Lucene search
K

5610 matches found

Tenable Nessus
Tenable Nessus
added 2025/08/08 12:0 a.m.12 views

Linux Distros Unpatched Vulnerability : CVE-2022-49951

"The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: firmwareloader: Fix use-after-free during unregister In the following code within...

7.8CVSS5.7AI score0.00207EPSS
Exploits0References2
Amazon
Amazon
added 2025/08/08 12:0 a.m.4 views

Important: gdk-pixbuf2

Issue Overview: In GNOME GdkPixbuf aka gdk-pixbuf through 2.42.10, the ANI Windows animated cursor decoder encounters heap memory corruption in aniloadchunk in io-ani.c when parsing chunks in a crafted .ani file. A crafted file could allow an attacker to overwrite heap metadata, leading to a deni...

7.8CVSS9.9AI score0.01051EPSS
Exploits1
Tenable Nessus
Tenable Nessus
added 2025/08/08 12:0 a.m.3 views

Linux Distros Unpatched Vulnerability : CVE-2024-27413

"The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - efi/capsule-loader: fix incorrect allocation size gcc-14 notices that the allocation with sizeofvoid on 32-bit architectures is not enough for a 64-bit...

5.5CVSS6.3AI score0.00244EPSS
Exploits0References3
Fedora
Fedora
added 2025/08/07 1:13 a.m.7 views

[SECURITY] Fedora 41 Update: gdk-pixbuf2-2.42.12-9.fc41

gdk-pixbuf is an image loading library that can be extended by loadable modules for new image formats. It is used by toolkits such as GTK+ or clutter...

7.5CVSS7.4AI score0.01051EPSS
Exploits0
RedHat Linux
RedHat Linux
added 2025/08/05 3:14 a.m.7 views

gdk‑pixbuf: Heap‑buffer‑overflow in gdk‑pixbuf

A flaw exists in gdk‑pixbuf within the gdkpixbufjpegimageloadincrement function io-jpeg.c and in glib’s gbase64encodestep glib/gbase64.c. When processing maliciously crafted JPEG images, a heap buffer overflow can occur during Base64 encoding, allowing out-of-bounds reads from heap memory,...

7.5CVSS6.3AI score0.01051EPSS
Exploits0References5
CNVD
CNVD
added 2025/08/05 12:0 a.m.2 views

GNU GRUB Buffer Overflow Vulnerability (CNVD-2025-17795)

GNU GRUB is a Linux system boot program from the GNU community. A buffer error vulnerability exists in GNU GRUB, which originates in the grub-core/gettext module, where the system does not properly limit the size of the data, and can be exploited by an attacker to run arbitrary code in the contex...

6.7CVSS7.6AI score0.00231EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/08/05 12:0 a.m.3 views

DENX Software Engineering Das U-Boot 安全漏洞

DENX Software Engineering Das U-Boot is a Universal Bootloader from DENX Software Engineering, Germany. A security vulnerability exists in DENX Software Engineering Das U-Boot version v1.1.3, which stems from a lack of signature verification in the bootloader and could lead to the execution of...

6.5CVSS6.7AI score0.00301EPSS
Exploits1References2
Amazon
Amazon
added 2025/08/04 12:0 a.m.5 views

Important: gdk-pixbuf2

Issue Overview: In GNOME GdkPixbuf aka gdk-pixbuf through 2.42.10, the ANI Windows animated cursor decoder encounters heap memory corruption in aniloadchunk in io-ani.c when parsing chunks in a crafted .ani file. A crafted file could allow an attacker to overwrite heap metadata, leading to a deni...

7.8CVSS8.5AI score0.01051EPSS
Exploits1
NVD
NVD
added 2025/08/02 9:15 a.m.5 views

CVE-2025-8399

The Mmm Unity Loader plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘attributes’ parameter in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level...

6.4CVSS0.00209EPSS
Exploits0References3
CVE
CVE
added 2025/08/02 8:24 a.m.22 views

CVE-2025-8399

CVE-2025-8399 affects the WordPress plugin “MMM Unity Loader” up to version 1.0 and enables stored XSS via the attributes parameter. Exploitation requires authenticated access at Contributor level or higher, enabling script injection on pages visited by users. Various connected sources corroborat...

