Lucene search
+L

262 matches found

vulnrichment
vulnrichment
added 2025/09/02 4:34 p.m.3 views

CVE-2025-9696 Use of Hard-coded Credentials in SunPower PVS6

The SunPower PVS6's BluetoothLE interface is vulnerable due to its use of hardcoded encryption parameters and publicly accessible protocol details. An attacker within Bluetooth range could exploit this vulnerability to gain full access to the device's servicing interface. This access allows the...

9.4CVSS6.5AI score0.00164EPSS
Exploits0References1
cnnvd
cnnvd
added 2025/07/31 12:0 a.m.5 views

Absolute Secure Access 安全漏洞

Absolute Secure Access is an application from Absolute, Inc. to provide Secure Service Edge SSE optimized for hybrid and mobile working models. A security vulnerability exists in versions prior to Absolute Secure Access 13.56, which stems from a privilege bypass that could result in improperly...

5.1CVSS6.7AI score0.00197EPSS
Exploits0References1
ptsecurity
ptsecurity
added 2024/11/29 12:0 a.m.6 views

PT-2024-35811 · Fcnt · Fcnt Android

Name of the Vulnerable Software and Affected Versions: FCNT Android devices affected versions not specified Description: The issue concerns the exposure of security settings on FCNT Android devices when the screen is unlocked by a user and an attacker can directly operate the device. This can lea...

3.1CVSS7.1AI score0.00205EPSS
Exploits0References6
cve
cve
added 2024/11/15 12:0 a.m.56 views

CVE-2024-50650

Python_book V1.0 is affected by an Incorrect Access Control vulnerability that lets an attacker obtain sensitive information of users by modifying the ID parameter. Root cause appears to be inadequate authorization for ID-based requests. Reported across multiple sources (NVD, Red Hat, CNNVD, CVE ...

7.5CVSS6.4AI score0.00543EPSS
Exploits1References2Affected Software1
jakearchibald
jakearchibald
added 2024/10/18 1:0 a.m.7 views

How should work?

We're finally getting a way to fully style & customise elements! But there's a detail I'd like everyone's opinion on. A brief intro to customisable If you want to hear about it in depth, I talked about it on OTMT, and there's a great post by Una Kravets. But here's a whirlwind tour: / Opt in to t...

6.6AI score
Exploits0
jakearchibald
jakearchibald
added 2024/10/18 1:0 a.m.11 views

How should <selectedoption> work?

We're finally getting a way to fully style & customise elements! But there's a detail I'd like everyone's opinion on. Update: Your feedback was heard, and folks have agreed to change the behaviour here. See the update below. A brief intro to customisable If you want to hear about it in depth, I...

6.6AI score
Exploits0
vulnrichment
vulnrichment
added 2024/09/05 2:24 p.m.27 views

CVE-2024-8445 389-ds-base: server crash while modifying `userpassword` using malformed input (incomplete fix for cve-2024-2199)

The fix for CVE-2024-2199 in 389-ds-base was insufficient to cover all scenarios. In certain product versions, an authenticated user may cause a server crash while modifying userPassword using malformed input...

5.7CVSS6.5AI score0.00423EPSS
Exploits0References3
amd
amd
added 2024/08/13 12:0 a.m.18 views

Efficient Instruction Cache Attacks via Self-Modifying Code Conflicts

Bulletin ID: AMD-SB-7024 Potential Impact: N/A Severity: N/A Summary AMD is aware of a paper titled ‘SMaCK: Efficient Instruction Cache Attacks via Self-Modifying Code Conflicts,’ published by researchers from Iowa State University and Google®. The research paper attempts to extend data-cache-sid...

7.5AI score
Exploits0
cve
cve
added 2024/06/19 3:12 a.m.56 views

CVE-2024-4450

CVE-2024-4450 affects AliExpress Dropshipping with AliNext Lite for WordPress. The issue is a missing capability check in several functions of ImportAjaxController.php, affecting all versions up to 3.3.5. This allows authenticated attackers with subscriber-level access and above to perform action...

6.3CVSS5.8AI score0.00334EPSS
Exploits0References3Affected Software1
vulnrichment
vulnrichment
added 2024/04/16 12:0 a.m.16 views

CVE-2024-0404 Mass Assignment Vulnerability in mintplex-labs/anything-llm

A mass assignment vulnerability exists in the /api/invite/:code endpoint of the mintplex-labs/anything-llm repository, allowing unauthorized creation of high-privileged accounts. By intercepting and modifying the HTTP request during the account creation process via an invitation link, an attacker...

