Lucene search
K

248 matches found

NVD
NVD
added 2025/04/29 1:15 p.m.13 views

CVE-2025-4035

A flaw was found in libsoup. When handling cookies, libsoup clients mistakenly allow cookies to be set for public suffix domains if the domain contains at least two components and includes an uppercase character. This bypasses public suffix protections and could allow a malicious website to set...

4.3CVSS0.00348EPSS
Exploits0References5
OSV
OSV
added 2025/04/29 1:15 p.m.8 views

CVE-2025-4035

A flaw was found in libsoup. When handling cookies, libsoup clients mistakenly allow cookies to be set for public suffix domains if the domain contains at least two components and includes an uppercase character. This bypasses public suffix protections and could allow a malicious website to set...

4.3CVSS6.6AI score0.00348EPSS
Exploits0References3
Cvelist
Cvelist
added 2025/04/29 12:56 p.m.29 views

CVE-2025-4035 Libsoup: cookie domain validation bypass via uppercase characters in libsoup

A flaw was found in libsoup. When handling cookies, libsoup clients mistakenly allow cookies to be set for public suffix domains if the domain contains at least two components and includes an uppercase character. This bypasses public suffix protections and could allow a malicious website to set...

4.3CVSS0.00348EPSS
Exploits0References4
CVE
CVE
added 2025/04/29 12:56 p.m.114 views

CVE-2025-4035

Libsoup3 is affected by CVE-2025-4035: a cookie-domain validation bypass occurs when handling cookies where the domain contains at least two components and includes an uppercase character, allowing cookies to be set for public suffix domains a site does not own. The vulnerability is described acr...

4.3CVSS4.5AI score0.00348EPSS
Exploits0References5
Debian CVE
Debian CVE
added 2025/04/29 12:56 p.m.4 views

CVE-2025-4035

A flaw was found in libsoup. When handling cookies, libsoup clients mistakenly allow cookies to be set for public suffix domains if the domain contains at least two components and includes an uppercase character. This bypasses public suffix protections and could allow a malicious website to set...

4.3CVSS4.8AI score0.00348EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2025/04/29 12:0 a.m.29 views

Amazon Linux 2023 : libsoup3, libsoup3-devel (ALAS2023-2025-941)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2025-941 advisory. A flaw was found in libsoup. The package is vulnerable to a heap buffer over-read when sniffing content via the skipinsightwhitespace function. Libsoup clients may read one byte out-of-bounds i...

9CVSS6.9AI score0.00847EPSS
Exploits1References28
Hacker One
Hacker One
added 2025/04/20 10:18 p.m.1262 views

Dust: UI flaw allows unauthorized users to add documents to restricted folders

The UI flaw allowed unauthorized users to add documents to restricted folders. The vulnerability constituted an Insecure Direct Object Reference IDOR issue, where users could manipulate the client-side behavior to perform actions they were not supposed to have access to, such as uploading documen...

6.9AI score
Exploits0
RedhatCVE
RedhatCVE
added 2025/04/12 3:7 a.m.24 views

CVE-2025-26479

Dell PowerScale OneFS, versions 9.4.0.0 through 9.10.0.0, contains an out-of-bounds write vulnerability. An attacker could potentially exploit this vulnerability in NFS workflows, leading to data integrity issues...

3.1CVSS7.2AI score0.00234EPSS
Exploits0References3
NVD
NVD
added 2025/04/10 3:15 a.m.13 views

CVE-2025-26479

Dell PowerScale OneFS, versions 9.4.0.0 through 9.10.0.0, contains an out-of-bounds write vulnerability. An attacker could potentially exploit this vulnerability in NFS workflows, leading to data integrity issues...

3.1CVSS0.00234EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/04/10 2:32 a.m.8 views

CVE-2025-26479

Dell PowerScale OneFS, versions 9.4.0.0 through 9.10.0.0, contains an out-of-bounds write vulnerability. An attacker could potentially exploit this vulnerability in NFS workflows, leading to data integrity issues...

