Lucene search
K

23146 matches found

GithubExploit
GithubExploit
added 2025/04/08 9:59 p.m.82 views

Exploit for Server-Side Request Forgery in Lnbits

CVE-2025-32013 Security Advisory and PoC for CVE-2025-32013...

9.3CVSS7.3AI score0.00604EPSS
Exploits2
Vulnrichment
Vulnrichment
added 2025/04/08 4:54 p.m.8 views

CVE-2024-52981

An issue was discovered in Elasticsearch, where a large recursion using the Well-KnownText formatted string with nested GeometryCollection objects could cause a stackoverflow...

4.9CVSS7.1AI score0.00511EPSS
Exploits0References1
Microsoft CVE
Microsoft CVE
added 2025/04/08 7:0 a.m.1 views

Null Pointer Dereference vulnerability in libarchive 3.7.6 and earlier when running program bsdtar in function header_pax_extension at rchive_read_support_format_tar.c:1844:8.

...

7.5CVSS7.2AI score0.00478EPSS
Exploits1
SUSE CVE
SUSE CVE
added 2025/04/08 1:48 a.m.4 views

SUSE CVE-2025-3360

A flaw was found in GLib. An integer overflow and buffer under-read occur when parsing a long invalid ISO 8601 timestamp with the gdatetimenewfromiso8601 function...

5.9CVSS7.1AI score0.00416EPSS
Exploits0References8
CNNVD
CNNVD
added 2025/04/08 12:0 a.m.2 views

Adobe Photoshop 安全漏洞

Adobe Photoshop is a set of image processing software from the American company Audobee Adobe. The software is mainly used for processing pictures. A heap buffer overflow vulnerability exists in Adobe Photoshop Desktops. The vulnerability is due to a failure to perform strict checksums on memory...

7.8CVSS8AI score0.00367EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/04/08 12:0 a.m.3 views

Fortinet FortiOS 安全漏洞

Fortinet FortiOS is a set of security operating systems dedicated to the FortiGate network security platform from the U.S. company Fiat Fortinet. The system provides users with a variety of security features such as firewall, antivirus, IPSec/SSLVPN, Web content filtering and anti-spam. A securit...

4.4CVSS6.2AI score0.00194EPSS
Exploits0References3
OSV
OSV
added 2025/04/07 8:15 p.m.2 views

DEBIAN-CVE-2025-29769

libvips is a demand-driven, horizontally threaded image processing library. The heifsave operation could incorrectly determine the presence of an alpha channel in an input when it was not possible to determine the colour interpretation, known internally within libvips as "multiband". There aren't...

5.5CVSS6.7AI score0.00246EPSS
Exploits1References1
Hacker One
Hacker One
added 2025/04/07 12:55 p.m.864 views

Khan Academy: Unauthorized Account Access via Leaked Credentials in URL Format (Account Takeover )

The vulnerability allowed attackers to access user accounts on khanAcademy.com using leaked credentials that were publicly available. The credentials were found in clear text format on a third-party website. By entering the email and password, the attacker could perform an account takeover withou...

7AI score
Exploits0
RedHat Linux
RedHat Linux
added 2025/04/07 2:17 a.m.7 views

jinja2: Jinja sandbox breakout through attr filter selecting format method

A flaw was found in Jinja. In affected versions, an oversight in how the Jinja sandboxed environment interacts with the |attr filter allows an attacker who controls the content of a template to execute arbitrary Python code. To exploit the vulnerability, an attacker needs to control the content o...

8.8CVSS7.6AI score0.00465EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 2025/04/06 1:38 p.m.14 views

CVE-2025-3189

Stored Cross-Site Scripting XSS in DoWISP in versions prior to 1.16.2.50, which consists of an stored XSS through the upload of a profile picture in SVG format with malicious Javascript code in it...

4.8CVSS5.1AI score0.00343EPSS
Exploits0References3
Fedora
Fedora
added 2025/04/05 1:27 a.m.13 views

[SECURITY] Fedora 41 Update: ghostscript-10.03.1-5.fc41

This package provides useful conversion utilities based on Ghostscript softwa re, for converting PS, PDF and other document formats between each other. Ghostscript is a suite of software providing an interpreter for Adobe Systems' PostScript PS and Portable Document Format PDF page description...

