Lucene search
K

1178 matches found

CVE
CVE
added 2025/03/11 12:39 a.m.73 views

CVE-2025-27434

CVE-2025-27434 affects SAP Commerce (Swagger UI). The issue is caused by insufficient input validation, allowing an unauthenticated attacker to inject remote code and perform a cross-site scripting (XSS) attack, with high impact to confidentiality, integrity, and availability (CVSSv3.1: AV:N/AC:L...

8.8CVSS6.4AI score0.00439EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/03/11 12:0 a.m.3 views

PT-2025-10680 · Sap · Sap Commerce

Name of the Vulnerable Software and Affected Versions: SAP Commerce affected versions not specified Description: The issue is caused by insufficient input validation in SAP Commerce Swagger UI, allowing an unauthenticated attacker to inject malicious code from remote sources. This can be leverage...

10CVSS5.7AI score0.00439EPSS
Exploits0References19
BDU FSTEC
BDU FSTEC
added 2025/03/05 12:0 a.m.3 views

The vulnerabilities of Mozilla Firefox, Firefox ESR, and the email client Thunderbird, Thunderbird ESR, are related to authentication process errors. These errors allow attackers to compromise the confidentiality, integrity, and accessibility of protected information.

The vulnerabilities of Mozilla Firefox, Firefox ESR, and the email client Thunderbird, Thunderbird ESR, are related to authentication process errors. Exploiting these vulnerabilities can allow an attacker to compromise the confidentiality, integrity, and accessibility of protected information...

10CVSS7.8AI score0.00376EPSS
Exploits0References18Affected Software8
BDU FSTEC
BDU FSTEC
added 2025/02/19 12:0 a.m.5 views

The vulnerability of the zswap_pool_create() function in the mm/zswap.c module of the Linux kernel’s memory management subsystem allows a attacker to compromise the confidentiality, integrity, and accessibility of the protected information.

The vulnerability of the zswappoolcreate function in the mm/zswap.c module of the Linux kernel’s memory management subsystem is related to the reutilization of previously released memory. Exploiting this vulnerability could allow an attacker to compromise the confidentiality, integrity, and...

7.8CVSS6.5AI score0.00191EPSS
Exploits0References10Affected Software3
BDU FSTEC
BDU FSTEC
added 2025/02/13 12:0 a.m.6 views

The vulnerability of the IOMobileFrameBuffer component in operating systems such as MacOs, tvOs, watchOs, iPadOs, and iOS allows attackers to compromise the confidentiality, integrity, and accessibility of protected information.

The vulnerability of the IOMobileFrameBuffer component in operating systems such as MacOs, tvOS, watchOS, iPadOS, and iOS lies in the reading of data beyond the buffer boundaries in memory. Exploiting this vulnerability can allow attackers to compromise the confidentiality, integrity, and...

7.8CVSS7.4AI score0.00241EPSS
Exploits0References5Affected Software5
BDU FSTEC
BDU FSTEC
added 2025/02/06 12:0 a.m.7 views

The vulnerability of the Monitoring and Diagnostics component of the JD Edwards EnterpriseOne Tools in the enterprise resource management system makes it possible for a perpetrator to compromise the confidentiality, integrity, and accessibility of the protected information.

The vulnerability of the Monitoring and Diagnostics component of the JD Edwards EnterpriseOne Tools system’s resource management system is related to the lack of authentication checks for a critical function. Exploiting this vulnerability allows an attacker, operating remotely, to compromise the...

10CVSS8AI score0.00737EPSS
Exploits0References3Affected Software1
BDU FSTEC
BDU FSTEC
added 2025/01/29 12:0 a.m.4 views

The vulnerability of the smb2_write() function in the fs/ksmbd/smb2pdu.c module allows a hacker to compromise the confidentiality, integrity, and accessibility of the protected information.

The vulnerability of the smb2write function in the fs/ksmbd/smb2pdu.c module is related to writing beyond the buffer boundaries. Exploiting this vulnerability could allow an attacker to compromise the confidentiality, integrity, and accessibility of the protected information...

