Lucene search
K

16 matches found

EUVD
EUVD
added 2025/11/11 6:30 p.m.4 views

EUVD-2025-93479

Untrusted pointer dereference for some Intel QuickAssist Technology software before version 2.6.0 within Ring 3: User Applications may allow an escalation of privilege. System software adversary with an authenticated user combined with a low complexity attack may enable data manipulation. This...

6.8CVSS5.9AI score0.00105EPSS
Exploits0References2
CVE
CVE
added 2025/11/11 4:51 p.m.12 views

CVE-2025-32446

Summary: CVE-2025-32446 affects Intel QuickAssist Technology (QAT) software prior to version 2.6.0. An untrusted pointer dereference in Ring 3 (User Applications) could allow an attacker with local access and an authenticated, low‑complexity user to escalate privileges and potentially manipulate ...

6.8CVSS6.1AI score0.00105EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2025/10/22 3:15 p.m.4 views

CVE-2025-59558

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in ThemeMove Billey billey allows PHP Local File Inclusion.This issue affects Billey: from n/a through 2.1.6...

8.1CVSS0.00488EPSS
Exploits0References1
CVE
CVE
added 2025/09/23 1:11 p.m.16 views

CVE-2025-9844

CVE-2025-9844 (Salesforce CLI on Windows) Affected software: Salesforce CLI (Salesforce) on Windows.Root cause: Uncontrolled Search Path Element that can lead to replacement of a trusted executable.Impact: Potential code execution through replacing a trusted executable; CVSS v3.1 base score 8.8 (...

8.8CVSS6.6AI score0.00441EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 8:32 p.m.8 views

CVE-2021-24341

When deleting a date in the Xllentech English Islamic Calendar WordPress plugin before 2.6.8, the yearnumber and monthnumber POST parameters are not sanitised, escaped or validated before being used in a SQL statement, leading to SQL injection...

8.8CVSS7.4AI score0.01586EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2025/05/22 6:33 a.m.6 views

CVE-2015-7344

HikaShop Joomla Component before 2.6.0 has XSS via an injected payload/caption...

4.8CVSS5.9AI score0.00539EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2025/01/22 12:0 a.m.5 views

PT-2025-1415 · Open5Gs · Open5Gs

Name of the Vulnerable Software and Affected Versions: Open5GS MME versions prior to 2.6.4 Description: The issue is related to a reachable assertion in the Uplink NAS Transport packet handler. A packet missing its MME UE S1AP ID field causes Open5GS to crash. An attacker may repeatedly send such...

8.6CVSS7.1AI score0.00752EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2023/07/11 12:0 a.m.4 views

PT-2023-4014 · Apache · Apache Airflow

Name of the Vulnerable Software and Affected Versions: Apache Airflow versions prior to 2.6.3 Description: The issue is related to improper authorization in Apache Airflow, allowing unauthorized read access to a DAG through a specially crafted URL. This could enable a remote attacker to disclose...

7.1CVSS5.9AI score0.00757EPSS
Exploits0References15
CNNVD
CNNVD
added 2022/09/05 12:0 a.m.4 views

tinygltf 命令注入漏洞

tinygltf is a header-only C++ miniature glTF library loader/saver by the Japanese individual developer Syoyo Fujita. A security vulnerability exists in tinygltf versions prior to 2.6.0, which stems from the C library function wordexp performs file path expansion on untrusted paths provided by the...

8.8CVSS7.8AI score0.0279EPSS
Exploits1References9
Positive Technologies
Positive Technologies
added 2022/09/05 12:0 a.m.5 views

PT-2022-7691 · Tinygltf +2 · Tinygltf +2

Name of the Vulnerable Software and Affected Versions: tinygltf versions prior to 2.6.0 Description: The tinygltf library has an issue related to the use of the C library function wordexp for file path expansion on untrusted paths from input files. This allows for command injection using backtick...

10CVSS8.2AI score0.0279EPSS
Exploits1References19
ATTACKERKB
ATTACKERKB
added 2022/03/28 6:15 p.m.7 views

CVE-2022-0388

The Interactive Medical Drawing of Human Body WordPress plugin before 2.6 does not sanitise and escape the Link field, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...

4.8CVSS5.5AI score0.00588EPSS
Exploits2References2
VulnCheck KEV
VulnCheck KEV
added 2021/08/30 12:0 a.m.5 views

VulnCheck KEV: CVE-2021-32305

WebSVN before 2.6.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the search parameter...

10CVSS7.6AI score0.86716EPSS
Exploits9References1
CNNVD
CNNVD
added 2021/08/12 12:0 a.m.14 views

Google TensorFlow 代码问题漏洞

Google TensorFlow is an end-to-end open source machine learning platform. A security vulnerability exists in Google TensorFlow versions prior to 2.6.0. The vulnerability stems from the MLIR optimization of the L2NormalizeReduceAxis operator. An attacker can exploit the vulnerability to cause a...

7.8CVSS5.3AI score0.00165EPSS
Exploits0References5
CNNVD
CNNVD
added 2021/08/12 12:0 a.m.5 views

Google TensorFlow 输入验证错误漏洞

Google TensorFlow is an end-to-end open source machine learning platform. A denial of service vulnerability exists in tf.rawops.MapStage in Google TensorFlow versions prior to 2.6.0. An attacker can exploit this vulnerability to cause a denial of service...

5.5CVSS5.3AI score0.00154EPSS
Exploits0References5
OSV
OSV
added 2020/07/30 1:15 p.m.5 views

AZL-6457 CVE-2020-14309 affecting package grub2 for versions less than 2.06~rc1-7

There's an issue with grub2 in all versions before 2.06 when handling squashfs filesystems containing a symbolic link with name length of UINT32 bytes in size. The name size leads to an arithmetic overflow leading to a zero-size allocation further causing a heap-based buffer overflow with attacke...

6.7CVSS7AI score0.00482EPSS
Exploits0References1
OSV
OSV
added 2017/08/24 8:29 p.m.4 views

ALPINE-CVE-2014-4616

Array index error in the scanstring function in the json module in Python 2.7 through 3.5 and simplejson before 2.6.1 allows context-dependent attackers to read arbitrary process memory via a negative index value in the idx argument to the rawdecode function...

5.9CVSS6.9AI score0.08125EPSS
Exploits1References1
Rows per page
Query Builder