Lucene search
K

93 matches found

Cvelist
Cvelist
added 2025/12/08 9:37 p.m.20 views

CVE-2025-36017 IBM Controller Information Disclosure

IBM Controller 11.1.0 through 11.1.1 and IBM Cognos Controller 11.0.0 through 11.0.1 FP6 stores unencrypted sensitive information in environmental variables files which can be obtained by an authenticated user...

6.5CVSS0.00228EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2021-30275

Malicious code in bioql PyPI...

6.5CVSS6.4AI score0.01199EPSS
Exploits0References7
RedhatCVE
RedhatCVE
added 2025/09/21 4:25 p.m.12 views

CVE-2025-59427

The Cloudflare Vite plugin enables a full-featured integration between Vite and the Workers runtime. When utilising the Cloudflare Vite plugin in its default configuration, all files are exposed by the local dev server, including files in the root directory that contain secret information such as...

6.3CVSS6.4AI score0.00358EPSS
Exploits0References1
NVD
NVD
added 2025/09/19 4:15 p.m.6 views

CVE-2025-59427

The Cloudflare Vite plugin enables a full-featured integration between Vite and the Workers runtime. When utilising the Cloudflare Vite plugin in its default configuration, all files are exposed by the local dev server, including files in the root directory that contain secret information such as...

6.3CVSS0.00358EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2025/09/19 3:30 p.m.4 views

CVE-2025-59427 Cloudflare vite plugin exposes secrets over the built-in dev server

The Cloudflare Vite plugin enables a full-featured integration between Vite and the Workers runtime. When utilising the Cloudflare Vite plugin in its default configuration, all files are exposed by the local dev server, including files in the root directory that contain secret information such as...

6.3CVSS6AI score0.00358EPSS
Exploits0References4
Cvelist
Cvelist
added 2025/09/19 3:30 p.m.12 views

CVE-2025-59427 Cloudflare vite plugin exposes secrets over the built-in dev server

The Cloudflare Vite plugin enables a full-featured integration between Vite and the Workers runtime. When utilising the Cloudflare Vite plugin in its default configuration, all files are exposed by the local dev server, including files in the root directory that contain secret information such as...

6.3CVSS0.00358EPSS
Exploits0References4
OSV
OSV
added 2025/08/26 9:33 a.m.3 views

MAL-2025-191765 Malicious code in import-license-checker (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 c41ca4c8119fa20f7f5915b34de59f879b77fedf237cbbf5a69e46ddbeded428 Package exfiltrates content of .env files to a remote target --- Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers. Campaign:...

7.1AI score
Exploits0References1
CNNVD
CNNVD
added 2025/07/12 12:0 a.m.8 views

WordPress plugin Total Upkeep by BoldGrid 信息泄露漏洞

WordPress and the WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. An information disclosure vulnerability...

7.5CVSS5.8AI score0.01095EPSS
Exploits2References5
OSV
OSV
added 2025/04/30 5:40 p.m.8 views

GHSA-859W-5945-R5V3 Vite's server.fs.deny bypassed with /. for files under project root

Summary The contents of files in the project root that are denied by a file matching pattern can be returned to the browser. Impact Only apps explicitly exposing the Vite dev server to the network using --host or server.host config option are affected. Only files that are under project root and a...

6CVSS5.9AI score0.01077EPSS
Exploits1References4
Tenable Nessus
Tenable Nessus
added 2025/02/20 12:0 a.m.26 views

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : netty, netty-tcnative (SUSE-SU-2025:0590-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:0590-1 advisory. - CVE-2025-24970: incorrect validation of packets by SslHandler can lead to a native crash...

7.5CVSS6.7AI score0.01966EPSS
Exploits1References7
OSV
OSV
added 2025/02/19 10:34 a.m.13 views

SUSE-SU-2025:0590-1 Security update for netty, netty-tcnative

This update for netty, netty-tcnative fixes the following issues: - CVE-2025-24970: incorrect validation of packets by SslHandler can lead to a native crash. bsc1237037 - CVE-2025-25193: unsafe reading of environment files can lead to an application crash. bsc1237038 Update to netty version 4.1.1...

