Lucene search
K

75 matches found

Circl
Circl
added 2025/09/17 3:9 p.m.3 views

CVE-2025-40933

creationtimestamp| type| source ---|---|--- 2025-09-17 15:09:30+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3lz24jszhz62a 2025-09-17 16:55:09+00:00| seen| https://gist.github.com/Darkcrai86/998a31f20c5bf6bc073cb655f43337be...

7.5CVSS4.8AI score0.00383EPSS
Exploits0References2
Circl
Circl
added 2025/07/16 5:32 a.m.4 views

GHSA-68R2-FWCG-QPM8

creationtimestamp| type| source ---|---|--- 2025-07-16 05:32:18+00:00| seen| https://gist.github.com/safer-bot/ac258bea45025717f0ed3e9461a069c2...

7.3AI score
Exploits0References1
Circl
Circl
added 2025/07/16 3:56 a.m.5 views

GHSA-RC2Q-X9MF-W3VF

creationtimestamp| type| source ---|---|--- 2025-07-16 03:56:59+00:00| seen| https://gist.github.com/safer-bot/0a516166b329057e81ec35ad6fb00e3b 2025-07-16 07:47:33+00:00| seen| https://gist.github.com/safer-bot/616a8b85e998ab57bb1c3128b073777f 2025-07-16 08:18:18+00:00| seen|...

5.3AI score
Exploits0References7
NVD
NVD
added 2025/07/07 10:15 a.m.6 views

CVE-2025-3046

A vulnerability in the ObsidianReader class of the run-llama/llamaindex repository, versions 0.12.23 to 0.12.28, allows for arbitrary file read through symbolic links. The ObsidianReader fails to resolve symlinks to their real paths and does not validate whether the resolved paths lie within the...

7.5CVSS0.00555EPSS
Exploits1References2
Packet Storm News
Packet Storm News
added 2025/06/13 12:0 a.m.4 views

Towards Understanding the Cognitive Habits of Large Reasoning Models

Large Reasoning Models LRMs, which autonomously produce a reasoning Chain of Thought CoT before producing final responses, offer a promising approach to interpreting and monitoring model behaviors. Inspired by the observation that certain CoT patterns -- e.g., "Wait, did I miss anything?'' --...

7.1AI score
Exploits0
OSV
OSV
added 2025/04/22 4:56 p.m.3 views

GO-2025-3619 Mattermost Incorrect Authorization vulnerability in github.com/mattermost/mattermost-server

Mattermost Incorrect Authorization vulnerability in github.com/mattermost/mattermost-server...

4.3CVSS6.8AI score0.00239EPSS
Exploits0References3
OSV
OSV
added 2025/04/15 8:39 p.m.8 views

CVE-2025-32021 Weblate VCS credentials included in URL parameters are potentially logged and saved into browser history as plaintext

Weblate is a web based localization tool. Prior to version 5.11, when creating a new component from an existing component that has a source code repository URL specified in settings, this URL is included in the client's URL parameters during the creation process. If, for example, the source code...

2.2CVSS6.8AI score0.00332EPSS
Exploits1References4
CNNVD
CNNVD
added 2025/04/15 12:0 a.m.4 views

Weblate 安全漏洞

Weblate is a Copyleft open source web-based continuous localization system for free software. A security vulnerability exists in Weblate versions prior to 5.11, which stems from the possibility that credentials in the code repository URL may be disclosed in plaintext...

7.5CVSS6.6AI score0.00332EPSS
Exploits1References3
OSV
OSV
added 2025/03/25 7:38 p.m.6 views

GO-2025-3549 Mattermost Fails to Enforce Certain Search APIs in github.com/mattermost/mattermost-server

Mattermost Fails to Enforce Certain Search APIs in github.com/mattermost/mattermost-server...

6.5CVSS4.6AI score0.00291EPSS
Exploits0References3
Circl
Circl
added 2025/02/25 7:44 p.m.3 views

GHSA-W32M-9786-JP63

creationtimestamp| type| source ---|---|--- 2025-02-25 19:44:55+00:00| seen| https://gist.github.com/ruokun-niu/25de36e2d9507c94536ff4058d807551...

7.2AI score
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/11/27 9:28 p.m.11 views

CVE-2024-53260 Course Roster vulnerable to CSV Injection in Autolab

Autolab is a course management service that enables auto-graded programming assignments. A user can modify their first and or last name to include a valid excel / spreadsheet formula. When an instructor downloads their course's roster and opens, this name will then be evaluated as a formula. This...

