Lucene search
K

3627 matches found

CVE
CVE
added 2025/03/04 4:29 p.m.75 views

CVE-2025-27155

CVE-2025-27155 affects the Pinecone project’s Pinecone Simulator (pineconesim) included in Pinecone up to commit ea4c337. The vulnerability is an in-memory/stored Cross-Site Scripting (XSS) flaw in pineconesim, where stored payloads are wiped only on restart (not permanent). This aligns with the ...

6.1CVSS6AI score0.00217EPSS
Exploits0References2
Veracode
Veracode
added 2025/03/04 2:26 a.m.9 views

Arbitrary IRC Command Execution

matrix-appservice-irc is vulnerable to arbitrary IRC command execution. The vulnerability is due to improper command handling, which allows an attacker to inject and execute arbitrary IRC commands as their own puppeted user...

4.3CVSS8AI score0.00354EPSS
Exploits0References3Affected Software1
CNNVD
CNNVD
added 2025/03/04 12:0 a.m.2 views

Pinecone 安全漏洞

Pinecone is a point-to-point overlay routing for the Matrix ecosystem from the Matrix Foundation. A security vulnerability exists in versions prior to Pinecone ea4c337 that stems from vulnerability to stored cross-site scripting attacks...

6.1CVSS5.7AI score0.00217EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2025/02/27 9:1 p.m.21 views

CVE-2025-27146

matrix-appservice-irc is a Node.js IRC bridge for Matrix. The matrix-appservice-irc bridge up to version 3.0.3 contains a vulnerability which can lead to arbitrary IRC command execution as the puppeted user. The attacker can only inject commands executed as their own IRC user. The vulnerability h...

4.3CVSS7.2AI score0.00354EPSS
Exploits0References1
NVD
NVD
added 2025/02/25 8:15 p.m.37 views

CVE-2025-27146

matrix-appservice-irc is a Node.js IRC bridge for Matrix. The matrix-appservice-irc bridge up to version 3.0.3 contains a vulnerability which can lead to arbitrary IRC command execution as the puppeted user. The attacker can only inject commands executed as their own IRC user. The vulnerability h...

4.3CVSS0.00354EPSS
Exploits0References2
OSV
OSV
added 2025/02/25 8:4 p.m.25 views

CVE-2025-27146 Matrix IRC Bridge allows IRC command injection to own puppeted user

matrix-appservice-irc is a Node.js IRC bridge for Matrix. The matrix-appservice-irc bridge up to version 3.0.3 contains a vulnerability which can lead to arbitrary IRC command execution as the puppeted user. The attacker can only inject commands executed as their own IRC user. The vulnerability h...

2.7CVSS7.3AI score0.00354EPSS
Exploits0References4
CVE
CVE
added 2025/02/25 8:4 p.m.67 views

CVE-2025-27146

Summary (CVE-2025-27146): The Matrix-based bridge matrix-appservice-irc (Node.js) up to version 3.0.3 contains a vulnerability that allows an attacker to inject and execute arbitrary IRC commands as their own puppeted user. The issue is resolved in version 3.0.4. Multiple connected sources corrob...

4.3CVSS4.4AI score0.00354EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2025/02/25 8:4 p.m.8 views

CVE-2025-27146 Matrix IRC Bridge allows IRC command injection to own puppeted user

matrix-appservice-irc is a Node.js IRC bridge for Matrix. The matrix-appservice-irc bridge up to version 3.0.3 contains a vulnerability which can lead to arbitrary IRC command execution as the puppeted user. The attacker can only inject commands executed as their own IRC user. The vulnerability h...

2.7CVSS4.3AI score0.00354EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/02/25 8:4 p.m.39 views

CVE-2025-27146 Matrix IRC Bridge allows IRC command injection to own puppeted user

matrix-appservice-irc is a Node.js IRC bridge for Matrix. The matrix-appservice-irc bridge up to version 3.0.3 contains a vulnerability which can lead to arbitrary IRC command execution as the puppeted user. The attacker can only inject commands executed as their own IRC user. The vulnerability h...

2.7CVSS0.00354EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2025/02/25 6:29 p.m.18 views

Matrix IRC Bridge allows IRC command injection to own puppeted user

Impact The matrix-appservice-irc bridge up to version 3.0.3 contains a vulnerability which can lead to arbitrary IRC command execution as the puppeted user. The attacker can only inject commands executed as their own IRC user. Patches The vulnerability has been patched in matrix-appservice-irc...

