Lucene search
K

1370 matches found

Cvelist
Cvelist
added 2025/05/06 7:19 a.m.16 views

CVE-2025-46591

Out-of-bounds data read vulnerability in the authorization module Impact: Successful exploitation of this vulnerability may affect service confidentiality...

6.2CVSS0.001EPSS
Exploits0References1
Amazon
Amazon
added 2025/04/29 12:0 a.m.6 views

Medium: java-11-openjdk

Issue Overview: Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE component: Serialization. Supported versions that are affected are Java SE: 7u271, 8u261, 11.0.8 and 15; Java SE Embedded: 8u261. Difficult to exploit vulnerability allows unauthenticated attacker with networ...

5.8CVSS5.6AI score0.03713EPSS
Exploits0
OSV
OSV
added 2025/04/16 6:16 p.m.6 views

CVE-2025-32855

A vulnerability has been identified in TeleControl Server Basic All versions V3.1.2.2. The affected application is vulnerable to SQL injection through the internally used 'UnlockOpcSettings' method. This could allow an authenticated remote attacker to bypass authorization controls, to read from a...

8.7CVSS5.8AI score0.00554EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2025/04/16 5:29 p.m.4 views

openjdk: Enhance Buffered Image handling (Oracle CPU 2025-04)

Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: 2D. Supported versions that are affected are Oracle Java SE: 8u441, 8u441-perf, 11.0.26, 17.0.14, 21.0.6, 24; Oracle GraalVM for JDK: 17.0.14, 21.0.6, 24; Oracle...

5.6CVSS7.4AI score0.00549EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2025/04/16 5:13 p.m.5 views

openjdk: Improve compiler transformations (Oracle CPU 2025-04)

Vulnerability in Oracle Java SE component: Compiler. Supported versions that are affected are Oracle Java SE: 21.0.6, 24; Oracle GraalVM for JDK: 21.0.6 and 24. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java...

4.8CVSS7.4AI score0.00522EPSS
Exploits0References5
OSV
OSV
added 2025/04/15 9:16 p.m.2 views

CVE-2025-30719

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization component: Core. The supported version that is affected is 7.1.6. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM...

6.1CVSS7.1AI score0.00249EPSS
Exploits0References1
OSV
OSV
added 2025/04/15 9:15 p.m.3 views

DEBIAN-CVE-2025-30698

Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: 2D. Supported versions that are affected are Oracle Java SE: 8u441, 8u441-perf, 11.0.26, 17.0.14, 21.0.6, 24; Oracle GraalVM for JDK: 17.0.14, 21.0.6, 24; Oracle...

5.6CVSS5.8AI score0.00549EPSS
Exploits0References1
OSV
OSV
added 2025/04/15 9:15 p.m.3 views

CVE-2025-30694

Vulnerability in the XML Database component of Oracle Database Server. Supported versions that are affected are 19.3-19.26, 21.3-21.17 and 23.4-23.7. Easily exploitable vulnerability allows low privileged attacker having User Account privilege with network access via HTTP to compromise XML...

5.4CVSS5.8AI score0.00352EPSS
Exploits0References1
OSV
OSV
added 2025/04/15 9:15 p.m.6 views

DEBIAN-CVE-2025-30691

Vulnerability in Oracle Java SE component: Compiler. Supported versions that are affected are Oracle Java SE: 21.0.6, 24; Oracle GraalVM for JDK: 21.0.6 and 24. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java...

4.8CVSS5.7AI score0.00522EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2025/04/15 9:15 p.m.3 views

CVE-2025-1275

A maliciously crafted JPG file, when linked or imported into certain Autodesk applications, can force a Heap-Based Overflow vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process...

