Lucene search
K

10471 matches found

OSV
OSV
added 2025/12/15 12:52 p.m.4 views

OPENSUSE-SU-2025:20163-1 Security update for grub2

This update for grub2 fixes the following issues: Changes in grub2: - CVE-2025-54771: Fixed grubfileclose does not properly controls the fs refcount bsc1252931 - CVE-2025-54770: Fixed missing unregister call for netsetvlan command may lead to use-after-free bsc1252930 - CVE-2025-61662: Fixed...

7.8CVSS5.8AI score0.00386EPSS
Exploits0References21
OSV
OSV
added 2025/12/15 12:49 p.m.2 views

SUSE-SU-2025:21212-1 Security update for grub2

This update for grub2 fixes the following issues: Changes in grub2: - CVE-2025-54771: Fixed grubfileclose does not properly controls the fs refcount bsc1252931 - CVE-2025-54770: Fixed missing unregister call for netsetvlan command may lead to use-after-free bsc1252930 - CVE-2025-61662: Fixed...

7.8CVSS5.8AI score0.00386EPSS
Exploits0References22
RedhatCVE
RedhatCVE
added 2025/12/14 4:9 p.m.4 views

CVE-2025-40265

No description is available for this CVE...

4.1CVSS6.5AI score0.00176EPSS
Exploits0References4
Veracode
Veracode
added 2025/12/13 5:12 a.m.8 views

SQL Injection

jeecg-boot is vulnerable to SQL Injection. The vulnerability is due to insufficient sanitization of the title parameter in the /sys/dict/loadTreeData endpoint, allowing attackers to inject malicious SQL statements and manipulate backend database queries...

9.8CVSS7.3AI score0.72043EPSS
Exploits1References2Affected Software1
Veracode
Veracode
added 2025/12/13 4:53 a.m.7 views

Jeecg-boot SQL Injection Vulnerability

A vulnerability classified as critical has been found in jeecg-boot 3.5.0. This affects an unknown part of the file jmreport/qurestSql. The manipulation of the argument apiSelectId leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public...

9.8CVSS6.4AI score0.35825EPSS
Exploits3References5Affected Software1
Veracode
Veracode
added 2025/12/13 4:43 a.m.10 views

SQL Injection

Jeecg-boot is vulnerable to SQL Injection. The vulnerability is due to insufficient sanitization of the code parameter in the /sys/user/queryUserComponentData endpoint, allowing attackers to inject malicious SQL statements and manipulate backend database queries...

9.8CVSS7.4AI score0.01353EPSS
Exploits1References2Affected Software2
Veracode
Veracode
added 2025/12/13 4:31 a.m.12 views

Improper SSL Hostname Verification

org.springframework.boot, spring-boot-autoconfigure is vulnerable to improper SSL hostname verification. The vulnerability is due to missing hostname verification in Cassandra SSL auto-configuration, which allows an attacker to perform man-in-the-middle attacks by intercepting and spoofing truste...

9.8CVSS5.8AI score0.00182EPSS
Exploits0References2Affected Software2
Veracode
Veracode
added 2025/12/13 4:24 a.m.10 views

Incorrect Authorization

org.nutz:nutzboot-parent is vulnerable to Incorrect Authorization. The vulnerability is due to inadequate validation of transaction parameters from/to/wei in the Transaction API, which allows an attacker to manipulate requests and perform unauthorized actions remotely...

9.8CVSS5.8AI score0.00409EPSS
Exploits0References6Affected Software1
NVD
NVD
added 2025/12/12 3:15 p.m.10 views

CVE-2025-36755

The CleverDisplay BlueOne hardware player is designed with its USB interfaces physically enclosed and inaccessible under normal operating conditions. Researchers demonstrated that, after cicumventing the device’s protective enclosure, it was possible to connect a USB keyboard and press ESC during...

