Lucene search
K

566 matches found

RedHat Linux
RedHat Linux
added 2025/12/22 12:43 a.m.5 views

hdf5: HDF5 heap-based overflow

A vulnerability was found in the H5Creconstructcacheentry function of the H5Cimage.c file in HDF5. Input manipulation can occur, which leads to a heap-based buffer overflow. Exploitation of this vulnerability requires local system access...

5.3CVSS6AI score0.00209EPSS
Exploits1References10
CVE
CVE
added 2025/12/19 7:10 a.m.11 views

CVE-2025-66496

CVE-2025-66496 is a memory corruption issue in Foxit PDF Reader’s 3D annotation handling due to insufficient bounds checking when parsing PRC data, leading to out-of-bounds access. The connected advisory notes Foxit fixed multiple vulnerabilities in Foxit PDF Reader, including memory corruption a...

7.8CVSS6.6AI score0.00175EPSS
Exploits0References1Affected Software2
Positive Technologies
Positive Technologies
added 2025/12/19 12:0 a.m.4 views

PT-2025-52424

A memory corruption vulnerability exists in the 3D annotation handling of Foxit PDF Reader due to insufficient bounds checking when parsing PRC data. When opening a PDF file containing malformed or specially crafted PRC content, out-of-bounds memory access may occur, resulting in memory corruptio...

5.3CVSS6.9AI score0.00175EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/12/18 12:0 a.m.6 views

PT-2025-52390

Name of the Vulnerable Software and Affected Versions NSF Unidata NetCDF-C affected versions not specified Description A remote code execution issue exists in NSF Unidata NetCDF-C due to an integer overflow in the handling of NC Variables. This allows for potential code execution. Recommendations...

7.8CVSS8.2AI score0.0031EPSS
Exploits0References8
EUVD
EUVD
added 2025/12/16 12:30 a.m.8 views

EUVD-2025-203473

Pentaho Data Integration and Analytics Community Dashboard Editor plugin versions before 10.2.0.4, including 9.3.0.x and 8.3.x, deserialize untrusted JSON data without constraining the parser to approved classes and methods...

8.8CVSS6.5AI score0.00362EPSS
Exploits0References2
NVD
NVD
added 2025/12/13 4:16 p.m.7 views

CVE-2025-14542

The vulnerability arises when a client fetches a tools’ JSON specification, known as a Manual, from a remote Manual Endpoint. While a provider may initially serve a benign manual e.g., one defining an HTTP tool call, earning the clients’ trust, a malicious provider can later change the manual to...

7.5CVSS0.0022EPSS
Exploits0References2
CVE
CVE
added 2025/12/10 12:0 a.m.29 views

CVE-2025-65296

CVE-2025-65296 affects Aqara Hub M2 (version 4.3.6_0027), Aqara Hub M3 (4.3.6_0025), and Aqara Camera Hub G3 (4.1.9_0027). The issue is a NULL-pointer dereference in the JSON processing component, which enables denial-of-service attacks via malformed JSON inputs. Public details consistently descr...

6.5CVSS6.7AI score0.00263EPSS
Exploits1References1Affected Software1
OSV
OSV
added 2025/11/18 6:16 p.m.3 views

DEBIAN-CVE-2025-64076

Multiple vulnerabilities exist in cbor2 through version 5.7.0 in the decodedefinitelongstring function of the C extension decoder source/decoder.c: 1 Integer Underflow Leading to Out-of-Bounds Read CWE-191, CWE-125: An incorrect variable reference and missing state reset in the chunk processing...

7.5CVSS5.5AI score0.00422EPSS
Exploits1References1
OSV
OSV
added 2025/11/12 10:25 p.m.2 views

MAL-2025-184575 Malicious code in odasv-kinu-bobac (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8344e78f61193872306260e62e6648fabc0b82ca4615dd652d88424e0595c75f This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

6.8AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/11/11 8:11 p.m.3 views

Malicious code in ocha-semur94-breki (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2e1214fb3558730b5088b5d558b262398dc4a9fbcdbc1f5bbc93d26e66a2b65c This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

6.9AI score
Exploits0
OSV
OSV
added 2025/11/11 4:25 a.m.2 views

MAL-2025-85618 Malicious code in fitri-lupis6-miaww (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9f5296ac4596ca6cf80273e93cbc6b28523959939e18ad51877f5216e66d252d This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

6.8AI score
Exploits0
OSV
OSV
added 2025/10/30 3:2 p.m.5 views

GO-2025-4071 Hashicorp Vault and Vault Enterprise vulnerable to a denial of service when processing JSON in github.com/hashicorp/vault

Hashicorp Vault and Vault Enterprise vulnerable to a denial of service when processing JSON in github.com/hashicorp/vault...

7.5CVSS6.8AI score0.00517EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2025/10/29 12:0 a.m.5 views

Wireshark 4.4.x < 4.4.9 Multiple Vulnerabilities

The version of Wireshark installed on the remote Windows host is prior to 4.4.9. It is, therefore, affected by multiple vulnerabilities as referenced in the wireshark-4.4.9 advisory. - SSH dissector crash in Wireshark 4.4.0 to 4.4.8 allows denial of service CVE-2025-9817 - Column handling crashes...

7.8CVSS6.9AI score0.00306EPSS
Exploits4References22
Tenable Nessus
Tenable Nessus
added 2025/10/26 12:0 a.m.8 views

GitLab 11.7 < 18.3.5 / 18.4 < 18.4.3 / 18.5 < 18.5.1 (CVE-2025-11974)

The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - Gitlab reports: Improper access control issue in runner API impacts GitLab EE Denial of service issue in event collection impacts GitLab CE/EE Denial of service issue in JSON validation impacts GitLab...

6.5CVSS5.5AI score0.00351EPSS
Exploits0References4
CVE
CVE
added 2025/10/23 11:28 a.m.29 views

CVE-2025-62397

CVE-2025-62397 describes a router-side issue where responses to invalid course IDs are inconsistent, enabling an attacker to infer which course IDs exist (information disclosure for reconnaissance). The CVSS v3.1 vector (AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N) indicates network access with low confi...

5.3CVSS6.5AI score0.00254EPSS
Exploits0References2Affected Software1
CNNVD
CNNVD
added 2025/10/22 12:0 a.m.4 views

Hikvision CSMP iSecure Center 安全漏洞

Hikvision CSMP iSecure Center is an integrated security management platform from Hikvision China. A security vulnerability exists in Hikvision CSMP iSecure Center version 2024-08-01 and earlier, which stems from unverified execution of the $ command in JSON data, which could lead to the execution...

8.3CVSS7.1AI score0.17508EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2018-0616

Malware in sbrugna...

9.8CVSS6.7AI score0.0278EPSS
Exploits0References6
EUVD
EUVD
added 2025/10/07 12:30 a.m.8 views

EUVD-2017-2863

Malware in sbrugna...

8.8CVSS9.1AI score0.06717EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2009-2840

Malware in sbrugna...

9.3CVSS6.2AI score0.0286EPSS
Exploits1References5
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2017-12088

Malware in sbrugna...

5.5CVSS7.3AI score0.06869EPSS
Exploits0References4
Rows per page
Query Builder