Lucene search
K

227 matches found

CVE
CVE
added 2025/06/18 9:33 a.m.92 views

CVE-2025-38060

CVE-2025-38060 – Linux kernel (BPF verifier): The issue arises because copy_verifier_state() does not copy the .loop_entry field, allowing env->cur_state and env->stack to become inconsistent and potentially poison states. The fix requires copying loop_entry in copy_verifier_state() and ens...

5.5CVSS6.5AI score0.00146EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2025/06/18 9:33 a.m.5 views

CVE-2025-38060 bpf: copy_verifier_state() should copy 'loop_entry' field

In the Linux kernel, the following vulnerability has been resolved: bpf: copyverifierstate should copy 'loopentry' field The bpfverifierstate.loopentry state should be copied by copyverifierstate. Otherwise, .loopentry values from unrelated states would poison env-curstate. Additionally, env-stac...

5.5CVSS6.1AI score0.00146EPSS
Exploits0References6
OSV
OSV
added 2025/06/04 5:15 p.m.6 views

UBUNTU-CVE-2025-2336

Improper sanitization of the value of the 'href' and 'xlink:href' attributes in '' SVG elements in AngularJS's 'ngSanitize' module allows attackers to bypass common image source restrictions. This can lead to a form of Content Spoofing https://owasp.org/www-community/attacks/ContentSpoofing and...

4.8CVSS5.8AI score0.00354EPSS
Exploits0References6
OSV
OSV
added 2025/06/04 4:32 p.m.4 views

CVE-2025-2336 AngularJS improper sanitization in SVG '<image>' element with 'ngSanitize'

Improper sanitization of the value of the 'href' and 'xlink:href' attributes in '' SVG elements in AngularJS's 'ngSanitize' module allows attackers to bypass common image source restrictions. This can lead to a form of Content Spoofing https://owasp.org/www-community/attacks/ContentSpoofing and...

4.8CVSS7AI score0.00354EPSS
Exploits0References8
Debian CVE
Debian CVE
added 2025/06/04 4:32 p.m.9 views

CVE-2025-2336

Improper sanitization of the value of the 'href' and 'xlink:href' attributes in '' SVG elements in AngularJS's 'ngSanitize' module allows attackers to bypass common image source restrictions. This can lead to a form of Content Spoofing https://owasp.org/www-community/attacks/ContentSpoofing and...

4.8CVSS6.8AI score0.00354EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/23 7:58 a.m.8 views

CVE-2024-33001

SAP NetWeaver and ABAP platform allows an attacker to impede performance for legitimate users by crashing or flooding the service. An impact of this Denial of Service vulnerability might be long response delays and service interruptions, thus degrading the service quality experienced by legitimat...

6.5CVSS6.9AI score0.00412EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 6:59 a.m.9 views

CVE-2024-56442

Vulnerability of native APIs not being implemented in the NFC service module Impact: Successful exploitation of this vulnerability may cause features to perform abnormally...

7.5CVSS6.8AI score0.00194EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 6:54 a.m.7 views

CVE-2024-13058

An issue exists in SoftIron HyperCloud where authenticated, but non-admin users can create data pools, which could potentially impact the performance and availability of the backend software-defined storage subsystem. This issue only impacts SoftIron HyperCloud and related software products such ...

4.8CVSS6.8AI score0.00417EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 11:29 p.m.3 views

CVE-2022-1099

Adding a very large number of tags to a runner in GitLab CE/EE affecting all versions prior to 14.7.7, 14.8 prior to 14.8.5, and 14.9 prior to 14.9.2 allows an attacker to impact the performance of GitLab...

4.3CVSS6.8AI score0.00861EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 4:40 p.m.6 views

CVE-2020-4100

"HCL Verse for Android was found to employ dynamic code loading. This mechanism allows a developer to specify which components of the application should not be loaded by default when the application is started. Typically, core components and additional dependencies are loaded natively at runtime;...

4.4CVSS7.1AI score0.00281EPSS
Exploits0
Citrix
Citrix
added 2025/05/12 12:0 a.m.28 views

Hotfix XS82ECU1086 - For Citrix Hypervisor 8.2 Cumulative Update 1

Who Should Install This Hotfix? This is a hotfix for customers running Citrix Hypervisor 8.2 Cumulative Update 1 and is only available to customers on theCustomer Success Servicesprogram. All customers who are affected by the issues described inCTX693178 - Citrix Hypervisor Security Bulletinshoul...