9.8CVSS7AI score0.00806EPSS
Exploits0
Vulnrichment
Vulnrichment
added 2025/04/04 2:49 p.m.10 views

CVE-2025-31480 aiven-extras allows PostgreSQL Privilege Escalation through format function

aiven-extras is a PostgreSQL extension. This is a privilege escalation vulnerability, allowing elevation to superuser inside PostgreSQL databases that use the aiven-extras package. The vulnerability leverages the format function not being schema-prefixed. Affected users should install 1.1.16 and...

9.1CVSS7.4AI score0.00427EPSS
Exploits0References2
NVD
NVD
added 2025/04/04 1:15 p.m.6 views

CVE-2025-3189

Stored Cross-Site Scripting XSS in DoWISP in versions prior to 1.16.2.50, which consists of an stored XSS through the upload of a profile picture in SVG format with malicious Javascript code in it...

4.8CVSS0.00343EPSS
Exploits0References1
CVE
CVE
added 2025/04/04 12:44 p.m.48 views

CVE-2025-3189

CVE-2025-3189 affects DoWISP before 1.16.2.50. A stored XSS flaw arises when a malicious SVG profile picture is uploaded, allowing code execution within DoWISP view contexts. Connected sources consistently report the same vulnerability and version boundary. The CVSS 4.0 vector indicates network a...

4.8CVSS4.9AI score0.00343EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/04/04 12:0 a.m.2 views

aiven-extras 代码问题漏洞

aiven-extras is an aiven open source tool that enables non-super users to access certain database functions. A code issue vulnerability exists in aiven-extras versions prior to 1.1.15, which stems from a format function that does not use a schema prefix, and could lead to elevated privileges...

9.1CVSS6.7AI score0.00427EPSS
Exploits0References2
OSV
OSV
added 2025/04/03 12:53 p.m.2 views

OESA-2025-1362 ghostscript security update

Ghostscript is an interpreter for PostScript™ and Portable Document Format PDF files. Ghostscript consists of a PostScript interpreter layer, and a graphics library. Security Fixes: An issue was discovered in Artifex Ghostscript before 10.05.0. A buffer overflow occurs during serialization of...

9.8CVSS7.5AI score0.00806EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2025/04/03 10:46 a.m.3 views

jinja2: Jinja sandbox breakout through attr filter selecting format method

A flaw was found in Jinja. In affected versions, an oversight in how the Jinja sandboxed environment interacts with the |attr filter allows an attacker who controls the content of a template to execute arbitrary Python code. To exploit the vulnerability, an attacker needs to control the content o...

8.8CVSS7.6AI score0.00465EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2025/04/03 10:38 a.m.3 views

jinja2: Jinja sandbox breakout through attr filter selecting format method

A flaw was found in Jinja. In affected versions, an oversight in how the Jinja sandboxed environment interacts with the |attr filter allows an attacker who controls the content of a template to execute arbitrary Python code. To exploit the vulnerability, an attacker needs to control the content o...

8.8CVSS7.6AI score0.00465EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2025/04/03 10:35 a.m.3 views

jinja2: Jinja sandbox breakout through attr filter selecting format method

A flaw was found in Jinja. In affected versions, an oversight in how the Jinja sandboxed environment interacts with the |attr filter allows an attacker who controls the content of a template to execute arbitrary Python code. To exploit the vulnerability, an attacker needs to control the content o...

8.8CVSS7.6AI score0.00465EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2025/04/03 9:49 a.m.5 views

jinja2: Jinja sandbox breakout through attr filter selecting format method

A flaw was found in Jinja. In affected versions, an oversight in how the Jinja sandboxed environment interacts with the |attr filter allows an attacker who controls the content of a template to execute arbitrary Python code. To exploit the vulnerability, an attacker needs to control the content o...

8.8CVSS7.6AI score0.00465EPSS
Exploits0References6
Rows per page
Query Builder