Lucene search
+L

206 matches found

OSV
OSV
added 2025/12/28 9:2 p.m.7 views

CVE-2025-15154 PbootCMS Header handle.php get_user_ip less trusted source

A security vulnerability has been detected in PbootCMS up to 3.2.12. The affected element is the function getuserip of the file core/function/handle.php of the component Header Handler. The manipulation of the argument X-Forwarded-For leads to use of less trusted source. The attack can be initiat...

6.9CVSS5.8AI score0.00215EPSS
Exploits1References6
CNNVD
CNNVD
added 2025/12/28 12:0 a.m.7 views

PbootCMS 安全漏洞

PbootCMS is PbootCMS open source an open source enterprise website content management system CMS developed using PHP language. A security vulnerability exists in PbootCMS 3.2.12 and earlier versions, which stems from the incorrect operation of the Header Handler component function getuserip on th...

6.9CVSS5.4AI score0.00215EPSS
Exploits1References5
CVE
CVE
added 2025/12/24 1:7 p.m.15 views

CVE-2023-54155

The CVE relates to the Linux kernel net/xdp path. Root cause: a previous check enforcing xdp.frame_sz > PAGE_SIZE was removed in the context of allowing bpf_xdp_adjust_tail() to grow packet size, after xdp_init_buff() was introduced. This can allow excessive frame sizes (e.g., xdp->frame_sz...

5.9AI score0.00168EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2025/12/17 5:39 a.m.5 views

kernel: net: tun: Update napi->skb after XDP process

A use-after-free flaw was found in tungetuser in drivers/net/tun.c in network TUNnel module in Linux kernel. This flaw could allow an attacker to crash the system at device disconnect. This vulnerability could even lead to a kernel information leak problem...

5.8AI score0.00184EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2025/12/07 3:2 a.m.4 views

CVE-2025-14183 SGAI Space1 NAS N1211DS gsaiagent JSONAPI GET_USER_INFO credentials storage

A vulnerability was found in SGAI Space1 NAS N1211DS up to 1.0.915. This issue affects the function GETFACTORYINFO/GETUSERINFO of the file /cgi-bin/JSONAPI of the component gsaiagent. The manipulation results in unprotected storage of credentials. The attack can be launched remotely. The exploit...

5.3CVSS6.4AI score0.00231EPSS
Exploits0References6
Cvelist
Cvelist
added 2025/12/07 3:2 a.m.30 views

CVE-2025-14183 SGAI Space1 NAS N1211DS gsaiagent JSONAPI GET_USER_INFO credentials storage

A vulnerability was found in SGAI Space1 NAS N1211DS up to 1.0.915. This issue affects the function GETFACTORYINFO/GETUSERINFO of the file /cgi-bin/JSONAPI of the component gsaiagent. The manipulation results in unprotected storage of credentials. The attack can be launched remotely. The exploit...

5.3CVSS0.00231EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2025/12/07 12:0 a.m.8 views

PT-2025-49394

A vulnerability was found in SGAI Space1 NAS N1211DS up to 1.0.915. This issue affects the function GET FACTORY INFO/GET USER INFO of the file /cgi-bin/JSONAPI of the component gsaiagent. The manipulation results in unprotected storage of credentials. The attack can be launched remotely. The...

5.3CVSS6.7AI score0.00231EPSS
Exploits0References7
EUVD
EUVD
added 2025/12/02 3:30 p.m.7 views

EUVD-2025-200245

User Enumeration Vulnerability in TCMAN GIM v11 version 20250304. This vulnerability allows an unauthenticated attacker to determine whether a user exists on the system. The vulnerability is exploitable through the 'pda:username' parameter with 'soapaction GetUserQuestionAndAnswer' in...

6.9CVSS6.3AI score0.00266EPSS
Exploits0References2
NVD
NVD
added 2025/12/02 2:16 p.m.7 views

CVE-2025-41015

User Enumeration Vulnerability in TCMAN GIM v11 version 20250304. This vulnerability allows an unauthenticated attacker to determine whether a user exists on the system. The vulnerability is exploitable through the 'pda:username' parameter with 'soapaction GetUserQuestionAndAnswer' in...

7.5CVSS0.00266EPSS
Exploits0References1
SUSE Linux
SUSE Linux
added 2025/11/28 12:59 p.m.6 views

Security update for the Linux Kernel

The SUSE Linux Enterprise 15 SP6 RT kernel was updated to fix various security issues The following security issues were fixed: CVE-2025-38008: mm/pagealloc: fix race condition in unaccepted memory handling bsc1244939. CVE-2025-38539: trace/fgraph: Fix the warning caused by missing unregister...

