Lucene search
K

1395 matches found

CNNVD
CNNVD
added 2025/08/13 12:0 a.m.3 views

WordPress plugin Easy restaurant menu manager 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site request forger...

4.3CVSS6.5AI score0.00151EPSS
Exploits0References3
NVD
NVD
added 2025/08/12 12:15 p.m.7 views

CVE-2025-30034

A vulnerability has been identified in SIMATIC RTLS Locating Manager All versions V3.3. Affected devices do not properly validate input sent to its listening port on the local loopback interface. This could allow an unauthenticated local attacker to cause a denial of service condition...

6.9CVSS0.00114EPSS
Exploits0References1
CVE
CVE
added 2025/08/12 5:18 a.m.19 views

CVE-2025-30027

CVE-2025-30027 affects Axis devices via insufficient input validation in ACAP configuration files, enabling arbitrary code execution. Exploitation requires the device to allow unsigned ACAP apps and a user to install a malicious ACAP application. Impact: high on confidentiality, integrity, and av...

6.7CVSS7.8AI score0.00148EPSS
Exploits0References1Affected Software1
Snyk
Snyk
added 2025/08/12 12:13 a.m.3 views

Missing Origin Validation in WebSockets

Overview Affected versions of this package are vulnerable to Missing Origin Validation in WebSockets via the CheckOrigin function in the api/terminal.go file. An attacker can execute arbitrary commands on the target system by tricking an authenticated user into visiting a malicious web page that...

8.8CVSS7.5AI score0.00515EPSS
Exploits0References2
OSV
OSV
added 2025/08/11 7:15 p.m.3 views

CVE-2025-51823

libcsp 2.0 is vulnerable to Buffer Overflow in the cspethinit function due to improper handling of the ifname parameter. The function uses strcpy to copy the interface name into a structure member ctx-name without validating the input length...

6.5CVSS7AI score
Exploits0References2
CNVD
CNVD
added 2025/08/11 12:0 a.m.3 views

WordPress WP Import Export Lite plugin missing file type validation vulnerability

WordPress WP Import Export Lite plugin is a free plugin for WordPress, mainly used for batch import and export website data. WordPress WP Import Export Lite plugin suffers from a missing file type validation vulnerability that can be exploited by attackers to cause arbitrary file uploads and remo...

8.8CVSS8.1AI score0.0062EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2025/08/11 12:0 a.m.4 views

Linux Distros Unpatched Vulnerability : CVE-2021-20226

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A use-after-free flaw was found in the iouring in Linux kernel, where a local attacker with a user privilege could cause a denial of service problem on the syst...

7.8CVSS7AI score0.0044EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/08/08 12:6 a.m.4 views

CVE-2025-54887 jwe: Missing AES-GCM authentication tag validation in encrypted JWEs

jwe is a Ruby implementation of the RFC 7516 JSON Web Encryption JWE standard. In versions 1.1.0 and below, authentication tags of encrypted JWEs can be brute forced, which may result in loss of confidentiality for those JWEs and provide ways to craft arbitrary JWEs. This puts users at risk becau...

9.1CVSS6.4AI score0.00231EPSS
Exploits1References2
CNNVD
CNNVD
added 2025/08/08 12:0 a.m.4 views

Sourceforge XODA 安全漏洞

Sourceforge XODA is a file management software from Sourceforge open source. A security vulnerability exists in Sourceforge XODA version 0.4.5, which stems from the upload feature not validating file types, and could lead to arbitrary file uploads and remote code execution...

9.3CVSS7.8AI score0.01064EPSS
Exploits0References7
BDU FSTEC
BDU FSTEC
added 2025/08/08 12:0 a.m.7 views

The vulnerability of the cmd_wireless() function in Netgear’s JWNR2000v2 router software allows a hacker to execute arbitrary commands.

The vulnerability of the cmdwireless function in Netgear JWNR2000v2 router microprogramming software is related to the lack of data cleaning measures at the control level when processing the host parameter. Exploiting this vulnerability allows an attacker to execute arbitrary commands remotely...

6.5CVSS6.9AI score0.03318EPSS
Exploits0References3Affected Software1
BDU FSTEC
BDU FSTEC
added 2025/08/08 12:0 a.m.8 views

The vulnerability of the web interface of the microprogrammed software routers DIR-615 allows a hacker to execute arbitrary commands.

