Lucene search
K

5615 matches found

Vulnrichment
Vulnrichment
added 2025/10/02 12:0 a.m.2 views

CVE-2025-57443

FrostWire 6.14.0-build-326 for macOS contains permissive entitlements allow-dyld-environment-variables, disable-library-validation that allow unprivileged local attackers to inject code into the FrostWire process via the DYLDINSERTLIBRARIES environment variable. This allows escalated privileges t...

6.5AI score0.00126EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/10/02 12:0 a.m.7 views

CVE-2025-57443

FrostWire 6.14.0-build-326 for macOS contains permissive entitlements allow-dyld-environment-variables, disable-library-validation that allow unprivileged local attackers to inject code into the FrostWire process via the DYLDINSERTLIBRARIES environment variable. This allows escalated privileges t...

0.00126EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/10/02 12:0 a.m.4 views

PT-2025-40450

Name of the Vulnerable Software and Affected Versions DataChain versions 0.34.1 and below Description DataChain is a Python-based AI-data warehouse for transforming and analyzing unstructured data. The library reads serialized objects from environment variables, specifically DATACHAIN METASTORE a...

2.5CVSS7.4AI score0.0015EPSS
Exploits0References11
Zero Day Initiative
Zero Day Initiative
added 2025/10/01 12:0 a.m.6 views

Fuji Electric FRENIC-Loader 4 EXRTM File Parsing Deserialization of Untrusted Data Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fuji Electric FRENIC-Loader 4. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

7.8CVSS7.3AI score0.00186EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
added 2025/10/01 12:0 a.m.7 views

Fuji Electric FRENIC-Loader 4 EXTBM File Parsing Deserialization of Untrusted Data Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fuji Electric FRENIC-Loader 4. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

7.8CVSS7.3AI score0.00186EPSS
Exploits0References1
Redos
Redos
added 2025/09/30 12:0 a.m.4 views

ROS-20250930-04

The Open Asset Import Library Assimp 3D model import library implementation vulnerability is related to manipulation of the skinwidth/skinheight argument. Exploitation of the vulnerability could allow an attacker to cause a denial of service Vulnerability in Open Asset Import Library Assimp 3D...

8.8CVSS6.9AI score0.00684EPSS
Exploits3
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/09/26 5:27 p.m.4 views

Malicious code in zenith.svg-loader (npm)

The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 4f7d2ffc7aca71791695515d2f4c7d4cd7dae2e7767777a5a18bed84f9d94e7f Any computer that has this package installed or running should be considered...

6.8AI score
Exploits0References1
OSV
OSV
added 2025/09/26 5:27 p.m.2 views

MAL-2025-47866 Malicious code in zenith.svg-loader (npm)

The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 4f7d2ffc7aca71791695515d2f4c7d4cd7dae2e7767777a5a18bed84f9d94e7f Any computer that has this package installed or running should be considered...

6.8AI score
Exploits0References1
NVD
NVD
added 2025/09/26 1:15 p.m.4 views

CVE-2025-11013

A vulnerability was identified in BehaviorTree up to 4.7.0. This vulnerability affects the function XMLParser::PImpl::loadDocImpl of the file /src/xmlparsing.cpp of the component XML Parser. The manipulation leads to null pointer dereference. The attack can only be performed from a local...

5.5CVSS0.00187EPSS
Exploits1References6
NVD
NVD
added 2025/09/25 9:15 p.m.4 views

CVE-2025-59402

Flock Safety Bravo Edge AI Compute Device BRAVO00.00local20241017 accepts the default Thundercomm TurboX 6490 Firehose loader in EDL/QDL mode. This enables attackers with physical access to flash arbitrary firmware, dump partitions, and bypass bootloader and OS security controls...

5.4CVSS0.00217EPSS
Exploits1References4
OSV
OSV
added 2025/09/25 6:39 p.m.4 views

CLSA-2025-1758825546 gimp: Fix of CVE-2025-48798

CVE-2025-48798: fix XCF loader use-after-free issues by properly managing layer/channel resources and ensuring safe cleanup during parsing...

