Lucene search
K

118 matches found

CNNVD
CNNVD
added 2025/06/19 12:0 a.m.3 views

WordPress plugin Football Pool 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

5.5CVSS5.7AI score0.00214EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/06/17 12:0 a.m.10 views

mezzanine 跨站脚本漏洞

mezzanine is a Django CMS framework by stephenmcd individual developers. A cross-site scripting vulnerability exists in mezzanine versions prior to 6.1.1, which stems from insufficient cleanup of the displayablelinksjs function and could lead to a stored cross-site scripting attack...

4.8CVSS5.7AI score0.00263EPSS
Exploits1References3
RedhatCVE
RedhatCVE
added 2025/05/23 12:16 a.m.10 views

CVE-2022-45455

Local privilege escalation due to incomplete uninstallation cleanup. The following products are affected: Acronis Cyber Protect Home Office Windows before build 40107, Acronis Agent Windows before build 30025, Acronis Cyber Protect 15 Windows before build 30984...

7.8CVSS7.3AI score0.00149EPSS
Exploits0References1
BDU FSTEC
BDU FSTEC
added 2025/05/23 12:0 a.m.7 views

The vulnerability of the formArpNerworkSet function in the /goform/ArpNerworkSet file of the Tenda A15 wireless access point software allows a attacker to cause a service failure.

The vulnerability of the formArpNerworkSet function in the /goform/ArpNerworkSet microprogramming system for the wireless access point Tenda A15 is related to improper cleaning or release of resources. Exploiting this vulnerability can allow an attacker to cause service failures remotely...

6.8CVSS6.5AI score0.00607EPSS
Exploits1References6Affected Software1
RedhatCVE
RedhatCVE
added 2025/05/22 9:47 p.m.15 views

CVE-2022-45347

Apache ShardingSphere-Proxy prior to 5.3.0 when using MySQL as database backend didn't cleanup the database session completely after client authentication failed, which allowed an attacker to execute normal commands by constructing a special MySQL client. This vulnerability has been fixed in Apac...

9.8CVSS7.3AI score0.01388EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 4:44 p.m.6 views

CVE-2020-5961

NVIDIA vGPU graphics driver for guest OS contains a vulnerability in which an incorrect resource clean up on a failure path can impact the guest VM, leading to denial of service...

5.5CVSS6.7AI score0.00274EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2025/05/13 8:28 a.m.5 views

kernel: smb: client: fix TCP timers deadlock after rmmod

REJECTED CVE A vulnerability was suspected in the Linux kernel's SMB client module related to TCP timers and potential deadlocks after module removal rmmod cifs. The issue stemmed from incorrect manual manipulation of sk-sknetrefcnt, which led to TCP timers not being properly cleared, causing...

7.2AI score
Exploits0References5
Positive Technologies
Positive Technologies
added 2025/05/05 12:0 a.m.12 views

PT-2026-42451

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A double-free issue exists in the Reliable Delivery Service RDS implementation of the Linux kernel. When the iov iter get pages2 function fails within rds message zcopy from user, the...

7.8CVSS5.9AI score0.00269EPSS
Exploits3
CNNVD
CNNVD
added 2025/04/24 12:0 a.m.5 views

HCL Leap 安全漏洞

HCL Leap is a low-code development platform from HCL India. HCL Leap suffers from a security vulnerability that stems from insufficient cleanup and allows injection of client-side scripts in the authoring environment...

5.4CVSS7.1AI score0.00193EPSS
Exploits0References1
OSV
OSV
added 2025/04/16 2:13 p.m.13 views

CVE-2025-22115 btrfs: fix block group refcount race in btrfs_create_pending_block_groups()

In the Linux kernel, the following vulnerability has been resolved: btrfs: fix block group refcount race in btrfscreatependingblockgroups Block group creation is done in two phases, which results in a slightly unintuitive property: a block group can be allocated/deallocated from after...

4.7CVSS6AI score0.00122EPSS
Exploits0References6
CNNVD
CNNVD
added 2025/04/16 12:0 a.m.4 views

Symfonia Ready_ SQL注入漏洞

Symfonia Ready is an operating system from Symfonia that builds programs for companies to use off-the-shelf modules and business applications. Symfonia Ready has an SQL injection vulnerability that stems from improper input cleanup in the Invoices module file search function, which could lead to ...

