24h | 7d | 30d

Overview

  • Microsoft
  • Microsoft SharePoint Enterprise Server 2016

08 Jul 2025
Published
21 Oct 2025
Updated

CVSS v3.1
HIGH (8.8)
EPSS
70.48%

Description

Improper control of generation of code ('code injection') in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.

Statistics

  • 1 Post

Last activity: 13 hours ago

Bluesky

Profile picture
中国拠点のハッキンググループLinen Typhoon、Violet Typhoon、Storm-2603が、Microsoft SharePointの脆弱性CVE-2025-49704とCVE-2025-49706を悪用するToolShellキャンペーンを展開していた。3グループはほぼ同時期に同じ脆弱性を悪用。 therecord.media/three-hackin...
  • 0
  • 0
  • 0
  • 13h ago

Overview

  • Splunk
  • Splunk Enterprise

03 Dec 2025
Published
04 Dec 2025
Updated

CVSS v3.1
HIGH (8.0)
EPSS
0.02%

KEV

Description

In Splunk Universal Forwarder for Windows versions below 10.0.2, 9.4.6, 9.3.8, and 9.2.10, a new installation of or an upgrade to an affected version can result in incorrect permissions assignment in the Universal Forwarder for Windows Installation directory. This lets non-administrator users on the machine access the directory and all its contents.

Statistics

  • 1 Post

Last activity: 1 hour ago

Bluesky

Profile picture
Splunk Windows版に高リスクの脆弱性(CVE-2025-20386,CVE-2025-20387) EnterpriseとUniversal Forwarderの両方が対象に rocket-boys.co.jp/security-mea... #セキュリティ対策Lab #セキュリティ #Security #サイバー攻撃
  • 0
  • 0
  • 0
  • 1h ago

Overview

  • Yottamaster
  • DM2

08 Dec 2025
Published
08 Dec 2025
Updated

CVSS v4.0
MEDIUM (5.3)
EPSS
0.05%

KEV

Description

A vulnerability was found in Yottamaster DM2, DM3 and DM200 up to 1.2.23/1.9.12. Affected by this issue is some unknown functionality of the component File Upload. Performing manipulation results in path traversal. Remote exploitation of the attack is possible. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way.

Statistics

  • 1 Post
  • 2 Interactions

Last activity: 16 hours ago

Overview

  • D-Link
  • DCS-930L

08 Dec 2025
Published
08 Dec 2025
Updated

CVSS v4.0
MEDIUM (5.3)
EPSS
0.63%

KEV

Description

A vulnerability was determined in D-Link DCS-930L 1.15.04. This affects an unknown part of the file /setSystemAdmin of the component alphapd. Executing manipulation of the argument AdminID can lead to command injection. The attack can be executed remotely. The exploit has been publicly disclosed and may be utilized. This vulnerability only affects products that are no longer supported by the maintainer.

Statistics

  • 1 Post
  • 2 Interactions

Last activity: 16 hours ago

Overview

  • Yealink
  • SIP-T21P E2

08 Dec 2025
Published
08 Dec 2025
Updated

CVSS v4.0
MEDIUM (5.1)
EPSS
0.03%

KEV

Description

A weakness has been identified in Yealink SIP-T21P E2 52.84.0.15. Impacted is an unknown function of the component Local Directory Page. This manipulation causes cross site scripting. It is possible to initiate the attack remotely. The exploit has been made available to the public and could be exploited. The vendor was contacted early about this disclosure but did not respond in any way. This vulnerability only affects products that are no longer supported by the maintainer.

Statistics

  • 1 Post
  • 2 Interactions

Last activity: 16 hours ago
Showing 31 to 35 of 35 CVEs