Lucene search
K

40449 matches found

CNNVD
CNNVD
added 2025/06/04 12:0 a.m.4 views

Cisco Customer Collaboration Platform 信息泄露漏洞

Cisco Customer Collaboration Platform Cisco CCP is a customer collaboration platform from Cisco USA. Cisco Customer Collaboration Platform suffers from an information disclosure vulnerability that stems from the application's inadequate protection of sensitive information, which can be exploited ...

5.4CVSS6.2AI score0.00302EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/06/04 12:0 a.m.4 views

Acronis Cyber Protect 加密问题漏洞

Acronis Cyber Protect is an all-in-one cyber protection solution for business and enterprise from Acronis Switzerland. Combining backup, anti-malware, cybersecurity and endpoint management capabilities such as vulnerability assessment, URL filtering, patch management, etc. Acronis Cyber Protect i...

5.9CVSS5.9AI score0.00065EPSS
Exploits0References1
BDU FSTEC
BDU FSTEC
added 2025/06/04 12:0 a.m.8 views

The vulnerability of the SAP Financial Consolidation web application lies in the storage of confidential information within a mechanism with no access control. This allows attackers to compromise the confidentiality, integrity, and accessibility of the protected information.

The vulnerability of the SAP Financial Consolidation web application relates to the storage of confidential information within a mechanism without access control. Exploiting this vulnerability could allow an attacker operating remotely to compromise the confidentiality, integrity, and accessibili...

10CVSS5.4AI score0.00573EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2025/06/03 10:48 p.m.15 views

CVE-2025-24015 Deno's AES GCM authentication tags are not verified

Deno is a JavaScript, TypeScript, and WebAssembly runtime. Versions 1.46.0 through 2.1.6 have an issue that affects AES-256-GCM and AES-128-GCM in Deno in which the authentication tag is not being validated. This means tampered ciphertexts or incorrect keys might not be detected, which breaks the...

8.7CVSS0.0024EPSS
Exploits1References4
Vulnrichment
Vulnrichment
added 2025/06/03 10:48 p.m.4 views

CVE-2025-24015 Deno's AES GCM authentication tags are not verified

Deno is a JavaScript, TypeScript, and WebAssembly runtime. Versions 1.46.0 through 2.1.6 have an issue that affects AES-256-GCM and AES-128-GCM in Deno in which the authentication tag is not being validated. This means tampered ciphertexts or incorrect keys might not be detected, which breaks the...

8.7CVSS6.6AI score0.0024EPSS
Exploits1References4
CVE
CVE
added 2025/06/03 10:48 p.m.60 views

CVE-2025-24015

Deno (JavaScript/TypeScript/WebAssembly runtime) versions 1.46.0–2.1.6 suffer from a bug where AES-256-GCM and AES-128-GCM authentication tags are not validated, allowing tampered ciphertexts or incorrect keys to bypass integrity checks. The issue also affects AAD within GCM (set_aad), underminin...

8.7CVSS6.6AI score0.0024EPSS
Exploits1References4Affected Software1
Github Security Blog
Github Security Blog
added 2025/06/03 4:0 p.m.8 views

DNS rebinding attacks explained: The lookup is coming from inside the house!

My colleague Kevin Stubbings mentioned the topic of DNS rebinding attacks in a previous blog post. No worries if you haven't read it yet though--in this article, we'll walk you through the concept of DNS rebinding from scratch, demystify how it works, and explore why it's a serious browser-based...

8.8CVSS9.3AI score0.04036EPSS
Exploits1
Microsoft Secure
Microsoft Secure
added 2025/06/03 4:0 p.m.13 views

How Microsoft Defender for Endpoint is redefining endpoint security

Securing your digital estate with endpoint detection and response EDR across all platforms, devices, and Internet of Things IoT has never been more challenging. A rapidly evolving cyberthreat landscape has seen cyberattacks grow in sophistication, evolving from randomized single domain cyberattac...

7.2AI score
Exploits0
RedHat Linux
RedHat Linux
added 2025/06/03 1:28 a.m.8 views

Moderate: Red Hat Security Advisory: krb5 security update

An update for krb5 is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the C...

5.9CVSS6.8AI score0.00276EPSS
Exploits0References3
BDU FSTEC
BDU FSTEC
added 2025/06/03 12:0 a.m.5 views

The vulnerability of the microprogramming software of Schneider Electric’s programmable logic controller Modicon M340 and its network modules BMXNOE0100, BMXNOE0110, and BMXNOR0200H lies in the insufficient protection of operational data. This allows unauthorized access by intruders to read, modify, or delete data, or to cause malfunctions in the system.

The vulnerability of the microprogramming software of Schneider Electric’s Modicon M340 programmable logic controller, as well as the network modules BMXNOE0100, BMXNOE0110, and BMXNOR0200H, is related to insufficient protection for operational data. Exploiting this vulnerability can allow an...

