Lucene search
K

21303 matches found

OpenVAS
OpenVAS
β€’added 2025/04/11 12:0 a.m.β€’7 views

Huawei EulerOS: Security Advisory for git (EulerOS-SA-2025-1355)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

8.8CVSS8.3AI score0.01019EPSS
Exploits1References2
IBM Security Bulletins
IBM Security Bulletins
β€’added 2025/04/10 10:11 a.m.β€’24 views

Security Bulletin: IBM Maximo Application Suite - IoT uses multiple dependencies which is vulnerable to CVEs.

Summary IBM Maximo Application Suite - IoT uses pip-9.0.3.dist-info, urllib3-1.24.2-py3.6.egg-info, setuptools-39.2.0.dist-info which is vulnerable to CVE-2019-20916, CVE-2023-43804, CVE-2024-6345. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Detai...

8.8CVSS7.6AI score0.03028EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
β€’added 2025/04/10 7:49 a.m.β€’30 views

Security Bulletin: Vulnerabilities in Linux Kernel, MongoDB, Python, Samba, OpenSSL and cURL libcurl affect IBM Spectrum Protect Plus

Summary IBM Spectrum Protect Plus can be affected by vulnerabilities in libcurl, MongoDB, Python, Samba, OpenSSL and Linux. Vulnerabilities include obtaining sensitive information, causing a denial of service condition, the elevation of privileges, remote execution of arbitrary code and bypassing...

8CVSS9.5AI score0.00979EPSS
Exploits0Affected Software1
Hacker One
Hacker One
β€’added 2025/04/09 9:5 p.m.β€’9 views

Brave Software: Prompt Injection via GitHub Patch in Brave AI Chat (Leo)

Component: Brave AI Chat brave-core/components/aichat/ Severity: High Confirmed ability to override AI instructions and persona via fetched content Vulnerability Summary The Brave AI Chat feature allows fetching .patch files from GitHub pull request pages to use as context. A combination of...

7.2AI score
Exploits0
IBM Security Bulletins
IBM Security Bulletins
β€’added 2025/04/09 1:14 p.m.β€’10 views

Security Bulletin: IBM Instana Observability is affected by multiple vulnerabilities within Instana Agent container image

Summary Multiple vulnerabilities were remediated in IBM Observability with Instana within Instana Agent container image build 292 Vulnerability Details CVEID:CVE-2024-47554 DESCRIPTION: Uncontrolled Resource Consumption vulnerability in Apache Commons IO. The...

5.8CVSS7.1AI score0.10608EPSS
Exploits1Affected Software1
Veracode
Veracode
β€’added 2025/04/09 4:0 a.m.β€’4 views

Path Traversal

go.rgst.io/stencil/v2 is vulnerable to Path Traversal. The vulnerability is due to insufficient validation of file paths during archive extraction, which allows directory traversal sequences like ../ to write files outside the intended extraction directory...

7AI score
Exploits0
Packet Storm
Packet Storm
β€’added 2025/04/09 12:0 a.m.β€’259 views

πŸ“„ MaxTime Database Editor 1.9 Authentication Bypass

MaxTime Database Editor version 1.9 suffers from an authentication bypass vulnerability. This CVE also notes the same flow can be used to execute arbitrary code. Exploit Title: MaxTime Database Editor 1.9 Authentication Bypass Google Dork: N/A Date: 07/09/2024 Exploit Author: Andrew Lemon/Red...

9.8CVSS7.5AI score0.02368EPSS
Exploits2
Exploit DB
Exploit DB
β€’added 2025/04/09 12:0 a.m.β€’320 views

Intelight X-1L Traffic controller Maxtime 1.9.6 - Remote Code Execution (RCE)

Exploit Title: Intelight X-1L Traffic controller Maxtime 1.9.6 - Remote Code Execution RCE Google Dork: N/A Date: 07/09/2024 Exploit Author: Andrew Lemon/Red Threat https://redthreatsec.com Vendor Homepage: https://www.q-free.com Software Link: N/A Version: 1.9 Tested on: Intelight x-1 Linux...

9.8CVSS9.7AI score0.02368EPSS
Exploits2
The Hacker News
The Hacker News
β€’added 2025/04/08 4:56 p.m.β€’24 views

Amazon EC2 SSM Agent Flaw Patched After Privilege Escalation via Path Traversal

Cybersecurity researchers have disclosed details of a now-patched security flaw in the Amazon EC2 Simple Systems Manager SSM Agent that, if successfully exploited, could permit an attacker to achieve privilege escalation and code execution. The vulnerability could permit an attacker to create...

8.3AI score
Exploits0
Positive Technologies
Positive Technologies
β€’added 2025/04/08 12:0 a.m.β€’9 views

PT-2025-18103

Name of the Vulnerable Software and Affected Versions Apache Tomcat versions 11.0.0-M1 through 11.0.5 Apache Tomcat versions 10.1.0-M1 through 10.1.39 Apache Tomcat versions 9.0.0.M1 through 9.0.102 Description The issue is related to the improper neutralization of escape, meta, or control...

