Lucene search
K

960 matches found

EUVD
EUVD
added 2026/03/09 9:30 a.m.5 views

EUVD-2025-208355

A low-privileged remote attacker can exploit the ubr-editfile method in wwwubr.cgi, an undocumented and unused API endpoint to read arbitrary files on the system...

6.5CVSS5.9AI score0.00334EPSS
Exploits0References2
EUVD
EUVD
added 2026/03/09 9:30 a.m.9 views

EUVD-2025-208358

A low-privileged remote attacker can exploit the ubr-editfile method in wwwubr.cgi, an undocumented and unused API endpoint to write arbitrary files on the system...

8.1CVSS5.9AI score0.00326EPSS
Exploits0References2
EUVD
EUVD
added 2026/03/09 9:30 a.m.4 views

EUVD-2025-208359

A low-privileged remote attacker can exploit the ubr-editfile method in wwwubr.cgi, an undocumented and unused API endpoint to write arbitrary files on the system...

8.1CVSS5.9AI score0.00326EPSS
Exploits0References2
OSV
OSV
added 2026/03/09 9:15 a.m.7 views

CVE-2025-41756

A low-privileged remote attacker can exploit the ubr-editfile method in wwwubr.cgi, an undocumented and unused API endpoint to write arbitrary files on the system...

8.1CVSS6AI score0.00326EPSS
Exploits0References1
NVD
NVD
added 2026/03/09 9:15 a.m.6 views

CVE-2025-41756

A low-privileged remote attacker can exploit the ubr-editfile method in wwwubr.cgi, an undocumented and unused API endpoint to write arbitrary files on the system...

8.1CVSS0.00326EPSS
Exploits0References1
OSV
OSV
added 2026/03/09 9:15 a.m.5 views

CVE-2025-41754

A low-privileged remote attacker can exploit the ubr-editfile method in wwwubr.cgi, an undocumented and unused API endpoint to read arbitrary files on the system...

6.5CVSS6AI score0.00334EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/03/09 8:16 a.m.4 views

CVE-2025-41756

A low-privileged remote attacker can exploit the ubr-editfile method in wwwubr.cgi, an undocumented and unused API endpoint to write arbitrary files on the system...

8.1CVSS5.9AI score0.00326EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/03/09 8:16 a.m.34 views

CVE-2025-41756 Arbitrary Write with ubr-editfile

A low-privileged remote attacker can exploit the ubr-editfile method in wwwubr.cgi, an undocumented and unused API endpoint to write arbitrary files on the system...

8.1CVSS0.00326EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/03/09 8:16 a.m.5 views

CVE-2025-41756 Arbitrary Write with ubr-editfile

A low-privileged remote attacker can exploit the ubr-editfile method in wwwubr.cgi, an undocumented and unused API endpoint to write arbitrary files on the system...

8.1CVSS5.9AI score0.00326EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/03/09 8:15 a.m.31 views

CVE-2025-41754 Arbitrary Read with ubr-editfile

A low-privileged remote attacker can exploit the ubr-editfile method in wwwubr.cgi, an undocumented and unused API endpoint to read arbitrary files on the system...

6.5CVSS0.00334EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/03/09 8:15 a.m.3 views

CVE-2025-41754

A low-privileged remote attacker can exploit the ubr-editfile method in wwwubr.cgi, an undocumented and unused API endpoint to read arbitrary files on the system...

6.5CVSS5.9AI score0.00334EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/03/09 12:0 a.m.4 views

PT-2026-24024

A low-privileged remote attacker can exploit the ubr-editfile method in wwwubr.cgi, an undocumented and unused API endpoint to read arbitrary files on the system...

6.5CVSS5.9AI score0.00334EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/03/09 12:0 a.m.11 views

PT-2026-24026

Name of the Vulnerable Software and Affected Versions Versions prior to 2025-41756 Description A low-privileged remote attacker can exploit the ubr-editfile method in the /wwwubr.cgi API endpoint to write arbitrary files on the system. The /wwwubr.cgi endpoint is undocumented and unused...

8.1CVSS5.9AI score0.00326EPSS
Exploits0References8
NVD
NVD
added 2026/03/04 8:16 a.m.4 views

CVE-2026-28778

International Datacasting Corporation IDC SFX Series SuperFlex Satellite Receiver contains undocumented, hardcoded/insecure credentials for the xd user account. A remote unauthenticated attacker can log in via FTP using these credentials. Because the xd user has write permissions to their home...

9.8CVSS0.00849EPSS
Exploits1References1
CVE
CVE
added 2026/03/04 7:58 a.m.17 views

CVE-2026-29119

IDC SFX Series SuperFlex (SFX2100) SatelliteReceiver has hardcoded insecure admin credentials allowing unauthenticated Telnet access, enabling potential remote compromise. Documented affects IDC SFX2100; no details on affected versions or fixes are provided in the connected sources. Remediation s...

9.8CVSS6AI score0.00486EPSS
Exploits1References1Affected Software1
Rapid7 Blog
Rapid7 Blog
added 2026/02/02 3:49 p.m.8 views

The Chrysalis Backdoor: A Deep Dive into Lotus Blossom’s toolkit

Rapid7 Labs, together with the Rapid7 MDR team, has uncovered a sophisticated campaign attributed to the Chinese APT group Lotus Blossom. Active since 2009, the group is known for its targeted espionage campaigns primarily impacting organizations across Southeast Asia and more recently Central...

6.9AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2026/01/30 5:23 a.m.5 views

Undocumented "TelnetEnable" functionality of End of Service NETGEAR products

Overview Some end of service NETGEAR products provide "TelnetEnable" functionality, which allows a magic packet to activate telnet service on the box. Inclusion of Undocumented Features or Chicken Bits CWE-1242 - CVE-2026-24714 Misato Ito, Daichi Uezono, Ryu Kuki, Iwaki Miyamoto, Takayuki Sasaki,...

8.7CVSS5.9AI score0.00228EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/01/22 7:15 a.m.6 views

CVE-2025-56005

An arbitrary code execution vulnerability was discovered in PLY Python Lex-Yacc. When an application uses PLY's undocumented picklefile parameter to load cached parser data, the library deserializes the pickle file without validation. If an attacker can supply or modify the pickle file being...

9.8CVSS8AI score0.16903EPSS
Exploits3References4
OSV
OSV
added 2026/01/20 7:15 p.m.4 views

UBUNTU-CVE-2025-56005

An undocumented and unsafe feature in the PLY Python Lex-Yacc library 3.11 allows Remote Code Execution RCE via the picklefile parameter in the yacc function. This parameter accepts a .pkl file that is deserialized with pickle.load without validation. Because pickle allows execution of embedded...

9.8CVSS6.5AI score0.16903EPSS
Exploits3References3
Amd
Amd
added 2026/01/15 12:0 a.m.13 views

SEV-SNP Guest Stack Pointer Corruption Vulnerability

Summary Researchers have reported a CPU-caused stack corruption issue caused by flipping an undocumented MSR bit. AMD believes that this vulnerability occurs due to inadequate access controls, which fail to prevent the hypervisor from setting an internal configuration bit. This attack could allow...

4.6CVSS6.9AI score0.00202EPSS
Exploits1
Rows per page
Query Builder