Lucene search
K

780 matches found

NVD
NVD
added 2025/10/08 10:15 p.m.7 views

CVE-2017-20201

CCleaner v5.33.6162 and CCleaner Cloud v1.07.3191 32-bit builds contained a malicious pre-entry-point loader that diverts execution from scrtcommonmainseh into a custom loader. That loader decodes an embedded blob into shellcode, allocates executable heap memory, resolves Windows API functions at...

9.3CVSS0.00483EPSS
Exploits0References8
Cvelist
Cvelist
added 2025/10/08 10:4 p.m.9 views

CVE-2017-20201 CCleaner v5.33.6162 & CCleaner Cloud v1.07.3191 Malicious Backdoor Supply Chain Compromise

CCleaner v5.33.6162 and CCleaner Cloud v1.07.3191 32-bit builds contained a malicious pre-entry-point loader that diverts execution from scrtcommonmainseh into a custom loader. That loader decodes an embedded blob into shellcode, allocates executable heap memory, resolves Windows API functions at...

9.3CVSS0.00483EPSS
Exploits0References8
CVE
CVE
added 2025/10/08 10:4 p.m.40 views

CVE-2017-20201

CVE-2017-20201 affects CCleaner v5.33.6162 and CCleaner Cloud v1.07.3191 (32-bit). A malicious pre-entry-point loader diverts from __scrt_common_main_seh to a custom loader that decodes an embedded blob into shellcode, allocates executable memory, resolves Windows API calls at runtime, and transf...

9.3CVSS6.7AI score0.00483EPSS
Exploits0References8
Vulnrichment
Vulnrichment
added 2025/10/08 10:4 p.m.2 views

CVE-2017-20201 CCleaner v5.33.6162 & CCleaner Cloud v1.07.3191 Malicious Backdoor Supply Chain Compromise

CCleaner v5.33.6162 and CCleaner Cloud v1.07.3191 32-bit builds contained a malicious pre-entry-point loader that diverts execution from scrtcommonmainseh into a custom loader. That loader decodes an embedded blob into shellcode, allocates executable heap memory, resolves Windows API functions at...

9.3CVSS6.7AI score0.00483EPSS
Exploits0References8
EUVD
EUVD
added 2025/10/08 10:4 p.m.2 views

EUVD-2025-33278

CCleaner v5.33.6162 and CCleaner Cloud v1.07.3191 32-bit builds contained a malicious pre-entry-point loader that diverts execution from scrtcommonmainseh into a custom loader. That loader decodes an embedded blob into shellcode, allocates executable heap memory, resolves Windows API functions at...

9.3CVSS6.5AI score0.00483EPSS
Exploits0References12
NVD
NVD
added 2025/10/08 5:15 p.m.4 views

CVE-2025-9970

Cleartext Storage of Sensitive Information in Memory vulnerability in ABB MConfig.This issue affects MConfig: through 1.4.9.21...

7.4CVSS0.00092EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/10/08 4:32 p.m.9 views

CVE-2025-9970 Application credential stored in clear text in memory

Cleartext Storage of Sensitive Information in Memory vulnerability in ABB MConfig.This issue affects MConfig: through 1.4.9.21...

7.4CVSS0.00092EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2025/10/07 5:27 p.m.8 views

Rack: Multipart parser buffers large non‑file fields entirely in memory, enabling DoS (memory exhaustion)

Summary Rack::Multipart::Parser stores non-file form fields parts without a filename entirely in memory as Ruby String objects. A single large text field in a multipart/form-data request hundreds of megabytes or more can consume equivalent process memory, potentially leading to out-of-memory OOM...

7.5CVSS6.9AI score0.00516EPSS
Exploits0References7Affected Software1
OSV
OSV
added 2025/10/07 5:27 p.m.4 views

GHSA-W9PC-FMGC-VXVW Rack: Multipart parser buffers large non‑file fields entirely in memory, enabling DoS (memory exhaustion)

Summary Rack::Multipart::Parser stores non-file form fields parts without a filename entirely in memory as Ruby String objects. A single large text field in a multipart/form-data request hundreds of megabytes or more can consume equivalent process memory, potentially leading to out-of-memory OOM...

7.5CVSS6.8AI score0.00516EPSS
Exploits0References7
EUVD
EUVD
added 2025/10/07 2:42 p.m.2 views

EUVD-2025-32851

Rack is a modular Ruby web server interface. In versions prior to 2.2.19, 3.1.17, and 3.2.2, Rack::Multipart::Parser stores non-file form fields parts without a filename entirely in memory as Ruby String objects. A single large text field in a multipart/form-data request hundreds of megabytes or...

7.5CVSS6.2AI score0.00516EPSS
Exploits0References6
OSV
OSV
added 2025/10/07 2:42 p.m.4 views

CVE-2025-61771 Rack's multipart parser buffers large non‑file fields entirely in memory, enabling DoS (memory exhaustion)

Rack is a modular Ruby web server interface. In versions prior to 2.2.19, 3.1.17, and 3.2.2, Rack::Multipart::Parser stores non-file form fields parts without a filename entirely in memory as Ruby String objects. A single large text field in a multipart/form-data request hundreds of megabytes or...

7.5CVSS6.3AI score0.00516EPSS
Exploits0References6
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2008-2593

Malware in sbrugna...

7.5CVSS6.1AI score0.02003EPSS
Exploits0References9
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2008-2594

Malware in sbrugna...

7.5CVSS6.1AI score0.02003EPSS
Exploits0References9
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2020-12739

Malware in sbrugna...

7.5CVSS7.5AI score0.01218EPSS
Exploits0References3
CNNVD
CNNVD
added 2025/10/07 12:0 a.m.2 views

Rack 资源管理错误漏洞

Rack is a modular Ruby web server interface open-sourced by Rack. A resource management error vulnerability exists in Rack versions prior to 2.2.19, prior to 3.1.17, and prior to 3.2.2, which stems from Rack::Multipart::Parser storing non-document form fields entirely in memory, potentially leadi...

7.5CVSS6.6AI score0.00516EPSS
Exploits0References4
Cvelist
Cvelist
added 2025/10/06 6:52 a.m.9 views

CVE-2025-58583 User Enumeration

The application provides access to a login protected H2 database for caching purposes. The username is prefilled...

5.3CVSS0.00332EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2025/10/06 12:0 a.m.6 views

PT-2025-40863

Name of the Vulnerable Software and Affected Versions The product name cannot be determined. affected versions not specified Description The application provides access to a login-protected H2 database used for caching. The username is prefilled, potentially allowing unauthorized access if defaul...

5.3CVSS6.4AI score0.00332EPSS
Exploits0References8
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2023-29130

Malicious code in bioql PyPI...

6.5CVSS4.3AI score0.00902EPSS
Exploits0References7
EUVD
EUVD
added 2025/10/03 8:7 p.m.8 views

EUVD-2022-1912

Malicious code in bioql PyPI...

7.5CVSS6.5AI score0.01673EPSS
Exploits0References5
EUVD
EUVD
added 2025/10/03 8:7 p.m.3 views

EUVD-2023-32480

Malicious code in bioql PyPI...

6.5CVSS5.4AI score0.00963EPSS
Exploits0References8
Rows per page
Query Builder