Lucene search
K

17 matches found

ATTACKERKB
ATTACKERKB
added 2026/03/13 4:7 p.m.2 views

CVE-2026-23940

Uncontrolled Resource Consumption vulnerability in hexpm hexpm/hexpm allows Excessive Allocation. Publishing an oversized package can cause Hex.pm to run out of memory while extracting the uploaded package tarball. This can terminate the affected application instance and result in a denial of...

7.1CVSS5.8AI score0.0044EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/03/13 4:7 p.m.3 views

CVE-2026-23940 Denial of Service via Oversized Package Upload

Uncontrolled Resource Consumption vulnerability in hexpm hexpm/hexpm allows Excessive Allocation. Publishing an oversized package can cause Hex.pm to run out of memory while extracting the uploaded package tarball. This can terminate the affected application instance and result in a denial of...

7.1CVSS5.8AI score0.0044EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2025/12/24 12:0 a.m.2 views

RockyLinux 10 : python3.12 (RLSA-2025:23940)

The remote RockyLinux 10 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2025:23940 advisory. cpython: python: Python zipfile End of Central Directory EOCD Locator record offset not checked CVE-2025-8291 Tenable has extracted the preceding description...

4.3CVSS6.9AI score0.00353EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2025/12/23 12:0 a.m.6 views

AlmaLinux 10 : python3.12 (ALSA-2025:23940)

The remote AlmaLinux 10 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2025:23940 advisory. cpython: python: Python zipfile End of Central Directory EOCD Locator record offset not checked CVE-2025-8291 Tenable has extracted the preceding description blo...

4.3CVSS6.9AI score0.00353EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2025/12/22 12:0 a.m.3 views

RHEL 10 : python3.12 (RHSA-2025:23940)

The remote Redhat Enterprise Linux 10 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2025:23940 advisory. Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic...

4.3CVSS6.9AI score0.00353EPSS
Exploits0References5
Cvelist
Cvelist
added 2025/01/16 8:8 p.m.17 views

CVE-2025-23940 WordPress jupdf pdf viewer plugin <= 0.1.1 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in horiyuki Image Switcher image-switcher allows Stored XSS.This issue affects Image Switcher: from n/a through = 0.1.1...

6.5CVSS0.0022EPSS
Exploits0References1
CVE
CVE
added 2025/01/16 8:8 p.m.56 views

CVE-2025-23940

CVE-2025-23940 concerns the WordPress plugin Image Switcher . The vulnerability is a stored cross-site scripting (XSS) issue described as an improper input neutralization during web page generation. Public details in the connected Red Hat and Wordfence entries confirm affected software as Image S...

6.5CVSS7.2AI score0.0022EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/12/30 4:51 p.m.13 views

CVE-2024-12754 AnyDesk Link Following Information Disclosure Vulnerability

AnyDesk Link Following Information Disclosure Vulnerability. This vulnerability allows local attackers to disclose sensitive information on affected installations of AnyDesk. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this...

5.5CVSS5.9AI score0.01165EPSS
Exploits0References1
Circl
Circl
added 2024/01/29 8:26 p.m.5 views

CVE-2024-23940

creationtimestamp| type| source ---|---|--- 2024-01-29 20:26:12+00:00| seen| https://t.me/ctinow/175516 2024-02-06 23:16:53+00:00| seen| https://t.me/ctinow/180385 2024-02-21 17:36:45+00:00| seen| https://t.me/ctinow/189831...

7.8CVSS7.5AI score0.00636EPSS
Exploits1References3
OSV
OSV
added 2024/01/29 7:15 p.m.3 views

CVE-2024-23940

Trend Micro uiAirSupport, included in the Trend Micro Security 2023 family of consumer products, version 6.0.2092 and below is vulnerable to a DLL hijacking/proxying vulnerability, which if exploited could allow an attacker to impersonate and modify a library to execute code on the system and...

7.8CVSS6AI score
Exploits0References3
CVE
CVE
added 2024/01/29 6:22 p.m.69 views

CVE-2024-23940

Trend Micro uiAirSupport (Trend Micro Security 2023 family) is affected for version 6.0.2092 and below. The vulnerability is described as a DLL hijacking/proxying issue that could let an attacker impersonate/modify a library, run code on the system, and escalate privileges. Impact is described as...

7.8CVSS7.8AI score0.00636EPSS
Exploits1References3Affected Software5
NVD
NVD
added 2023/02/21 11:15 p.m.10 views

CVE-2021-23940

Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues. Notes: none...

6.4AI score
Exploits0
Circl
Circl
added 2023/02/03 10:20 p.m.7 views

CVE-2023-23940

creationtimestamp| type| source ---|---|--- 2023-02-03 22:20:49+00:00| seen| https://t.me/cibsecurity/57501...

6.4CVSS5.6AI score0.0022EPSS
Exploits0References1
Check Point Advisories
Check Point Advisories
added 2022/10/02 12:0 a.m.6 views

SalesAgility SuiteCRM Remote Code Execution (CVE-2022-23940)

A remote code execution vulnerability exists in SalesAgility SuiteCRM. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...

6.5CVSS5.8AI score0.53235EPSS
Exploits2
Circl
Circl
added 2022/03/11 6:40 a.m.12 views

CVE-2022-23940

creationtimestamp| type| source ---|---|--- 2022-03-11 06:40:37+00:00| published-proof-of-concept| https://t.me/GithubRedTeam/1646 2024-08-01 12:09:53+00:00| seen| MISP/4c20a67f-a4c2-4cca-86c4-710293720e5d...

8.8CVSS8.1AI score0.53235EPSS
Exploits2References1
CVE
CVE
added 2022/03/07 7:6 p.m.108 views

CVE-2022-23940

SuiteCRM remote code execution (CVE-2022-23940) affects 7.12.1 and 8.x up to 8.0.1. Exploitation relies on deserializing crafted data in email_recipients within the Scheduled Reports module, allowing an authenticated user to trigger PHP object deserialization and execute code. The description not...

8.8CVSS8.7AI score0.53235EPSS
Exploits2References2Affected Software1
CVE
CVE
added 1976/01/01 12:0 a.m.33 views

CVE-2021-23940

CVE-2021-23940 is rejected/not used; this CVE entry is not an active vulnerability.

7.2AI score
Exploits0
Rows per page
Query Builder