Lucene search
K

44 matches found

NVD
NVD
added 2 days ago5 views

CVE-2025-0824

Lack of validation for firmware update in Hitachi Hitachi Virtual Storage Platform One Block 23, 24, 26, 28. This issue affects Hitachi Virtual Storage Platform One Block 23, 24, 26, 28: before DKCMAIN A3-04-21-40/00, ESM A3-04-21/00...

3.7CVSS0.00083EPSS
Exploits0References1
CVE
CVE
added last week10 views

CVE-2026-45677

Summary (CVE-2026-45677): Rocket.Chat prior to versions 8.5.0, 8.4.1, 8.3.3, 8.2.3, 8.1.4, 8.0.5, 7.13.7, and 7.10.11 fails to verify the signature on inbound SAML LogoutRequest messages. This allows an unauthenticated remote attacker who knows a target user’s SAML NameID (commonly the user’s ema...

8.7CVSS6AI score0.00451EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/14 12:0 a.m.9 views

PT-2026-40919

Name of the Vulnerable Software and Affected Versions PostgreSQL versions prior to 18.4 PostgreSQL versions prior to 17.10 PostgreSQL versions prior to 16.14 PostgreSQL versions prior to 15.18 PostgreSQL versions prior to 14.23 Description An externally-controlled format string in the timeofday...

8.8CVSS5.8AI score0.00668EPSS
Exploits0References96
Github Security Blog
Github Security Blog
added 2026/04/29 6:33 a.m.12 views

CyberChef has a Cross-site Scripting issue

GCHQ CyberChef before 11.0.0 allows XSS via Show Base64 offsets, as demonstrated by the /recipe=ShowBase64offsets'%3Cscript substring...

7.2CVSS5.8AI score0.00294EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2026/04/08 12:18 a.m.8 views

Denial of Service due to Panic in AWS SDK for Go v2 SDK EventStream Decoder

CVSSv3.1 Rating: Medium CVSSv3.1 Score: 5.9 CVSSv3.1 Vector String: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H Summary and Impact An issue exists in the the EventStream header decoder in AWS SDK for Go v2 in versions predating 2026-03-23. An actor can send a malformed EventStream response frame...

5.9AI score
Exploits0References3Affected Software12
SUSE CVE
SUSE CVE
added 2026/02/13 12:26 a.m.2 views

SUSE CVE-2026-2003

Improper validation of type "oidvector" in PostgreSQL allows a database user to disclose a few bytes of server memory. We have not ruled out viability of attacks that arrange for presence of confidential information in disclosed bytes, but they seem unlikely. Versions before PostgreSQL 18.2, 17.8...

4.3CVSS5.6AI score0.00281EPSS
Exploits0References30
Cvelist
Cvelist
added 2026/02/03 7:26 p.m.26 views

CVE-2025-62799 FastDDS's heap buffer overflow in RTPS DATA_FRAG enables unauthenticated DoS (potential RCE)

Fast DDS is a C++ implementation of the DDS Data Distribution Service standard of the OMG Object Management Group . Prior to versions 3.4.1, 3.3.1, and 2.6.11, a heap buffer overflow exists in the Fast-DDS DATAFRAG receive path. An un authenticated sender can transmit a single malformed RTPS...

9.2CVSS0.00483EPSS
Exploits0References4
CVE
CVE
added 2026/01/28 8:3 p.m.25 views

CVE-2025-14472

CVE-2025-14472 is a CSRF vulnerability in the Drupal Acquia Content Hub integration. Affected versions are Acquia Content Hub 0.0.0–3.6.3 and 3.7.0–3.7.2. Root cause is a CSRF protection gap that could allow actions on behalf of authenticated users. The CVSS 3.1 base metrics indicate HIGH impact ...

8.1CVSS5.9AI score0.0013EPSS
Exploits0References1Affected Software1
RedhatCVE
RedhatCVE
added 2026/01/09 8:59 a.m.4 views

CVE-2023-49089

Umbraco is an ASP.NET content management system CMS. Starting in version 8.0.0 and prior to versions 8.18.10, 10.8.1, and 12.3.0, Backoffice users with permissions to create packages can use path traversal and thereby write outside of the expected location. Versions 8.18.10, 10.8.1, and 12.3.0...