9.1CVSS6.8AI score0.00783EPSS
Exploits1References2
f5
f5
added 2024/04/01 4:14 p.m.70 views

K000139141: liblzma vulnerability CVE-2024-3094

Security Advisory Description Malicious code was discovered in the upstream tarballs of xz, starting with version 5.6.0. Through a series of complex obfuscations, the liblzma build process extracts a prebuilt object file from a disguised test file existing in the source code, which is then used t...

10CVSS9.3AI score0.85974EPSS
Exploits40
nvd
nvd
added 2024/03/02 10:15 p.m.20 views

CVE-2023-52566

In the Linux kernel, the following vulnerability has been resolved: nilfs2: fix potential use after free in nilfsgccachesubmitreaddata In nilfsgccachesubmitreaddata, brelsebh is called to drop the reference count of bh when the call to nilfsdattranslate fails. If the reference count hits 0 and it...

5.5CVSS6.4AI score0.00222EPSS
Exploits0References8
githubexploit
githubexploit
added 2024/02/27 3:31 a.m.430 views

Exploit for OS Command Injection in Zyxel Usg_Flex_100W_Firmware

CVE-2022-30525 Zyxel Firewall Remote Command Injection A py...

10CVSS9.6AI score0.99938EPSS
Exploits27
bdu_fstec
bdu_fstec
added 2024/02/27 12:0 a.m.7 views

The vulnerability of the getParams method in Inductive Automation Ignition software allows a perpetrator to execute arbitrary code.

The vulnerability of the getParams method in Inductive Automation Ignition software lies in the ability to exploit or modify arguments. Exploiting this vulnerability allows a malicious actor to execute arbitrary code by connecting to the server...

10CVSS8AI score0.01386EPSS
Exploits0References5Affected Software1
ptsecurity
ptsecurity
added 2023/12/25 12:0 a.m.4 views

PT-2023-23283 · Sesami · Sesami Planfocus Cpto

Name of the Vulnerable Software and Affected Versions: SESAMI planfocus CPTO Cash Point & Transport Optimizer version 6.3.8.6 718 Description: An issue was discovered in the software, allowing for XSS via the Name field when modifying a client. Recommendations: For SESAMI planfocus CPTO Cash Poin...

4.8CVSS4.9AI score0.0031EPSS
Exploits0References4
code423n4
code423n4
added 2023/10/25 12:0 a.m.12 views

On repaying and taking collateral there is 2 times modifying tokenCollateral[cType][account/sourse]this lead to a problem

Lines of code Vulnerability details Impact when you are repaying your tokenCollateralcTypeaccount is modified 2 times, which leads to incorrect data Proof of Concept On calling repayAllDebtAndFreeTokenCollateral or repayDebtAndFreeTokenCollateral first you are calling modifySAFECollateralization...

7AI score
Exploits0
prion
prion
added 2023/09/04 6:15 p.m.101 views

Design/Logic Flaw

Vyper is a Pythonic Smart Contract Language. For the following probably non-exhaustive list of expressions, the compiler evaluates the arguments from right to left instead of left to right. unsafeadd, unsafesub, unsafemul, unsafediv, powmod256, |, &, ^ bitwise operators, bitwiseor deprecated,...

5CVSS5.1AI score0.00418EPSS
Exploits1References1Affected Software1
vulnrichment
vulnrichment
added 2023/09/04 5:39 p.m.9 views

CVE-2023-40015 Vyper: reversed order of side effects for some operations

Vyper is a Pythonic Smart Contract Language. For the following probably non-exhaustive list of expressions, the compiler evaluates the arguments from right to left instead of left to right. unsafeadd, unsafesub, unsafemul, unsafediv, powmod256, |, &, ^ bitwise operators, bitwiseor deprecated,...

3.7CVSS6.4AI score0.00418EPSS
Exploits1References1
nessus
nessus
added 2023/04/24 12:0 a.m.24 views

Fedora 38 : openvswitch (2023-7da03dc2ae)

The remote Fedora 38 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2023-7da03dc2ae advisory. Update for 3.1.1 2185071, includes fixes for CVE-2023-1668 2186245 Tenable has extracted the preceding description block directly from the Fedora...

8.2CVSS7.8AI score0.01216EPSS
Exploits0References2
nessus
nessus
added 2023/04/20 12:0 a.m.33 views

RHEL 8 : openvswitch2.13 (RHSA-2023:1823)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2023:1823 advisory. Open vSwitch provides standard network bridging functions and support for the OpenFlow protocol for remote per-flow control of traffic. Security Fixe...

8.2CVSS7.7AI score0.01216EPSS
Exploits0References6
Rows per page
Query Builder