Lucene search
K

733 matches found

NVD
NVD
added 2025/09/16 1:16 p.m.5 views

CVE-2025-55114

The improper order of AUTHORIZEDCTMIP validation in the Control-M/Agent, where the Control-M/Server IP address is validated only after the SSL/TLS handshake is completed, exposes the Control-M/Agent to vulnerabilities in the SSL/TLS implementation under certain non-default conditions e.g...

6.9CVSS0.00362EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/09/16 12:20 p.m.7 views

CVE-2025-55114 BMC Control-M/Agent improper IP address filtering order

The improper order of AUTHORIZEDCTMIP validation in the Control-M/Agent, where the Control-M/Server IP address is validated only after the SSL/TLS handshake is completed, exposes the Control-M/Agent to vulnerabilities in the SSL/TLS implementation under certain non-default conditions e.g...

6.9CVSS0.00362EPSS
Exploits0References2
NVD
NVD
added 2025/09/06 4:15 p.m.8 views

CVE-2021-46750

Failure to validate the address and size in TEE Trusted Execution Environment may allow a malicious x86 attacker to send malformed messages to the graphics mailbox resulting in an overlap of a TMR Trusted Memory Region that was previously allocated by the ASP bootloader leading to a potential los...

3CVSS0.00139EPSS
Exploits0References3
Snyk
Snyk
added 2025/09/03 3:30 p.m.5 views

Insertion of Sensitive Information into Externally-Accessible File or Directory

Overview org.jenkins-ci.plugins:git-client is a Jenkins git client plugin. Affected versions of this package are vulnerable to Insertion of Sensitive Information into Externally-Accessible File or Directory via the Git URL field form validation process. An attacker can determine the existence of...

5.3CVSS7AI score0.00288EPSS
Exploits0References2
NVD
NVD
added 2025/09/03 6:15 a.m.3 views

CVE-2023-21481

Improper URL input validation vulnerability in Samsung Account application prior to version 14.1.0.0 allows remote attackers to get sensitive information...

7.5CVSS0.00274EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/09/03 12:0 a.m.4 views

Cisco Webex Meetings 输入验证错误漏洞

Cisco Webex Meetings is a video conferencing solution from Cisco USA. An input validation error vulnerability exists in Cisco Webex Meetings that stems from insufficient validation of URLs, which could result in redirects to untrusted websites...

6.1CVSS6.5AI score0.00219EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/08/30 6:19 p.m.5 views

CVE-2025-31971

AIML Solutions for HCL SX is vulnerable to a URL validation vulnerability. The issue may allow attackers to launch a server-side request forgery SSRF attack enabling unauthorized network calls from the system, potentially exposing internal services or sensitive information...

5.1CVSS6.8AI score0.00127EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/08/27 12:0 a.m.8 views

Basecamp 输入验证错误漏洞

Basecamp is a project management software from Basecamp, Inc. An input validation error vulnerability exists in Basecamp versions prior to 1.3.0 that stems from improper URL validation and could lead to redirection attacks...

4.2CVSS6.3AI score0.00224EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2025/08/27 12:0 a.m.4 views

Linux Distros Unpatched Vulnerability : CVE-2020-25787

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in Tiny Tiny RSS aka tt-rss before 2020-09-16. It does not validate all URLs before requesting them. CVE-2020-25787 Note that Nessus...

10CVSS8.2AI score0.18417EPSS
Exploits4References2
OSV
OSV
added 2025/08/19 8:41 p.m.6 views

GHSA-35C5-67FM-CPCP WP Crontrol Authenticated (Administrator+) plugin vulnerable to Blind Server-Side Request Forgery

Impact The WP Crontrol plugin for WordPress is vulnerable to Blind Server-Side Request Forgery in versions 1.17.0 to 1.19.1 via the wpremoterequest function. This makes it possible for authenticated attackers, with Administrator-level access and above, to make web requests to arbitrary locations...

5.1CVSS7AI score0.00323EPSS
Exploits0References4
OSV
OSV
added 2025/08/11 1:54 p.m.3 views

BIT-LIBPHP-2024-5458 Filter bypass in filter_var (FILTER_VALIDATE_URL)

In PHP versions 8.1. before 8.1.29, 8.2. before 8.2.20, 8.3. before 8.3.8, due to a code logic error, filtering functions such as filtervar when validating URLs FILTERVALIDATEURL for certain types of URLs the function will result in invalid user information username + password part of URLs being...

