Lucene search
+L

579 matches found

Cvelist
Cvelist
added 2025/03/20 10:9 a.m.15 views

CVE-2024-6827 HTTP Request Smuggling in benoitc/gunicorn

Gunicorn version 21.2.0 does not properly validate the value of the 'Transfer-Encoding' header as specified in the RFC standards, which leads to the default fallback method of 'Content-Length,' making it vulnerable to TE.CL request smuggling. This vulnerability can lead to cache poisoning, data...

7.5CVSS0.00738EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/03/20 10:9 a.m.10 views

CVE-2024-6827 HTTP Request Smuggling in benoitc/gunicorn

Gunicorn version 21.2.0 does not properly validate the value of the 'Transfer-Encoding' header as specified in the RFC standards, which leads to the default fallback method of 'Content-Length,' making it vulnerable to TE.CL request smuggling. This vulnerability can lead to cache poisoning, data...

7.5CVSS7.5AI score0.00738EPSS
Exploits0References1
CNVD
CNVD
added 2025/03/13 12:0 a.m.44 views

Unspecified Vulnerability in Mozilla Firefox for iOS (CNVD-2025-05232)

Mozilla Firefox is an open source web browser from the Mozilla Foundation in the United States. A security vulnerability exists in Mozilla Firefox for iOS that originates from an unrecognized QR code link. An attacker could exploit this vulnerability potentially causing integrity to be compromise...

4.3CVSS6.9AI score0.00215EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/03/12 1:59 p.m.7 views

CVE-2025-21590 Junos OS: An local attacker with shell access can execute arbitrary code

An Improper Isolation or Compartmentalization vulnerability in the kernel of Juniper Networks Junos OS allows a local attacker with high privileges to compromise the integrity of the device. A local attacker with access to the shell is able to inject arbitrary code which can compromise an affecte...

6.7CVSS4.8AI score0.01657EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2025/03/12 12:0 a.m.14 views

CVE-2025-21590

An Improper Isolation or Compartmentalization vulnerability in the kernel of Juniper Networks Junos OS allows a local attacker with high privileges to compromise the integrity of the device. A local attacker with access to the shell is able to inject arbitrary code which can compromise an affecte...

6.7CVSS7.2AI score0.01657EPSS
In wildExploits0References3
Tenable Nessus
Tenable Nessus
added 2025/03/05 12:0 a.m.4 views

Linux Distros Unpatched Vulnerability : CVE-2021-44512

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - World-writable permissions on the /tmp/tmate/sessions directory in tmate-ssh-server 2.3.0 allow a local attacker to compromise the integrity of session handling...

7CVSS7AI score0.00254EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/02/14 6:24 p.m.17 views

CVE-2025-25201

Nitrokey 3 Firmware is the the firmware of Nitrokey 3 USB keys. For release 1.8.0, and test releases with PIV enabled prior to 1.8.0, the PIV application could accept invalid keys for authentication of the admin key. This could lead to compromise of the integrity of the data stored in the...

4CVSS6.9AI score0.00139EPSS
Exploits0References1
CVE
CVE
added 2025/02/12 6:7 p.m.68 views

CVE-2025-25201

CVE-2025-25201 concerns Nitrokey 3 Firmware. The PIV application could accept invalid keys for authentication of the admin key in releases up to 1.8.0 (and certain pre-1.8.0 test builds), allowing an attacker without the proper admin key to generate new keys and overwrite certificates, compromisi...

4CVSS4.3AI score0.00139EPSS
Exploits0References3
OSV
OSV
added 2025/02/12 6:7 p.m.6 views

CVE-2025-25201 Improper Validation of Admin Key in PIV Smartcard

Nitrokey 3 Firmware is the the firmware of Nitrokey 3 USB keys. For release 1.8.0, and test releases with PIV enabled prior to 1.8.0, the PIV application could accept invalid keys for authentication of the admin key. This could lead to compromise of the integrity of the data stored in the...

4CVSS6.8AI score0.00139EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2025/02/05 3:11 a.m.6 views

CVE-2024-6036

A vulnerability in gaizhenbiao/chuanhuchatgpt version 20240410 allows any user to restart the server at will by sending a specific request to the /queue/join? endpoint with "fnindex":66. This unrestricted server restart capability can severely disrupt service availability, cause data loss or...