2.4CVSS0.00142EPSS
Exploits0References2
EUVD
EUVD
added 2025/12/12 3:3 p.m.3 views

EUVD-2025-203082

APTIOV contains a vulnerability in BIOS where a user may cause “Improper Handling of Insufficient Permissions or Privileges” by local access. Successful exploitation of this vulnerability can lead to escalation of authorization and potentially impact Integrity and Availability...

8.4CVSS6.4AI score0.00098EPSS
Exploits0References2
CVE
CVE
added 2025/12/12 2:58 p.m.9 views

CVE-2025-36755

The CVE-2025-36755 entry describes the CleverDisplay BlueOne hardware player. When its USB interfaces are physically enclosed, the device is normally inaccessible; after circumventing the enclosure, a USB keyboard can be connected and ESC pressed during boot to access the BIOS setup interface. BI...

2.4CVSS5.8AI score0.00142EPSS
Exploits0References2
EUVD
EUVD
added 2025/12/12 2:58 p.m.7 views

EUVD-2025-203085

The CleverDisplay BlueOne hardware player is designed with its USB interfaces physically enclosed and inaccessible under normal operating conditions. Researchers demonstrated that, after cicumventing the device’s protective enclosure, it was possible to connect a USB keyboard and press ESC during...

7CVSS6.1AI score0.00929EPSS
Exploits0References4
CVE
CVE
added 2025/12/12 12:28 a.m.22 views

CVE-2025-10451

CVE-2025-10451 affects Insyde InsydeH2O (EFI/UEFI) with an unchecked output buffer that can enable arbitrary code execution in System Management Mode (SMM) and may cause SMM memory corruption. The CVE is described as a H19Int15CallbackSmm memory-corruption vulnerability in combined DXE/SMM (SMRAM...

8.2CVSS7.7AI score0.00127EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/12/12 12:0 a.m.4 views

PT-2025-50938

The CleverDisplay BlueOne hardware player is designed with its USB interfaces physically enclosed and inaccessible under normal operating conditions. Researchers demonstrated that, after cicumventing the device’s protective enclosure, it was possible to connect a USB keyboard and press ESC during...

7CVSS6.6AI score0.00929EPSS
Exploits0References3
CNNVD
CNNVD
added 2025/12/12 12:0 a.m.4 views

SolarEdge SE3680H 安全漏洞

The SolarEdge SE3680H is an HDW inverter from SolarEdge, Israel. A security vulnerability exists in the SolarEdge SE3680H that originates from the unauthenticated disclosure of sensitive information during the boot loop, which could lead to the disclosure of operating system information...

2.4CVSS6.3AI score0.00137EPSS
Exploits0References2
NVD
NVD
added 2025/12/11 8:15 p.m.18 views

CVE-2025-36938

In U-Boot of appenduint32le, there is a possible fault injection due to a logic error in the code. This could lead to physical escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

6.8CVSS0.00126EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2025/12/11 8:15 p.m.11 views

Critical: Red Hat Security Advisory: Red Hat Build of Apache Camel 4.14.2 for Spring Boot release.

Red Hat build of Apache Camel 4.14.2 for Spring Boot patch release and security update is now available. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

9.8CVSS7AI score0.79807EPSS
Exploits7References4
CVE
CVE
added 2025/12/11 7:35 p.m.15 views

CVE-2025-36938

CVE-2025-36938 concerns a fault injection vulnerability in U-Boot function append_uint32_le() caused by a logic error in the code. The issue enables physical elevation of privilege with no additional execution privileges required and no user interaction needed. Multiple sources (NVD/Red Hat/OSVed...

6.8CVSS6.9AI score0.00126EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2025/12/11 7:35 p.m.21 views

CVE-2025-36938

In U-Boot of appenduint32le, there is a possible fault injection due to a logic error in the code. This could lead to physical escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

0.00126EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/12/11 7:35 p.m.4 views

CVE-2025-36938

In U-Boot of appenduint32le, there is a possible fault injection due to a logic error in the code. This could lead to physical escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

6.9AI score0.00126EPSS
Exploits0References1
Rows per page
Query Builder