Lucene search
K

131 matches found

Tenable Nessus
Tenable Nessus
added 2025/12/20 12:0 a.m.7 views

Unity Linux 20.1050a / 20.1060a / 20.1070a Security Update: libpng (UTSA-2025-991298)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-991298 advisory. LIBPNG is a reference library for use in applications that read, create, and manipulate PNG Portable Network Graphics raster image files. Prior to 1.6.52, an...

7.1CVSS5.6AI score0.00299EPSS
Exploits2References4
NVD
NVD
added 2025/12/17 9:15 p.m.7 views

CVE-2025-14761

Missing cryptographic key commitment in the AWS SDK for PHP may allow a user with write access to the S3 bucket to introduce a new EDK that decrypts to different plaintext when the encrypted data key is stored in an "instruction file" instead of S3's metadata record. To mitigate this issue, upgra...

6CVSS0.00176EPSS
Exploits0References3
Snyk
Snyk
added 2025/12/16 12:43 a.m.3 views

Improper Verification of Cryptographic Signature

Overview Affected versions of this package are vulnerable to Improper Verification of Cryptographic Signature via the HMAC computation. An attacker can bypass intended challenge expiration and reuse previously solved challenges by submitting a valid proof-of-work with a modified expiration value,...

6.9CVSS6.8AI score0.00262EPSS
Exploits0References2
Snyk
Snyk
added 2025/12/16 12:43 a.m.2 views

Improper Verification of Cryptographic Signature

Overview Affected versions of this package are vulnerable to Improper Verification of Cryptographic Signature via the HMAC computation. An attacker can bypass intended challenge expiration and reuse previously solved challenges by submitting a valid proof-of-work with a modified expiration value,...

6.9CVSS6.8AI score0.00262EPSS
Exploits0References2
Snyk
Snyk
added 2025/12/08 5:57 p.m.2 views

Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)

Overview Affected versions of this package are vulnerable to Use of Cryptographically Weak Pseudo-Random Number Generator PRNG due to the UUIDv4 and UUID functions silently returning predictable values, such as the zero UUID, when the cryptographic random number generator fails. An attacker can...

9.8CVSS7.7AI score0.00409EPSS
Exploits0References4
Snyk
Snyk
added 2025/12/02 5:42 p.m.2 views

Arbitrary File Upload

Overview Affected versions of this package are vulnerable to Arbitrary File Upload via the GrapesJsBuilder file upload process. An attacker can execute arbitrary code on the server by uploading malicious files without restriction. Note: This is only exploitable if the media folder is not restrict...

8.8CVSS7.7AI score0.00368EPSS
Exploits0References2
Snyk
Snyk
added 2025/12/01 8:42 p.m.2 views

Privilege Context Switching Error

Overview Affected versions of this package are vulnerable to Privilege Context Switching Error in the current user session. An attacker can remove comments created by other users by sending crafted requests with insufficient permission checks. Remediation Upgrade...

5.3CVSS6.5AI score0.00158EPSS
Exploits0References2
Snyk
Snyk
added 2025/11/27 6:41 p.m.4 views

Incorrect Implementation of Authentication Algorithm

Overview Affected versions of this package are vulnerable to Incorrect Implementation of Authentication Algorithm. An attacker can gain unauthorized access to another user's account by leveraging a specially crafted email address when switching authentication methods and sending a request to the...

9.9CVSS7AI score0.0031EPSS
Exploits0References2
Snyk
Snyk
added 2025/11/25 12:4 a.m.3 views

Server-side Request Forgery (SSRF)

Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the bypass method. An attacker can access internal network resources by leveraging a 302 redirect to bypass existing security restrictions. PoC python from flask import Flask, redirect app = Flasknam...

8.5CVSS6.6AI score0.00259EPSS
Exploits0References2
Snyk
Snyk
added 2025/11/24 11:31 p.m.4 views

Relative Path Traversal

Overview Affected versions of this package are vulnerable to Relative Path Traversal due to unsafe path handling. An attacker can access, overwrite, or delete files outside the intended directories by supplying specially crafted names or archive entries containing path traversal sequences...

