Lucene search
K

65 matches found

OSV
OSV
added 4 days ago5 views

ROOT-OS-DEBIAN-13-CVE-2025-38644 CVE-2025-38644 in rootio-linux - Patched by Root

Root has patched CVE-2025-38644 in the rootio-linux package for Root:Debian:13. Multiple fixed versions available...

5.5CVSS7.8AI score0.00147EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2026/05/29 12:0 a.m.7 views

Linux Distros Unpatched Vulnerability : CVE-2026-9949

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Use after free in Core in Google Chrome on Windows prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to potentially...

8.3CVSS5.5AI score0.00222EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2024/11/23 7:38 a.m.15 views

CVE-2024-10803 MP3 Sticky Player <= 8.0 - Unauthenticated Arbitrary File Read/Download

The MP3 Sticky Player plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 8.0 via the content/downloader.php file. This makes it possible for unauthenticated attackers to read the contents of arbitrary files on the server, which can contain sensitive...

7.5CVSS7AI score0.0093EPSS
Exploits0References2
Talos
Talos
added 2022/02/28 12:0 a.m.71 views

Swift Sensors Gateway device password generation authentication bypass vulnerability

Summary An authentication bypass vulnerability exists in the device password generation functionality of Swift Sensors Gateway SG3-1010. A specially-crafted network request can lead to remote code execution. An attacker can send a sequence of requests to trigger this vulnerability. Tested Version...

10CVSS10AI score0.0581EPSS
Exploits1
Talos
Talos
added 2022/01/26 12:0 a.m.33 views

Reolink RLC-410W web server misconfiguration information disclosure vulnerability

Summary An information disclosure vulnerability exists due to a web server misconfiguration in the reolink RLC-410W v3.0.0.13620121102. A specially-crafted HTTP request can lead to a disclosure of sensitive information. An attacker can send an HTTP request to trigger this vulnerability. Tested...

8.1CVSS7.6AI score0.01812EPSS
Exploits1
Talos
Talos
added 2022/01/18 12:0 a.m.35 views

Advantech DeviceOn/iEdge Server 1.0.2 privilege escalation vulnerability

Summary A privilege escalation vulnerability exists in the installation of Advantech DeviceOn/iEdge Server 1.0.2. A specially-crafted file can be replaced in the system to escalate privileges to NT SYSTEM authority. An attacker can provide a malicious file to trigger this vulnerability. Tested...

8.8CVSS9.1AI score0.00365EPSS
Exploits1
Talos
Talos
added 2022/01/18 12:0 a.m.34 views

Advantech WISE-PaaS/OTA 3.0.9 Server installation privilege escalation vulnerability

Summary A privilege escalation vulnerability exists in the installation of f Advantech WISE-PaaS/OTA Server 3.0.9. A specially-crafted file can be replaced in the system to escalate privileges to NT SYSTEM authority. An attacker can provide a malicious file to trigger this vulnerability. Tested...

9.3CVSS8.1AI score0.00872EPSS
Exploits1
Talos
Talos
added 2022/01/18 12:0 a.m.35 views

Advantech DeviceOn/iService 1.1.7 Server installation privilege escalation vulnerability

Summary A privilege escalation vulnerability exists in the installation of Advantech DeviceOn/iService 1.1.7. A specially-crafted file can be replaced in the system to escalate privileges to NT SYSTEM authority. An attacker can provide a malicious file to trigger this vulnerability. Tested Versio...

8.8CVSS9.1AI score0.00365EPSS
Exploits1
Talos
Talos
added 2021/12/06 12:0 a.m.50 views

Dream Report ODS Remote Connector privilege escalation vulnerability

Summary A privilege escalation vulnerability exists in the Remote Server functionality of Dream Report ODS Remote Connector 20.2.16900.0. A specially-crafted command injection can lead to elevated capabilities. An attacker can provide a malicious file to trigger this vulnerability. Tested Version...

8.8CVSS8AI score0.01244EPSS
Exploits1
Talos
Talos
added 2021/11/22 12:0 a.m.49 views

Advantech R-SeeNet installation privilege escalation vulnerability

Summary A privilege escalation vulnerability exists in the Windows version of installation for Advantech R-SeeNet Advantech R-SeeNet 2.4.15 30.07.2021. A specially-crafted file can be replaced in the system to escalate privileges to NT SYSTEM authority. An attacker can provide a malicious file to...