9.1CVSS7.4AI score0.10849EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/02/05 12:33 a.m.9 views

CVE-2024-55879

XWiki Platform is a generic wiki platform. Starting in version 2.3 and prior to versions 15.10.9, 16.3.0, any user with script rights can perform arbitrary remote code execution by adding instances of XWiki.ConfigurableClass to any page. This compromises the confidentiality, integrity and...

9.1CVSS7.7AI score0.01045EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2025/02/04 11:4 p.m.6 views

CVE-2024-0549

mintplex-labs/anything-llm is vulnerable to a relative path traversal attack, allowing unauthorized attackers with a default role account to delete files and folders within the filesystem, including critical database files such as 'anythingllm.db'. The vulnerability stems from insufficient input...

8.1CVSS8AI score0.00819EPSS
Exploits1References1
CVE
CVE
added 2025/02/04 7:26 p.m.65 views

CVE-2025-24966

CVE-2025-24966 concerns the reNgine web-app reconnaissance framework. The issue is HTML Injection in the Add Target functionality, where the Target Organization and Target Description fields improperly validate or sanitize input, allowing arbitrary HTML payloads. The injected HTML is rendered in ...

5.4CVSS7.2AI score0.0026EPSS
Exploits1References1Affected Software1
OSV
OSV
added 2025/02/04 7:26 p.m.10 views

CVE-2025-24966 HTML Injection in reNgine

reNgine is an automated reconnaissance framework for web applications. HTML Injection occurs when an application improperly validates or sanitizes user inputs, allowing attackers to inject arbitrary HTML code. In this scenario, the vulnerability exists in the "Add Target" functionality of the...

5.3CVSS6.9AI score0.0026EPSS
Exploits1References3
NVD
NVD
added 2025/01/31 12:15 a.m.9 views

CVE-2024-23928

This vulnerability allows network-adjacent attackers to compromise the integrity of downloaded information on affected installations of Pioneer DMH-WT7600NEX devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the telematics functionality, which...

6.5CVSS0.00246EPSS
Exploits0References2
CVE
CVE
added 2025/01/31 12:9 a.m.505 views

CVE-2024-23928

CVE-2024-23928 affects Pioneer DMH-WT7600NEX telematics over HTTPS, due to improper validation of the server certificate. This enables network-adjacent attackers (no authentication required) to compromise the integrity of downloaded information and, in combination with other vulnerabilities, exec...

6.5CVSS6.4AI score0.00246EPSS
Exploits0References2Affected Software1
Rosalinux
Rosalinux
added 2025/01/28 6:38 p.m.15 views

Advisory ROSA-SA-2025-2634

Software: OpenImageIO 2.2.20.0 OS: ROSA-CHROME packageevrstring: OpenImageIO-2.2.20.0-6 CVE-ID: CVE-2023-36183 BDU-ID: 2023-07656 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the readimg function of the OpenImageIO image processing library involves buffer copying without input validation...

7.8CVSS7.2AI score0.00425EPSS
Exploits1
CVE
CVE
added 2025/01/09 7:56 a.m.49 views

CVE-2024-43658

CVE-2024-43658 concerns Iocharger Home firmware prior to 25010801. The issue is a patch traversal/external control of file name or path vulnerability that allows an authenticated attacker to delete arbitrary files on the charging station, potentially removing binaries and compromising integrity a...

7.2CVSS7.1AI score0.00522EPSS
Exploits0References3
CNVD
CNVD
added 2024/12/20 12:0 a.m.10 views

Unspecified vulnerability in Huawei HarmonyOS and EMUI HiView module

Huawei HarmonyOS is an operating system from Huawei, a Chinese company. It provides a full-scenario distributed operating system based on a microkernel.Huawei EMUI is a user interface developed by Huawei based on the Android operating system. A security vulnerability exists in Huawei HarmonyOS an...

7.5CVSS7.1AI score0.00328EPSS
Exploits0References1
CNVD
CNVD
added 2024/12/20 12:0 a.m.4 views

Huawei EMUI and HarmonyOS File Replacement Vulnerability

Huawei EMUI is a mobile operating system developed based on Android.Huawei HarmonyOS is an operating system. Provides a full-scene distributed operating system based on a microkernel. A file replacement vulnerability exists in Huawei EMUI and HarmonyOS. An attacker could exploit this vulnerabilit...

7.1CVSS6.9AI score0.00122EPSS
Exploits0References1
Rows per page
Query Builder