6.6AI score0.00723EPSS
Exploits0
Cvelist
Cvelist
added 2025/05/08 6:26 a.m.11 views

CVE-2025-37821 sched/eevdf: Fix se->slice being set to U64_MAX and resulting crash

In the Linux kernel, the following vulnerability has been resolved: sched/eevdf: Fix se-slice being set to U64MAX and resulting crash There is a code path in dequeueentities that can set the slice of a schedentity to U64MAX, which sometimes results in a crash. The offending case is when...

0.00152EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/05/02 3:15 p.m.13 views

CVE-2025-32972

XWiki is a generic wiki platform. In versions starting from 6.1-milestone-1 to before 15.10.12, from 16.0.0-rc-1 to before 16.4.3, and from 16.5.0-rc-1 to before 16.8.0-rc-1, the script API of the LESS compiler in XWiki is incorrectly checking for rights when calling the cache cleaning API, makin...

5.3CVSS6.9AI score0.00412EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/05/01 2:10 p.m.13 views

CVE-2022-49872 net: gso: fix panic on frag_list with mixed head alloc types

In the Linux kernel, the following vulnerability has been resolved: net: gso: fix panic on fraglist with mixed head alloc types Since commit 3dcbdb134f32 "net: gso: Fix skbsegment splat when splitting gsosize mangled skb having linear-headed fraglist", it is allowed to change gsosize of a GRO...

0.00166EPSS
Exploits0References8
CVE
CVE
added 2025/05/01 2:10 p.m.141 views

CVE-2022-49872

The CVE-2022-49872 issue affects the Linux kernel’s net: gso path. A GRO packet can have its gso_size changed and the existing assumption that checking the first list_skb member is sufficient is violated when skbs on the frag_list have differing head_frag heads. This can trigger a BUG_ON in skb_s...

5.5CVSS6.5AI score0.00166EPSS
Exploits0References8Affected Software1
Vulnrichment
Vulnrichment
added 2025/04/30 2:54 p.m.15 views

CVE-2025-32972 The lesscss script service allows cache clearing without programming right

XWiki is a generic wiki platform. In versions starting from 6.1-milestone-1 to before 15.10.12, from 16.0.0-rc-1 to before 16.4.3, and from 16.5.0-rc-1 to before 16.8.0-rc-1, the script API of the LESS compiler in XWiki is incorrectly checking for rights when calling the cache cleaning API, makin...

2.7CVSS6.9AI score0.00412EPSS
Exploits0References3
CVE
CVE
added 2025/04/30 2:54 p.m.64 views

CVE-2025-32972

Vulnerability summary (CVE-2025-32972) : XWiki is affected in versions 6.1-milestone-1 to before 15.10.12, 16.0.0-rc-1 to before 16.4.3, and 16.5.0-rc-1 to before 16.8.0-rc-1. The issue is in the script API of the LESS compiler where it incorrectly checks rights when invoking the cache cleaning A...

5.3CVSS3.7AI score0.00412EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2025/04/29 6:30 p.m.20 views

AngularJS improperly sanitizes SVG elements

Improper sanitization of the value of the 'href' and 'xlink:href' attributes in '' SVG elements in AngularJS allows attackers to bypass common image source restrictions. This can lead to a form of Content Spoofing https://owasp.org/www-community/attacks/ContentSpoofing and also negatively affect...

4.8CVSS6.6AI score0.00375EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2025/04/29 5:15 p.m.3 views

UBUNTU-CVE-2025-0716

Improper sanitization of the value of the 'href' and 'xlink:href' attributes in '' SVG elements in AngularJS allows attackers to bypass common image source restrictions. This can lead to a form of Content Spoofing https://owasp.org/www-community/attacks/ContentSpoofing and also negatively affect...

4.8CVSS5.8AI score0.00375EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2025/04/29 12:0 a.m.7 views

PT-2025-18293 · Xwiki · Xwiki

Name of the Vulnerable Software and Affected Versions: XWiki versions 6.1-milestone-1 through 15.10.12 XWiki versions 16.0.0-rc-1 through 16.4.3 XWiki versions 16.5.0-rc-1 through 16.8.0-rc-1 Description: The script API of the LESS compiler in XWiki is incorrectly checking for rights when calling...

5.3CVSS6.3AI score0.00412EPSS
Exploits0References12
Rows per page
Query Builder