Lucene search
K

2293 matches found

OSSF Malicious Packages
OSSF Malicious Packages
added 2025/06/15 8:28 p.m.5 views

Malicious code in browser-history-analysis (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 032a326beadf36ce66d29555a7dacc90d6dfc733435dc61852cbc1e5128ee73d When starting the server with expected functionality with potentially sensitive content, the package silently sends the location external IP to a remote...

7AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/06/15 8:28 p.m.4 views

Malicious code in browser-history-analytics (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 e1ac674eaa856956dea531487502bd21a51f5324bdfcaf788645bbbb41eb27f5 When starting the server with expected functionality with potentially sensitive content, the package silently sends the location external IP to a remote...

7AI score
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/06/12 3:21 p.m.12 views

CVE-2024-34711

GeoServer is an open source server that allows users to share and edit geospatial data. An improper URI validation vulnerability exists that enables an unauthorized attacker to perform XML External Entities XEE attack, then send GET request to any HTTP server. By default, GeoServer use...

9.3CVSS9.2AI score0.00262EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 5:30 a.m.8 views

CVE-2023-50178

An improper certificate validation vulnerability CWE-295 in FortiADC 7.4.0, 7.2.0 through 7.2.3, 7.1 all versions, 7.0 all versions, 6.2 all versions, 6.1 all versions and 6.0 all versions may allow a remote and unauthenticated attacker to perform a Man-in-the-Middle attack on the communication...

7.4CVSS7.1AI score0.002EPSS
Exploits0References1
Fedora
Fedora
added 2025/05/23 3:57 a.m.10 views

[SECURITY] Fedora 41 Update: zsync-0.6.2-3.fc41

zsync is a file transfer program. It allows you to download a file from a remote server, where you have a copy of an older version of the file on your computer already. zsync downloads only the new parts of the file. It uses the same algorithm as rsync. However, where rsync is designed for...

9.8CVSS9AI score0.04793EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/23 3:57 a.m.6 views

CVE-2023-46307

An issue was discovered in server.js in etcd-browser 87ae63d75260. By supplying a /../../../ Directory Traversal input to the URL's GET request while connecting to the remote server port specified during setup, an attacker can retrieve local operating system files from the remote system...

7.5CVSS6.8AI score0.01311EPSS
Exploits0
Fedora
Fedora
added 2025/05/23 3:26 a.m.15 views

[SECURITY] Fedora 42 Update: zsync-0.6.2-3.fc42

zsync is a file transfer program. It allows you to download a file from a remote server, where you have a copy of an older version of the file on your computer already. zsync downloads only the new parts of the file. It uses the same algorithm as rsync. However, where rsync is designed for...

9.8CVSS9AI score0.04793EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/22 9:46 p.m.11 views

CVE-2022-45434

Some Dahua software products have a vulnerability of unauthenticated un-throttled ICMP requests on remote DSS Server. After bypassing the firewall access control policy, by sending a specific crafted packet to the vulnerable interface, an attacker could exploit the victim server to launch ICMP...

5.9CVSS7.1AI score0.00661EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 7:44 p.m.7 views

CVE-2021-32198

EmTec ZOC through 8.02.4 allows remote servers to cause a denial of service Windows GUI hang by telling the ZOC window to change its title repeatedly at high speed, which results in many SetWindowTextA or SetWindowTextW calls. In other words, it does not implement a usleep or similar delay upon...

9.8CVSS6.9AI score0.01151EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 6:17 p.m.7 views

CVE-2021-21957

A privilege escalation vulnerability exists in the Remote Server functionality of Dream Report ODS Remote Connector 20.2.16900.0. A specially-crafted command injection can lead to elevated capabilities. An attacker can provide a malicious file to trigger this vulnerability...

8.8CVSS7.7AI score0.01244EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 4:47 p.m.8 views

CVE-2020-7126

A remote server-side request forgery ssrf vulnerability was discovered in Aruba Airwave Software versions: Prior to 1.3.2...

5.8CVSS7AI score0.00816EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 10:24 a.m.7 views

CVE-2019-10290

A missing permission check in Jenkins Netsparker Cloud Scan Plugin 1.1.5 and older in the NCScanBuilder.DescriptorImpldoValidateAPI form validation method allowed attackers with Overall/Read permission to initiate a connection to an attacker-specified server...

