Lucene search
K

173 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2025/07/29 5:35 p.m.20 views

Security Bulletin: IBM InfoSphere Information Server is vulnerable to sensitive information disclosure (CVE-2025-25045)

Summary A sensitive information disclosure vulnerability in IBM InfoSphere Information Server was addressed. Vulnerability Details CVEID:CVE-2025-25045 DESCRIPTION: IBM InfoSphere Information Server authenticated user to obtain sensitive information when a detailed technical error message is...

4.3CVSS5.2AI score0.00239EPSS
Exploits0Affected Software1
Tenable Nessus
Tenable Nessus
added 2025/07/28 12:0 a.m.5 views

HP OfficeJet Pro Printers Denial of Service (CVE-2023-4694)

Certain HP OfficeJet Pro printers are potentially vulnerable to a Denial of Service when sending a SOAP message to the service on TCP port 3911 that contains a body but no header. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information...

7.5CVSS7.4AI score0.00847EPSS
Exploits0References2
OSV
OSV
added 2025/07/09 4:15 p.m.5 views

CVE-2025-53650

Jenkins Credentials Binding Plugin 687.v619cb15e923f and earlier does not properly mask i.e., replace with asterisks credentials present in exception error messages that are written to the build log...

7.3CVSS6.1AI score
Exploits0References2
Cvelist
Cvelist
added 2025/07/08 5:22 p.m.11 views

CVE-2025-7362 MsUpload: Stored Cross-Site Scripting (XSS) via unsanitized msu-continue system message

The MsUpload extension for MediaWiki is vulnerable to stored XSS via the msu-continue system message, which is inserted into the DOM without proper sanitization. The vulnerability occurs in the file upload UI when the same filename is uploaded twice. This issue affects Mediawiki - MsUpload...

0.0017EPSS
Exploits0References2
NVD
NVD
added 2025/07/08 1:15 p.m.17 views

CVE-2025-27051

Memory corruption while processing command message in WLAN Host...

7.8CVSS0.00087EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/06/26 12:0 a.m.8 views

PT-2025-27013 · Unknown · Infinispan Cli

Name of the Vulnerable Software and Affected Versions: Infinispan CLI affected versions not specified Description: A flaw was found in Infinispan CLI where a sensitive password, decoded from a Base64-encoded Kubernetes secret, is processed in plaintext. This password is included in a command stri...

6.2CVSS7AI score0.00137EPSS
Exploits0References9
Cvelist
Cvelist
added 2025/06/21 6:31 a.m.22 views

CVE-2025-6401 TOTOLINK N300RH HTTP POST Message formFilter denial of service

A vulnerability was found in TOTOLINK N300RH 6.1c.1390B20191101. It has been classified as problematic. This affects an unknown part of the file /boafrm/formFilter of the component HTTP POST Message Handler. The manipulation of the argument url leads to denial of service. The exploit has been...

5.1CVSS0.00441EPSS
Exploits1References6
Positive Technologies
Positive Technologies
added 2025/06/20 12:0 a.m.5 views

PT-2025-26316 · Coros · Coros Pace 3

Name of the Vulnerable Software and Affected Versions: COROS PACE 3 versions 3.0808.0 and earlier Description: The issue is caused by a NULL pointer dereference vulnerability. Sending a crafted BLE message can force the device to reboot. Recommendations: For COROS PACE 3 versions 3.0808.0 and...

7.5CVSS6.3AI score0.00446EPSS
Exploits1References5
Cvelist
Cvelist
added 2025/06/20 12:0 a.m.10 views

CVE-2025-48705

An issue was discovered in COROS PACE 3 through 3.0808.0. Due to a NULL pointer dereference vulnerability, sending a crafted BLE message forces the device to reboot...

