Lucene search
K
RedhatcveRecent

206566 matches found

RedhatCVE
RedhatCVE
•added 2026/06/05 7:41 p.m.•12 views

CVE-2025-47407

Memory corruption while creating a process on the digital signal processor due to allocation failure at the kernel level...

7.8CVSS5.5AI score0.00054EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:41 p.m.•9 views

CVE-2025-29936

Improper input validation within the AMD Platform Management Framework PMF could allow an attacker to unmap arbitrary memory pages potentially impacting integrity and availability, or allowing privilege escalation resulting in loss of confidentiality...

8.4CVSS5.6AI score0.00104EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:41 p.m.•11 views

CVE-2025-12664

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 13.0 before 18.8.9, 18.9 before 18.9.5, and 18.10 before 18.10.3 that could have allowed an unauthenticated user to cause denial of service by sending repeated GraphQL queries...

7.5CVSS7.5AI score0.00577EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:41 p.m.•10 views

CVE-2025-65086

An Out-of-Bounds Write vulnerability is present in Ashlar-Vellum Cobalt, Xenon, Argon, Lithium, and Cobalt Share versions 12.6.1204.216 and prior that could allow an attacker to execute arbitrary code when a specially crafted VC6 file is being parsed...

8.4CVSS6AI score0.00165EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:41 p.m.•11 views

CVE-2025-65135

In manikandan580 School-management-system 1.0, a time-based blind SQL injection vulnerability exists in /studentms/admin/between-date-reprtsdetails.php through the fromdate POST parameter...

9.8CVSS5.6AI score0.00285EPSS
Exploits1References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:41 p.m.•9 views

CVE-2025-47405

Memory corruption when processing camera sensor input/output control codes with invalid output buffers...

7.8CVSS5.5AI score0.00075EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:41 p.m.•9 views

CVE-2025-12008

Authorization bypass through User-Controlled key vulnerability in APPYAP Technology and Information Inc. Yaay Social Media App allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Yaay Social Media App: from 3.8.0 through 24102025...

8.8CVSS5.5AI score0.00242EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:41 p.m.•9 views

CVE-2025-65087

An Out-of-Bounds Read vulnerability is present in Ashlar-Vellum Cobalt, Xenon, Argon, Lithium, and Cobalt Share versions 12.6.1204.216 and prior that could allow an attacker to disclose information or execute arbitrary code when a specially crafted VC6 file is being parsed...

8.4CVSS5.7AI score0.00165EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:41 p.m.•11 views

CVE-2025-41278

Nozomi Networks Labs identified a CWE-125: Out-of-bounds Read in Waterfall WF-500 RX Host in version 7.10.0.0 R2601141040 that allows attackers with access to the TX Host to execute code on the RX Host...

7.8CVSS5.8AI score0.0012EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:41 p.m.•9 views

CVE-2025-41269

Nozomi Networks Labs identified a CWE-78: Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' in the Console WebUI in Waterfall WF-500 TX and RX Hosts in version 7.9.1.0 R2502171040 that allows remote unauthenticated attackers to execute arbitrary operating...

9.8CVSS6AI score0.0138EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:41 p.m.•10 views

CVE-2025-65115

Remote Code Execution Vulnerability in JP1/IT Desktop Management 2 - Manager on Windows, JP1/IT Desktop Management 2 - Operations Director on Windows, Job Management Partner 1/IT Desktop Management 2 - Manager on Windows, JP1/IT Desktop Management - Manager on Windows, Job Management Partner 1/IT...

9.8CVSS7.8AI score0.00613EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:41 p.m.•11 views

CVE-2025-41274

Nozomi Networks Labs identified a CWE-78: Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' in the Console WebUI in Waterfall WF-500 TX and RX Hosts in version 7.9.1.0 R2502171040 that allows remote unauthenticated attackers to execute arbitrary operating...

9.8CVSS6AI score0.0138EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:41 p.m.•9 views

CVE-2025-41276

Nozomi Networks Labs identified a CWE-78: Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' in the Console WebUI in Waterfall WF-500 TX and RX Hosts in version 7.9.1.0 R2502171040 that allows remote unauthenticated attackers to execute arbitrary operating...

