9.4

CVSS4.0

CVE-2025-30091 -

In Tiny MoxieManager PHP before 4.0.0, remote code execution can occur in the installer command. This vulnerability allows unauthenticated attackers to inject and execute arbitrary code. Attacker-controlled data to InstallCommand can be inserted into config.php, and InstallCommand is available afte…

πŸ“… Published: March 25, 2025, midnight πŸ”„ Last Modified: April 15, 2026, 12:35 a.m.

9.8

CVSS3.1

CVE-2025-27836 - Ghostscript: device: Print buffer overflow

An issue was discovered in Artifex Ghostscript before 10.05.0. The BJ10V device has a Print buffer overflow in contrib/japanese/gdev10v.c.

πŸ“… Published: March 25, 2025, midnight πŸ”„ Last Modified: Nov. 3, 2025, 8:18 p.m.

7.5

CVSS3.1

CVE-2025-25371 -

NASA cFS (Core Flight System) Aquila is vulnerable to path traversal in the OSAL module, allowing the override of any arbitrary file on the system.

πŸ“… Published: March 25, 2025, midnight πŸ”„ Last Modified: April 30, 2026, 6:58 p.m.

9.8

CVSS3.1

CVE-2025-27837 - Ghostscript: Access to arbitrary files through truncated path with invalid UTF-8

An issue was discovered in Artifex Ghostscript before 10.05.0. Access to arbitrary files can occur through a truncated path with invalid UTF-8 characters, for base/gp_mswin.c and base/winrtsup.cpp.

πŸ“… Published: March 25, 2025, midnight πŸ”„ Last Modified: April 1, 2025, 4:35 p.m.

7.2

CVSS3.1

CVE-2025-29635 -

A command injection vulnerability in D-Link DIR-823X 240126 and 240802 allows an authorized attacker to execute arbitrary commands on remote devices by sending a POST request to /goform/set_prohibiting via the corresponding function, triggering remote command execution.

πŸ“… Published: March 25, 2025, midnight πŸ”„ Last Modified: May 5, 2026, 3:45 p.m.

7.8

CVSS3.1

CVE-2025-27830 - Ghostscript: Buffer overflow during serialization of DollarBlend in font

An issue was discovered in Artifex Ghostscript before 10.05.0. A buffer overflow occurs during serialization of DollarBlend in a font, for base/write_t1.c and psi/zfapi.c.

πŸ“… Published: March 25, 2025, midnight πŸ”„ Last Modified: Nov. 3, 2025, 8:18 p.m.

6.1

CVSS3.1

CVE-2024-55029 -

NASA Fprime v3.4.3 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities.

πŸ“… Published: March 25, 2025, midnight πŸ”„ Last Modified: April 3, 2025, 5:33 p.m.

3.3

CVSS3.1

CVE-2025-2720 - libgsf: GNOME libgsf gsf_base64_encode_simple uninitialized variable

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: According to the code maintainer the call of the POC is invalid because the buffer pointed to by "data" must have "…

πŸ“… Published: March 24, 2025, 11:31 p.m. πŸ”„ Last Modified: March 27, 2025, 6:15 a.m.

5.1

CVSS4.0

CVE-2025-2717 - D-Link DIR-823X HTTP POST Request diag_nslookup sub_41710C os command injection

A vulnerability, which was classified as critical, has been found in D-Link DIR-823X 240126/240802. This issue affects the function sub_41710C of the file /goform/diag_nslookup of the component HTTP POST Request Handler. The manipulation of the argument target_addr leads to os command injection. Th…

πŸ“… Published: March 24, 2025, 11:31 p.m. πŸ”„ Last Modified: May 21, 2025, 4:51 p.m.

8.8

CVSS3.1

CVE-2025-24514 - ingress-nginx controller - configuration injection via unsanitized auth-url annotation

A security issue was discovered in ingress-nginx https://github.com/kubernetes/ingress-nginx where the `auth-url` Ingress annotation can be used to inject configuration into nginx. This can lead to arbitrary code execution in the context of the ingress-nginx controller, and disclosure of Secrets …

πŸ“… Published: March 24, 2025, 11:29 p.m. πŸ”„ Last Modified: April 15, 2026, 12:35 a.m.
Total resulsts: 349182
Page 6230 of 34,919
Β« previous page Β» next page
Filters