Lucene search
K

332 matches found

Positive Technologies
Positive Technologies
added 2025/09/22 12:0 a.m.3 views

PT-2025-39257

Name of the Vulnerable Software and Affected Versions NVIDIA CUDA Toolkit affected versions not specified Description The NVIDIA CUDA Toolkit contains an issue in the cuobjdump utility. An attacker can trigger a stack-based buffer overflow by causing a user to run cuobjdump on a specially crafted...

7.8CVSS7.8AI score0.00306EPSS
Exploits1References20
BDU FSTEC
BDU FSTEC
added 2025/07/22 12:0 a.m.8 views

The vulnerability of Yandex.Disk’s cloud storage service for the iOS operating system, related to the use of an unreliable search path, allows a hacker to interrupt the search order in order to replace the executable file.

The vulnerability of Yandex.Disk’s cloud storage service for the iOS operating system is related to the use of an unreliable search path. Exploiting this vulnerability could allow a attacker to intercept the search order in order to replace the executable file with a malicious one...

8.8CVSS5.5AI score0.00148EPSS
Exploits0References2Affected Software1
NVD
NVD
added 2025/07/10 3:15 p.m.6 views

CVE-2024-39752

IBM Analytics Content Hub 2.0, 2.1, 2.2, and 2.3 could be vulnerable to malicious file upload by not validating the type of file uploaded to Explore Content. Attackers can make use of this weakness and upload malicious executable files into the system, and it can be sent to victim for performing...

9.8CVSS0.00278EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/07/10 2:15 p.m.10 views

CVE-2024-39752 IBM Analytics Content Hub file upload

IBM Analytics Content Hub 2.0, 2.1, 2.2, and 2.3 could be vulnerable to malicious file upload by not validating the type of file uploaded to Explore Content. Attackers can make use of this weakness and upload malicious executable files into the system, and it can be sent to victim for performing...

6.8CVSS0.00278EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/07/10 2:15 p.m.4 views

CVE-2024-39752 IBM Analytics Content Hub file upload

IBM Analytics Content Hub 2.0, 2.1, 2.2, and 2.3 could be vulnerable to malicious file upload by not validating the type of file uploaded to Explore Content. Attackers can make use of this weakness and upload malicious executable files into the system, and it can be sent to victim for performing...

6.8CVSS6.9AI score0.00278EPSS
Exploits0References1
CVE
CVE
added 2025/07/10 2:15 p.m.29 views

CVE-2024-39752

IBM Analytics Content Hub 2.0–2.3 includes a vulnerability where uploaded files are not validated by type in Explore Content, enabling potential malicious executable uploads. The issue is documented with a high-severity CVSS indicating impact on confidentiality, integrity, and availability. Remed...

9.8CVSS6.4AI score0.00278EPSS
Exploits0References1Affected Software1
GithubExploit
GithubExploit
added 2025/06/25 7:23 p.m.166 views

Exploit for CVE-2025-49144

CVE-2025-49144PoC 📌 CVE-2025-...

7.3CVSS9.1AI score0.00419EPSS
Exploits4
OSV
OSV
added 2025/06/24 1:15 p.m.2 views

UBUNTU-CVE-2025-6435

If a user saved a response from the Network tab in Devtools using the Save As context menu option, that file may not have been saved with the .download file extension. This could have led to the user inadvertently running a malicious executable. This vulnerability was fixed in Firefox 140 and...

8.1CVSS7.2AI score0.00372EPSS
Exploits0References7
ATTACKERKB
ATTACKERKB
added 2025/06/24 12:28 p.m.3 views

CVE-2025-6435

If a user saved a response from the Network tab in Devtools using the Save As context menu option, that file may not have been saved with the .download file extension. This could have led to the user inadvertently running a malicious executable. This vulnerability was fixed in Firefox 140 and...

8.1CVSS5.8AI score0.00372EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2025/06/24 12:28 p.m.3 views

CVE-2025-6435 Save as in Devtools could download files without sanitizing the extension

If a user saved a response from the Network tab in Devtools using the Save As context menu option, that file may not have been saved with the .download file extension. This could have led to the user inadvertently running a malicious executable. This vulnerability was fixed in Firefox 140 and...