6.4CVSS5.5AI score0.00209EPSS
Exploits0References3
Cvelist
Cvelist
added 2025/08/02 8:24 a.m.8 views

CVE-2025-8399 Mmm Unity Loader <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via attributes Parameter

The Mmm Unity Loader plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘attributes’ parameter in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level...

6.4CVSS0.00209EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2025/08/02 8:24 a.m.3 views

CVE-2025-8399 Mmm Unity Loader <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via attributes Parameter

The Mmm Unity Loader plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘attributes’ parameter in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level...

6.4CVSS6AI score0.00209EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2025/08/02 12:0 a.m.6 views

PT-2025-31731 · WordPress · Mmm Unity Loader

Name of the Vulnerable Software and Affected Versions: Mmm Unity Loader plugin for WordPress versions prior to 1.0 Description: The Mmm Unity Loader plugin for WordPress is susceptible to Stored Cross-Site Scripting via the attributes parameter due to insufficient input sanitization and output...

6.4CVSS5.8AI score0.00209EPSS
Exploits0References7
CNNVD
CNNVD
added 2025/08/02 12:0 a.m.4 views

WordPress plugin Mmm Unity Loader 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

6.4CVSS5.7AI score0.00209EPSS
Exploits0References4
HackRead
HackRead
added 2025/07/28 10:14 a.m.2 views

Malicious ISO File Used in Romance Scam Targeting German Speakers

Sublime Security reveals a cunning romance/adult-themed scam targeting German speakers, leveraging Keitaro TDS to deliver an AutoIT-based malware loader. Learn how this sophisticated campaign operates, its deceptive tactics, and the hidden payload...

7.2AI score
Exploits0
BDU FSTEC
BDU FSTEC
added 2025/07/28 12:0 a.m.4 views

The vulnerability of the Loader component in Google Chrome browsers allows attackers to bypass security restrictions.

The vulnerability of the Loader component in Google Chrome browsers relates to bypassing the authentication process by using an alternative path or channel. Exploiting this vulnerability allows a malicious actor to circumvent security restrictions remotely...

6.4CVSS5.8AI score0.00157EPSS
Exploits0References9Affected Software4
Snyk
Snyk
added 2025/07/25 5:40 a.m.1 views

Malicious Package

Overview grafana-internal-config-loader is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and thi...

9.8CVSS6.8AI score
Exploits0References2
OSV
OSV
added 2025/07/18 8:3 p.m.3 views

GHSA-X6PH-R535-3VJW apko is vulnerable to attack through incorrect permissions in /etc/ld.so.cache and other files

It was discovered that the ld.so.cache in images generated by apko had file system permissions mode 0666: bash-5.3 find / -type f -perm -o+w /etc/ld.so.cache This issue was introduced in commit 04f37e2 "generate /etc/ld.so.cache 1629"v0.27.0. Impact This potentially allows a local unprivileged us...

7CVSS5.9AI score0.00118EPSS
Exploits0References6
Talos Blog
Talos Blog
added 2025/07/17 10:0 a.m.7 views

MaaS operation using Emmenhtal and Amadey linked to threats against Ukrainian entities

In April 2025 Cisco Talos identified a Malware-as-a-Service MaaS operation that utilized Amadey to deliver payloads. The MaaS operators used fake GitHub accounts to host payloads, tools and Amadey plug-ins, likely as an attempt to bypass web filtering and for ease of use. Several operator tactics...

7.6AI score
Exploits0
The Hacker News
The Hacker News
added 2025/07/16 5:48 p.m.25 views

Hackers Leverage Microsoft Teams to Spread Matanbuchus 3.0 Malware to Targeted Firms

Cybersecurity researchers have flagged a new variant of a known malware loader called Matanbuchus that packs in significant features to enhance its stealth and evade detection. Matanbuchus is the name given to a malware-as-a-service MaaS offering that can act as a conduit for next-stage payloads,...

7.9AI score
Exploits0
Rows per page
Query Builder