7.3CVSS7.1AI score0.0017EPSS
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/09/25 4:7 a.m.4 views

Malicious code in envs-loader (npm)

The package envs-loader was found to contain malicious code. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 94802ccdee601e77ff6361593b03ef5b414dec7eaeccd58d8ed6b2305886b27d Any computer that has this package installed or running should be considered fully...

6.9AI score
Exploits0References1
Snyk
Snyk
added 2025/09/25 4:7 a.m.3 views

Malicious Package

Overview envs-loader is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package authorshi...

9.8CVSS6.8AI score
Exploits0References2
OSV
OSV
added 2025/09/25 4:7 a.m.4 views

MAL-2025-47553 Malicious code in envs-loader (npm)

The package envs-loader was found to contain malicious code. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 94802ccdee601e77ff6361593b03ef5b414dec7eaeccd58d8ed6b2305886b27d Any computer that has this package installed or running should be considered fully...

6.9AI score
Exploits0References1
RedHat Linux
RedHat Linux
added 2025/09/25 12:9 a.m.5 views

commons-beanutils: Apache Commons BeanUtils: PropertyUtilsBean does not suppresses an enum's declaredClass property by default

A flaw was found in Apache Commons BeanUtils. This vulnerability allows remote attackers to execute arbitrary code via uncontrolled access to the declaredClass property on Java enum objects, which can expose the class loader when property paths are passed from external sources to methods like...

8.8CVSS7.6AI score0.01495EPSS
Exploits1References8
Positive Technologies
Positive Technologies
added 2025/09/25 12:0 a.m.4 views

PT-2025-39453

Name of the Vulnerable Software and Affected Versions Flock Safety Bravo Edge AI Compute Device version BRAVO 00.00 local 20241017 Description The Flock Safety Bravo Edge AI Compute Device allows attackers with physical access to flash arbitrary firmware, dump partitions, and bypass bootloader an...

5.4CVSS6AI score0.00217EPSS
Exploits1References9
CNNVD
CNNVD
added 2025/09/25 12:0 a.m.2 views

Flock Safety The Bravo Compute Box 安全漏洞

Flock Safety The Bravo Compute Box is an edge computing device from Flock Safety USA. A security vulnerability exists in Flock Safety The Bravo Compute Box BRAVO00.00local20241017 version, which stems from the acceptance of the default Thundercomm TurboX 6490 Firehose loader, which could lead to ...

5.4CVSS6.5AI score0.00217EPSS
Exploits1References4
Vulnrichment
Vulnrichment
added 2025/09/25 12:0 a.m.3 views

CVE-2025-59402

Flock Safety Bravo Edge AI Compute Device BRAVO00.00local20241017 accepts the default Thundercomm TurboX 6490 Firehose loader in EDL/QDL mode. This enables attackers with physical access to flash arbitrary firmware, dump partitions, and bypass bootloader and OS security controls...

6.3AI score0.00217EPSS
Exploits1References4
OSV
OSV
added 2025/09/24 8:1 p.m.5 views

CLSA-2025-1758744098 gimp: Fix of CVE-2025-48797

CVE-2025-48797: fix TGA loader buffer overflows by validating colormap alpha, color IDs, bytes-per-pixel, and limiting error messages...

7.3CVSS7.2AI score0.00193EPSS
Exploits0References1
Redos
Redos
added 2025/09/24 12:0 a.m.4 views

ROS-20250924-08

A vulnerability in the LZW decoder of the GdkPixbufc image loading library is related to information disclosure. Exploitation of the vulnerability could allow an attacker to gain unauthorized access to protected information. information GdkPixbufs image loading library vulnerability is related to...

7.5CVSS7.8AI score0.01051EPSS
Exploits0
Rows per page
Query Builder