Lucene search
K

120948 matches found

Positive Technologies
Positive Technologies
added 2026/01/01 12:0 a.m.7 views

PT-2026-20979

Name of the Vulnerable Software and Affected Versions libssh versions prior to 0.11.4-1.1 Description A denial of service condition can occur due to a malformed SFTP message. Recommendations Update to version 0.11.4-1.1 or later...

10CVSS6.2AI score0.00582EPSS
Exploits0References108
Positive Technologies
Positive Technologies
added 2026/01/01 12:0 a.m.3 views

PT-2026-27418

Name of the Vulnerable Software and Affected Versions Firefox versions prior to 149 Firefox ESR versions prior to 140.9 Thunderbird versions prior to 149 Thunderbird ESR versions prior to 140.9 Description The software contains memory safety bugs, some of which demonstrate evidence of memory...

10CVSS6.6AI score0.00424EPSS
Exploits0References259
NVD
NVD
added 2025/12/31 4:15 p.m.5 views

CVE-2025-61037

A local privilege escalation vulnerability exists in SevenCs ORCA G2 2.0.1.35 EC2007 Kernel v5.22. The flaw is a Time-of-Check Time-of-Use TOCTOU race condition in the license management logic. The regService process, which runs with SYSTEM privileges, creates a fixed directory and writes files...

7CVSS0.0014EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2025/12/31 12:0 a.m.6 views

PT-2025-54358

Name of the Vulnerable Software and Affected Versions SevenCs ORCA G2 version 2.0.1.35 EC2007 Kernel v5.22 Description A local privilege escalation issue exists due to a Time-of-Check Time-of-Use TOCTOU race condition in the license management logic. The regService process, running with SYSTEM...

7CVSS7.5AI score0.0014EPSS
Exploits1References4
Tenable Nessus
Tenable Nessus
added 2025/12/31 12:0 a.m.4 views

EulerOS Virtualization 2.13.1 : libtiff (EulerOS-SA-2025-2625)

According to the versions of the libtiff package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : A flaw has been found in LibTIFF 4.7.0. This affects the function TIFFmallocExt/TIFFCheckRealloc/TIFFHashSetNew/InitCCITTFax3 of th...

8.8CVSS5.8AI score0.00739EPSS
Exploits1References3
OSV
OSV
added 2025/12/30 11:45 p.m.3 views

GHSA-95QG-89C2-W5HJ theshit vulnerable to unsafe loading of user-owned Python rules when running as root

Impact Vulnerability Type: Local Privilege Escalation LPE / Arbitrary Code Execution. The application loads custom Python rules and configuration files from user-writable locations e.g., /.config/theshit/ without validating ownership or permissions when executed with elevated privileges. If the...

7.3CVSS7.3AI score0.0012EPSS
Exploits0References5
Snyk
Snyk
added 2025/12/30 3:22 p.m.5 views

Deserialization of Untrusted Data

Overview picklescan is a Security scanner detecting Python Pickle files performing suspicious actions Affected versions of this package are vulnerable to Deserialization of Untrusted Data via the operator.methodcaller function. An attacker can execute arbitrary code by crafting a malicious pickle...

8.4CVSS7.7AI score
Exploits0References2
Github Security Blog
Github Security Blog
added 2025/12/30 3:20 p.m.9 views

Picklescan is vulnerable to RCE through missing detection when calling numpy.f2py.crackfortran._eval_length

Summary Picklescan uses the numpy.f2py.crackfortran.evallength function a NumPy F2PY helper to execute arbitrary Python code during unpickling. Details Picklescan fails to detect a malicious pickle that uses the gadget numpy.f2py.crackfortran.evallength in reduce, allowing arbitrary command...

8.1CVSS8AI score0.00301EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2025/12/30 3:18 p.m.7 views

Picklescan is vulnerable to RCE via missing detection when calling numpy.f2py.crackfortran.getlincoef

Summary Picklescan uses the numpy.f2py.crackfortran.getlincoef function a NumPy F2PY helper to execute arbitrary Python code during unpickling. Details Picklescan fails to detect a malicious pickle that uses the gadget numpy.f2py.crackfortran.getlincoef in reduce, allowing arbitrary command...