6.5CVSS6.5AI score0.01536EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 2:48 a.m.9 views

CVE-2012-4669

M-Link R14.6 before R14.6v14 and R15.1 before R15.1v10 does not verify that a request was made for an XMPP Server Dialback response, which allows remote XMPP servers to spoof domains via responses for domains that were not asserted...

5.8CVSS7AI score0.00875EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/21 9:2 p.m.6 views

CVE-2009-5009

Double free vulnerability in OpenConnect before 1.40 might allow remote AnyConnect SSL VPN servers to cause a denial of service application crash or possibly have unspecified other impact via a crafted DTLS Cipher option during a reconnect operation...

5CVSS7.7AI score0.0098EPSS
Exploits0References1
IBM Security Bulletins
IBM Security Bulletins
added 2025/05/16 8:3 p.m.10 views

Security Bulletin: IBM WebSphere Application Server, which is bundled with WebSphere Remote Server, is affected by a cross-site scripting vulnerability due to user ability to embed arbitrary JavaScript code in the Web UI (CVE-2025-33104)

Summary IBM WebSphere Application Server is shipped with IBM WebSphere Remote Server. Information about a security vulnerability affecting IBM WebSphere Application Server has been published in a security bulletin. Vulnerability Details Refer to the security bulletins listed in the...

7.6CVSS6AI score0.00192EPSS
Exploits0Affected Software1
Cvelist
Cvelist
added 2025/05/07 10:52 p.m.22 views

CVE-2025-0936 On affected platforms running Arista EOS with a gNMI transport enabled, running the gNOI File TransferToRemote RPC with credentials for a remote server may cause these remote-server credentials to be logged or accounted on the local EOS device or possibly

On affected platforms running Arista EOS with a gNMI transport enabled, running the gNOI File TransferToRemote RPC with credentials for a remote server may cause these remote-server credentials to be logged or accounted on the local EOS device or possibly on other remote accounting servers i.e...

6.5CVSS0.00231EPSS
Exploits0References1
CVE
CVE
added 2025/05/07 10:52 p.m.70 views

CVE-2025-0936

CVE-2025-0936 affects Arista EOS with a gNMI transport enabled, where using the gNOI File TransferToRemote RPC with remote-credentials can cause those credentials to be logged on the local EOS device or on remote accounting servers (TACACS, RADIUS). The issue is triggered when the OpenConfig gNOI...

6.5CVSS6.7AI score0.00231EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/05/07 10:52 p.m.7 views

CVE-2025-0936 On affected platforms running Arista EOS with a gNMI transport enabled, running the gNOI File TransferToRemote RPC with credentials for a remote server may cause these remote-server credentials to be logged or accounted on the local EOS device or possibly

On affected platforms running Arista EOS with a gNMI transport enabled, running the gNOI File TransferToRemote RPC with credentials for a remote server may cause these remote-server credentials to be logged or accounted on the local EOS device or possibly on other remote accounting servers i.e...

6.5CVSS6.7AI score0.00231EPSS
Exploits0References1
IBM Security Bulletins
IBM Security Bulletins
added 2025/04/29 2:27 a.m.19 views

Security Bulletin: A security vulnerability has been identified in IBM HTTP Server shipped with IBM WebSphere Remote Server (CVE-2022-25690)

Summary IBM HTTP Server is shipped with IBM WebSphere Remote Server. Information about a security vulnerability affecting IBM HTTP Server has been published in a security bulletin. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Products and...

7.5CVSS7.5AI score0.00363EPSS
Exploits0Affected Software1
Tenable Nessus
Tenable Nessus
added 2025/04/24 12:0 a.m.17 views

Ubuntu 20.04 LTS : Linux kernel (IBM) vulnerabilities (USN-7458-1)

"The remote Ubuntu 20.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-7458-1 advisory. Attila Szsz discovered that the HFS+ file system implementation in the Linux Kernel contained a heap overflow vulnerability. An attacker could use a...

8.1CVSS8AI score0.03558EPSS
Exploits4References357
Rows per page
Query Builder