Lucene search
K

559 matches found

OSV
OSV
added 2025/09/26 10:38 p.m.6 views

CVE-2025-59845 Apollo Embedded Sandbox and Explorer vulnerable to CSRF via window.postMessage origin-validation bypass

Apollo Studio Embeddable Explorer & Embeddable Sandbox are website embeddable software solutions from Apollo GraphQL. Prior to Apollo Sandbox version 2.7.2 and Apollo Explorer version 3.7.3, a cross-site request forgery CSRF vulnerability was identified. The vulnerability arises from missing orig...

8.2CVSS7.1AI score0.00149EPSS
Exploits0References3
OpenVAS
OpenVAS
added 2025/09/26 12:0 a.m.3 views

Fedora: Security Advisory (FEDORA-2025-cc94888079)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5CVSS6.8AI score0.01279EPSS
Exploits1References4
Tenable Nessus
Tenable Nessus
added 2025/09/26 12:0 a.m.1 views

Fedora 41 : mingw-expat (2025-cc94888079)

The remote Fedora 41 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2025-cc94888079 advisory. Update to expat-2.7.2, fixes CVE-2025-59375. Tenable has extracted the preceding description block directly from the Fedora security advisory. Note...

7.5CVSS6.5AI score0.01279EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2025/09/25 12:0 a.m.4 views

Fedora 41 : expat (2025-d936540ef5)

The remote Fedora 41 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2025-d936540ef5 advisory. Rebase to 2.7.2 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not tested for this...

7.5CVSS6.3AI score0.01279EPSS
Exploits1References2
Fedora
Fedora
added 2025/09/24 12:20 a.m.5 views

[SECURITY] Fedora 43 Update: expat-2.7.2-1.fc43

This is expat, the C library for parsing XML, written by James Clark. Expat is a stream oriented XML parser. This means that you register handlers with the parser prior to starting the parse. These handlers are called when the parser discovers the associated structures in the document being parse...

7AI score
Exploits0
OSV
OSV
added 2025/09/23 12:0 a.m.9 views

OPENSUSE-SU-2025:15573-1 expat-2.7.2-1.1 on GA media

These are all security issues fixed in the expat-2.7.2-1.1 package on the GA media of openSUSE Tumbleweed...

7.5CVSS6.3AI score0.01279EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2025/09/22 6:25 p.m.4 views

CVE-2025-53570

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in DELUCKS DELUCKS SEO delucks-seo allows Stored XSS.This issue affects DELUCKS SEO: from n/a through = 2.7.2...

6.5CVSS5.7AI score0.0025EPSS
Exploits0References3
OpenVAS
OpenVAS
added 2025/09/19 12:0 a.m.2 views

Fedora: Security Advisory (FEDORA-2025-639f53ea67)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5CVSS6.8AI score0.01279EPSS
Exploits1References3
RedhatCVE
RedhatCVE
added 2025/09/18 10:33 a.m.11 views

CVE-2025-10016

The Sparkle framework includes a helper tool Autoupdate. Due to lack of authentication of connecting clients a local unprivileged attacker can request installation of crafted malicious PKG file by racing to connect to the daemon when other app spawns it as root. This results in local privilege...

8.8CVSS7AI score0.00194EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/09/18 12:0 a.m.5 views

COMFAST CF-XR11 安全漏洞

COMFAST CF-XR11 is a wireless router from China Four Seas Zonglian COMFAST. A security vulnerability exists in COMFAST CF-XR11 version V2.7.2, which stems from an uncleaned phyinterface parameter in the multipppoe API, which could lead to a command injection attack...

8.8CVSS7.3AI score0.01679EPSS
Exploits1References1
Snyk
Snyk
added 2025/09/16 10:45 a.m.7 views

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization via the Downloader.xpc service. A local unprivileged attacker can access and copy files protected by TCC permissions by registering the service globally and exploiting the lack of client validation. Workaround Th...

6.8CVSS6.5AI score0.00129EPSS
Exploits0References2
Snyk
Snyk
added 2025/09/16 10:45 a.m.4 views

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization via the Downloader.xpc service. A local unprivileged attacker can access and copy files protected by TCC permissions by registering the service globally and exploiting the lack of client validation. Workaround Th...

6.8CVSS6.5AI score0.00129EPSS
Exploits0References2
NVD
NVD
added 2025/09/16 10:15 a.m.8 views

CVE-2025-10015

The Sparkle framework includes an XPC service Downloader.xpc, by default this service is private to the application its bundled with. A local unprivileged attacker can register this XPC service globally which will inherit TCC permissions of the application. Lack of validation of connecting client...

4.8CVSS0.00129EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2025/09/16 10:3 a.m.4 views

CVE-2025-10015 TCC Bypass via Downloader XPC Service in Sparkle

The Sparkle framework includes an XPC service Downloader.xpc, by default this service is private to the application its bundled with. A local unprivileged attacker can register this XPC service globally which will inherit TCC permissions of the application. Lack of validation of connecting client...

4.8CVSS6.3AI score0.00129EPSS
Exploits0References3
CVE
CVE
added 2025/09/16 10:3 a.m.21 views

CVE-2025-10015

The Sparkle framework’s Downloader.xpc XPC service can be registered globally by a local, unprivileged attacker, causing the service to inherit the app’s TCC permissions. The root cause is lack of validation of the connecting client, allowing copying of TCC-protected files to arbitrary locations;...

4.8CVSS6.1AI score0.00129EPSS
Exploits0References3
OSV
OSV
added 2025/09/16 10:3 a.m.10 views

CVE-2025-10015 TCC Bypass via Downloader XPC Service in Sparkle

The Sparkle framework includes an XPC service Downloader.xpc, by default this service is private to the application its bundled with. A local unprivileged attacker can register this XPC service globally which will inherit TCC permissions of the application. Lack of validation of connecting client...

4.8CVSS6AI score0.00129EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2025/09/16 12:0 a.m.7 views

PT-2025-37917

Name of the Vulnerable Software and Affected Versions: Sparkle framework versions prior to 2.7.2 Description: The Sparkle framework includes an XPC service, Downloader.xpc, which is, by default, private to the application it is bundled with. A local, unprivileged attacker can register this XPC...

4.8CVSS6.4AI score0.00129EPSS
Exploits0References6
NVD
NVD
added 2025/09/15 3:15 a.m.9 views

CVE-2025-59375

libexpat in Expat before 2.7.2 allows attackers to trigger large dynamic memory allocations via a small document that is submitted for parsing...

7.5CVSS0.01279EPSS
Exploits1References9
OSV
OSV
added 2025/09/15 3:15 a.m.9 views

AZL-67328 CVE-2025-59375 affecting package expat for versions less than 2.6.4-2

libexpat in Expat before 2.7.2 allows attackers to trigger large dynamic memory allocations via a small document that is submitted for parsing...

7.5CVSS6.7AI score0.01279EPSS
Exploits1References1
OSV
OSV
added 2025/09/15 3:15 a.m.7 views

AZL-67359 CVE-2025-59375 affecting package expat for versions less than 2.6.4-2

libexpat in Expat before 2.7.2 allows attackers to trigger large dynamic memory allocations via a small document that is submitted for parsing...

7.5CVSS6.7AI score0.01279EPSS
Exploits1References1
Rows per page
Query Builder