Lucene search
K

27 matches found

RedhatCVE
RedhatCVE
added 2026/06/22 1:1 p.m.7 views

CVE-2025-70102

A flaw was found in dhcpcd. A specially crafted configuration input may cause the parseoption function to dereference a NULL pointer while processing malformed option data. This issue may result in application termination and a denial of service condition. Mitigation Red Hat is not aware of a...

6.3CVSS5.7AI score0.00169EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2023-32471

Malicious code in bioql PyPI...

6.5CVSS6.5AI score0.0062EPSS
Exploits0References2
Cisco
Cisco
added 2025/10/01 4:0 p.m.8 views

Cisco Unified Communications Manager Stored Cross-Site Scripting Vulnerability

A vulnerability in the web-based management interface of Cisco Unified Communications Manager Unified CM and Cisco Unified Communications Manager Session Management Edition Unified CM SME could allow an authenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of...

4.8CVSS6.3AI score0.00207EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2025/09/03 12:0 a.m.3 views

Linux Distros Unpatched Vulnerability : CVE-2023-41321

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - GLPI stands for Gestionnaire Libre de Parc Informatique is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses...

6.5CVSS6.4AI score0.00738EPSS
Exploits0References2
OSV
OSV
added 2025/06/25 4:41 p.m.3 views

CVE-2025-52569 GitHub.jl lacks validation for user-provided fields

GitForge.jl is a unified interface for interacting with Git "forges." Versions prior to 5.9.1 lack input validation of input validation for user-provided values in certain functions. In the GitHub.repo function, the user can provide any string for the reponame field. These inputs are not validate...

8.7CVSS6.8AI score0.00414EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2025/05/23 7:13 a.m.7 views

CVE-2024-25114

Collabora Online is a collaborative online office suite based on LibreOffice technology. Each document in Collabora Online is opened by a separate "Kit" instance in a different "jail" with a unique directory "jailID" name. For security reasons, this directory name is randomly generated and should...

5.3CVSS6.8AI score0.00471EPSS
Exploits1References1
Nextcloud
Nextcloud
added 2025/05/16 8:7 a.m.14 views

Test remote endpoint is not rate limited

None...

5.3CVSS5.2AI score0.00314EPSS
Exploits0References1Affected Software1
Gentoo Linux
Gentoo Linux
added 2025/05/14 12:0 a.m.15 views

Tracker miners: Sandbox weakness

Background The Tracker miners are a collection of data extractors for the GNOME Tracker. Description A vulnerability has been discovered in Tracker minders. Please review the CVE identifier referenced below for details. Impact Please review the referenced CVE identifier for details. Workaround...

7.7CVSS7.2AI score0.00867EPSS
Exploits1
Gentoo Linux
Gentoo Linux
added 2025/05/12 12:0 a.m.17 views

Mozilla Thunderbird: Multiple Vulnerabilities

Background Mozilla Thunderbird is a popular open-source email client from the Mozilla project. Description Multiple vulnerabilities have been discovered in Mozilla Thunderbird. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for...

9.8CVSS10AI score0.1307EPSS
Exploits2
Palo Alto Networks
Palo Alto Networks
added 2025/04/09 4:0 p.m.45 views

PAN-OS: Authenticated Admin Command Injection Vulnerability in PAN-OS VM-Series

A command injection vulnerability in Palo Alto Networks PAN-OS® software enables an authenticated administrator to bypass system restrictions and run arbitrary commands as a root user. This issue is only applicable to PAN-OS VM-Series. This issue does not affect firewalls that are already deploye...

7.1CVSS7.3AI score0.0054EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2025/03/05 12:0 a.m.9 views

Linux Distros Unpatched Vulnerability : CVE-2024-25629

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - c-ares is a C library for asynchronous DNS requests. aresreadline is used to parse local configuration files such as /etc/resolv.conf, /etc/nsswitch.conf, the...