The vulnerability of the web interface of the microprogrammed software router DIR-615 arises from the lack of checks on input data in the pingipaddr parameter. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands...

9CVSS5.9AI score0.1911EPSS
Exploits1References6Affected Software1
Positive Technologies
Positive Technologies
added 2025/08/07 12:0 a.m.6 views

PT-2025-32330 · Burk Technology · Arc Solo

Name of the Vulnerable Software and Affected Versions: Burk Technology ARC Solo affected versions not specified Description: The password change mechanism in Burk Technology ARC Solo does not require proper authentication, potentially allowing an attacker to take over the device. A password chang...

9.8CVSS6.6AI score0.00873EPSS
Exploits0References11
Huntr
Huntr
added 2025/08/01 11:42 p.m.8 views

Denial of Service via Unbounded parameter values

Description The /api/memories endpoint in the LibreChat application is found to be accepting arbitrarily large values for the key and value parameters. These inputs are not being properly validated or restricted in terms of maximum allowed character length. When an input containing more than 100...

7.5CVSS6.1AI score0.00313EPSS
Exploits1
CNNVD
CNNVD
added 2025/07/31 12:0 a.m.1 views

TECOrange Simple E-Document 安全漏洞

TECOrange Simple E-Document is a TECOrange system for bulk email reception. A security vulnerability exists in TECOrange Simple E-Document versions 3.0 through 3.1 that stems from an upload mechanism that does not restrict file types and validate inputs, which could lead to arbitrary file uploads...

9.2CVSS7.9AI score0.01219EPSS
Exploits0References4
CNNVD
CNNVD
added 2025/07/31 12:0 a.m.5 views

Code-Projects Vehicle Management 注入漏洞

Vehicle Management is a vehicle management system. Vehicle Management suffers from a SQL injection vulnerability that stems from the lack of validation of externally entered SQL statements in the parameter from in the file /filter.php. An attacker can exploit this vulnerability to execute illegal...

9.8CVSS8.2AI score0.00421EPSS
Exploits1References5
OSV
OSV
added 2025/07/29 6:15 p.m.1 views

CVE-2025-53712

A vulnerability has been found in TP-Link TL-WR841N V11. The vulnerability exists in the /userRpm/WlanNetworkRpmAP.htm file due to missing input parameter validation, which may lead to the buffer overflow to cause a crash of the web service and result in a denial-of-service DoS condition. The...

7.5CVSS5.9AI score0.00309EPSS
Exploits0References1
OSV
OSV
added 2025/07/29 6:15 p.m.3 views

CVE-2025-53711

A vulnerability has been found in TP-Link TL-WR841N V11. The vulnerability exists in the /userRpm/WlanNetworkRpm.htm file due to missing input parameter validation, which may lead to the buffer overflow to cause a crash of the web service and result in a denial-of-service DoS condition. The attac...

7.5CVSS5.9AI score0.00309EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2025/07/29 5:57 p.m.2 views

CVE-2025-53711

A vulnerability has been found in TP-Link TL-WR841N v11, TL-WR842ND v2 and TL-WR494N v3. The vulnerability exists in the /userRpm/WlanNetworkRpm.htm file due to missing input parameter validation, which may lead to the buffer overflow to cause a crash of the web service and result in a...

7.5CVSS5.9AI score0.00309EPSS
Exploits0References2
CNVD
CNVD
added 2025/07/23 12:0 a.m.5 views

IrfanView CADImage Plugin Buffer Overflow Vulnerability (CNVD-2025-17029)

IrfanView CADImage Plugin is a CAD plugin from IrfanView. IrfanView CADImage Plugin suffers from a buffer overflow vulnerability that stems from a lack of validation of user-supplied data when parsing DWG files, which can be exploited by an attacker to execute code in the context of the current...

7.8CVSS7.8AI score0.0022EPSS
Exploits0References1
CNVD
CNVD
added 2025/07/23 12:0 a.m.1 views

IrfanView CADImage Plugin Buffer Overflow Vulnerability (CNVD-2025-16731)

IrfanView CADImage Plugin is a CAD plugin from IrfanView. IrfanView CADImage Plugin suffers from a buffer overflow vulnerability that stems from a lack of validation of user-supplied data when parsing DWG files, which can be exploited by an attacker to execute code in the context of the current...

7.8CVSS7.8AI score0.00225EPSS
Exploits0References1
Rows per page
Query Builder