Lucene search
+L

269 matches found

NVD
NVD
added 2025/08/29 2:15 p.m.7 views

CVE-2025-9649

A security vulnerability has been detected in appneta tcpreplay 4.5.1. Impacted is the function calcsleeptime of the file sendpackets.c. Such manipulation leads to divide by zero. An attack has to be approached locally. The exploit has been disclosed publicly and may be used. Upgrading to version...

5.5CVSS0.00225EPSS
Exploits1References7
NVD
NVD
added 2025/08/27 6:15 a.m.5 views

CVE-2025-9514

A vulnerability has been found in macrozheng mall up to 1.0.3. This impacts an unknown function of the component Registration. Such manipulation leads to weak password requirements. The attack can be executed remotely. Attacks of this nature are highly complex. The exploitability is said to be...

6.3CVSS0.00361EPSS
Exploits0References4
CVE
CVE
added 2025/08/27 6:2 a.m.29 views

CVE-2025-9514

Summary (CVE-2025-9514) : Macrozheng Mall versions up to 1.0.3 have a vulnerability in the Registration component. The flaw allows weak password requirements, potentially enabling unauthorized remote access. Exploitation is described as highly complex with difficult exploitability. The provided d...

6.3CVSS4.3AI score0.00361EPSS
Exploits0References4Affected Software1
Positive Technologies
Positive Technologies
added 2025/08/27 12:0 a.m.7 views

PT-2025-34840 · Unknown · Macrozheng Mall

Name of the Vulnerable Software and Affected Versions: macrozheng mall versions up to 1.0.3 Description: A flaw exists in the Registration component of the software, impacting an unknown function. This issue results in weak password requirements, potentially allowing unauthorized access. The atta...

6.3CVSS4AI score0.00361EPSS
Exploits0References8
NVD
NVD
added 2025/07/26 2:15 p.m.7 views

CVE-2025-8191

A vulnerability, which was classified as problematic, was found in macrozheng mall up to 1.0.3. Affected is an unknown function of the file /swagger-ui/index.html of the component Swagger UI. The manipulation of the argument configUrl leads to cross site scripting. It is possible to launch the...

5.4CVSS0.01646EPSS
Exploits3References5
Vulnrichment
Vulnrichment
added 2025/06/19 10:0 p.m.7 views

CVE-2025-6282 xlang-ai OpenAgents file.py create_upload_file path traversal

A vulnerability was found in xlang-ai OpenAgents up to ff2e46440699af1324eb25655b622c4a131265bb and classified as critical. Affected by this issue is the function createuploadfile of the file backend/api/file.py. The manipulation leads to path traversal. The exploit has been disclosed to the publ...

5.5CVSS7AI score0.0059EPSS
Exploits1References4
CVE
CVE
added 2025/06/19 10:0 p.m.26 views

CVE-2025-6282

The CVE-2025-6282 issue affects xlang-ai OpenAgents, specifically the create_upload_file function in backend/api/file.py, where a path traversal vulnerability is introduced. Multiple connected sources confirm the vulnerability is critical and that the exploit has been disclosed publicly, with Ope...

9.8CVSS5.4AI score0.0059EPSS
Exploits1References4Affected Software1
Circl
Circl
added 2025/06/16 7:47 p.m.10 views

GHSA-7G45-4RM6-3MM3

creationtimestamp| type| source ---|---|--- 2025-06-16 19:47:05+00:00| seen| https://gist.github.com/safer-bot/76f63c635db1f22c29c431efd3dc847b 2025-06-16 20:08:28+00:00| seen| https://gist.github.com/safer-bot/3c07d6cb9d4d50c65b92850fe6b9f2d9 2025-06-17 11:01:06+00:00| seen|...

5.8AI score
Exploits0References88
OSV
OSV
added 2025/06/03 5:58 p.m.27 views

GO-2025-3724 Mattermost improperly allows team administrators to modify team invites in github.com/mattermost/mattermost-server

Mattermost improperly allows team administrators to modify team invites in github.com/mattermost/mattermost-server...

5.3CVSS7AI score0.00265EPSS
Exploits0References4
Snyk
Snyk
added 2025/05/18 8:44 a.m.3 views

Arbitrary Code Injection

Overview Affected versions of this package are vulnerable to Arbitrary Code Injection through the Management Console. An attacker can execute arbitrary code by injecting malicious input into the console. Remediation There is no fixed version for com.weibo:rill-flow. References - GitHub Issue...