7.8CVSS6.1AI score0.0034EPSS
Exploits0References4Affected Software12
Positive Technologies
Positive Technologies
added 2025/04/15 12:0 a.m.7 views

PT-2025-16443

Name of the Vulnerable Software and Affected Versions: JD Edwards EnterpriseOne Tools versions 9.2.0.0 through 9.2.9.2 Description: The issue allows an unauthenticated attacker with network access via HTTP to compromise JD Edwards EnterpriseOne Tools. Successful attacks require human interaction...

6.4CVSS5.2AI score0.00364EPSS
Exploits0References5
OSV
OSV
added 2025/03/13 5:15 p.m.5 views

CVE-2025-1429

A maliciously crafted MODEL file, when parsed through Autodesk AutoCAD, can force a Heap-Based Overflow vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process...

7.8CVSS6.1AI score0.00224EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2025/03/13 5:15 p.m.3 views

CVE-2025-1432

A maliciously crafted 3DM file, when parsed through Autodesk AutoCAD, can force a Use-After-Free vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process...

7.8CVSS7.4AI score0.00273EPSS
Exploits0References4Affected Software9
ATTACKERKB
ATTACKERKB
added 2025/03/13 5:15 p.m.2 views

CVE-2025-1650

A maliciously crafted CATPRODUCT file, when parsed through Autodesk AutoCAD, can force an Uninitialized Variable vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process...

7.8CVSS7.4AI score0.00224EPSS
Exploits0References4Affected Software9
CNNVD
CNNVD
added 2025/03/13 12:0 a.m.4 views

Autodesk AutoCAD 安全漏洞

Autodesk AutoCAD is a suite of professional 3D drawing software from the US-based Autodesk Corporation. A security vulnerability exists in Autodesk AutoCAD that originates from parsing a malicious specially crafted CATPRODUCT file that could result in uninitialized variables, which could cause a...

7.8CVSS7AI score0.00224EPSS
Exploits0References5
CNNVD
CNNVD
added 2025/02/28 12:0 a.m.3 views

IBM MQ 安全漏洞

IBM MQ is a messaging middleware product from International Business Machines IBM. The product focuses on providing a reliable and validated messaging backbone for Service Oriented Architecture SOA. A security vulnerability exists in IBM MQ that stems from the possibility of local users reading...

4.7CVSS5.9AI score0.00119EPSS
Exploits0References3
BDU FSTEC
BDU FSTEC
added 2025/02/24 12:0 a.m.12 views

The vulnerability of the Mongoose library, related to the lack of protection for SQL query structures, allows attackers to execute arbitrary code and gain access to read and modify data.

The vulnerability of the Mongoose library relates to the lack of protection for the SQL query structure when the $where operator is used. Exploiting this vulnerability allows an attacker to execute arbitrary code and gain access to read and modify data...

9.4CVSS8.5AI score0.03988EPSS
Exploits3References6Affected Software1
BDU FSTEC
BDU FSTEC
added 2025/02/24 12:0 a.m.6 views

The vulnerability of the populate() function in the Mongoose library allows a hacker to execute arbitrary code and gain access to read and modify data.

The vulnerability of the populate function in the Mongoose library is related to improper code generation when using the $where operator. Exploiting this vulnerability allows an attacker to execute arbitrary code and gain access to read and modify data...

9CVSS8.4AI score0.07025EPSS
Exploits1References6Affected Software1
OSV
OSV
added 2025/02/20 1:15 a.m.4 views

CVE-2025-1222

An attacker can gain application privileges in order to perform limited modification and/or read arbitrary data in Citrix Secure Access Client for Mac...

6.1CVSS5.9AI score
Exploits0References1
RedHat Linux
RedHat Linux
added 2025/02/19 11:10 a.m.2 views

mysql: mysqldump unspecified vulnerability (CPU Oct 2024)

Vulnerability in the MySQL Client product of Oracle MySQL component: Client: mysqldump. Supported versions that are affected are 8.0.39 and prior, 8.4.2 and prior and 9.0.1 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to...

3.8CVSS5.7AI score0.00624EPSS
Exploits0References5
Rows per page
Query Builder