Lucene search
K

68 matches found

VulnCheck KEV
VulnCheck KEV
added 2025/11/27 12:0 a.m.5 views

VulnCheck KEV: CVE-2025-24354

imgproxy is server for resizing, processing, and converting images. Imgproxy does not block the 0.0.0.0 address, even with IMGPROXYALLOWLOOPBACKSOURCEADDRESSES set to false. This can expose services on the local host. This vulnerability is fixed in 3.27.2...

5.3CVSS5.8AI score0.00844EPSS
In wildExploits0References2
Positive Technologies
Positive Technologies
added 2025/10/29 12:0 a.m.6 views

PT-2025-44328

Name of the Vulnerable Software and Affected Versions Dataphone A920 version 2025.07.161103 Description A flaw in access control on Dataphone A920 version 2025.07.161103 allows unauthorized interaction with the device. A service running on port 8888 is exposed on the local network without requiri...

7.5CVSS6.3AI score0.00327EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2025/10/23 12:0 a.m.9 views

PT-2025-43494

In multiple functions of KeyguardViewMediator.java , there is a possible way to bypass lockdown mode with screen pinning due to a logic error in the code. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitatio...

5.9AI score0.00072EPSS
Exploits0References3
OSV
OSV
added 2025/10/22 2:15 p.m.4 views

CVE-2025-61035

The seffaflik thru 0.0.9 is vulnerable to symlink attacks due to incorrect default permissions given to the .kimlik file and .seffaflik file, which is created with mode 0777 and 0775 respectively, exposing secrets to other local users. Additionally, the .kimlik file is written without symlink...

7.7CVSS5.9AI score0.00135EPSS
Exploits0References3
Microsoft CVE
Microsoft CVE
added 2025/10/14 2:0 p.m.3 views

Windows Cloud Files Mini Filter Driver Information Disclosure Vulnerability

Exposure of sensitive information to an unauthorized actor in Windows Cloud Files Mini Filter Driver allows an authorized attacker to disclose information locally...

5.5CVSS6.5AI score0.00567EPSS
Exploits0
EUVD
EUVD
added 2025/10/03 8:7 p.m.3 views

EUVD-2021-3594

Malicious code in bioql PyPI...

5.5CVSS5.8AI score0.00091EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2023-54043

Malicious code in bioql PyPI...

8.4CVSS6.5AI score0.00084EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2025/08/10 12:0 a.m.4 views

Linux Distros Unpatched Vulnerability : CVE-2019-9245

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Android kernel in the f2fs driver there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure...

4.4CVSS6.4AI score0.00186EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/08/08 12:0 a.m.4 views

Linux Distros Unpatched Vulnerability : CVE-2021-0938

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In memzeroexplicit of compiler-clang.h, there is a possible bypass of defense in depth due to uninitialized data. This could lead to local information disclosur...

5.5CVSS6.2AI score0.0015EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/08/08 12:0 a.m.3 views

Linux Distros Unpatched Vulnerability : CVE-2020-26978

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Using techniques that built on the slipstream research, a malicious webpage could have exposed both an internal network's hosts as well as services running on t...

6.1CVSS7.9AI score0.01266EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/06/11 1:15 p.m.12 views

CVE-2025-35941 mySCADA PRO Manager Password Disclosure

A password is exposed locally...

5.5CVSS0.00284EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/06/11 12:0 a.m.3 views

mySCADA PRO Manager 安全漏洞

mySCADA PRO Manager is a monitoring and control software for industrial processes from the Czech company mySCADA. A security vulnerability exists in mySCADA PRO Manager that stems from a local exposure of passwords...

5.5CVSS6.4AI score0.00284EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/05/23 3:1 a.m.7 views

CVE-2023-21335

In Settings, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation...

5.5CVSS5.5AI score0.00101EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 10:58 p.m.5 views

CVE-2022-32645

In vow, there is a possible information disclosure due to a race condition. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07494477; Issue ID: ALPS07494477...

4.1CVSS6.1AI score0.00094EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 5:17 p.m.5 views

CVE-2020-0274

In the OMX parser, there is a possible information disclosure due to a returned raw pointer. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-120781925...

5.5CVSS4.9AI score0.0014EPSS
Exploits0References1
OSV
OSV
added 2025/05/05 3:15 a.m.3 views

CVE-2025-20665

In devinfo, there is a possible information disclosure due to a missing SELinux policy. This could lead to local information disclosure of device identifier with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS09555228; Issue ID: MSV-2760...

5.5CVSS5.9AI score
Exploits0References1
SUSE CVE
SUSE CVE
added 2025/01/30 3:47 a.m.3 views

SUSE CVE-2025-24354

imgproxy is server for resizing, processing, and converting images. Imgproxy does not block the 0.0.0.0 address, even with IMGPROXYALLOWLOOPBACKSOURCEADDRESSES set to false. This can expose services on the local host. This vulnerability is fixed in 3.27.2...

5.3CVSS6.6AI score0.00844EPSS
Exploits0References3
OSV
OSV
added 2024/11/13 6:15 p.m.3 views

CVE-2024-43084

In visitUris of multiple files, there is a possible information disclosure due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation...

5.5CVSS5.9AI score0.00095EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2024/09/30 12:0 a.m.4 views

PT-2024-29689 · Atos · Atos Eviden Icare

Name of the Vulnerable Software and Affected Versions: Atos Eviden iCare versions 2.7.1 through 2.7.11 Description: The application exposes a web interface locally. In the worst-case scenario, if the application is remotely accessible, it allows an attacker to execute arbitrary commands with syst...

10CVSS7.8AI score0.00547EPSS
Exploits0References8
CNNVD
CNNVD
added 2024/08/29 12:0 a.m.4 views

Ollama 安全漏洞

Ollama is a large language model from the Ollama open source that can be started and run locally. A security vulnerability exists in Ollama versions prior to 0.1.47, which stems from the extractFromZipFile function being able to extract ZIP archive members outside of the parent directory...

9.1CVSS7AI score0.02581EPSS
Exploits2References3
Rows per page
Query Builder