7.7CVSS6.8AI score0.00624EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/01/02 12:0 a.m.4 views

PT-2026-1081

Name of the Vulnerable Software and Affected Versions QNAP versions prior to 5.2.7.3256 build 20250913 Description A flaw exists where a remote attacker, having obtained administrator privileges, could trigger a denial-of-service DoS condition through a NULL pointer dereference. Recommendations...

5.1CVSS6.6AI score0.003EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/01/02 12:0 a.m.5 views

PT-2026-1042

Name of the Vulnerable Software and Affected Versions EmpireSoft EmpireCMS versions prior to 8.0 Description A flaw exists in EmpireSoft EmpireCMS that allows for unrestricted file uploads. This issue is located in the CheckSaveTranFiletype function within the e/class/connect.php file. Successful...

8.8CVSS6.4AI score0.00314EPSS
Exploits1References11
EUVD
EUVD
added 2025/12/24 2:26 p.m.3 views

EUVD-2025-205286

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Echo Call Center Services Trade and Industry Inc. Specto CM allows Stored XSS.This issue affects Specto CM: before 17032025...

5.4CVSS5.6AI score0.00138EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/12/18 2:40 p.m.4 views

CVE-2025-64467 Out-of-Bounds Read in LVResFile::FindRsrcListEntry() in NI LabVIEW

There is an out of bounds read vulnerability in NI LabVIEW in LVResFile::FindRsrcListEntry when parsing a corrupted VI file. This vulnerability may result in information disclosure or arbitrary code execution. Successful exploitation requires an attacker to get a user to open a specially crafted...

8.5CVSS6.8AI score0.00132EPSS
Exploits0References1
OpenVAS
OpenVAS
added 2025/10/06 12:0 a.m.7 views

QNAP QTS Video Station SQLi Vulnerability (QSA-25-32)

QNAP Video Station is prone to an SQL injection SQLi vulnerability. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

8.8CVSS8.1AI score0.00346EPSS
Exploits0References1
Kaspersky
Kaspersky
added 2025/08/08 12:0 a.m.5 views

KLA86476 ACE vulnerability in WinRAR

A remote code execution vulnerability was found in WinRAR. Malicious users can exploit this vulnerability to execute arbitrary code. Original advisories WinRAR 7.13 Final released CVE-2025-31334 Exploitation Public exploits exist for this vulnerability. Related products WinRAR CVE list...

8.8CVSS8.3AI score0.85778EPSS
Exploits35References4
CNNVD
CNNVD
added 2025/07/07 12:0 a.m.3 views

Splunk Enterprise 操作系统命令注入漏洞

Splunk Enterprise is a suite of data collection and analytics software from Splunk Corporation in the United States. Splunk Enterprise suffers from an operating system command injection vulnerability that stems from improper input cleanup and could lead to remote command execution. The following...

6.8CVSS7.3AI score0.0043EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 5:20 a.m.3 views

CVE-2023-21889

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization component: Core. Supported versions that are affected are Prior to 6.1.42 and prior to 7.0.6. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox...

3.8CVSS4.9AI score0.0033EPSS
Exploits0References1
OSV
OSV
added 2025/04/09 11:15 p.m.5 views

AZL-59838 CVE-2025-32386 affecting package helm for versions less than 3.15.2-3

Helm is a tool for managing Charts. A chart archive file can be crafted in a manner where it expands to be significantly larger uncompressed than compressed e.g., 800x difference. When Helm loads this specially crafted chart, memory can be exhausted causing the application to terminate. This issu...

6.5CVSS6.8AI score0.00379EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/02/24 12:0 a.m.5 views

PT-2025-7717 · Agito Computer · Health4All

Name of the Vulnerable Software and Affected Versions: Agito Computer Health4All versions prior to 10.01.2025 Description: The issue is related to an SQL Injection vulnerability due to improper neutralization of special elements used in an SQL command. This allows for SQL Injection attacks...

8.8CVSS8.3AI score0.00385EPSS
Exploits0References7
CNNVD
CNNVD
added 2024/12/18 12:0 a.m.4 views

Rockwell Automation Power Monitor 1000 安全漏洞

Rockwell Automation Power Monitor 1000 is a power monitor from Rockwell Automation. A security vulnerability exists in Rockwell Automation Power Monitor 1000 versions prior to 4.020, which can be exploited by an attacker to configure a new policyholder user without any authentication through the...

9.3CVSS6.9AI score0.00539EPSS
Exploits0References1
Rows per page
Query Builder