9.8CVSS6.8AI score
Exploits0References2
RustSec
RustSec
added 2025/11/24 12:0 p.m.6 views

CGGMP21 presignatures can be used in the way that significantly reduces security

This attack is against presignatures used in very specific context: Presignatures + HD wallets derivation: security level reduces to 85 bits \ Previously you could generate a presignature, and then choose a HD derivation path while issuing a partial signature via Presignature::setderivationpath,...

8.2CVSS6.5AI score0.00181EPSS
Exploits0
Snyk
Snyk
added 2025/11/23 10:0 p.m.6 views

Out-of-bounds Read

Overview Affected versions of this package are vulnerable to Out-of-bounds Read via the pngimagereadcomposite function when reading palette images with the PNGFLAGOPTIMIZEALPHA flag set. An attacker can supply a specially-crafted PNG image that triggers an invalid alpha pre-multiplication...

7.1CVSS6.8AI score0.00352EPSS
Exploits4References2
Snyk
Snyk
added 2025/11/13 1:0 p.m.1 views

Missing Authorization

Overview Affected versions of this package are vulnerable to Missing Authorization via the CREATE STATISTICS command. A table owner can exploit this vulnerability by creating a statistics object in an arbitrary schema, blocking other users with valid CREATE privileges from creating a statistics...

4.3CVSS6.1AI score0.00201EPSS
Exploits0References2
Snyk
Snyk
added 2025/11/07 11:41 p.m.3 views

Improper Certificate Validation

Overview Affected versions of this package are vulnerable to Improper Certificate Validation due to insufficient peer verification logic in the verifyPeerCert function. An attacker can impersonate privileged API components and execute unauthorized operations by compromising a single instance and...

6.5CVSS5.5AI score0.00181EPSS
Exploits1References2
Snyk
Snyk
added 2025/11/07 7:44 p.m.4 views

Incorrect Permission Assignment for Critical Resource

Overview Affected versions of this package are vulnerable to Incorrect Permission Assignment for Critical Resource due to the virt-api component failing to validate the CN field in client TLS certificates against allowed values in the extension-apiserver-authentication configmap. An attacker can...

6.5CVSS5.4AI score0.00139EPSS
Exploits1References2
Snyk
Snyk
added 2025/11/05 6:40 p.m.2 views

Race Condition Enabling Link Following

Overview Affected versions of this package are vulnerable to Race Condition Enabling Link Following in the handling of procfs file writes. An attacker can cause arbitrary writes to sensitive files or trigger a denial of service by redirecting write operations through race conditions and...

8.2CVSS6.4AI score0.00523EPSS
Exploits1References3
Snyk
Snyk
added 2025/10/30 5:10 p.m.4 views

Denial of Service (DoS)

Overview Affected versions of this package are vulnerable to Denial of Service DoS via the Vector.ReadFrom function. An attacker can cause excessive memory allocation and application crashes by providing maliciously crafted input data containing large length fields. This can result in denial of...

8.7CVSS7AI score
Exploits0References2
Snyk
Snyk
added 2025/10/30 5:10 p.m.1 views

Denial of Service (DoS)

Overview Affected versions of this package are vulnerable to Denial of Service DoS via the Vector.ReadFrom function. An attacker can cause excessive memory allocation and application crashes by providing maliciously crafted input data containing large length fields. This can result in denial of...

8.7CVSS7AI score
Exploits0References2
Snyk
Snyk
added 2025/10/30 5:10 p.m.4 views

Denial of Service (DoS)

Overview Affected versions of this package are vulnerable to Denial of Service DoS via the Vector.ReadFrom function. An attacker can cause excessive memory allocation and application crashes by providing maliciously crafted input data containing large length fields. This can result in denial of...

8.7CVSS7AI score
Exploits0References2
Snyk
Snyk
added 2025/10/29 6:45 p.m.2 views

Open Redirect

Overview Affected versions of this package are vulnerable to Open Redirect via manipulation of the Forwarded or X-Forwarded-Host headers used to construct password reset confirmation links. An attacker can gain unauthorized access to user accounts by tricking users into clicking a password reset...

8.8CVSS7AI score0.00345EPSS
Exploits0References2
Rows per page
Query Builder