in to strict enforcement).

...

7CVSS7AI score0.0016EPSS
Exploits0
pypa
pypa
added 2025/07/31 9:15 p.m.9 views

PYSEC-2025-183

pyjwt v2.10.1 was discovered to contain weak encryption. NOTE: this is disputed by the Supplier because the key length is chosen by the application that uses the library admittedly, library users may benefit from a minimum value and a mechanism for opting in to strict enforcement...

7CVSS5.8AI score0.0016EPSS
Exploits0References3Affected Software1
osv
osv
added 2025/07/29 3:15 p.m.6 views

CVE-2025-46059

langchain-ai v0.3.51 was discovered to contain an indirect prompt injection vulnerability in the GmailToolkit component. This vulnerability allows attackers to execute arbitrary code and compromise the application via a crafted email message. NOTE: this is disputed by the Supplier because the...

9.8CVSS6.2AI score0.00702EPSS
Exploits0References4
susecve
susecve
added 2025/07/21 11:22 p.m.5 views

SUSE CVE-2025-54314

Thor before 1.4.0 can construct an unsafe shell command from library input. NOTE: this is disputed by the Supplier because "the method that was fixed can only be used with arguments that are controlled by Thor, and there is no way an attacker can take control of those arguments."...

2.8CVSS7.2AI score0.00155EPSS
Exploits0References3
redhatcve
redhatcve
added 2025/05/23 8:3 a.m.10 views

CVE-2024-51073

An issue in KIA Seltos vehicle instrument cluster with software and hardware v1.0 allows attackers to control or disrupt CAN communication between the instrument cluster and CAN bus. NOTE: this is disputed by the Supplier because the findings came from a potentially unrealistic test environment a...

6.7CVSS6.9AI score0.0031EPSS
Exploits0References1
redhatcve
redhatcve
added 2025/05/23 6:49 a.m.5 views

CVE-2024-54749

Ubiquiti U7-Pro 7.0.35 was discovered to contain a hardcoded password vulnerability in /etc/shadow, which allows attackers to log in as root. NOTE: this is disputed by the Supplier because the observation only established that a password is present in a firmware image; however, the device cannot ...

7.5CVSS7.5AI score0.00211EPSS
Exploits0References1
osv
osv
added 2025/05/13 7:15 p.m.4 views

CVE-2025-45746

In ZKT ZKBio CVSecurity 6.4.1R an unauthenticated attacker can craft JWT token using the hardcoded secret to authenticate to the service console. NOTE: the Supplier disputes the significance of this report because the service console is typically only accessible from a local area network, and...

9.8CVSS5.8AI score0.003EPSS
Exploits1References1
osv
osv
added 2025/04/17 10:15 p.m.2 views

CVE-2025-29457

An issue in MyBB 1.8.38 allows a remote attacker to obtain sensitive information via the Import a Theme function. NOTE: the Supplier disputes this because of the allowed actions of Board administrators and because of SSRF mitigation...

7.6CVSS5.8AI score0.00387EPSS
Exploits1References2
redhatcve
redhatcve
added 2025/04/03 12:36 a.m.22 views

CVE-2025-29069

A heap buffer overflow vulnerability has been identified in the lcms2-2.16. The vulnerability exists in the UnrollChunkyBytes function in cmspack.c, which is responsible for handling color space transformations. NOTE: this is disputed by the Supplier because the finding identified a bug in a...

7.3CVSS7.8AI score0.00391EPSS
Exploits0References1
vulnrichment
vulnrichment
added 2025/04/01 12:0 a.m.5 views

CVE-2025-29069

A heap buffer overflow vulnerability has been identified in the lcms2-2.16. The vulnerability exists in the UnrollChunkyBytes function in cmspack.c, which is responsible for handling color space transformations. NOTE: this is disputed by the Supplier because the finding identified a bug in a...

7.7AI score0.00391EPSS
Exploits0References3
vulnrichment
vulnrichment
added 2025/04/01 12:0 a.m.6 views

CVE-2025-29070

A heap buffer overflow vulnerability has been identified in thesmooth2 in cmsgamma.c in lcms2-2.16 which allows a remote attacker to cause a denial of service. NOTE: the Supplier disputes this because "this is not exploitable as this function is never called on normal color management, is there...

7.7AI score0.00907EPSS
Exploits0References2
ptsecurity
ptsecurity
added 2024/12/19 12:0 a.m.15 views

PT-2024-36459 · Quectel · Quectel Bg96

Name of the Vulnerable Software and Affected Versions: Quectel BG96 version BG96MAR02A08M1G Description: An issue in Quectel BG96 allows attackers to bypass authentication via a crafted NAS message. The supplier disputes this issue. Recommendations: For Quectel BG96 version BG96MAR02A08M1G,...

9.8CVSS7.2AI score0.00496EPSS
Exploits0References6
susecve
susecve
added 2024/10/10 2:52 a.m.7 views

SUSE CVE-2024-46292

A buffer overflow in modsecurity v3.0.12 allows attackers to cause a Denial of Service DoS via a crafted input inserted into the name parameter. NOTE: this is disputed by the Supplier because it cannot be reproduced. Also, the product's documentation indicates that it is not guaranteed to be usab...

7.5CVSS7.2AI score0.00785EPSS
Exploits0References3
Rows per page
Query Builder