7.8CVSS7.4AI score0.00278EPSS
Exploits0References24Affected Software6
BDU FSTEC
BDU FSTEC
added 2025/01/20 12:0 a.m.21 views

The vulnerability of DHCP servers for real-time operating systems like Wind River VxWorks allows attackers to compromise the confidentiality, integrity, and accessibility of protected information.

The vulnerability of DHCP servers for real-time operating systems from Wind River VxWorks relates to operations that go beyond the buffer in memory. Exploiting this vulnerability allows a remote attacker to compromise the confidentiality, integrity, and accessibility of protected information...

10CVSS8AI score0.01789EPSS
Exploits0References4Affected Software1
BDU FSTEC
BDU FSTEC
added 2025/01/13 12:0 a.m.6 views

The vulnerability of the ma35_pinctrl_dt_node_to_map_func() function in the drivers/pinctrl/nuvoton/pinctrl-ma35.c file of the Linux kernel allows a attacker to compromise the confidentiality, integrity, and accessibility of the protected information.

The vulnerability of the ma35pinctrldtnodetomapfunc function in the drivers/pinctrl/nuvoton/pinctrl-ma35.c file of the Linux kernel is related to the repeated release of previously released memory. Exploiting this vulnerability could allow an attacker to compromise the confidentiality, integrity,...

7.8CVSS7.1AI score0.00199EPSS
Exploits0References8Affected Software2
BDU FSTEC
BDU FSTEC
added 2025/01/13 12:0 a.m.8 views

The vulnerability of the edge_bulk_out_cmd_callback() function in the drivers/usb/serial/io_edgeport.c file of the Linux kernel allows a attacker to compromise the confidentiality, integrity, and accessibility of the protected information.

The vulnerability of the edgebulkoutcmdcallback function in the drivers/usb/serial/ioedgeport.c file of the Linux kernel is related to the repeated use of previously freed memory. Exploiting this vulnerability could allow an attacker to compromise the confidentiality, integrity, and accessibility...

7.8CVSS6.7AI score0.00284EPSS
Exploits0References26Affected Software6
BDU FSTEC
BDU FSTEC
added 2025/01/13 12:0 a.m.4 views

The vulnerability of the bitmap_ip_uadt() function in the net/netfilter/ipset/ip_set_bitmap_ip.c module of the Linux operating system allows a attacker to compromise the confidentiality, integrity, and accessibility of the protected information.

The vulnerability of the bitmapipuadt function in the net/netfilter/ipset/ipsetbitmapip.c module of the Linux kernel is related to incorrect validation of input data. Exploiting this vulnerability could allow an attacker to compromise the confidentiality, integrity, and accessibility of the...

7.8CVSS6.7AI score0.00396EPSS
Exploits0References28Affected Software6
BDU FSTEC
BDU FSTEC
added 2025/01/10 12:0 a.m.12 views

The vulnerability of the kunit_try_catch_run() function in the KUnit framework (lib/kunit/try-catch.c) in the Linux kernel allows a attacker to compromise the confidentiality, integrity, and accessibility of the protected information.

The vulnerability of the kunittrycatchrun function in the KUnit framework lib/kunit/try-catch.c in the Linux kernel is related to the reallocation of memory after its deallocation due to concurrent access to resources race condition. Exploiting this vulnerability could allow an attacker to...

7CVSS6.4AI score0.00227EPSS
Exploits0References22Affected Software5
BDU FSTEC
BDU FSTEC
added 2024/12/20 12:0 a.m.7 views

The vulnerability of the Translate component in Microsoft Edge and Google Chrome browsers allows attackers to compromise the confidentiality, integrity, and accessibility of protected information.

The vulnerability of the Translate component in Microsoft Edge and Google Chrome relates to the use of memory after it is freed. Exploiting this vulnerability could allow an attacker to compromise the confidentiality, integrity, and accessibility of the protected information...

10CVSS7.5AI score0.04071EPSS
Exploits0References9Affected Software4
BDU FSTEC
BDU FSTEC
added 2024/12/16 12:0 a.m.4 views

The vulnerability of the application software interface “lan_apply” of the microprogrammed wireless access points of Advantech models EKI-6333AC-2G, EKI-6333AC-2GD, and EKI-6333AC-1GPO allows a perpetrator to compromise the confidentiality, integrity, and accessibility of protected information.