7.5CVSS7.9AI score0.01966EPSS
Exploits1References5
Veracode
Veracode
added 2025/01/21 8:53 a.m.5 views

Denial Of Service (DoS)

io.netty, netty-common is vulnerable to Denial Of Service DoS. The vulnerability is due to unsafe reading of environment files, where Netty attempts to load a non-existent file, allows an attacker can exploit this by creating a large file, causing the application to crash and resulting in a denia...

5.5CVSS5.3AI score0.00408EPSS
Exploits1References4Affected Software1
CNNVD
CNNVD
added 2024/11/12 12:0 a.m.3 views

Netty 资源管理错误漏洞

Netty is a non-blocking I/O client-server framework from the Netty community that is primarily used to develop Java web applications such as protocol servers and clients. A resource management error vulnerability exists in Netty version 4.1.114 and earlier versions, which stems from allowing unsa...

5.5CVSS6.9AI score0.00408EPSS
Exploits1References6
The Hacker News
The Hacker News
added 2024/11/01 10:27 a.m.24 views

Massive Git Config Breach Exposes 15,000 Credentials; 10,000 Private Repos Cloned

Cybersecurity researchers have flagged a "massive" campaign that targets exposed Git configurations to siphon credentials, clone private repositories, and even extract cloud credentials from the source code. The activity, codenamed EMERALDWHALE , is estimated to have collected over 10,000 private...

6.7AI score
Exploits0
Positive Technologies
Positive Technologies
added 2024/10/10 12:0 a.m.4 views

PT-2024-33316 · Snipe-It · Snipe-It

Name of the Vulnerable Software and Affected Versions: Snipe-IT versions prior to 7.0.10 Description: The issue allows remote code execution when an attacker knows the APP KEY, which is associated with cookie serialization. This is worsened by the availability of .env files from the product's...

8.6CVSS8.2AI score0.00962EPSS
Exploits1References9
CNNVD
CNNVD
added 2024/05/05 12:0 a.m.4 views

FileCodeBox 安全漏洞

FileCodeBox is a file courier locker for vastsa personal developers. Files can be shared with an anonymous password. A security vulnerability exists in FileCodeBox version 2.0 that stems from allowing OneDrive passwords and AWS keys to be stored in plaintext environment files...

5.3CVSS6.6AI score0.00152EPSS
Exploits1References2
Prion
Prion
added 2023/08/14 9:15 p.m.20 views

Code injection

efibootguard is a simple UEFI boot loader with support for safely switching between current and updated partition sets. Insufficient or missing validation and sanitization of input from untrustworthy bootloader environment files can cause crashes and probably also code injections into bgsetenv or...

3.6CVSS5.1AI score0.00388EPSS
Exploits0References5Affected Software1
UbuntuCve
UbuntuCve
added 2023/08/14 9:15 p.m.23 views

CVE-2023-39950

efibootguard is a simple UEFI boot loader with support for safely switching between current and updated partition sets. Insufficient or missing validation and sanitization of input from untrustworthy bootloader environment files can cause crashes and probably also code injections into bgsetenv or...

6.1CVSS6.1AI score0.00388EPSS
Exploits0References8
Cvelist
Cvelist
added 2023/08/14 8:17 p.m.28 views

CVE-2023-39950 Insufficient input validation in efibootguard

efibootguard is a simple UEFI boot loader with support for safely switching between current and updated partition sets. Insufficient or missing validation and sanitization of input from untrustworthy bootloader environment files can cause crashes and probably also code injections into bgsetenv or...

6.1CVSS6.4AI score0.00388EPSS
Exploits0References5
SUSE CVE
SUSE CVE
added 2023/02/15 3:37 a.m.3 views

SUSE CVE-2021-43337

SchedMD Slurm 21.08. before 21.08.4 has Incorrect Access Control. On sites using the new AccountingStoreFlags=jobscript and/or jobenv options, the access control rules in SlurmDBD may permit users to request job scripts and environment files to which they should not have access...

6.5CVSS7AI score0.01199EPSS
Exploits0References3
Rows per page
Query Builder