Lucene search
K

79 matches found

OSV
OSV
added 2025/04/03 2:11 p.m.6 views

BIT-JOOMLA-2020-8420

An issue was discovered in Joomla! before 3.9.15. A missing CSRF token check in the LESS compiler of comtemplates causes a CSRF vulnerability...

8.8CVSS7.1AI score0.00845EPSS
Exploits0References2
CVE
CVE
added 2025/04/01 12:29 p.m.77 views

CVE-2025-3031

CVE-2025-3031 : A vulnerability in Mozilla’s JIT-compiled code allows reading 32 bits spilled onto the stack. Affected products are Firefox and Thunderbird prior to version 137. Root cause, impact, and affected components are stated, but no exploitation details are provided in the documents. Reme...

6.5CVSS6.4AI score0.00262EPSS
Exploits0References3Affected Software2
Redos
Redos
added 2025/01/21 12:0 a.m.12 views

ROS-20250121-09

Vulnerability of the compiler of the html-template tool jinja is related to the failure to neutralize the special controls when processing f-lines. Exploitation of the vulnerability could allow an attacker to bypass the sandbox protection mechanism, execute arbitrary code, or cause a denial of...

8.8CVSS7.2AI score0.00979EPSS
Exploits0
Redos
Redos
added 2024/10/15 12:0 a.m.8 views

ROS-20241015-17

A vulnerability in the Networking component of Oracle GraalVM Enterprise Edition virtual machines, Oracle GraalVM for JDK and Oracle Java SE software platform is related to incorrect authorization. Exploitation of the vulnerability could allow an attacker acting remotely to impact data integrity ...

3.7CVSS7.1AI score0.01361EPSS
Exploits0
BDU FSTEC
BDU FSTEC
added 2024/02/20 12:0 a.m.4 views

The vulnerability of the ISPC programming language compiler lies in its uncontrolled search path element, which allows attackers to exploit their privileges.

The vulnerability of the Implicit SPMD Program Compiler ISPC programming language compiler is related to an uncontrolled element in the search process. Exploiting this vulnerability can allow attackers to enhance their privileges...

6.7CVSS6.6AI score0.00191EPSS
Exploits0References3Affected Software1
Tenable Nessus
Tenable Nessus
added 2024/01/24 12:0 a.m.30 views

GLSA-202401-27 : Ruby: Multiple vulnerabilities

The remote host is affected by the vulnerability described in GLSA-202401-27 Ruby: Multiple vulnerabilities - An issue was discovered in Ruby through 2.5.8, 2.6.x through 2.6.6, and 2.7.x through 2.7.1. WEBrick, a simple HTTP server bundled with Ruby, had not checked the transfer-encoding header...

9.8CVSS8.1AI score0.04766EPSS
Exploits6References18
CNNVD
CNNVD
added 2023/08/11 12:0 a.m.3 views

Intel ISPC Security Vulnerability

Intel ISPC is a program compiler from Intel Corporation USA. A security vulnerability exists in IntelR ISPC prior to version 1.19.0 that stems from improper access control. An attacker can exploit the vulnerability to elevate privileges...

7.8CVSS6.7AI score0.00144EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2023/06/26 6:17 p.m.42 views

CVE-2023-29404

A flaw was found in golang. The go command may execute arbitrary code at build time when using cgo. This can occur when running "go get" on a malicious module, or when running any other command which builds untrusted code. This can be triggered by linker flags, specified via a "cgo LDFLAGS"...

7.5CVSS9.4AI score0.01837EPSS
Exploits0References7
Prion
Prion
added 2023/06/08 9:15 p.m.34 views

Command injection

The go command may execute arbitrary code at build time when using cgo. This may occur when running "go get" on a malicious module, or when running any other command which builds untrusted code. This is can by triggered by linker flags, specified via a "cgo LDFLAGS" directive. The arguments for a...

7.5CVSS9.6AI score0.01837EPSS
Exploits0References7Affected Software2
CVE
CVE
added 2023/06/08 8:19 p.m.544 views

CVE-2023-29404

The CVE-2023-29404 description is corroborated by connected advisories: it concerns the go command executing code at build time when using cgo, triggered by LDFLAGS in a #cgo LDFLAGS directive, affecting gc and gccgo. The root cause is improper handling of certain linker flags, allowing disallowe...

9.8CVSS9.2AI score0.01837EPSS
Exploits0References8Affected Software1
UbuntuCve
UbuntuCve
added 2023/06/08 12:0 a.m.378 views

CVE-2023-29404

The go command may execute arbitrary code at build time when using cgo. This may occur when running "go get" on a malicious module, or when running any other command which builds untrusted code. This is can by triggered by linker flags, specified via a "cgo LDFLAGS" directive. The arguments for a...