The vulnerability of the “lanapply” application programming interface of the microprogramming-based wireless access points of Advantech models EKI-6333AC-2G, EKI-6333AC-2GD, and EKI-6333AC-1GPO exists due to the failure to take measures to neutralize the special elements used in the operating...

9CVSS5.5AI score0.01042EPSS
Exploits0References3Affected Software3
BDU FSTEC
BDU FSTEC
added 2024/12/03 12:0 a.m.5 views

The vulnerability of the `of_modalities()` function in the Linux operating system’s kernel allows a attacker to compromise the confidentiality, integrity, and accessibility of the protected information.

The vulnerability of the ofmodalities function in the drivers/of/module.c module of the Linux kernel is related to access to memory beyond the allocated buffer. Exploiting this vulnerability could allow a remote attacker to compromise the confidentiality, integrity, and accessibility of the...

10CVSS6.6AI score0.01483EPSS
Exploits0References22Affected Software8
BDU FSTEC
BDU FSTEC
added 2024/11/26 12:0 a.m.9 views

The vulnerability of the mmap_mutex function in the Linux operating system allows a hacker to compromise the confidentiality, integrity, and accessibility of data.

The vulnerability of the mmapmutex function in Linux operating systems is related to the recovery of unreliable data in memory. Exploiting this vulnerability can allow a remote attacker to compromise confidentiality, integrity, and accessibility of data...

5.5CVSS6.7AI score0.00299EPSS
Exploits0References34Affected Software6
BDU FSTEC
BDU FSTEC
added 2024/11/14 12:0 a.m.5 views

The vulnerability of the ucma_cleanup_multicast() function in the InfiniBand driver for Linux operating systems allows a attacker to compromise the confidentiality, integrity, and accessibility of protected information.

The vulnerability of the ucmacleanupmulticast function in the drivers/infiniband/core/ucma.c file of the Linux kernel’s InfiniBand driver is related to the reutilization of previously released memory due to competitive access to resources race condition. Exploiting this vulnerability could allow ...

7.8CVSS6.3AI score0.00238EPSS
Exploits0References12Affected Software3
BDU FSTEC
BDU FSTEC
added 2024/11/11 12:0 a.m.6 views

The vulnerability of Mozilla Firefox, Firefox ESR, and the email client Thunderbird relates to the execution of operations beyond the buffer in memory, which allows an attacker to compromise the confidentiality, integrity, and accessibility of protected information.

The vulnerability of Mozilla Firefox, Firefox ESR, and the email client Thunderbird relates to the issue of operations occurring outside of the buffer in memory during object cloning. Exploiting this vulnerability can allow an attacker to compromise the confidentiality, integrity, and accessibili...

10CVSS7AI score0.00552EPSS
Exploits0References17Affected Software7
BDU FSTEC
BDU FSTEC
added 2024/11/07 12:0 a.m.6 views

The vulnerability in the implementation of the WebRTC technology in Google Chrome browser allows attackers to compromise the confidentiality, integrity, and accessibility of data.

The vulnerability of WebRTC implementations in Google Chrome and Microsoft Edge relates to the use of memory after deallocation. Exploiting this vulnerability allows a remote attacker to compromise the confidentiality, integrity, and accessibility of data through a specially crafted HTML page...

10CVSS7.6AI score0.00517EPSS
Exploits0References11Affected Software7
BDU FSTEC
BDU FSTEC
added 2024/11/06 12:0 a.m.5 views

The vulnerability of the switchtec_ntbremove() function in the Linux operating system allows a attacker to compromise the confidentiality, integrity, and accessibility of the protected information.

The vulnerability of the switchtecntbremove function in the drivers/ntb/hw/mscc/ntb hw switchtec.c file of the Linux kernel is related to the reutilization of previously freed memory due to competitive access to resources race condition. Exploiting this vulnerability could allow an attacker to...

7CVSS7.2AI score0.00231EPSS
Exploits0References33Affected Software5
Rows per page
Query Builder