9CVSS5.5AI score0.00334EPSS
Exploits0References4
BDU FSTEC
BDU FSTEC
added 2025/06/03 12:0 a.m.5 views

The vulnerability of the OneDev collaborative development platform, related to insufficient protection of service data, allows a hacker to read arbitrary files.

The vulnerability of the OneDev collaborative development platform is related to insufficient protection for service data. Exploiting this vulnerability allows a remote attacker to read arbitrary files...

7.8CVSS7.9AI score0.24822EPSS
Exploits1References6Affected Software1
Tenable Nessus
Tenable Nessus
added 2025/06/03 12:0 a.m.17 views

Oracle Linux 9 : kernel (ELSA-2025-8333)

The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2025-8333 advisory. - misc: sgi-gru: fix use-after-free error in grusetcontextoption, grufault and gruhandleusercallos David Arcari RHEL-87254 CVE-2022-3424 - ndisc: use R...

7.8CVSS6.9AI score0.00238EPSS
Exploits0References3
CNNVD
CNNVD
added 2025/06/03 12:0 a.m.3 views

FreeFloat FTP Server 安全漏洞

FreeFloat FTP Server is an FTP service from FreeFloat, Inc. A security vulnerability exists in FreeFloat FTP Server version 1.0, which stems from a buffer overflow problem in the PBSZ command handler...

9.8CVSS7.7AI score0.00565EPSS
Exploits1References1
BDU FSTEC
BDU FSTEC
added 2025/06/03 12:0 a.m.7 views

The vulnerability of the SolidWall WAF, related to insufficient protection of service data, allows attackers to gain unauthorized access to the protected information.

The vulnerability of the SolidWall WAF lies in the insufficient protection of operational data. Exploiting this vulnerability can allow an attacker, operating remotely, to gain unauthorized access to protected information...

4.3CVSS5.5AI score
Exploits0Affected Software1
BDU FSTEC
BDU FSTEC
added 2025/06/03 12:0 a.m.5 views

The vulnerability of the BFCache technology used by Google Chrome and Microsoft Edge browsers allows a hacker to gain unauthorized access to protected information.

The vulnerability of the BFCache technology used by Google Chrome and Microsoft Edge is related to insufficient protection of service data. Exploiting this vulnerability can allow an attacker operating remotely to gain unauthorized access to protected information...

6.4CVSS5.9AI score0.00179EPSS
Exploits0References10Affected Software5
BDU FSTEC
BDU FSTEC
added 2025/06/03 12:0 a.m.4 views

The vulnerability of the Git Utilities module for Drupal CMS systems lies in the insufficient protection of operational data, allowing attackers to gain access to read, modify, or delete data, or execute arbitrary code.

The vulnerability of the Git Utilities module for Drupal CMS systems is related to insufficient protection of operational data. Exploiting this vulnerability can allow an attacker, operating remotely, to gain access to read, modify, or delete data, or execute arbitrary code...

9CVSS5.8AI score0.00365EPSS
Exploits0References5Affected Software1
BDU FSTEC
BDU FSTEC
added 2025/06/03 12:0 a.m.4 views

The vulnerability of Intel microprogramming software, related to insufficient protection of system data, allows attackers to gain unauthorized access to protected information.

The vulnerability of Intel microprogramming software is related to insufficient protection of system data. Exploiting this vulnerability can allow an intruder to gain unauthorized access to protected information...

5.6CVSS6.7AI score0.00147EPSS
Exploits0References6Affected Software2
BDU FSTEC
BDU FSTEC
added 2025/06/03 12:0 a.m.53 views

The vulnerability of the IBM Guardium Data Protection platform regarding data security, related to the leakage of information in error messages, allows attackers to disclose protected information.

The vulnerability of the IBM Guardium Data Protection platform relates to the leakage of information in error messages. Exploiting this vulnerability could allow a malicious actor, operating remotely, to disclose the protected information...

4.3CVSS5.4AI score0.00294EPSS
Exploits0References3Affected Software1
BDU FSTEC
BDU FSTEC
added 2025/06/03 12:0 a.m.5 views

The vulnerability of the IBM Guardium Data Protection platform regarding data security protection, which stems from improper encoding or hiding of output data, allows attackers to load arbitrary files.

The vulnerability of the IBM Guardium Data Protection platform regarding data security protection is related to improper encoding or hiding of output data. Exploiting this vulnerability allows a malicious actor to remotely upload arbitrary files...

6.8CVSS5.6AI score0.00294EPSS
Exploits0References2Affected Software1
BDU FSTEC
BDU FSTEC
added 2025/06/03 12:0 a.m.19 views

The vulnerability of the IBM Guardium Data Protection platform regarding data security protection, related to deficiencies in the authentication mechanism, allows attackers to disclose the protected information.

The vulnerability of the IBM Guardium Data Protection platform relates to deficiencies in its authentication mechanism. Exploiting this vulnerability could allow a malicious actor, operating remotely, to disclose the protected information...

4.3CVSS5.4AI score0.00249EPSS
Exploits0References3Affected Software1
Rows per page
Query Builder