Lucene search
K

531 matches found

RedhatCVE
RedhatCVE
added 2025/05/23 4:15 a.m.5 views

CVE-2023-41046

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. It is possible in XWiki to execute Velocity code without having script right by creating an XClass with a property of type "TextArea" and content type "VelocityCode" or "VelocityWiki". For the...

6.3CVSS7.1AI score0.00445EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/23 2:21 a.m.9 views

CVE-2023-34987

A improper neutralization of special elements used in an os command 'os command injection' in Fortinet FortiWLM version 8.6.0 through 8.6.5 and 8.5.0 through 8.5.4 allows attacker to execute unauthorized code or commands via specifically crafted HTTP get request parameters...

8.8CVSS7.7AI score0.02087EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 1:57 a.m.9 views

CVE-2023-47631

vantage6 is a framework to manage and deploy privacy enhancing technologies like Federated Learning FL and Multi-Party Computation MPC. In affected versions a node does not check if an image is allowed to run if a parentid is set. A malicious party that breaches the server may modify it to set a...

8.8CVSS6.8AI score0.00446EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 11:16 p.m.5 views

CVE-2022-39100

In power management service, there is a missing permission check. This could lead to set up power management service with no additional execution privileges needed...

7.8CVSS6.9AI score0.00107EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 10:26 p.m.6 views

CVE-2022-22544

Solution Manager Diagnostics Root Cause Analysis Tools - version 720, allows an administrator to execute code on all connected Diagnostics Agents and browse files on their systems. An attacker could thereby control the managed systems. It is considered that this is a missing segregation of duty f...

9.1CVSS7.5AI score0.01326EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 9:26 p.m.6 views

CVE-2021-30358

Mobile Access Portal Native Applications who's path is defined by the administrator with environment variables may run applications from other locations by the Mobile Access Portal Agent...

7.2CVSS6.9AI score0.27466EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 6:54 p.m.7 views

CVE-2021-45809

GlobalProtect-openconnect versions prior to 1.4.3 are affected by incorrect access control in GPService through DBUS, GUI Application. The way GlobalProtect-Openconnect is set up enables arbitrary users to execute commands as root by submitting the --script=...

10CVSS7.4AI score0.01623EPSS
Exploits1
Cvelist
Cvelist
added 2025/05/22 3:50 p.m.19 views

CVE-2025-4366 Request Smuggling Vulnerability in Pingora

A request smuggling vulnerability identified within Pingora’s proxying framework, pingora-proxy, allows malicious HTTP requests to be injected via manipulated request bodies on cache HITs, leading to unauthorized request execution and potential cache poisoning. Fixed in: ...

7.4CVSS0.00423EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/05/22 3:50 p.m.8 views

CVE-2025-4366 Request Smuggling Vulnerability in Pingora

A request smuggling vulnerability identified within Pingora’s proxying framework, pingora-proxy, allows malicious HTTP requests to be injected via manipulated request bodies on cache HITs, leading to unauthorized request execution and potential cache poisoning. Fixed in: ...

7.4CVSS7.8AI score0.00423EPSS
Exploits0References1
OSV
OSV
added 2025/05/22 3:50 p.m.5 views

CVE-2025-4366 Request Smuggling Vulnerability in Pingora

A request smuggling vulnerability identified within Pingora’s proxying framework, pingora-proxy, allows malicious HTTP requests to be injected via manipulated request bodies on cache HITs, leading to unauthorized request execution and potential cache poisoning. Fixed in: ...

7.4CVSS6.3AI score0.00423EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/05/22 3:26 p.m.8 views

CVE-2020-28212

A CWE-307: Improper Restriction of Excessive Authentication Attempts vulnerability exists in PLC Simulator on EcoStruxureª Control Expert now Unity Pro all versions that could cause unauthorized command execution when a brute force attack is done over Modbus...