8.5CVSS7.4AI score0.08942EPSS
Exploits3References850
RedHat Linux
RedHat Linux
added 2025/11/18 9:2 a.m.11 views

kernel: mm/hugetlb: fix huge_pmd_unshare() vs GUP-fast race

In the Linux kernel, the following vulnerability has been resolved: mm/hugetlb: fix hugepmdunshare vs GUP-fast race hugepmdunshare drops a reference on a page table that may have previously been shared across processes, potentially turning it into a normal page table used in another process in...

4.7CVSS6.7AI score0.00111EPSS
Exploits0References5
OSV
OSV
added 2025/11/13 3:32 p.m.10 views

SUSE-SU-2025:21040-1 Security update for the Linux Kernel

The SUSE Linux Enterprise Micro 6.0 and 6.1 kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2025-38008: mm/pagealloc: fix race condition in unaccepted memory handling bsc1244939. - CVE-2025-38539: trace/fgraph: Fix the warning caused by missi...

9.8CVSS6.5AI score0.08942EPSS
Exploits3References405
OSV
OSV
added 2025/11/13 2:22 p.m.6 views

SUSE-SU-2025:21056-1 Security update for the Linux Kernel

The SUSE Linux Enterprise Micro 6.0 and 6.1 kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2025-38008: mm/pagealloc: fix race condition in unaccepted memory handling bsc1244939. - CVE-2025-38539: trace/fgraph: Fix the warning caused by missi...

9.8CVSS6.5AI score0.08942EPSS
Exploits3References405
Positive Technologies
Positive Technologies
added 2025/10/15 12:0 a.m.30 views

PT-2025-42259

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The Linux kernel contained a use-after-free issue identified through syzbot reporting. The issue occurs after commit e6d5dbdd20aa, which added multi-buff support for XDP running in gener...

7.8CVSS6.4AI score0.08942EPSS
Exploits4References987
AstraLinux
AstraLinux
added 2025/10/14 6:5 p.m.5 views

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: Revert "riscv: Define TASKSIZEMAX for accessok" This reverts commit ad5643cf2f69 "riscv: Define TASKSIZEMAX for accessok". This commit changes TASKSIZEMAX to be LONGMAX to optimize accessok, because the previous TASKSIZEMAX defau...

6.4AI score0.00157EPSS
Exploits0References1
CVE
CVE
added 2025/10/12 7:2 a.m.13 views

CVE-2025-11629

RainyGao DocSys up to version 2.02.36 contains a SQL injection in the getUserList function (/Manage/getUserList.do). The vulnerability allows remote exploitation; exploit information has been disclosed publicly. Multiple sources (Red Hat, EU ENISA, CVE records, and PT Security) consistently ident...

9.8CVSS6.5AI score0.0038EPSS
Exploits1References4Affected Software1
CVE
CVE
added 2025/10/07 3:19 p.m.20 views

CVE-2023-53633

CVE-2023-53633 pertains to the Linux kernel where the leak occurs in accel/qaic’s map_user_pages() path. If get_user_pages_fast() allocates some pages but not as many as requested, the current code fails to release the pages, causing a leak. The root cause is improper page accounting in the get_u...

5.5CVSS6.3AI score0.00168EPSS
Exploits0References2Affected Software1
Tenable Nessus
Tenable Nessus
added 2025/10/07 12:0 a.m.5 views

Unity Linux 20.1070e Security Update: kernel (UTSA-2025-987274)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-987274 advisory. In the Linux kernel, the following vulnerability has been resolved: mm/gup: fix guppudrange for dax For dax pud, pudhuge returns true on x86. So the function works a...

5.5CVSS6.2AI score0.00243EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2025/10/07 12:0 a.m.12 views

Unity Linux 20.1070e Security Update: kernel (UTSA-2025-986785)

"The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-986785 advisory. In the Linux kernel, the following vulnerability has been resolved: net: tun: Fix memory leaks of napigetfrags kmemleak reports after running testprogs: unreference...

5.5CVSS6AI score0.00184EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2025-25891

Malicious code in bioql PyPI...

9.4CVSS6.2AI score0.00231EPSS
Exploits0References1
Rows per page
Query Builder