8.8CVSS8.1AI score0.00378EPSS
Exploits3
Talos
Talos
added 2021/02/19 12:0 a.m.73 views

Sytech XL reporter installation privilege escalation vulnerability

Summary An exploitable local privilege elevation vulnerability exists in the file system permissions of Sytech XL Reporter v14.0.1 install directory. Depending on the vector chosen, an attacker can overwrite service executables and execute arbitrary code with privileges of user set to run the...

8.8CVSS8.3AI score0.00465EPSS
Exploits1
Talos
Talos
added 2020/07/15 12:0 a.m.42 views

Siemens LOGO! Web Server Code Execution Vulnerability

Summary An exploitable code execution vulnerability exists in the Web Server functionality of Siemens LOGO! 1.82.02, 12/24RCE Version 0BA and 230RCE Version 0BA. A specially crafted HTTP request can cause memory corruption resulting in a code execution. An attacker can send an unauthenticated...

9.8CVSS10AI score0.09071EPSS
Exploits1
Talos
Talos
added 2020/07/01 12:0 a.m.36 views

Leadtools Image Parser Animated Icon Code Execution Vulnerability

Summary An exploitable code execution vulnerability exists in the ANI file format parser of Leadtools 20. A specially crafted ANI file can cause a buffer overflow resulting in remote code execution. An attacker can provide a malicious file to trigger this vulnerability. Tested Versions Leadtools ...

8.8CVSS8.5AI score0.02669EPSS
Exploits1
Talos
Talos
added 2020/03/03 12:0 a.m.56 views

Epignosis eFront LMS Password Reset authentication bypass vulnerability

Summary A predictable seed vulnerability eixsts in the password reset functionality of Epignosis EfrontPro 5.2.21. By predicting the seed it is possible to generate the correct password reset 1-time token. An attacker can visit the password reset supplying the password reset token to reset the...

9.8CVSS7.7AI score0.01035EPSS
Exploits0
0day.today
0day.today
added 2020/01/20 12:0 a.m.182 views

Centreon 19.04 - Authenticated Remote Code Execution Exploit

Exploit for php platform in category web applications This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule "Centreon Authenticated Macro Expression Location Setting Handler Code Execution",...

7.1AI score
Exploits0
Exploit DB
Exploit DB
added 2020/01/20 12:0 a.m.190 views

Centreon 19.04 - Authenticated Remote Code Execution (Metasploit)

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule "Centreon Authenticated Macro Expression Location Setting Handler Code Execution", "Description" = %q Authenticated Remote Code Execution on...

7.4AI score
Exploits0
Talos
Talos
added 2019/12/02 12:0 a.m.50 views

Forma LMS 2.2.1 /appCore/index.php users parameter SQL injections

Summary Exploitable SQL injection vulnerabilities exist in the authenticated portion of Forma LMS 2.2.1. Specially crafted web requests can cause SQL injections. An attacker can send a web request with parameters containing SQL injection attacks to trigger this vulnerability, potentially allowing...

8.8CVSS8.7AI score0.01064EPSS
Exploits1
Talos
Talos
added 2019/10/17 12:0 a.m.70 views

YouPHPTube /plugin/AD_Server/view/campaignsVideos.json.php id SQL injection vulnerability

Summary An exploitable SQL injection vulnerability exists in the authenticated part of YouPHPTube 7.6. Specially crafted web requests can cause SQL injections. An attacker can send a web request with parameters containing SQL injection attacks to trigger this vulnerability, potentially allowing...

8.8CVSS8.4AI score0.01064EPSS
Exploits1
Talos
Talos
added 2019/10/17 12:0 a.m.91 views

YouPHPTube /objects/videoAddNew.json.php SQL injection vulnerability

Summary An exploitable SQL injection vulnerability exists in the authenticated part of YouPHPTube 7.6. Specially crafted web requests can cause a SQL injection. An attacker can send a web request with parameters containing SQL injection attacks to trigger this vulnerability, potentially allowing...

8.8CVSS8.5AI score0.01064EPSS
Exploits1
Talos
Talos
added 2019/10/17 12:0 a.m.120 views

YouPHPTube Encoder base64Url multiple command injections

Summary Exploitable unauthenticated command injections exist in YouPHPTube Encoder 2.3 a plugin for providing encoder functionality in YouPHPTube. Specially crafted web requests can cause commands to be executed on the server. An attacker can send a web request with parameters containing specific...

10CVSS9.9AI score0.45302EPSS
Exploits3
Rows per page
Query Builder