4.3CVSS7.1AI score0.00354EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2025/02/25 6:29 p.m.6 views

GHSA-5MVM-89C9-9GM5 Matrix IRC Bridge allows IRC command injection to own puppeted user

Impact The matrix-appservice-irc bridge up to version 3.0.3 contains a vulnerability which can lead to arbitrary IRC command execution as the puppeted user. The attacker can only inject commands executed as their own IRC user. Patches The vulnerability has been patched in matrix-appservice-irc...

2.7CVSS7.3AI score0.00354EPSS
Exploits0References4
CNNVD
CNNVD
added 2025/02/25 12:0 a.m.4 views

matrix-appservice-irc 安全漏洞

matrix-appservice-irc is a bridge for Matrix. This bridge passes all IRC messages to Matrix and all Matrix messages to IRC. A security vulnerability exists in matrix-appservice-irc version 3.0.3 and earlier. An attacker can exploit this vulnerability to execute arbitrary IRC commands...

4.3CVSS7AI score0.00354EPSS
Exploits0References2
CISA
CISA
added 2025/02/20 12:0 p.m.2 views

CISA Releases Seven Industrial Control Systems Advisories

CISA released seven Industrial Control Systems ICS advisories on February 20, 2025. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-25-051-01 ABB ASPECT-Enterprise, NEXUS, and MATRIX Series ICSA-25-051-02 ABB FLXEON...

7AI score
Exploits0References7
AstraLinux
AstraLinux
added 2025/02/11 7:35 a.m.5 views

Astra Linux – Vulnerability in Thunderbird

matrix-js-sdk is a client-server SDK for the Matrix messaging protocol, designed for JavaScript. Version 34.11.0 and earlier of matrix-js-sdk was vulnerable to client-side path traversal attacks through crafted MXC URIs. A malicious room member could trigger clients using matrix-js-sdk to send...

5.3CVSS7.7AI score0.00842EPSS
Exploits0References2
BDU FSTEC
BDU FSTEC
added 2025/02/11 12:0 a.m.5 views

The vulnerability of the application and service integration tool based on the Matrix protocol, Matrix Hookshot, arises from insufficient checking of unusual or exceptional states, allowing a hacker to trigger a service failure.

The vulnerability of the application and service integration tool based on the Matrix Protocol, Matrix Hookshot, is related to insufficient checking of unusual or exceptional states during connection to the GitHub platform. Exploiting this vulnerability can allow a remote attacker to cause servic...

6.8CVSS5.6AI score0.00436EPSS
Exploits0References4Affected Software1
BDU FSTEC
BDU FSTEC
added 2025/02/10 12:0 a.m.5 views

The vulnerability of the ABB ASPECT-Enterprise system for managing technological processes, as well as the micro-program software used for controllers of the ABB MATRIX and NEXUS series, stems from the use of rigidly encrypted account data. This vulnerability allows a perpetrator to execute arbitrary codes.

The vulnerability of the ABB ASPECT-Enterprise system for managing technological processes, as well as the microsoftware used for controllers of the ABB MATRIX and NEXUS series, stems from the use of rigidly encoded account data. Exploiting this vulnerability could allow a malicious actor to...

10CVSS5.9AI score0.00575EPSS
Exploits1References2Affected Software4
RedhatCVE
RedhatCVE
added 2025/02/08 4:23 a.m.10 views

CVE-2024-51547

Use of Hard-coded Credentials vulnerability in ABB ASPECT-Enterprise, ABB NEXUS Series, ABB MATRIX Series.This issue affects ASPECT-Enterprise: through 3.; NEXUS Series: through 3.; MATRIX Series: through 3...

9.8CVSS9.5AI score0.00575EPSS
Exploits1References1
OSV
OSV
added 2025/02/06 5:15 a.m.4 views

CVE-2024-51547

Use of Hard-coded Credentials vulnerability in ABB ASPECT-Enterprise, ABB NEXUS Series, ABB MATRIX Series.This issue affects ASPECT-Enterprise: through 3.; NEXUS Series: through 3.; MATRIX Series: through 3...

9.8CVSS5.8AI score0.00575EPSS
Exploits1References1
NVD
NVD
added 2025/02/06 5:15 a.m.20 views

CVE-2024-51547

Use of Hard-coded Credentials vulnerability in ABB ASPECT-Enterprise, ABB NEXUS Series, ABB MATRIX Series.This issue affects ASPECT-Enterprise: through 3.; NEXUS Series: through 3.; MATRIX Series: through 3...

9.8CVSS0.00575EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/02/06 4:47 a.m.8 views

CVE-2021-37657

TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can cause undefined behavior via binding a reference to null pointer in all operations of type tf.rawops.MatrixDiagV. The implementation has incomplete validation that the value of k is a valid...

7.8CVSS6.7AI score0.00167EPSS
Exploits0References1
Rows per page
Query Builder