Lucene search
K

531 matches found

Tenable Nessus
Tenable Nessus
added 2025/07/25 12:0 a.m.4 views

NewStart CGSL MAIN 7.02 : fapolicyd Vulnerability (NS-SA-2025-0139)

The remote NewStart CGSL host, running version MAIN 7.02, has fapolicyd packages installed that are affected by a vulnerability: - A vulnerability was found in fapolicyd. The vulnerability occurs due to an assumption on how glibc names the runtime linker, a build time regular expression may not...

8.4CVSS7.7AI score0.00303EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2025/07/24 3:6 p.m.3 views

CVE-2025-33109

IBM i 7.2, 7.3, 7.4, 7.5, and 7.6 is vulnerable to a privilege escalation caused by an invalid database authority check. A bad actor could execute a database procedure or function without having all required permissions, in addition to causing denial of service for some database actions...

8.8CVSS5.8AI score0.00362EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/06/23 12:0 a.m.3 views

CVE-2025-52969

...

6.3AI score
Exploits1
CVE
CVE
added 2025/06/23 12:0 a.m.41 views

CVE-2025-52969

CVE-2025-52969 is described in connected Red Hat and other sources as affecting ClickHouse 25.7.1.557, where low-privileged users can execute shell commands by querying existing Executable() tables created by higher-privileged users. The vulnerability stems from missing access control that preven...

4.9AI score
Exploits1
Cvelist
Cvelist
added 2025/06/23 12:0 a.m.9 views

CVE-2025-52969

...

Exploits1
NVD
NVD
added 2025/06/13 4:15 p.m.12 views

CVE-2025-49580

XWiki is a generic wiki platform. From 8.2 and 7.4.5 until 17.1.0-rc-1, 16.10.4, and 16.4.7, pages can gain script or programming rights when they contain a link and the target of the link is renamed or moved. This might lead to execution of scripts contained in xobjects that should have never be...

8.5CVSS0.00378EPSS
Exploits1References3
RedhatCVE
RedhatCVE
added 2025/06/12 5:6 p.m.3 views

CVE-2025-47167

Access of resource using incompatible type 'type confusion' in Microsoft Office allows an unauthorized attacker to execute code locally...

8.4CVSS8.2AI score0.00575EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/06/12 11:11 a.m.5 views

CVE-2024-13089

An OS command injection vulnerability within the update functionality may allow an authenticated administrator to execute unauthorized arbitrary OS commands. Users with administrative privileges may upload update packages to upgrade the versions of Nozomi Networks Guardian and CMC. While these...

7.5CVSS7.3AI score0.00992EPSS
Exploits0References1
NVD
NVD
added 2025/06/11 12:15 a.m.10 views

CVE-2024-9062

The Archify application contains a local privilege escalation vulnerability due to insufficient client validation in its privileged helper tool, com.oct4pie.archifyhelper, which is exposed via XPC. Archify follows the "factored applications" model, delegating privileged operations—such as arbitra...

7.8CVSS0.00125EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/06/10 11:25 p.m.13 views

CVE-2024-9062 macOS Archify: Local Privilege Escalation

The Archify application contains a local privilege escalation vulnerability due to insufficient client validation in its privileged helper tool, com.oct4pie.archifyhelper, which is exposed via XPC. Archify follows the "factored applications" model, delegating privileged operations—such as arbitra...

7.8CVSS7.5AI score0.00125EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/06/10 12:0 a.m.6 views

PT-2025-25173 · Archify · Archify

Name of the Vulnerable Software and Affected Versions: Archify affected versions not specified Description: The issue is related to insufficient client validation in the privileged helper tool, com.oct4pie.archifyhelper, which is exposed via XPC. This tool is responsible for privileged operations...

7.8CVSS6.3AI score0.00125EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2025/06/10 12:0 a.m.4 views

PT-2025-24647 · Nozomi Networks · Nozomi Networks Guardian +1

Name of the Vulnerable Software and Affected Versions: Nozomi Networks Guardian and CMC affected versions not specified Description: An OS command injection issue exists within the update functionality, potentially allowing authenticated administrators to execute unauthorized arbitrary OS command...

7.5CVSS7AI score0.00992EPSS
Exploits0References6
CVE
CVE
added 2025/06/03 6:42 a.m.362 views

CVE-2025-21479

CVE-2025-21479 is a memory corruption vulnerability in Qualcomm Adreno GPU drivers caused by unauthorized command execution in a GPU micronode during a specific command sequence. Public details indicate it affects Adreno A7xx devices (e.g., Snapdragon 8 Gen 1+ era) and can enable kernel memory re...

8.6CVSS8.9AI score0.00665EPSS
In wildExploits3References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2025/06/03 12:0 a.m.52 views

CVE-2025-21479

Memory corruption due to unauthorized command execution in GPU micronode while executing specific sequence of commands. Recent assessments: Assessed Attacker Value: 0 Assessed Attacker Value: 0Assessed Attacker Value: 0...

8.6CVSS7.6AI score0.00665EPSS
In wildExploits3References2
NVD
NVD
added 2025/06/02 6:15 p.m.18 views

CVE-2025-20297

In Splunk Enterprise versions below 9.4.2, 9.3.4 and 9.2.6, and Splunk Cloud Platform versions below 9.3.2411.102, 9.3.2408.111 and 9.2.2406.118, a low-privileged user that does not hold the "admin" or "power" Splunk roles could craft a malicious payload through the pdfgen/render REST endpoint th...

5.4CVSS0.12989EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/06/02 12:0 a.m.6 views

PT-2025-23542 · Splunk · Splunk Cloud Platform +1

Name of the Vulnerable Software and Affected Versions: Splunk Enterprise versions prior to 9.4.2 Splunk Enterprise versions prior to 9.3.4 Splunk Enterprise versions prior to 9.2.6 Splunk Cloud Platform versions prior to 9.3.2411.102 Splunk Cloud Platform versions prior to 9.3.2408.111 Splunk Clo...

5.4CVSS6.6AI score0.12989EPSS
Exploits0References8
RedhatCVE
RedhatCVE
added 2025/05/23 8:22 a.m.9 views

CVE-2024-1687

The Thank You Page Customizer for WooCommerce – Increase Your Sales plugin for WordPress is vulnerable to unauthorized execution of shortcodes due to a missing capability check on the gettexteditorcontent function in all versions up to, and including, 1.1.2. This makes it possible for authenticat...

5.4CVSS7.3AI score0.00367EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 6:31 a.m.7 views

CVE-2024-9578

The Hide Links plugin for WordPress is vulnerable to unauthorized shortcode execution due to doshortcode being hooked through the commenttext filter in all versions up to and including 1.4.2. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes available on the...

5.3CVSS7.6AI score0.00536EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 4:51 a.m.6 views

CVE-2023-28000

An improper neutralization of special elements used in an OS command vulnerability CWE-78 in FortiADC CLI 7.1.0, 7.0.0 through 7.0.3, 6.2.0 through 6.2.4, 6.1 all versions, 6.0 all versions may allow a local and authenticated attacker to execute unauthorized commands via specifically crafted...

7.8CVSS7.1AI score0.00205EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 4:27 a.m.16 views

CVE-2023-44116

Vulnerability of access permissions not being strictly verified in the APPWidget module.Successful exploitation of this vulnerability may cause some apps to run without being authorized...

9.8CVSS6.8AI score0.00382EPSS
Exploits0References1
Rows per page
Query Builder