Lucene search
K

23170 matches found

Vulnrichment
Vulnrichment
added 2025/01/15 12:48 a.m.4 views

CVE-2025-0343

Swift ASN.1 can be caused to crash when parsing certain BER/DER constructions. This crash is caused by a confusion in the ASN.1 library itself which assumes that certain objects can only be provided in either constructed or primitive forms, and will trigger a preconditionFailure if that constrain...

7.6AI score0.00319EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2025/01/14 9:2 a.m.2 views

jinja2: Jinja has a sandbox breakout through indirect reference to format method

A flaw was found in the Jinja package. In affected versions of Jinja, an oversight in how the Jinja sandboxed environment detects calls to str.format allows an attacker that controls the content of a template to execute arbitrary Python code. To exploit the vulnerability, an attacker needs to...

7.8CVSS7.5AI score0.005EPSS
Exploits0References7
GitLab Advisory Database
GitLab Advisory Database
added 2025/01/14 12:0 a.m.10 views

CVE-2025-0343: Swift ASN.1 can crash when parsing maliciously formed BER/DER

Swift ASN.1 can be caused to crash when parsing certain BER/DER constructions. This crash is caused by a confusion in the ASN.1 library itself which assumes that certain objects can only be provided in either constructed or primitive forms, and will trigger a preconditionFailure if that constrain...

7.5CVSS6.8AI score0.00319EPSS
Exploits0References5Affected Software1
RedHat Linux
RedHat Linux
added 2025/01/13 10:52 a.m.7 views

firefox: Compartment mismatch when parsing JavaScript JSON module

A flaw was found in Firefox. The Mozilla Foundation's Security Advisory describes the following issue: Parsing a JavaScript module as JSON could, under some circumstances, cause cross-compartment access, which may result in a use-after-free...

4CVSS7.3AI score0.00664EPSS
Exploits0References7
GithubExploit
GithubExploit
added 2025/01/10 8:14 p.m.114 views

Exploit for Cross-site Scripting in Automad

CVE-2024-40111: Stored Cross-Site Scripting XSS in Automad 2...

4.8CVSS5.1AI score0.00769EPSS
Exploits2
GithubExploit
GithubExploit
added 2025/01/10 4:6 p.m.78 views

Exploit for Code Injection in Code-Projects Online_Car_Rental_System

Online Car Rental System Vulnerabilities This repository cont...

6.5CVSS7.5AI score0.02424EPSS
Exploits3
OSV
OSV
added 2025/01/10 1:0 p.m.5 views

OESA-2025-1030 python-jinja2 security update

Jinja2 is one of the most used template engines for Python. It is inspired by Django's templating system but extends it with an expressive language that gives template authors a more powerful set of tools. On top of that it adds sandboxed execution and optional automatic escaping for applications...

8.8CVSS7.5AI score0.005EPSS
Exploits0References3
CNVD
CNVD
added 2025/01/10 12:0 a.m.5 views

Unspecified Vulnerability in SonicWall SonicOS (CNVD-2025-01661)

SonicWALL SonicOS is a set of operating systems designed for SonicWall firewall appliances from SonicWALL, Inc. A security vulnerability exists in SonicWALL SonicOS, which stems from a format string issue that can be exploited by an authenticated, remote attacker to crash the firewall and...

7.2CVSS7.3AI score0.00697EPSS
Exploits0References1
Oracle linux
Oracle linux
added 2025/01/10 12:0 a.m.28 views

kernel security update

5.14.0-503.21.15.OL9 - Disable UKI signing Orabug: 36571828 - Update Oracle Linux certificates Kevin Lyons - Disable signing for aarch64 Ilya Okomin - Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list olkmodsigningkey.pem Orabug: 29539237 - Update x509.genkey Orabug:...

5.5CVSS7.4AI score0.00299EPSS
Exploits0
CNNVD
CNNVD
added 2025/01/10 12:0 a.m.5 views

Responsive FileManager 安全漏洞

Responsive FileManager is a free open source file manager from the individual developer Alberto Peripolli. A security vulnerability exists in Responsive FileManager version 9.14.0, which stems from file uploads using svg and pdf extensions and is vulnerable to cross-site scripting attacks...

6.1CVSS6.1AI score0.00285EPSS
Exploits0References2
NVD
NVD
added 2025/01/09 8:15 a.m.8 views

CVE-2024-12805

A post-authentication format string vulnerability in SonicOS management allows a remote attacker to crash a firewall and potentially leads to code execution...

7.2CVSS0.00697EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/01/09 7:24 a.m.6 views

CVE-2024-12805

A post-authentication format string vulnerability in SonicOS management allows a remote attacker to crash a firewall and potentially leads to code execution...

9.6AI score0.00697EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/01/09 7:24 a.m.13 views

CVE-2024-12805

A post-authentication format string vulnerability in SonicOS management allows a remote attacker to crash a firewall and potentially leads to code execution...

0.00697EPSS
Exploits0References1
CVE
CVE
added 2025/01/09 7:24 a.m.57 views

CVE-2024-12805

CVE-2024-12805 is a post-authentication format-string vulnerability in SonicOS management affecting SonicWall SonicOS devices. The issue, described in connected sources as a format string flaw, can allow a remote, authenticated attacker to crash the firewall and potentially achieve code execution...

7.2CVSS7.3AI score0.00697EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2025/01/09 6:26 a.m.9 views

firefox: Compartment mismatch when parsing JavaScript JSON module

A flaw was found in Firefox. The Mozilla Foundation's Security Advisory describes the following issue: Parsing a JavaScript module as JSON could, under some circumstances, cause cross-compartment access, which may result in a use-after-free...

4CVSS7.3AI score0.00664EPSS
Exploits0References7
CNNVD
CNNVD
added 2025/01/09 12:0 a.m.2 views

SonicWALL SonicOS 安全漏洞

SonicWALL SonicOS is a set of operating systems designed for SonicWall firewall appliances from SonicWALL, Inc. A security vulnerability exists in SonicWALL SonicOS, which stems from a format string issue that can be exploited by an authenticated, remote attacker to crash the firewall and...

7.2CVSS7.5AI score0.00697EPSS
Exploits0References1
OpenVAS
OpenVAS
added 2025/01/09 12:0 a.m.3 views

Fedora: Security Advisory (FEDORA-2024-ccdbd92d7b)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5AI score
Exploits0References2
SUSE Linux
SUSE Linux
added 2025/01/08 9:47 a.m.4 views

Security update for the Linux Kernel

The SUSE Linux Enterprise 12 SP5 kernel was updated to receive various security bugfixes. The following security bugs were fixed: CVE-2022-48853: swiotlb: fix info leak with DMAFROMDEVICE bsc1228015. CVE-2024-26801: Bluetooth: Avoid potential use-after-free in hcierrorreset bsc1222413...

7.8CVSS8.3AI score0.03301EPSS
Exploits3References316
OSV
OSV
added 2025/01/08 4:15 a.m.3 views

CVE-2024-56455

Vulnerability of input parameters not being verified during glTF model loading in the 3D engine module Impact: Successful exploitation of this vulnerability may affect availability...

5.5CVSS5.8AI score0.00105EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/01/08 12:0 a.m.5 views

PT-2025-3300 · Unknown · 3D Engine Module

Name of the Vulnerable Software and Affected Versions: 3D engine module affected versions not specified Description: The issue concerns the vulnerability of input parameters not being verified during the loading of glTF models in the 3D engine module. Successful exploitation of this vulnerability...

6.8CVSS6.9AI score0.00106EPSS
Exploits0References4
Rows per page
Query Builder