7.2AI score0.00372EPSS
Exploits0References4
Cvelist
Cvelist
added 2025/06/24 12:28 p.m.10 views

CVE-2025-6435 Save as in Devtools could download files without sanitizing the extension

If a user saved a response from the Network tab in Devtools using the Save As context menu option, that file may not have been saved with the .download file extension. This could have led to the user inadvertently running a malicious executable. This vulnerability was fixed in Firefox 140 and...

0.00372EPSS
Exploits0References4
CVE
CVE
added 2025/06/24 12:28 p.m.79 views

CVE-2025-6435

CVE-2025-6435 corresponds to a Mozilla Firefox/Thunderbird issue where saving a response from Devtools Network tab via the Save As menu may fail to preserve the .download extension. This could allow a user to inadvertently run a malicious executable. The FreeBSD advisory also notes memory safety ...

8.1CVSS7.2AI score0.00372EPSS
Exploits0References4Affected Software2
Debian CVE
Debian CVE
added 2025/06/24 12:28 p.m.5 views

CVE-2025-6435

If a user saved a response from the Network tab in Devtools using the Save As context menu option, that file may not have been saved with the .download file extension. This could have led to the user inadvertently running a malicious executable. This vulnerability was fixed in Firefox 140 and...

8.1CVSS7.7AI score0.00372EPSS
Exploits0
FreeBSD
FreeBSD
added 2025/06/24 12:0 a.m.9 views

firefox -- multiple vulnerabilities

[email protected] reports: An attacker was able to bypass the connect-src directive of a Content Security Policy by manipulating subdocuments. This would have also hidden the connections from the Network tab in Devtools. When Multi-Account Containers was enabled, DNS requests could have bypass...

9.8CVSS7AI score0.02855EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2025/06/24 12:0 a.m.4 views

PT-2025-26732

Name of the Vulnerable Software and Affected Versions: Firefox versions prior to 140 Description: The issue arises when a user saves a response from the Network tab in Devtools using the Save As context menu option. In this scenario, the saved file may not have the .download file extension,...

9.8CVSS7.8AI score0.09348EPSS
Exploits2References163
RedhatCVE
RedhatCVE
added 2025/05/23 7:29 a.m.4 views

CVE-2024-57276

In Electronic Arts Dragon Age Origins 1.05, the DAUpdaterSVC service contains an unquoted service path vulnerability. This service is configured with insecure permissions, allowing users to modify the executable file path used by the service. The service runs with NT AUTHORITY\SYSTEM privileges,...

7.3CVSS7AI score0.00165EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 6:47 a.m.18 views

CVE-2024-25019

IBM Cognos Controller 11.0.0 and 11.0.1 could be vulnerable to malicious file upload by not validating the type of file uploaded to Journal entry attachments. Attackers can make use of this weakness and upload malicious executable files into the system that can be sent to victims for performing...

9.8CVSS6.6AI score0.00275EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 3:14 a.m.4 views

CVE-2023-22282

WAB-MAT Ver.5.0.0.8 and earlier starts another program with an unquoted file path. Since a registered Windows service path contains spaces and are unquoted, if a malicious executable is placed on a certain path, the executable may be executed with the privilege of the Windows service...

7.3CVSS6.9AI score0.00198EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 12:58 a.m.8 views

CVE-2022-46662

Roxio Creator LJB starts another program with an unquoted file path. Since a registered Windows service path contains spaces and are unquoted, if a malicious executable is placed on a certain path, the executable may be executed with the privilege of the Windows service. The affected product and...

6.7CVSS7AI score0.00431EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 12:20 a.m.8 views

CVE-2022-48191

A vulnerability exists in Trend Micro Maximum Security 2022 17.7 wherein a low-privileged user can write a known malicious executable to a specific location and in the process of removal and restoral an attacker could replace an original folder with a mount point to an arbitrary location, allowin...

7CVSS7.2AI score0.00192EPSS
Exploits0
Rows per page
Query Builder