Lucene search
K

5610 matches found

RedHat Linux
RedHat Linux
added 2025/07/14 4:21 p.m.5 views

commons-beanutils: Apache Commons BeanUtils: PropertyUtilsBean does not suppresses an enum's declaredClass property by default

A flaw was found in Apache Commons BeanUtils. This vulnerability allows remote attackers to execute arbitrary code via uncontrolled access to the declaredClass property on Java enum objects, which can expose the class loader when property paths are passed from external sources to methods like...

8.8CVSS7.6AI score0.01495EPSS
Exploits1References8
RedHat Linux
RedHat Linux
added 2025/07/14 3:55 p.m.5 views

commons-beanutils: Apache Commons BeanUtils: PropertyUtilsBean does not suppresses an enum's declaredClass property by default

A flaw was found in Apache Commons BeanUtils. This vulnerability allows remote attackers to execute arbitrary code via uncontrolled access to the declaredClass property on Java enum objects, which can expose the class loader when property paths are passed from external sources to methods like...

8.8CVSS7.6AI score0.01495EPSS
Exploits1References8
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/07/14 3:2 p.m.3 views

Malicious code in workspace-loader (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 6337f633e71ac4bbdd2541a6ff172f67246451a691838940e3578c7c7ba4ee18 The OpenSSF Package Analysis project identified 'workspace-loader' @ 1.0.0 npm as malicious. It is considered malicious because: - The package...

7.1AI score
Exploits0
OSV
OSV
added 2025/07/14 3:2 p.m.2 views

MAL-2025-5845 Malicious code in workspace-loader (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 6337f633e71ac4bbdd2541a6ff172f67246451a691838940e3578c7c7ba4ee18 The OpenSSF Package Analysis project identified 'workspace-loader' @ 1.0.0 npm as malicious. It is considered malicious because: - The package...

7.3AI score
Exploits0
SUSE CVE
SUSE CVE
added 2025/07/11 11:21 p.m.3 views

SUSE CVE-2025-53630

llama.cpp is an inference of several LLM models in C/C++. Integer Overflow in the ggufinitfromfileimpl function in ggml/src/gguf.cpp can lead to Heap Out-of-Bounds Read/Write. This vulnerability is fixed in commit 26a48ad699d50b6268900062661bd22f3e792579...

9.3CVSS6.9AI score0.00318EPSS
Exploits0References3
BDU FSTEC
BDU FSTEC
added 2025/07/11 12:0 a.m.5 views

The vulnerability of the PropertyUtilsBean class in the Apache Commons Beanutils utility allows a hacker to execute arbitrary code.

The vulnerability of the PropertyUtilsBean utility in the Apache Commons Beanutils library is related to deficiencies in access control to the class loader. Exploiting this vulnerability could allow an attacker to execute arbitrary code remotely...

9CVSS7AI score0.01495EPSS
Exploits1References7Affected Software18
RedHat Linux
RedHat Linux
added 2025/07/09 12:22 p.m.2 views

kernel: ELF: fix kernel.randomize_va_space double read

In the Linux kernel, the following vulnerability has been resolved: ELF: fix kernel.randomizevaspace double read ELF loader uses "randomizevaspace" twice. It is sysctl and can change at any moment, so 2 loads could see 2 different values in theory with unpredictable consequences. Issue exactly on...

5.5CVSS6.8AI score0.00247EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2025/07/07 1:35 p.m.4 views

commons-beanutils: Apache Commons BeanUtils: PropertyUtilsBean does not suppresses an enum's declaredClass property by default

A flaw was found in Apache Commons BeanUtils. This vulnerability allows remote attackers to execute arbitrary code via uncontrolled access to the declaredClass property on Java enum objects, which can expose the class loader when property paths are passed from external sources to methods like...

8.8CVSS7.6AI score0.01495EPSS
Exploits1References8
RedHat Linux
RedHat Linux
added 2025/07/07 1:32 p.m.3 views

commons-beanutils: Apache Commons BeanUtils: PropertyUtilsBean does not suppresses an enum's declaredClass property by default

A flaw was found in Apache Commons BeanUtils. This vulnerability allows remote attackers to execute arbitrary code via uncontrolled access to the declaredClass property on Java enum objects, which can expose the class loader when property paths are passed from external sources to methods like...

8.8CVSS7.6AI score0.01495EPSS
Exploits1References8
RedHat Linux
RedHat Linux
added 2025/07/07 1:27 p.m.5 views

commons-beanutils: Apache Commons BeanUtils: PropertyUtilsBean does not suppresses an enum's declaredClass property by default

A flaw was found in Apache Commons BeanUtils. This vulnerability allows remote attackers to execute arbitrary code via uncontrolled access to the declaredClass property on Java enum objects, which can expose the class loader when property paths are passed from external sources to methods like...

