|
1421
|
- |
|
-
|
-
|
Network access can be used to execute arbitrary code with elevated privileges.
This
issue affects FLXEON 9.3.4 and older.
|
CWE-98
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')
|
CVE-2024-48841
|
2025-01-28 05:15 |
2025-01-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1422
|
4.7 |
MEDIUM
Network
|
-
|
-
|
A vulnerability has been found in y_project RuoYi up to 4.8.0 and classified as critical. This vulnerability affects the function getBeanName of the component Whitelist. The manipulation leads to des…
|
CWE-20
CWE-502
Improper Input Validation
Deserialization of Untrusted Data
|
CVE-2025-0734
|
2025-01-28 04:15 |
2025-01-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1423
|
- |
|
-
|
-
|
Cacti is an open source performance and fault management framework. Some of the data stored in automation_tree_rules.php is not thoroughly checked and is used to concatenate the SQL statement in buil…
|
-
|
CVE-2025-24368
|
2025-01-28 04:15 |
2025-01-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1424
|
- |
|
-
|
-
|
Cacti is an open source performance and fault management framework. An authenticated Cacti user can abuse graph creation and graph template functionality to create arbitrary PHP scripts in the web ro…
|
-
|
CVE-2025-24367
|
2025-01-28 04:15 |
2025-01-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1425
|
9.8 |
CRITICAL
Network
sonicwall
|
sma8200v
sma6200_firmware
sma6210_firmware
sma7200_firmware
sma7210_firmware
sra_ex6000_firmware
sra_ex7000_firmware
sra_ex9000_firmware
|
Pre-authentication deserialization of untrusted data vulnerability has been identified in the SMA1000 Appliance Management Console (AMC) and Central Management Console (CMC), which in specific condit…
|
-
|
CVE-2025-23006
|
2025-01-28 03:41 |
2025-01-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
|
1426
|
- |
|
-
|
-
|
vaultwarden is an unofficial Bitwarden compatible server written in Rust, formerly known as bitwarden_rs. Attacker can obtain owner rights of other organization. Hacker should know the ID of victim o…
|
CWE-284
Improper Access Control
|
CVE-2025-24365
|
2025-01-28 03:15 |
2025-01-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1427
|
- |
|
-
|
-
|
vaultwarden is an unofficial Bitwarden compatible server written in Rust, formerly known as bitwarden_rs. Attacker with authenticated access to the vaultwarden admin panel can execute arbitrary code …
|
CWE-74
Injection
|
CVE-2025-24364
|
2025-01-28 03:15 |
2025-01-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1428
|
- |
|
-
|
-
|
vLLM is a library for LLM inference and serving. vllm/model_executor/weight_utils.py implements hf_model_weights_iterator to load the model checkpoint, which is downloaded from huggingface. It uses t…
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2025-24357
|
2025-01-28 03:15 |
2025-01-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1429
|
- |
|
-
|
-
|
fastd is a VPN daemon which tunnels IP packets and Ethernet frames over UDP. When receiving a data packet from an unknown IP address/port combination, fastd will assume that one of its connected peer…
|
CWE-405
Asymmetric Resource Consumption (Amplification)
|
CVE-2025-24356
|
2025-01-28 03:15 |
2025-01-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1430
|
- |
|
-
|
-
|
imgproxy is server for resizing, processing, and converting images. Imgproxy does not block the 0.0.0.0 address, even with IMGPROXY_ALLOW_LOOPBACK_SOURCE_ADDRESSES set to false. This can expose servi…
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2025-24354
|
2025-01-28 03:15 |
2025-01-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