3.1CVSS6.9AI score0.00234EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/04/10 2:32 a.m.18 views

CVE-2025-26479

Dell PowerScale OneFS, versions 9.4.0.0 through 9.10.0.0, contains an out-of-bounds write vulnerability. An attacker could potentially exploit this vulnerability in NFS workflows, leading to data integrity issues...

3.1CVSS0.00234EPSS
Exploits0References1
CVE
CVE
added 2025/04/10 2:32 a.m.65 views

CVE-2025-26479

Dell PowerScale OneFS contains an out-of-bounds write vulnerability affecting versions 9.4.0.0 through 9.10.0.0, exploitable via NFS workflows and potentially causing data integrity issues. The issue stems from an application boundary error when processing untrusted input. Public references consi...

3.1CVSS4.1AI score0.00234EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2025/04/07 12:0 a.m.3 views

PT-2025-15890 · Dell · Dell Powerscale Onefs

Name of the Vulnerable Software and Affected Versions: Dell PowerScale OneFS versions 9.4.0.0 through 9.10.0.0 Description: The issue is an out-of-bounds write vulnerability that could be exploited by an attacker in NFS workflows, potentially leading to data integrity issues. Recommendations: For...

3.1CVSS6.1AI score0.00234EPSS
Exploits0References9
RedhatCVE
RedhatCVE
added 2025/03/28 6:9 p.m.17 views

CVE-2025-2819

There is a risk of unauthorized file uploads in GT-SoftControl and potential file overwrites due to insufficient validation in the file selection process. This could lead to data integrity issues and unauthorized access by an authenticated privileged user...

6.6CVSS6.9AI score0.00197EPSS
Exploits0References1
Veracode
Veracode
added 2025/03/28 10:50 a.m.20 views

MD5 Hash Collisions

sagemaker is vulnerable to MD5 Hash Collisions. The vulnerability is due to weak hashing in workflow identification due to the reuse of results from different configurations that produce the same MD5 hash, potentially leading to unintended workflow replacements and integrity issues...

5.9CVSS7AI score0.00247EPSS
Exploits0References4Affected Software1
Tenable Nessus
Tenable Nessus
added 2025/03/28 12:0 a.m.9 views

Azure Linux 3.0 Security Update: libssh (CVE-2023-6918)

The version of libssh installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2023-6918 advisory. - A flaw was found in the libssh implements abstract layer for message digest MD operations implemented by...

5.3CVSS6.3AI score0.01421EPSS
Exploits0References2
NVD
NVD
added 2025/03/26 3:16 p.m.26 views

CVE-2025-2819

There is a risk of unauthorized file uploads in GT-SoftControl and potential file overwrites due to insufficient validation in the file selection process. This could lead to data integrity issues and unauthorized access by an authenticated privileged user...

6.6CVSS0.00197EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/03/26 2:49 p.m.8 views

CVE-2025-2819 Unrestricted Fileupload

There is a risk of unauthorized file uploads in GT-SoftControl and potential file overwrites due to insufficient validation in the file selection process. This could lead to data integrity issues and unauthorized access by an authenticated privileged user...

6.6CVSS6.9AI score0.00197EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/03/26 2:49 p.m.23 views

CVE-2025-2819 Unrestricted Fileupload

There is a risk of unauthorized file uploads in GT-SoftControl and potential file overwrites due to insufficient validation in the file selection process. This could lead to data integrity issues and unauthorized access by an authenticated privileged user...

6.6CVSS0.00197EPSS
Exploits0References1
Chainguard
Chainguard
added 2025/03/23 4:19 p.m.17 views

GHSA-3XRR-7M6P-P7XH vulnerabilities

Vulnerabilities for packages: hadoop-fips...

7.5AI score
Exploits0
Rows per page
Query Builder