8.8CVSS8.1AI score0.00507EPSS
Exploits1References2
Snyk
Snyk
added 2025/04/08 4:44 a.m.5 views

Stack-based Buffer Overflow

Overview Affected versions of this package are vulnerable to Stack-based Buffer Overflow through the manipulation of the pathtoincludes argument. Remediation There is no fixed version for stb. References - GitHub Issue...

8.8CVSS6.9AI score0.00492EPSS
Exploits0References2
Snyk
Snyk
added 2025/04/03 6:30 p.m.4 views

Arbitrary Code Injection

Overview Affected versions of this package are vulnerable to Arbitrary Code Injection through the Open function of the file lmdeploy/docs/en/conf.py. An attacker can manipulate the input to execute arbitrary code by crafting malicious input that is processed by this function. Remediation There is...

7.8CVSS8.2AI score0.00338EPSS
Exploits1References3
Snyk
Snyk
added 2025/02/03 5:41 p.m.3 views

Out-of-bounds Write

Overview Affected versions of this package are vulnerable to Out-of-bounds Write through the component grayfindcell. An attacker can cause a crash of the application by sending specially crafted inputs that trigger a segmentation violation. Remediation A fix was pushed into the master branch but...

8.7CVSS6.8AI score0.00402EPSS
Exploits1References2
OSV
OSV
added 2024/07/29 5:29 p.m.25 views

GHSA-CF56-G6W6-PQQ2 Twisted vulnerable to HTML injection in HTTP redirect body

Summary The twisted.web.util.redirectTo function contains an HTML injection vulnerability. If application code allows an attacker to control the redirect URL this vulnerability may result in Reflected Cross-Site Scripting XSS in the redirect response HTML body. Details Twisted’s redirectTo functi...

6.1CVSS5.9AI score0.01176EPSS
Exploits0References6
Snyk
Snyk
added 2024/06/11 7:43 p.m.3 views

Heap-based Buffer Overflow

Overview Affected versions of this package are vulnerable to Heap-based Buffer Overflow via the BerEncoderencodeLength function. Remediation There is no fixed version for libiec61850. References - GitHub Issue...

9.8CVSS7AI score0.00245EPSS
Exploits1References2
OSV
OSV
added 2024/05/28 9:23 p.m.38 views

GHSA-927P-XRC2-X2GJ ansibleguy-webui Cross-site Scripting vulnerability

Impact Multiple forms in version = 0.0.21 References Report GitHub Issue 44...

8.2CVSS8.3AI score0.004EPSS
Exploits0References6
OSV
OSV
added 2024/05/03 8:26 p.m.42 views

GHSA-7PC3-PR3Q-58VG sagemaker-python-sdk Command Injection vulnerability

Impact The capturedependencies function in sagemaker.serve.saveretrive.version100.save.utils module before version 2.214.3 allows for potentially unsafe Operating System OS Command Injection if inappropriate command is passed as the “requirementspath” parameter. This consequently may allow an...

7.8CVSS8AI score0.01143EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2024/05/03 8:26 p.m.20 views

sagemaker-python-sdk Command Injection vulnerability

Impact The capturedependencies function in sagemaker.serve.saveretrive.version100.save.utils module before version 2.214.3 allows for potentially unsafe Operating System OS Command Injection if inappropriate command is passed as the “requirementspath” parameter. This consequently may allow an...

7.8CVSS8.2AI score0.01143EPSS
Exploits0References5Affected Software1
Snyk
Snyk
added 2024/05/01 3:39 a.m.4 views

Divide By Zero

Overview Affected versions of this package are vulnerable to Divide By Zero due to the blendtransformedtiledargb.isra.0 function. An attacker can cause the application to crash by triggering a floating point exception. Remediation Upgrade lunasvg to version 2.4.1 or higher. References - GitHub...

7.5CVSS6.9AI score0.00611EPSS
Exploits1References2
OSV
OSV
added 2024/04/05 3:39 p.m.16 views

GHSA-W5W5-8VFH-XCJQ whoami stack buffer overflow on several Unix platforms

With versions of the whoami crate = 0.5.3 and = 0.5.3 and 1.0.1, calling any of the above functions also leads to a stack buffer overflow on these platforms: - Bitrig - DragonFlyBSD - FreeBSD - NetBSD - OpenBSD This occurs because of an incorrect definition of the passwd struct on those platforms...

8.2CVSS7.7AI score
Exploits0References4
Rows per page
Query Builder