9.8CVSS6AI score0.0138EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:41 p.m.•10 views

CVE-2025-47408

Memory corruption when another driver calls an IOCTL with invalid input/output buffer...

7.8CVSS5.5AI score0.00075EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:41 p.m.•8 views

CVE-2025-41270

Nozomi Networks Labs identified a CWE-78: Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' in the Console WebUI in Waterfall WF-500 TX and RX Hosts in version 7.9.1.0 R2502171040 that allows remote unauthenticated attackers to execute arbitrary operating...

9.8CVSS6AI score0.0138EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:41 p.m.•9 views

CVE-2025-3756

A vulnerability exists in the command handling of the IEC 61850 communication stack included in the product revisions listed as affected in this CVE. An attacker with access to IEC 61850 networks could exploit the vulnera bility by using a specially crafted 61850 packet, forcing the communication...

7.1CVSS5.5AI score0.00184EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:41 p.m.•11 views

CVE-2025-41267

Nozomi Networks Labs identified a CWE-78: Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' in the Administration WebUI in Waterfall WF-500 TX Host in version 7.9.1.0 R2502171040 that allows remote authenticated attackers to execute arbitrary operating syste...

8.5CVSS6AI score0.00882EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:41 p.m.•8 views

CVE-2025-41268

Nozomi Networks Labs identified a CWE-23: Relative Path Traversal in the Administration WebUI in Waterfall WF-500 TX and RX Hosts in version 7.9.1.0 R2502171040 that allows remote unauthenticated attackers to delete arbitrary files on the Host machines...

9.1CVSS5.7AI score0.00437EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:41 p.m.•12 views

CVE-2025-41670

A local user with low privileges may be able to influence the behavior of a privileged system service by manipulating configuration or application-related files located in user-writable areas of the filesystem. The affected service processes data from locations that are not sufficiently protected...

8.7CVSS5.5AI score0.0019EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:41 p.m.•8 views

CVE-2025-65088

An Out-of-Bounds Read vulnerability is present in Ashlar-Vellum Cobalt, Xenon, Argon, Lithium, and Cobalt Share versions 12.6.1204.216 and prior that could allow an attacker to disclose information or execute arbitrary code when a specially crafted VC6 file is being parsed...

8.4CVSS5.7AI score0.00165EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:41 p.m.•12 views

CVE-2025-41273

Nozomi Networks Labs identified a CWE-288: Authentication Bypass Using an Alternate Path or Channel in the Console WebUI in Waterfall WF-500 TX and RX Hosts in version 7.9.1.0 R2502171040 that allows remote unauthenticated attackers to bypass authentication of the Console web application and...

9.8CVSS5.5AI score0.00407EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:41 p.m.•10 views

CVE-2025-41272

Nozomi Networks Labs identified a CWE-78: Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' in the Console WebUI in Waterfall WF-500 TX and RX Hosts in version 7.9.1.0 R2502171040 that allows remote unauthenticated attackers to execute arbitrary operating...

9.8CVSS6AI score0.0138EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:41 p.m.•10 views

CVE-2025-41277

Nozomi Networks Labs identified a CWE-78: Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' in the Console WebUI in Waterfall WF-500 TX and RX Hosts in version 7.9.1.0 R2502171040 that allows remote unauthenticated attackers to execute arbitrary operating...

9.8CVSS6AI score0.0138EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:41 p.m.•9 views

CVE-2025-41275

Nozomi Networks Labs identified a CWE-78: Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' in the Console WebUI in Waterfall WF-500 TX and RX Hosts in version 7.9.1.0 R2502171040 that allows remote unauthenticated attackers to execute arbitrary operating...

9.8CVSS6AI score0.0138EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:41 p.m.•10 views

CVE-2025-41265

Nozomi Networks Labs identified a CWE-78: Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' in the Administration WebUI in Waterfall WF-500 TX Host in version 7.9.1.0 R2502171040 that allows remote authenticated attackers to execute arbitrary operating syste...