9.4CVSS7.6AI score0.00915EPSS
Exploits0References3
Cvelist
Cvelist
added 2025/04/15 7:27 p.m.20 views

CVE-2025-32439 pleezer allows resource exhaustion through uncollected hook script processes

pleezer is a headless Deezer Connect player. Hook scripts in pleezer can be triggered by various events like track changes and playback state changes. In versions before 0.16.0, these scripts were spawned without proper process cleanup, leaving zombie processes in the system's process table. Even...

6.5CVSS0.00334EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/04/14 12:0 a.m.4 views

SicommNet BASEC 安全漏洞

SicommNet BASEC is a proxy solution from SicommNet, Inc. A security vulnerability exists in SicommNet BASEC that stems from improper input cleanup and could lead to a reflective cross-site scripting attack...

8.7CVSS5.9AI score0.00416EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2025/04/01 12:0 a.m.14 views

Amazon Linux 2 : PackageKit (ALAS-2025-2811)

The version of PackageKit installed on the remote host is prior to 1.1.5-2. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2025-2811 advisory. A use-after-free flaw was found in PackageKitd. In some conditions, the order of cleanup mechanics for a transaction could be...

3.3CVSS4.9AI score0.00228EPSS
Exploits0References4
Amazon
Amazon
added 2025/04/01 12:0 a.m.24 views

Important: tomcat

Issue Overview: When serving resources from a network location using the NTFS file system, Apache Tomcat versions 10.0.0-M1 to 10.0.0-M9, 9.0.0.M1 to 9.0.39, 8.5.0 to 8.5.59 and 7.0.0 to 7.0.106 were susceptible to JSP source code disclosure in some configurations. The root cause was the unexpect...

9.8CVSS8.9AI score0.99945EPSS
Exploits47
Tenable Nessus
Tenable Nessus
added 2025/03/20 12:0 a.m.11 views

Ubuntu 24.04 LTS / 24.10 : Valkey vulnerabilities (USN-7359-1)

The remote Ubuntu 24.04 LTS / 24.10 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-7359-1 advisory. It was discovered that Valkey did not properly handle memory cleanup. An attacker could possibly use this issue to execute arbitrary code...

9.8CVSS7.9AI score0.07802EPSS
Exploits2References3
CNNVD
CNNVD
added 2025/03/07 12:0 a.m.4 views

Backdrop CMS 跨站脚本漏洞

Backdrop CMS is a content management system CMS from Backdrop CMS open source. A cross-site scripting vulnerability exists in Backdrop CMS versions prior to 1.x-1.1.1, which stems from insufficient input cleanup and could lead to cross-site scripting attacks...

6.4CVSS6AI score0.00213EPSS
Exploits0References3
Debian CVE
Debian CVE
added 2025/02/27 2:7 a.m.9 views

CVE-2024-57975

In the Linux kernel, the following vulnerability has been resolved: btrfs: do proper folio cleanup when rundelallocnocow failed BUG With CONFIGDEBUGVM set, test case generic/476 has some chance to crash with the following VMBUGONFOLIO: BTRFS error device dm-3: cowfilerange failed, start 1146880 e...

5.5CVSS5.7AI score0.00192EPSS
Exploits0
Cvelist
Cvelist
added 2025/02/26 2:24 a.m.21 views

CVE-2022-49669 mptcp: fix race on unaccepted mptcp sockets

In the Linux kernel, the following vulnerability has been resolved: mptcp: fix race on unaccepted mptcp sockets When the listener socket owning the relevant request is closed, it frees the unaccepted subflows and that causes later deletion of the paired MPTCP sockets. The mptcp socket's worker ca...

0.00234EPSS
Exploits0References2
Debian CVE
Debian CVE
added 2025/02/26 1:55 a.m.12 views

CVE-2022-49168

In the Linux kernel, the following vulnerability has been resolved: btrfs: do not clean up repair bio if submit fails The submit helper will always run bioendio on the bio if it fails to submit, so cleaning up the bio just leads to a variety of use-after-free and NULL pointer dereference bugs...

7.8CVSS5.7AI score0.00279EPSS
Exploits0
Rows per page
Query Builder