5.5CVSS7AI score0.00349EPSS
Exploits0References3
OSV
OSV
added 2024/12/16 10:18 p.m.9 views

GHSA-6PFC-W86R-54Q6 Welcome and About GeoServer pages communicate version and revision information

Impact The welcome and about page includes version and revision information about the software in use including library and components used. This information is sensitive from a security point of view because it allows software used by the server to be easily identified. Proof of Concept 1. Welco...

5.3CVSS5.4AI score0.00698EPSS
Exploits1References6
Gentoo Linux
Gentoo Linux
added 2024/12/14 12:0 a.m.13 views

NVIDIA Drivers: Privilege Escalation

Background NVIDIA Drivers are NVIDIA's accelerated graphics driver. Description A vulnerability has been discovered in NVIDIA Drivers. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifier for details. Workaround There is no known...

8.2CVSS7.3AI score0.00338EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2024/12/07 12:0 a.m.12 views

Mozilla Firefox: Multiple Vulnerabilities

Background Mozilla Firefox is a popular open-source web browser from the Mozilla project. Description Multiple vulnerabilities have been discovered in Mozilla Firefox. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details...

9.8CVSS7.5AI score0.32568EPSS
Exploits3
Positive Technologies
Positive Technologies
added 2024/05/03 12:0 a.m.4 views

PT-2024-25549 · Macho Themes · Machothemes Cpo Companion

Name of the Vulnerable Software and Affected Versions: MachoThemes CPO Companion versions 1.1.0 and earlier Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting, which allows Stored XSS. This means that an attacker ca...

6.5CVSS5.6AI score0.00315EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2024/04/04 12:0 a.m.5 views

PT-2024-23729 · Ecshop · Ecshop

Name of the Vulnerable Software and Affected Versions: ECshop versions 4.x Description: The issue allows an attacker to obtain sensitive information via the file/article.php component. This is achieved through a SQL Injection vulnerability, which enables the attacker to manipulate database querie...

7.5CVSS7.3AI score0.00586EPSS
Exploits0References4
Palo Alto Networks
Palo Alto Networks
added 2019/03/20 9:20 p.m.7 views

Privilege Escalation in PAN-OS

Palo Alto Networks is aware of an integer overflow vulnerability in the Linux kernel's createelftables function. Ref PAN-105966, CVE-2018-14634 Successful exploitation of this issue may allow an unprivileged local user to escalate their privileges on the system. To successfully exploit this...

7.8CVSS8.3AI score0.14806EPSS
Exploits6References1
Gentoo Linux
Gentoo Linux
added 2005/03/06 12:0 a.m.19 views

Hashcash: Format string vulnerability

Background Hashcash is a utility for generating Hashcash tokens, a proof-of-work system to reduce the impact of spam. Description Tavis Ormandy of the Gentoo Linux Security Audit Team identified a flaw in the Hashcash utility that an attacker could expose by specifying a malformed reply address...

7.5CVSS6.9AI score0.02884EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2005/03/01 12:0 a.m.20 views

GLSA-200502-30 : cmd5checkpw: Local password leak vulnerability

The remote host is affected by the vulnerability described in GLSA-200502-30 cmd5checkpw: Local password leak vulnerability Florian Westphal discovered that cmd5checkpw is installed setuid cmd5checkpw but does not drop privileges before calling execvp, so the invoked program retains the cmd5check...

2.1CVSS5.5AI score0.00318EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2005/02/14 12:0 a.m.18 views

GLSA-200501-20 : o3read: Buffer overflow during file conversion

The remote host is affected by the vulnerability described in GLSA-200501-20 o3read: Buffer overflow during file conversion Wiktor Kopec discovered that the parsehtml function in o3read.c copies any number of bytes into a 1024-byte t array. Impact : Using a specially crafted file, possibly...

10CVSS6.2AI score0.10436EPSS
Exploits1References3
Rows per page
Query Builder