8.6CVSS6AI score0.00882EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:41 p.m.•11 views

CVE-2025-41266

Nozomi Networks Labs identified a CWE-78: Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' in the Administration WebUI in Waterfall WF-500 TX Host in version 7.9.1.0 R2502171040 that allows remote authenticated attackers to execute arbitrary operating syste...

8.6CVSS6AI score0.00882EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:41 p.m.•9 views

CVE-2025-41271

Nozomi Networks Labs identified a CWE-23: Relative Path Traversal in the Console WebUI in Waterfall WF-500 TX and RX Hosts in version 7.9.1.0 R2502171040 that allows remote unauthenticated attackers to read arbitrary files from the device...

8.7CVSS5.7AI score0.00434EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:41 p.m.•11 views

CVE-2025-41029

SQL injection vulnerability in Zeon Academy Pro by Zeon Global Tech. This vulnerability allows an attacker to retrieve, create, update, and delete databases by sending a POST request using the parameter 'phonenumber' in '/private/continue-upload.php'...

9.3CVSS5.6AI score0.00238EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:41 p.m.•10 views

CVE-2025-14179

A flaw was found in PHP. The PDO Firebird driver improperly handles NUL bytes when preparing SQL queries. During token-by-token query construction, a string token containing a NUL byte is copied via strncat, which stops at the NUL byte, dropping the closing quote and causing subsequent SQL tokens...

9.8CVSS5.5AI score0.00298EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2026/06/05 7:41 p.m.•11 views

CVE-2025-41279

Nozomi Networks Labs identified a CWE-78: Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' in the Administration WebUI in Waterfall WF-500 RX Host in version 7.9.1.0 R2502171040 that allows remote authenticated attackers to execute arbitrary operating syste...

8.6CVSS6AI score0.00882EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:41 p.m.•12 views

CVE-2025-41281

Nozomi Networks Labs identified a CWE-78: Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' in Waterfall WF-500 RX Host in version 7.9.1.0 R2502171040 that allows attackers with access to the TX Host to execute code on the RX Host when a MySQL connector is...

7.8CVSS5.8AI score0.00505EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:41 p.m.•14 views

CVE-2025-14773

Improper neutralization of input during web page generation 'cross-site scripting' vulnerability in ABB T-MAC Plus. This issue affects T-MAC Plus: 4.0-24...

8CVSS5.4AI score0.00181EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:41 p.m.•8 views

CVE-2025-14869

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.5 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that could have allowed an unauthenticated user to cause denial of service by sending specially crafted payloads on certain API endpoints...

7.5CVSS5.5AI score0.00354EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:41 p.m.•9 views

CVE-2025-14816

Cleartext Storage of Sensitive Information in GUI vulnerability in Mitsubishi Electric GENESIS64 versions 10.97.3 and prior, Mitsubishi Electric ICONICS Suite versions 10.97.3 and prior, Mitsubishi Electric MobileHMI versions 10.97.3 and prior, Mitsubishi Electric Hyper Historian versions 10.97.3...

9.3CVSS5.6AI score0.00101EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:41 p.m.•8 views

CVE-2025-14362

The login limit is not enforced on the SFTP service of Fortra's GoAnywhere MFT prior to 7.10.0 if the Web User attempting to be logged in to is configured to log in with an SSH Key, making the SSH key vulnerable to being guessed via Brute Force...

7.3CVSS5.4AI score0.00194EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:41 p.m.•9 views

CVE-2025-41669

The Web-based Management allows a remote low privileged Engineer user to install additional APPs on the device downloaded from the PLCnext Store without implementing any data verification mechanism, leading to the capability for an Engineer user to reach arbitrary code execution with root...

8.8CVSS6.2AI score0.00218EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:41 p.m.•8 views

CVE-2025-14870

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.5 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that could have allowed an unauthenticated user to cause denial of service by sending specially crafted JSON payloads due to insufficient input validation...

