Lucene search
K

2293 matches found

RedHat Linux
RedHat Linux
added 2026/01/27 9:10 a.m.9 views

urllib3: urllib3: Unbounded decompression chain leads to resource exhaustion

A flaw was found in urllib3 Python library that could lead to a Denial of Service condition. A remote, malicious server can exploit this flaw by responding to a client request with an HTTP message that uses an excessive number of chained compression algorithms. This unlimited decompression chain...

8.9CVSS5.7AI score0.00622EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2026/01/27 8:39 a.m.5 views

urllib3: urllib3: Unbounded decompression chain leads to resource exhaustion

A flaw was found in urllib3 Python library that could lead to a Denial of Service condition. A remote, malicious server can exploit this flaw by responding to a client request with an HTTP message that uses an excessive number of chained compression algorithms. This unlimited decompression chain...

8.9CVSS5.7AI score0.00622EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2026/01/26 3:35 p.m.4 views

urllib3: urllib3: Unbounded decompression chain leads to resource exhaustion

A flaw was found in urllib3 Python library that could lead to a Denial of Service condition. A remote, malicious server can exploit this flaw by responding to a client request with an HTTP message that uses an excessive number of chained compression algorithms. This unlimited decompression chain...

8.9CVSS5.7AI score0.00622EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2026/01/26 3:3 p.m.6 views

urllib3: urllib3: Unbounded decompression chain leads to resource exhaustion

A flaw was found in urllib3 Python library that could lead to a Denial of Service condition. A remote, malicious server can exploit this flaw by responding to a client request with an HTTP message that uses an excessive number of chained compression algorithms. This unlimited decompression chain...

8.9CVSS5.7AI score0.00622EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2026/01/26 2:19 p.m.4 views

urllib3: urllib3: Unbounded decompression chain leads to resource exhaustion

A flaw was found in urllib3 Python library that could lead to a Denial of Service condition. A remote, malicious server can exploit this flaw by responding to a client request with an HTTP message that uses an excessive number of chained compression algorithms. This unlimited decompression chain...

8.9CVSS5.7AI score0.00622EPSS
Exploits0References6
The Hacker News
The Hacker News
added 2026/01/20 11:48 a.m.11 views

Evelyn Stealer Malware Abuses VS Code Extensions to Steal Developer Credentials and Crypto

Cybersecurity researchers have disclosed details of a malware campaign that's targeting software developers with a new information stealer called Evelyn Stealer by weaponizing the Microsoft Visual Studio Code VS Code extension ecosystem. "The malware is designed to exfiltrate sensitive informatio...

6.3AI score
Exploits0
IBM Security Bulletins
IBM Security Bulletins
added 2026/01/12 3:9 p.m.6 views

Security Bulletin: IBM HTTP Server, which is bundled with WebSphere Remote Server, is affected by multiple vulnerabilities due to libexpat and the included Apache HTTP Server

Summary IBM HTTP Server is shipped with IBM WebSphere Remote Server. Information about security vulnerabilities affecting IBM HTTP Server has been published in a security bulletin Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Products and...

6.5AI score
Exploits0Affected Software1
RedhatCVE
RedhatCVE
added 2026/01/09 11:53 a.m.7 views

CVE-2009-4103

Buffer overflow in Robo-FTP 3.6.17, and possibly other versions, allows remote FTP servers to cause a denial of service and possibly execute arbitrary code via unspecified FTP server responses. NOTE: the provenance of this information is unknown; the details are obtained solely from third party...

9.3CVSS8.3AI score0.02408EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 9:36 a.m.4 views

CVE-2024-34684

On Unix, SAP BusinessObjects Business Intelligence Platform Scheduling allows an authenticated attacker with administrator access on the local server to access the password of a local account. As a result, an attacker can obtain non-administrative user credentials, which will allow them to read o...

6CVSS6.5AI score0.00143EPSS
Exploits0References1
The Hacker News
The Hacker News
added 2026/01/06 5:21 p.m.14 views

Two Chrome Extensions Caught Stealing ChatGPT and DeepSeek Chats from 900,000 Users

Cybersecurity researchers have discovered two new malicious extensions on the Chrome Web Store that are designed to exfiltrate OpenAI ChatGPT and DeepSeek conversations alongside browsing data to servers under the attackers' control. The names of the extensions, which collectively have over 900,0...