9.8CVSS7.1AI score0.02642EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/22 12:59 p.m.5 views

CVE-2018-20299

An issue was discovered in several Bosch Smart Home cameras 360 degree indoor camera and Eyes outdoor camera with firmware before 6.52.4. A malicious client could potentially succeed in the unauthorized execution of code on the device via the network interface, because there is a buffer overflow ...

9.8CVSS7.9AI score0.01889EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/05/22 12:0 a.m.5 views

Pingora 安全漏洞

Pingora is a Cloudflare open source library for building fast, reliable and evolvable web services. A security vulnerability exists in Pingora that stems from request smuggling and could lead to unauthorized request execution and cache poisoning...

7.4CVSS6.8AI score0.00423EPSS
Exploits0References1
CVE
CVE
added 2025/05/13 4:59 p.m.77 views

CVE-2025-32702

CVE-2025-32702 is a Visual Studio command-injection vulnerability (Improp­er neutralization of special elements used in a command) that allows local code execution. Affected products include Microsoft Visual Studio 2019/2022 and related Build Tools; attack vector is LOCAL with LOW complexity, req...

7.8CVSS7.6AI score0.00526EPSS
Exploits0References1Affected Software2
RedhatCVE
RedhatCVE
added 2025/04/25 4:22 p.m.5 views

CVE-2025-2492

An improper authentication control vulnerability exists in AiCloud. This vulnerability can be triggered by a crafted request, potentially leading to unauthorized execution of functions. Refer to the 'ASUS Router AiCloud vulnerability' section on the ASUS Security Advisory for more information...

9.2CVSS7.3AI score0.01017EPSS
Exploits1References1
The Hacker News
The Hacker News
added 2025/04/19 8:52 a.m.29 views

ASUS Confirms Critical Flaw in AiCloud Routers; Users Urged to Update Firmware

ASUS has disclosed a critical security flaw impacting routers with AiCloud enabled that could permit remote attackers to perform unauthorized execution of functions on susceptible devices. The vulnerability, tracked as CVE-2025-2492 , has a CVSS score of 9.2 out of a maximum of 10.0. "An improper...

9.2CVSS7.8AI score0.01017EPSS
Exploits1
Vulnrichment
Vulnrichment
added 2025/04/18 8:57 a.m.6 views

CVE-2025-2492

An improper authentication control vulnerability exists in AiCloud. This vulnerability can be triggered by a crafted request, potentially leading to unauthorized execution of functions. Refer to the 'ASUS Router AiCloud vulnerability' section on the ASUS Security Advisory for more information...

9.2CVSS7.4AI score0.01017EPSS
Exploits1References1
Cvelist
Cvelist
added 2025/04/18 8:57 a.m.59 views

CVE-2025-2492

An improper authentication control vulnerability exists in AiCloud. This vulnerability can be triggered by a crafted request, potentially leading to unauthorized execution of functions. Refer to the 'ASUS Router AiCloud vulnerability' section on the ASUS Security Advisory for more information...

9.2CVSS0.01017EPSS
Exploits1References1
CVE
CVE
added 2025/04/18 8:57 a.m.1146 views

CVE-2025-2492

CVE-2025-2492 affects ASUS AiCloud on supported routers and describes an improper authentication control that can be triggered by a crafted request, potentially allowing remote execution of functions with administrative privileges. Core details from connected sources indicate a high-severity (CVS...

9.2CVSS7.4AI score0.01017EPSS
In wildExploits1References1
Positive Technologies
Positive Technologies
added 2025/04/14 12:0 a.m.4 views

PT-2025-17861 · Unknown · Wgs-4215-8T2S +1

Name of the Vulnerable Software and Affected Versions: WGS-80HPT-V2 affected versions not specified WGS-4215-8T2S affected versions not specified Description: The issue is a command injection attack that could allow an unauthenticated attacker to execute OS commands on the host system...

9.4CVSS9.7AI score0.01419EPSS
Exploits0References12
Rows per page
Query Builder