7.5CVSS5.5AI score0.00339EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:41 p.m.•12 views

CVE-2025-14815

Cleartext Storage of Sensitive Information vulnerability in Mitsubishi Electric GENESIS64 versions 10.97.3 and prior, Mitsubishi Electric ICONICS Suite versions 10.97.3 and prior, Mitsubishi Electric MobileHMI versions 10.97.3 and prior, Mitsubishi Electric Hyper Historian versions 10.97.3 and...

9.3CVSS5.6AI score0.00101EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:41 p.m.•7 views

CVE-2025-14341

Improperly controlled modification of Dynamically-Determined object attributes, Allocation of resources without limits or throttling vulnerability in DivvyDrive Information Technologies Inc. DivvyDrive allows Excessive Allocation, Flooding. This issue affects DivvyDrive: from 4.8.2.19 before...

8.3CVSS5.4AI score0.00221EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:41 p.m.•11 views

CVE-2025-14772

Authorization bypass through User-Controlled key vulnerability in ABB T-MAC Plus. This issue affects T-MAC Plus: 4.0-24...

8.8CVSS5.4AI score0.00292EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:41 p.m.•16 views

CVE-2025-14713

An Exposed Dangerous Method or Function vulnerability in Synology C2 Identity Edge Server package in DSM before 1.76.0-0307 allows remote attackers to obtain user credentials from the edge server...

7.5CVSS5.5AI score0.00475EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:41 p.m.•10 views

CVE-2025-14771

Files or directories accessible to external parties vulnerability in ABB T-MAC Plus. This issue affects T-MAC Plus: 4.0-24...

9.9CVSS5.4AI score0.00347EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:41 p.m.•10 views

CVE-2025-41259

SWUpdate before 2026.05 is affected by a time-of-check time-of-use TOCTOU race condition that allows local unprivileged attackers to escalate privileges to root or install untrusted contents using a signed update...

7.3CVSS5.4AI score0.00101EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:41 p.m.•12 views

CVE-2025-14361

Missing Authorization vulnerability in AA-Team Woocommerce Envato Affiliates allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Woocommerce Envato Affiliates: from n/a through 1.2.1...

7.1CVSS5.4AI score0.00248EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:41 p.m.•11 views

CVE-2025-58897

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Axiomthemes Fermentio allows PHP Local File Inclusion. This issue affects Fermentio: from n/a through 1.5.0...

8.1CVSS5.5AI score0.00337EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:41 p.m.•10 views

CVE-2025-41280

Nozomi Networks Labs identified a CWE-23: Relative Path Traversal Zip Slip in Waterfall WF-500 RX Host in version 7.9.1.0 R2502171040 that allows attackers with access to the TX Host to execute code on the RX Host when a MySQL connector is configured and file compression is enabled...

7.8CVSS5.8AI score0.00146EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:41 p.m.•11 views

CVE-2025-14868

The Career Section plugin for WordPress is vulnerable to Cross-Site Request Forgery leading to Path Traversal and Arbitrary File Deletion in all versions up to, and including, 1.6. This is due to missing nonce validation and insufficient file path validation on the delete action in the...

8.8CVSS5.5AI score0.00412EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:41 p.m.•12 views

CVE-2025-14774

Incorrect Authorization vulnerability in ABB T-MAC Plus. This issue affects T-MAC Plus: 4.0-24...

7.4CVSS5.4AI score0.0018EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:41 p.m.•13 views

CVE-2025-1978

Remote Code Execution Vulnerability in Hitachi Storage Navigator and the maintenance console in Hitachi Virtual Storage Platform G130, G150, G350, G370, G700, G900, F350, F370, F700, F900, Hitachi Virtual Storage Platform E390, E590, E790, E990, E1090, E390H, E590H, E790H, E1090H, Hitachi Virtual...

9.8CVSS5.6AI score0.00547EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:41 p.m.•11 views

CVE-2025-10470

The Magic Link authentication flow accepts multiple invalid authentication requests without adequate rate limiting or resource control, leading to uncontrolled memory usage growth. This vulnerability can result in a denial-of-service condition, causing service unavailability for deployments that...

8.6CVSS5.6AI score0.00317EPSS
Exploits0References1
Total number of security vulnerabilities206566