Lucene search
K

187 matches found

EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2019-19166

Malware in sbrugna...

9.8CVSS9AI score0.01832EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2021-20335

Malware in sbrugna...

7.8CVSS7.6AI score0.00151EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2024-26974

Malicious code in bioql PyPI...

3.5CVSS6.2AI score0.01681EPSS
Exploits1References13
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2022-4541

Malicious code in bioql PyPI...

7.8CVSS7.7AI score0.00546EPSS
Exploits1References5
OSV
OSV
added 2025/10/03 7:56 p.m.7 views

RLSA-2025:11797 Important: firefox security update

Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. Security Fixes: firefox: thunderbird: Large branch table could lead to truncated instruction CVE-2025-8028 firefox: thunderbird: Memory safety bugs CVE-2025-8035 firefox: thunderbird:...

7.5CVSS7.5AI score0.00472EPSS
Exploits0References10
NVD
NVD
added 2025/05/27 1:15 p.m.15 views

CVE-2025-5265

Due to insufficient escaping of the ampersand character in the “Copy as cURL” feature, an attacker could trick a user into using this command, potentially leading to local code execution on the user's system. This bug only affects Firefox for Windows. Other versions of Firefox are unaffected.. Th...

4.8CVSS0.00141EPSS
Exploits0References6
CVE
CVE
added 2025/05/27 12:29 p.m.103 views

CVE-2025-5265

CVE-2025-5265 concerns Firefox on Windows where the Copy as cURL feature improperly escapes the ampersand, enabling a crafted command to trigger local code execution. The impact is described as potentially allowing arbitrary code execution on the user’s system when the user runs the affected curl...

4.8CVSS6.7AI score0.00141EPSS
Exploits0References6Affected Software1
CVE
CVE
added 2025/05/27 12:29 p.m.118 views

CVE-2025-5264

CVE-2025-5264 involves insufficient escaping of the newline character in Firefox/Thunderbird Copy as cURL functionality, enabling a user to be tricked into executing a crafted command locally. Affected: Firefox < 139, Firefox ESR < 115.24/128.11, Thunderbird

4.8CVSS7AI score0.00135EPSS
Exploits0References8Affected Software1
Tenable Nessus
Tenable Nessus
added 2025/05/27 12:0 a.m.12 views

Mozilla Thunderbird < 128.11

The version of Thunderbird installed on the remote Windows host is prior to 128.11. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2025-46 advisory. - Memory safety bug present in Firefox ESR 128.10, and Thunderbird 128.10. This bug showed evidence of memory...

8.1CVSS7.1AI score0.00489EPSS
Exploits0References9
Hacker One
Hacker One
added 2025/05/08 3:53 p.m.8 views

curl: curl -OJ allows creating custom .curlrc file which allows exfiltrating private data, among other things

Summary: If someone convinces someone to use curl -OJ http://example.com/somefile.txt, the Content-Disposition header can be used to create a .curlrc file if one doesn't exist and one is running curl from the home directory. From that point on, the attack controls any argument to all curl...

6.9AI score
Exploits0
NVD
NVD
added 2025/04/29 2:15 p.m.18 views

CVE-2025-4084

Due to insufficient escaping of the special characters in the "copy as cURL" feature, an attacker could trick a user into using this command, potentially leading to local code execution on the user's system. This bug only affects Firefox for Windows. Other versions of Firefox are unaffected.. Thi...

5.7CVSS0.00344EPSS
Exploits0References5
BDU FSTEC
BDU FSTEC
added 2025/04/10 12:0 a.m.9 views

The vulnerability of the gzip_do_write() function in the zlib compression library allows a attacker to bypass ASLR protection, execute arbitrary code, or cause a denial-of-service attack.

The vulnerability of the gzipdowrite function in the zlib compression library, a command-line utility of CURL, is related to integer overflow. Exploiting this vulnerability allows an attacker to bypass ASLR protection, execute arbitrary code, or cause a denial-of-service attack...