10CVSS8AI score0.99999EPSS
Exploits113References148
IBM Security Bulletins
IBM Security Bulletins
β€’added 2025/04/07 7:17 p.m.β€’52 views

Security Bulletin: IBM Maximo Application Suite - IoT uses multiple third party dependencies which is vulnerable to CVEs.

Summary IBM Maximo Application Suite - IoT uses pip-22.3.1.dist-info, zipp-3.18.1.dist-info, jinja2-3.1.4.dist-info, jinja2-3.1.4.dist-info, pip-20.2.4.dist-info, cryptography-44.0.0.dist-info, urllib3-1.26.18.dist-info, ansiblecore-2.15.11.dist-info, ansiblecore-2.15.11.dist-info,...

6.5CVSS7AI score0.02782EPSS
Exploits5Affected Software1
Positive Technologies
Positive Technologies
β€’added 2025/04/07 12:0 a.m.β€’10 views

PT-2026-51761

Name of the Vulnerable Software and Affected Versions Flowise versions prior to 2.2.8 Description An authenticated user can execute arbitrary SQL commands, including blind and error-based data extraction from the credential table, due to insufficient validation of the id field in JSON import file...

8.8CVSS6.1AI score0.00283EPSS
Exploits1References10
Packet Storm
Packet Storm
β€’added 2025/04/07 12:0 a.m.β€’278 views

πŸ“„ Kemal Framework 1.6.0 Path Traversal

Kemal Framework version 1.6.0 suffers from a path traversal vulnerability. Exploit Title: Kemal Framework 1.6.0 - Path Traversal Discovered by: Ahmet Ümit BAYRAM Discovered Date: 04.04.2025 Vendor Homepage: https://github.com/kemalcr Software Link:...

7AI score
Exploits0
GithubExploit
GithubExploit
β€’added 2025/04/06 7:36 p.m.β€’267 views

Exploit for Deserialization of Untrusted Data in Apache Tomcat

JSP Web Shell Uploader A simple Python tool for uploading a basi...

9.8CVSS9.3AI score0.99945EPSS
Exploits46
RedhatCVE
RedhatCVE
β€’added 2025/04/06 10:40 a.m.β€’14 views

CVE-2025-2245

A server-side request forgery SSRF vulnerability exists in the Bitdefender GravityZone Update Server when operating in Relay Mode. The HTTP proxy component on port 7074 uses a domain allowlist to restrict outbound requests, but fails to properly sanitize hostnames containing null-byte %00...

6.9CVSS7.1AI score0.00276EPSS
Exploits0References3
GithubExploit
GithubExploit
β€’added 2025/04/05 6:57 p.m.β€’103 views

Exploit for Deserialization of Untrusted Data in Apache Tomcat

CVE-2025-24813 - Apache Tomcat Path Equivalence Vulnerability...

9.8CVSS7.3AI score0.99945EPSS
Exploits46
IBM Security Bulletins
IBM Security Bulletins
β€’added 2025/04/04 9:22 p.m.β€’29 views

Security Bulletin: IBM Storage Fusion Data Foundation is vulnerable to Path Traversal in Moment.js (CVE-2022-24785)

Summary Moment.js is used by IBM Storage Fusion Data Foundation in noobaa-core-container and Ceph as part of Storage. This bulletin identifies the steps to take to address the vulnerability in IBM Storage Fusion Data Foundation. CVE-2022-24785. Vulnerability Details CVEID:CVE-2022-24785...

7.5CVSS7AI score0.05664EPSS
Exploits0Affected Software1
GithubExploit
GithubExploit
β€’added 2025/04/04 12:29 p.m.β€’107 views

Exploit for CVE-2025-45781

πŸ“‚ Kemal Framework 1.6.0 Path Traversal Vulnerability CVE-2025...

7.6AI score
Exploits0
OSV
OSV
β€’added 2025/04/04 10:15 a.m.β€’4 views

CVE-2025-2245

A server-side request forgery SSRF vulnerability exists in the Bitdefender GravityZone Update Server when operating in Relay Mode. The HTTP proxy component on port 7074 uses a domain allowlist to restrict outbound requests, but fails to properly sanitize hostnames containing null-byte %00...

5.3CVSS5.9AI score
Exploits0References1
NVD
NVD
β€’added 2025/04/04 10:15 a.m.β€’8 views

CVE-2025-2245

A server-side request forgery SSRF vulnerability exists in the Bitdefender GravityZone Update Server when operating in Relay Mode. The HTTP proxy component on port 7074 uses a domain allowlist to restrict outbound requests, but fails to properly sanitize hostnames containing null-byte %00...

6.9CVSS0.00276EPSS
Exploits0References1
Rows per page
Query Builder