5.3CVSS7.3AI score0.12117EPSS
Exploits1References8
OSV
OSV
added 2025/08/11 1:53 p.m.4 views

BIT-LIBPHP-2020-7071 FILTER_VALIDATE_URL accepts URLs with invalid userinfo

In PHP versions 7.3.x below 7.3.26, 7.4.x below 7.4.14 and 8.0.0, when validating URL with functions like filtervar$url, FILTERVALIDATEURL, PHP will accept an URL with invalid password as valid URL. This may lead to functions that rely on URL being valid to mis-parse the URL and produce wrong dat...

5.3CVSS7.3AI score0.02983EPSS
Exploits1References8
Snyk
Snyk
added 2025/08/09 6:30 a.m.3 views

Server-side Request Forgery (SSRF)

Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via improper validation of user-supplied URLs in the portal-settings-authentication-opensso-web component. An unauthenticated attacker can cause the server to initiate arbitrary HTTP requests to internal...

8.6CVSS7.2AI score0.00344EPSS
Exploits0References2
NVD
NVD
added 2025/08/09 5:15 a.m.7 views

CVE-2025-4581

Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q1.0 through 2025.Q1.4 ,2024.Q4.0 through 2024.Q4.7, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.15, 7.4 GA through update 92 allows a pre-authentication blind SSRF vulnerability in the...

8.6CVSS0.00344EPSS
Exploits0References1
CVE
CVE
added 2025/08/09 4:14 a.m.20 views

CVE-2025-4581

CVE-2025-4581 affects Liferay Portal 7.4.0–7.4.3.132 and Liferay DXP 2025.Q1.0–2025.Q1.4 (as well as older 7.4 GA through update 92, and listed 2024 Qx releases). The root cause is improper validation of user-supplied URLs in the portal-settings-authentication-opensso-web component, enabling a pr...

8.6CVSS7.2AI score0.00344EPSS
In wildExploits0References1Affected Software2
Vulnrichment
Vulnrichment
added 2025/08/09 4:14 a.m.2 views

CVE-2025-4581

Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q1.0 through 2025.Q1.4 ,2024.Q4.0 through 2024.Q4.7, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.15, 7.4 GA through update 92 allows a pre-authentication blind SSRF vulnerability in the...

5.3CVSS7.2AI score0.00344EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/07/29 12:0 a.m.13 views

BentoML 代码问题漏洞

BentoML is an open source modeling service library from BentoML Open Source. It is used to build high-performance and scalable artificial intelligence applications using Python. A code issue vulnerability exists in BentoML versions 1.4.0 through 1.4.19 that stems from the file upload processing...

9.9CVSS6.7AI score0.11883EPSS
Exploits1References3
NVD
NVD
added 2025/07/10 8:15 a.m.10 views

CVE-2025-38310

In the Linux kernel, the following vulnerability has been resolved: seg6: Fix validation of nexthop addresses The kernel currently validates that the length of the provided nexthop address does not exceed the specified length. This can lead to the kernel reading uninitialized memory if user space...

5.5CVSS0.00137EPSS
Exploits0References7
Cvelist
Cvelist
added 2025/07/10 7:42 a.m.6 views

CVE-2025-38310 seg6: Fix validation of nexthop addresses

In the Linux kernel, the following vulnerability has been resolved: seg6: Fix validation of nexthop addresses The kernel currently validates that the length of the provided nexthop address does not exceed the specified length. This can lead to the kernel reading uninitialized memory if user space...

0.00137EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2025/07/07 1:35 p.m.0 views

base-x: base-x homograph attack allows Unicode lookalike characters to bypass validation.

A flaw was found in base-x. This vulnerability allows attackers to generate addresses that appear legitimate, tricking users into sending money to them instead of the intended ones. The problem arises from the way base-x compresses leading zeros in addresses via manipulation of the base encoding...

8.7CVSS5.7AI score0.00354EPSS
Exploits0References6
Rows per page
Query Builder