8.8CVSS7.6AI score0.01495EPSS
Exploits1References8
RedHat Linux
RedHat Linux
added 2025/07/07 2:28 a.m.2 views

webkitgtk: Use-after-free in ImageLoader dispatchPendingErrorEvent leading to information leak and possibly code execution

A use-after-free vulnerability exists in the way certain events are processed for ImageLoader objects of Webkit WebKitGTK 2.30.4. A specially crafted web page can lead to a potential information leak and further memory corruption. In order to trigger the vulnerability, a victim must be tricked in...

8CVSS7.3AI score0.0127EPSS
Exploits1References4
CNVD
CNVD
added 2025/07/04 12:0 a.m.2 views

Google Chrome Security Bypass Vulnerability (CNVD-2025-15175)

Google Chrome is a web browser from Google, an American company. Google Chrome suffers from a security bypass vulnerability that stems from insufficient policy enforcement in the Loader component, which can be exploited by an attacker to bypass content security policies...

5.4CVSS6.8AI score0.00157EPSS
Exploits0References1
OSV
OSV
added 2025/06/30 12:16 p.m.5 views

CLSA-2025-1751285777 grub2: Fix of 5 CVEs

CVE-2024-45781: fs/ufs: OOB write in the heap - CVE-2024-45782: fs/hfs: strcpy using the volume name - CVE-2024-56737: fs/hfs: Fix stack OOB write with grubstrcpy - CVE-2025-0678: squash4: Integer overflow may lead to heap based out-of-bounds write when reading data - CVE-2025-1125: fs/hfs:...

8.8CVSS6.9AI score0.00708EPSS
Exploits0References1
Packet Storm News
Packet Storm News
added 2025/06/30 12:0 a.m.2 views

ZigStrike 2.0

ZigStrike is a robust shellcode loader developed in Zig, offering a variety of injection techniques and anti-sandbox features. It leverages compile-time capabilities for efficient shellcode allocation, demonstrating proven success in bypassing advanced security solutions. ZigStrike includes a...

7.2AI score
Exploits0
OSV
OSV
added 2025/06/28 12:15 p.m.4 views

DEBIAN-CVE-2025-6817

A vulnerability, which was classified as problematic, has been found in HDF5 1.14.6. This issue affects the function H5Cloadentry of the file /src/H5Centry.c. The manipulation leads to resource consumption. The attack needs to be approached locally. The exploit has been disclosed to the public an...

4.8CVSS3.4AI score0.00188EPSS
Exploits1References1
OSV
OSV
added 2025/06/27 11:15 p.m.2 views

UBUNTU-CVE-2024-36347

Improper signature verification in AMD CPU ROM microcode patch loader may allow an attacker with local administrator privilege to load malicious microcode, potentially resulting in loss of integrity of x86 instruction execution, loss of confidentiality and integrity of data in x86 CPU privileged...

6.4CVSS6AI score0.00097EPSS
Exploits0References28
RedHat Linux
RedHat Linux
added 2025/06/25 7:30 p.m.7 views

commons-beanutils: Apache Commons BeanUtils: PropertyUtilsBean does not suppresses an enum's declaredClass property by default

A flaw was found in Apache Commons BeanUtils. This vulnerability allows remote attackers to execute arbitrary code via uncontrolled access to the declaredClass property on Java enum objects, which can expose the class loader when property paths are passed from external sources to methods like...

8.8CVSS7.6AI score0.01495EPSS
Exploits1References8
SUSE CVE
SUSE CVE
added 2025/06/25 2:5 p.m.3 views

SUSE CVE-2025-6556

Insufficient policy enforcement in Loader in Google Chrome prior to 138.0.7204.49 allowed a remote attacker to bypass content security policy via a crafted HTML page. Chromium security severity: Low...

5.4CVSS6.5AI score0.00157EPSS
Exploits0References3
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/06/25 9:2 a.m.4 views

Malicious code in vite-loader-svg (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware b5880f6d590622e99ff921eeb4b6de62bf0d1c7401a5c5b1cb7137b2b091769e Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

6.9AI score
Exploits0References1
OSV
OSV
added 2025/06/25 9:2 a.m.2 views

MAL-2025-5262 Malicious code in vite-loader-svg (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware b5880f6d590622e99ff921eeb4b6de62bf0d1c7401a5c5b1cb7137b2b091769e Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

7AI score
Exploits0References1
Rows per page
Query Builder