7.5CVSS7.1AI score0.01168EPSS
Exploits1References10Affected Software5
Rosalinux
Rosalinux
added 2025/03/01 9:41 p.m.26 views

Advisory ROSA-SA-2025-2748

Software: curl 7.61.1 OS: ROSA Virtualization 2.1 packageevrstring: curl-7.61.1-34.0.2.rv3.2 CVE-ID: CVE-2022-32221 BDU-ID: 2022-07403 CVE-Crit: CRITICAL. CVE-DESC.: A vulnerability in the cURL command line utility is related to a logical error in the reused descriptor when processing subsequent...

9.8CVSS8.1AI score0.36081EPSS
Exploits7
Fedora
Fedora
added 2025/01/09 2:3 a.m.13 views

[SECURITY] Fedora 41 Update: curl-8.9.1-3.fc41

curl is a command line tool for transferring data with URL syntax, supporting FTP, FTPS, HTTP, HTTPS, SCP, SFTP, TFTP, TELNET, DICT, LDAP, LDAPS, FILE, IMA P, SMTP, POP3 and RTSP. curl supports SSL certificates, HTTP POST, HTTP PUT, FTP uploading, HTTP form based upload, proxies, cookies,...

6.5CVSS7.3AI score0.0197EPSS
Exploits1
Github Security Blog
Github Security Blog
added 2024/09/23 10:5 p.m.167 views

Duplicate Advisory: Camaleon CMS vulnerable to remote code execution through code injection (GHSL-2024-185)

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-7x4w-cj9r-h4v9. This link is maintained to preserve external references. Original Description The actions defined inside of the MediaController class do not check whether a given path is inside a certain path e....

7.3AI score
Exploits0References3Affected Software1
GithubExploit
GithubExploit
added 2024/09/19 9:35 a.m.722 views

Exploit for Command Injection in Jc21 Nginx_Proxy_Manager

POCCVE-2024-46256 CVE-2024-46256 and CVE-2024-46257 is the...

9.8CVSS9.9AI score0.02997EPSS
Exploits3
BDU FSTEC
BDU FSTEC
added 2024/09/02 12:0 a.m.7 views

The vulnerability of the list_base_config.php file in the web interface of the Raisecom MSG1200, MSG2100E, MSG2200, and MSG2300 integrated software solution version 3.90 allows a hacker to execute arbitrary code.

The vulnerability of the listbaseconfig.php web interface of the Raisecom MSG1200, MSG2100E, MSG2200, and MSG2300 software is version 3.90. This vulnerability stems from the failure to eliminate special elements used in the OS command. Exploiting this vulnerability allows a remote attacker to...

10CVSS7.1AI score0.934EPSS
Exploits4References4Affected Software4
Exploit DB
Exploit DB
added 2024/08/24 12:0 a.m.206 views

Elber Wayber Analog/Digital Audio STL 4.00 - Device Config Disclosure

Elber Wayber Analog/Digital Audio STL 4.00 Device Config Vendor: Elber S.r.l. Product web page: https://www.elber.it Affected version: Version 3.0.0 Revision 1553 Firmware Ver. 4.00 Rev. 1501 Version 3.0.0 Revision 1542 Firmware Ver. 4.00 Rev. 1516 Version 3.0.0 Revision 1530 Firmware Ver. 4.00...

7.4AI score
Exploits0
Redos
Redos
added 2024/07/08 12:0 a.m.4 views

ROS-20240708-21

Vulnerability in cURL command line utility is due to bugs in protocol removal logic. Exploitation The exploitation of the vulnerability may allow a remote intruder to gain access to protected information Vulnerability in the HTTP/2 network protocol implementation of the cURL command line utility ...

8.6CVSS7.2AI score0.36081EPSS
Exploits2
GithubExploit
GithubExploit
added 2024/06/07 8:10 p.m.622 views

Exploit for OS Command Injection in Php

CVE-2024-4577 Vulnerability Checker This script is designed t...

9.8CVSS9.5AI score0.99987EPSS
Exploits64
Rows per page
Query Builder