0.00446EPSS
Exploits1References2
RedhatCVE
RedhatCVE
added 2025/05/23 9:55 a.m.8 views

CVE-2024-28120

codeium-chrome is an open source code completion plugin for the chrome web browser. The service worker of the codeium-chrome extension doesn't check the sender when receiving an external message. This allows an attacker to host a website that will steal the user's Codeium api-key, and thus...

7.5CVSS7AI score0.00647EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/23 6:44 a.m.6 views

CVE-2024-47248

Buffer Copy without Checking Size of Input 'Classic Buffer Overflow' vulnerability in Apache NimBLE. Specially crafted MESH message could result in memory corruption when non-default build configuration is used. This issue affects Apache NimBLE: through 1.7.0. Users are recommended to upgrade to...

6.3CVSS7AI score0.00692EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 3:37 a.m.9 views

CVE-2023-45137

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. org.xwiki.platform:xwiki-platform-web starting in version 3.1-milestone-2 and prior to version 13.4-rc-1, as well as org.xwiki.platform:xwiki-platform-web-templates prior to versions 14.10.12...

9CVSS6.6AI score0.00623EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/23 12:23 a.m.13 views

CVE-2022-4770

Hitachi Vantara Pentaho Business Analytics Server prior to versions 9.4.0.0 and 9.3.0.2, including 8.3.x display the full parametrized SQL query in an error message when an invalid character is used within a Pentaho Report .prpt...

4.3CVSS7.4AI score0.00435EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 3:51 p.m.9 views

CVE-2020-1444

A remote code execution vulnerability exists in the way Microsoft SharePoint software parses specially crafted email messages, aka 'Microsoft SharePoint Remote Code Execution Vulnerability'...

4.3CVSS8.1AI score0.0909EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/22 4:46 a.m.10 views

CVE-2013-1152

Cisco Adaptive Security Appliances ASA devices with software 9.0 before 9.01.2 allow remote attackers to cause a denial of service device reload via a crafted field in a DNS message, aka Bug ID CSCuc80080...

7.8CVSS6.9AI score0.01532EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 3:51 a.m.10 views

CVE-2013-1149

Cisco Adaptive Security Appliances ASA devices with software 7.x before 7.25.10, 8.0 before 8.05.28, 8.1 and 8.2 before 8.25.35, 8.3 before 8.32.34, 8.4 before 8.44.11, 8.6 before 8.61.10, and 8.7 before 8.71.3, and Cisco Firewall Services Module FWSM software 3.1 and 3.2 before 3.224.1 and 4.0 a...

7.8CVSS6.9AI score0.01333EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 1:51 a.m.6 views

CVE-2013-3671

The formatline function in log.c in libavutil in FFmpeg before 1.2.1 uses inapplicable offset data during a certain category calculation, which allows remote attackers to cause a denial of service invalid pointer dereference and application crash via crafted data that triggers a log message...

4.3CVSS6.8AI score0.01357EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/04/28 8:55 p.m.16 views

CVE-2025-0049 Disclosure of sensitive information in an error message in GoAnywhere prior to version 7.8.0

When a Web User without Create permission on subfolders attempts to upload a file to a non-existent directory, the error message includes the absolute server path which may allow Fuzzing for application mapping. This issue affects GoAnywhere: before 7.8.0...

3.5CVSS4.1AI score0.00213EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2025/04/21 3:30 a.m.15 views

GoBGP does not verify that the input length

An issue was discovered in GoBGP before 3.35.0. pkg/packet/rtr/rtr.go does not verify that the input length corresponds to a situation in which all bytes are available for an RTR message...

9.8CVSS7AI score0.00474EPSS
Exploits0References4Affected Software2
NVD
NVD
added 2025/04/21 1:15 a.m.21 views

CVE-2025-43973

An issue was discovered in GoBGP before 3.35.0. pkg/packet/rtr/rtr.go does not verify that the input length corresponds to a situation in which all bytes are available for an RTR message...

9.8CVSS0.00474EPSS
Exploits0References2
Rows per page
Query Builder