6.4AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/01/05 11:50 p.m.6 views

Malicious code in auto-backup-macos (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 64b97d3c3597539dc5a2cc2d81491eb2a0350011b3d80ef927546bc30701f924 Package performs a "backup" of files to a remote location. This functionality is clearly described, but the user has no control over the remote location where...

5.6AI score
Exploits0References10
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/01/05 11:49 p.m.5 views

Malicious code in auto-backup-wins (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 c75087101c3ef272d35e87c1e17c5455e788fec5b5aabb6a61c42362a180b30e Package performs a "backup" of files to a remote location. This functionality is clearly described, but the user has no control over the remote location where...

5.6AI score
Exploits0References10
IBM Security Bulletins
IBM Security Bulletins
added 2026/01/03 6:58 p.m.5 views

Security Bulletin: IBM WebSphere Application Server and IBM WebSphere Application Server Liberty, which are bundled with WebSphere Remote Server, are affected by cross-site scripting (CVE-2025-12635)

Summary IBM WebSphere Application Server and IBM WebSphere Application Server Liberty are shipped with IBM WebSphere Remote Server. Information about a security vulnerability affecting IBM WebSphere Application Server and IBM WebSphere Application Server Liberty has been published in a security...

5.4CVSS5.6AI score0.00139EPSS
Exploits0Affected Software1
OSV
OSV
added 2025/12/11 2:16 p.m.2 views

CVE-2025-14516

A vulnerability was found in Yalantis uCrop 2.2.11. Affected by this issue is the function downloadFile of the file com.yalantis.ucrop.task.BitmapLoadTask.java of the component URL Handler. Performing manipulation results in server-side request forgery. The attack may be initiated remotely. The...

8.8CVSS5.4AI score0.00388EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2025/12/10 12:0 a.m.4 views

PT-2025-50502

Name of the Vulnerable Software and Affected Versions Mobile application affected versions not specified Description The mobile application allows clear text traffic to all domains and communicates with an API server over HTTP. This allows an attacker positioned upstream to intercept and modify...

9.1CVSS6.7AI score0.00227EPSS
Exploits0References4
NVD
NVD
added 2025/12/04 2:16 p.m.8 views

CVE-2025-14004

A security flaw has been discovered in dayrui XunRuiCMS up to 4.7.1. Affected is an unknown function of the file /admind45f74adbd95.php?c=email&m=add of the component Email Setting Handler. Performing a manipulation results in server-side request forgery. Remote exploitation of the attack is...

9.8CVSS0.00362EPSS
Exploits1References4
Vulnrichment
Vulnrichment
added 2025/12/04 1:32 p.m.2 views

CVE-2025-14004 dayrui XunRuiCMS Email Setting admind45f74adbd95.php server-side request forgery

A security flaw has been discovered in dayrui XunRuiCMS up to 4.7.1. Affected is an unknown function of the file /admind45f74adbd95.php?c=email&m=add of the component Email Setting Handler. Performing a manipulation results in server-side request forgery. Remote exploitation of the attack is...

5.8CVSS4.7AI score0.00362EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2025/12/04 12:0 a.m.6 views

PT-2025-49022

Name of the Vulnerable Software and Affected Versions XunRuiCMS versions up to 4.7.1 Description A security flaw exists in XunRuiCMS, specifically within the Email Setting Handler component. The issue involves server-side request forgery, potentially allowing remote exploitation. The flaw is...

9.8CVSS4.5AI score0.00362EPSS
Exploits1References9
Snyk
Snyk
added 2025/11/30 1:14 p.m.3 views

Malicious Package

Overview bcryptjs-nodejs is a malicious package. This package contains malicious code associated with a social engineering campaign called "Contagious Interview." The attackers target developers through fake job interviews or coding test assignments that require the installation of this package...

9.8CVSS7.2AI score
Exploits0References3
IBM Security Bulletins
IBM Security Bulletins
added 2025/11/27 1:32 a.m.10 views

Security Bulletin: IBM WebSphere Application Server and WebSphere Application Server Liberty, which are bundled with WebSphere Remote Server, are affected by SMTP injection due to Jakarta Mail

Summary IBM WebSphere Application Server and WebSphere Application Server Liberty are shipped with IBM WebSphere Remote Server. Information about a security vulnerability affecting IBM WebSphere Application Server and WebSphere Application Server Liberty has been published in a security bulletin...

7.5CVSS6.7AI score0.00756EPSS
Exploits0Affected Software1
Rows per page
Query Builder