8AI score
Exploits0References5Affected Software1
SUSE CVE
SUSE CVE
added 2025/12/30 12:30 a.m.8 views

SUSE CVE-2018-25154

GNU Barcode 0.99 contains a buffer overflow vulnerability in its code 93 encoding process that allows attackers to trigger memory corruption. Attackers can exploit boundary errors during input file processing to potentially execute arbitrary code on the affected system...

9.8CVSS8.2AI score0.00332EPSS
Exploits1References3
CNNVD
CNNVD
added 2025/12/30 12:0 a.m.2 views

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from a stack buffer overflow that could lead to the execution of arbitrary code...

6.5AI score0.00206EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2025/12/30 12:0 a.m.10 views

PT-2026-51383

Name of the Vulnerable Software and Affected Versions Picklescan versions prior to 0.0.33 Description Picklescan fails to detect the numpy.f2py.crackfortran. eval length gadget within pickle reduce methods. This allows attackers to craft malicious pickle files that execute arbitrary Python code...

8.1CVSS6.2AI score0.00301EPSS
Exploits0References11
OSV
OSV
added 2025/12/29 3:27 p.m.3 views

GHSA-R8G5-CGF2-4M4M Picklescan missing detection when calling numpy.f2py.crackfortran.getlincoef

Summary An unsafe deserialization vulnerability allows an attacker to execute arbitrary code on the host when loading a malicious pickle payload from an untrusted source. Details The numpy.f2py.crackfortran module exposes many functions that call eval on arbitrary strings of values. This is the...

9.3CVSS7.7AI score
Exploits0References5
Github Security Blog
Github Security Blog
added 2025/12/29 3:24 p.m.5 views

Picklescan missing detection when calling pty.spawn

Summary Using pty.spawn, which is a built-in python library function to execute arbitrary commands on the host system. Details The attack payload executes in the following steps: First, the attacker craft the payload by calling to pty.spawn function in the reduce method. Then the victim attempts ...

7.9AI score
Exploits0References5Affected Software1
OSV
OSV
added 2025/12/29 3:24 p.m.1 views

GHSA-VQMV-47XG-9WPR Picklescan missing detection when calling pty.spawn

Summary Using pty.spawn, which is a built-in python library function to execute arbitrary commands on the host system. Details The attack payload executes in the following steps: First, the attacker craft the payload by calling to pty.spawn function in the reduce method. Then the victim attempts ...

9.3CVSS7.8AI score
Exploits0References5
IBM Security Bulletins
IBM Security Bulletins
added 2025/12/29 7:27 a.m.6 views

Security Bulletin: Vulnerability in Python-Future 1.0.0 module affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge.

Summary Potential vulnerability in Python-Future 1.0.0 module has been identified that affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge - Assistant Builder Component. . The vulnerability have been addressed. Refer to details for additional...

5.4CVSS6.2AI score0.00271EPSS
Exploits0Affected Software2
RedhatCVE
RedhatCVE
added 2025/12/29 6:16 a.m.7 views

CVE-2025-68973

A flaw was found in GnuPG. An attacker can provide crafted input to the armorfilter function, which incorrectly increments an index variable, leading to an out-of-bounds write. This memory corruption vulnerability may allow for information disclosure and could potentially lead to arbitrary code...

7.8CVSS6.8AI score0.00129EPSS
Exploits1References8
Positive Technologies
Positive Technologies
added 2025/12/29 12:0 a.m.5 views

PT-2025-53779

Name of the Vulnerable Software and Affected Versions GoAhead-Webs on KuWFi 4G LTE AC900 version 1.0.13 Description A stack-based buffer overflow exists in the GoAhead-Webs HTTP daemon. The /goform/formMultiApnSetting handler uses sprintf to copy the pincode parameter, supplied by the user, into ...

8AI score0.04193EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2025/12/29 12:0 a.m.8 views

PT-2025-53770

Name of the Vulnerable Software and Affected Versions affected versions not specified Description The software suffers from an Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting XSS. This allows for the injection of malicious scripts into web pages. Th...

4.8CVSS6.8AI score0.00145EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2025/12/29 12:0 a.m.11 views

PT-2026-50453

Name of the Vulnerable Software and Affected Versions PickleScan versions prior to 0.0.33 Description PickleScan fails to include the pty.spawn function in its list of unsafe globals, which allows attackers to bypass security checks. By crafting malicious pickle payloads using the pty.spawn...

8.8CVSS6.5AI score0.00384EPSS
Exploits0References10
Rows per page
Query Builder