9.8CVSS7AI score0.01837EPSS
Exploits0References7
Prion
Prion
added 2023/04/27 5:15 p.m.28 views

Code injection

Wasmtime is a standalone runtime for WebAssembly. Prior to versions 6.0.2, 7.0.1, and 8.0.1, Wasmtime's implementation of managing per-instance state, such as tables and memories, contains LLVM-level undefined behavior. This undefined behavior was found to cause runtime-level issues when compiled...

6.5CVSS8.7AI score0.0045EPSS
Exploits0References2Affected Software1
Amazon
Amazon
added 2023/03/22 12:0 a.m.8 views

Medium: libsepol

Issue Overview: The CIL compiler in SELinux 3.2 has a use-after-free in cilverifyclassperms called from cilverifyclasspermission and cilpreverifyhelper. CVE-2021-36084 The CIL compiler in SELinux 3.2 has a use-after-free in cilverifyclassperms called from verifymappermclassperms and hashtabmap...

3.3CVSS5.3AI score0.00592EPSS
Exploits4
BDU FSTEC
BDU FSTEC
added 2023/03/07 12:0 a.m.6 views

The vulnerability of the optimizing compiler oneAPI DPC++/C++ Compiler arises from operations that occur outside of the buffer boundaries in memory. This vulnerability should be addressed by enhancing the privileges of the compiler.

The vulnerability of the optimizing compiler oneAPI DPC++/C++ Compiler arises from the execution of an operation outside the buffer boundaries in memory. Exploiting this vulnerability can allow attackers to enhance their privileges...

6CVSS7.6AI score0.00185EPSS
Exploits0References2Affected Software2
CNNVD
CNNVD
added 2023/01/11 12:0 a.m.4 views

Intel(R) oneAPI DPC++/C++ Compiler 安全漏洞

IntelR oneAPI DPC++/ c++ Compiler is a compiler from Intel Corporation USA. A security vulnerability exists in IntelR oneAPI DPC++/ c++ Compiler versions prior to 2022.2.1, which stems from its improper access control on certain IntelR oneAPI Toolkits versions prior to 2022.3.1 that could allow...

7.8CVSS7.5AI score0.00184EPSS
Exploits0References3
Hacker One
Hacker One
added 2022/04/23 2:47 a.m.68 views

curl: --libcurl code injection via trigraphs

Summary: curl command --libcurl option can be tricked to generate C code that when compiled contains arbitrary code execution. Steps To Reproduce: 1. curl --libcurl client.c --user-agent "??/";char c='i','d',' ','','x',0,m='r',0;fclosepopenc,m;//" http://example.invalid 2. gcc -trigraphs client.c...

0.7AI score
Exploits0
BDU FSTEC
BDU FSTEC
added 2021/03/15 12:0 a.m.6 views

The vulnerability of the `static ptrdiff_t finderrfunc` function in the `src/lj_err.c` file of the LuaJIT compiler, a programming language for Lua. This vulnerability allows an attacker to cause a service failure.

The vulnerability of the static ptrdifft finderrfunc function in the src/ljerr.c file of the LuaJIT compiler for the Lua programming language is related to reading data beyond the allowed buffer size. Exploiting this vulnerability could allow a remote attacker to cause a service failure...

7.5CVSS7.4AI score0.02862EPSS
Exploits1References6Affected Software4
Gitee
Gitee
added 2020/10/10 2:31 p.m.6 views

Exploit for Absolute Path Traversal in Rarlab Winrar

This is a PoC exploit for CVE-2018-20250. The exploit targets a vulnerability in the Microsoft Visual C++ compiler, specifically in the way it handles certain types of code. The vulnerability allows for arbitrary code execution. The exploit is likely to be used to demonstrate the vulnerability an...

7.8CVSS7.5AI score0.96274EPSS
Exploits13
GoogleProjectZero
GoogleProjectZero
added 2020/09/01 12:0 a.m.78 views

JITSploitation III: Subverting Control Flow

Posted by Samuel Groß, Project Zero This three-part series highlights the technical challenges involved in finding and exploiting JavaScript engine vulnerabilities in modern web browsers and evaluates current exploit mitigation technologies. The exploited vulnerability, CVE-2020-9802, was fixed i...

8.8CVSS9.4AI score0.08207EPSS
Exploits4
Prion
Prion
added 2020/07/07 1:15 p.m.23 views

Design/Logic Flaw

An issue was discovered in Xen through 4.13.x, allowing Intel guest OS users to gain privileges or cause a denial of service because of non-atomic modification of a live EPT PTE. When mapping guest EPT nested paging tables, Xen would in some circumstances use a series of non-atomic bitfield write...

4.4CVSS7.6AI score0.00276EPSS
Exploits0References8Affected Software4
Rows per page
Query Builder