6.8CVSS6.9AI score0.00462EPSS
Exploits0References2
Cvelist
Cvelist
added 2024/11/27 9:28 p.m.46 views

CVE-2024-53260 Course Roster vulnerable to CSV Injection in Autolab

Autolab is a course management service that enables auto-graded programming assignments. A user can modify their first and or last name to include a valid excel / spreadsheet formula. When an instructor downloads their course's roster and opens, this name will then be evaluated as a formula. This...

6.8CVSS0.00462EPSS
Exploits0References2
Fedora
Fedora
added 2024/04/14 3:8 a.m.11 views

[SECURITY] Fedora 38 Update: libopenmpt-0.7.6-1.fc38

libopenmpt is a cross-platform C++ and C library to decode tracked music files modules into a raw PCM audio stream. libopenmpt is based on the player code of the OpenMPT project Open ModPlug Tracker. In order to avoid code base fragmentation, libopenmpt is developed in the same source code...

7.4AI score
Exploits0
Fedora
Fedora
added 2024/04/14 1:36 a.m.15 views

[SECURITY] Fedora 39 Update: libopenmpt-0.7.6-1.fc39

libopenmpt is a cross-platform C++ and C library to decode tracked music files modules into a raw PCM audio stream. libopenmpt is based on the player code of the OpenMPT project Open ModPlug Tracker. In order to avoid code base fragmentation, libopenmpt is developed in the same source code...

7.4AI score
Exploits0
NVD
NVD
added 2023/12/20 1:15 a.m.29 views

CVE-2023-47704

IBM Security Guardium Key Lifecycle Manager 4.3 contains plain text hard-coded credentials or other secrets in source code repository. IBM X-Force ID: 271220...

7.5CVSS0.00609EPSS
Exploits0References2
Code423n4
Code423n4
added 2023/08/28 12:0 a.m.11 views

Error of computation break the LpTokens supply, causes users to lose funds and make functions using _getUtilityFinalLp() broken.

Lines of code Vulnerability details Impact withdrawGivenOutputAmount and withdrawGivenInputAmount functions doesn't revert when balance of tokenX/tokenY = 0 and create an offset between reserve tokens and LP total supply. This lead to unwanted behaviors for the next operations on the protocol...

6.6AI score
Exploits0
Fedora
Fedora
added 2023/08/05 1:20 a.m.18 views

[SECURITY] Fedora 37 Update: libopenmpt-0.6.11-1.fc37

libopenmpt is a cross-platform C++ and C library to decode tracked music files modules into a raw PCM audio stream. libopenmpt is based on the player code of the OpenMPT project Open ModPlug Tracker. In order to avoid code base fragmentation, libopenmpt is developed in the same source code...

7.1AI score
Exploits0
Vulnrichment
Vulnrichment
added 2023/07/03 5:54 p.m.10 views

CVE-2023-36817 The King's Temple Church website Leaked Stripe API Key in Public Code Repository

tktchurch/website contains the codebase for The King's Temple Church website. In version 0.1.0, a Stripe API key was found in the public code repository of the church's project. This sensitive information was unintentionally committed and subsequently exposed in the codebase. If an unauthorized...

7.5CVSS6.6AI score0.00577EPSS
Exploits0References1
Code423n4
Code423n4
added 2023/05/11 12:0 a.m.23 views

Using memory instead of storage in 'redeemPositions' will result in incorrect LP Balance

Lines of code Vulnerability details Impact This bug could lead to a situation where a user can 'redeem' their positions without the associated liquidity positions LPs being properly reset. This could result in the user being able to artificially inflate their LP balance, which could lead to...

6.8AI score
Exploits0
Cvelist
Cvelist
added 2023/04/07 6:41 p.m.31 views

CVE-2023-23762 Incorrect comparison vulnerability in GitHub Enterprise Server leading to commit smuggling

An incorrect comparison vulnerability was identified in GitHub Enterprise Server that allowed commit smuggling by displaying an incorrect diff. To do so, an attacker would need write access to the repository and be able to correctly guess the target branch before it’s created by the code...

6.5CVSS6.7AI score0.0064EPSS
Exploits0References5
Rows per page
Query Builder