Lucene search
K

2293 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2025/04/22 8:28 p.m.11 views

Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server shipped with IBM WebSphere Remote Server CVE-2025-27907

Summary IBM WebSphere Application Server is shipped with IBM WebSphere Remote Server. Information about a security vulnerability affecting IBM WebSphere Application Server has been published in a security bulletin. Vulnerability Details Refer to the security bulletins listed in the...

4.1CVSS6.5AI score0.0028EPSS
Exploits0Affected Software1
OSV
OSV
added 2025/04/20 12:5 p.m.3 views

MAL-2025-191831 Malicious code in pyapiepo (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 69aee56f4c3bce704bc65574959aee0226417e4d6a6e05e662d6fa235c12815f Campaign is split into multiple packages that altogether exfiltrates data from desktop Telegram application. 1. "pyapiepo" is a cover package that provides som...

7AI score
Exploits0References1
OSV
OSV
added 2025/04/20 12:5 p.m.4 views

MAL-2025-191943 Malicious code in zmaker (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 2f4ac88a121488df2fdfa1cb5409f3443f658a30d679f20acc41dd2c656bd3b8 Campaign is split into multiple packages that altogether exfiltrates data from desktop Telegram application. 1. "pyapiepo" is a cover package that provides som...

7AI score
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2025/04/11 12:0 a.m.10 views

SAP NetWeaver AS ABAP XSS (3559307)

The remote SAP NetWeaver ABAP server may be affected by an information disclosure vulnerability. SAP NetWeaver Application Server ABAP does not sufficiently encode user-controlled inputs, leading to Stored Cross-Site Scripting XSS vulnerability. This enables an attacker, without requiring any...

4.7CVSS5.5AI score0.00209EPSS
Exploits0References3
The Hacker News
The Hacker News
added 2025/03/28 6:6 a.m.19 views

Nine-Year-Old npm Packages Hijacked to Exfiltrate API Keys via Obfuscated Scripts

Cybersecurity researchers have discovered several cryptocurrency packages on the npm registry that have been hijacked to siphon sensitive information such as environment variables from compromised systems. "Some of these packages have lived on npmjs.com for over 9 years, and provide legitimate...

7.4AI score
Exploits0
NVD
NVD
added 2025/03/27 4:15 a.m.27 views

CVE-2025-2835

A vulnerability was found in zhangyd-c OneBlog up to 2.3.9. It has been declared as problematic. Affected by this vulnerability is the function autoLink of the file com/zyd/blog/controller/RestApiController.java. The manipulation leads to server-side request forgery. The attack can be launched...

5.3CVSS0.00323EPSS
Exploits1References5
NVD
NVD
added 2025/03/25 5:15 a.m.13 views

CVE-2024-45482

An Inclusion of Functionality from Untrusted Control Sphere vulnerability in the SSH server on B&R APROL 4.4-00P1 may allow an authenticated local attacker from a trusted remote server to execute malicious commands...

8.5CVSS0.00138EPSS
Exploits0References1
CVE
CVE
added 2025/03/25 4:52 a.m.70 views

CVE-2024-45482

CVE-2024-45482 concerns the B&R APROL product. The SSH server in APROL versions prior to 4.4-00P1 may allow an authenticated local attacker from a trusted remote server to execute malicious commands due to an Inclusion of Functionality from an Untrusted Control Sphere vulnerability. Affected prod...

8.5CVSS7.2AI score0.00138EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/03/22 11:44 a.m.7 views

CVE-2024-6829

A vulnerability in aimhubio/aim version 3.19.3 allows an attacker to exploit the tarfile.extractall function to extract the contents of a maliciously crafted tarfile to arbitrary locations on the host server. The attacker can control repo.path and runhash to bypass directory existence checks and...

9.1CVSS7.1AI score0.0081EPSS
Exploits1References1
The Hacker News
The Hacker News
added 2025/03/18 1:31 p.m.34 views

New Critical AMI BMC Vulnerability Enables Remote Server Takeover and Bricking

A critical security vulnerability has been disclosed in AMI's MegaRAC Baseboard Management Controller BMC software that could allow an attacker to bypass authentication and carry out post-exploitation actions. The vulnerability, tracked as CVE-2024-54085 , carries a CVSS v4 score of 10.0,...

10CVSS8.7AI score0.61202EPSS
Exploits0
OSV
OSV
added 2025/02/25 6:18 p.m.3 views

MAL-2025-191887 Malicious code in tcloud-python-sdks (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 601415ac1e4afe43331c4b78d99e406f34b4a970a365a366cdc0598c5cb22f9c This campaign is built from two parts: 1 packages named like time-check-server, snapshot-photo contain an innocent-looking code that sends "date" to a remote...

7.2AI score
Exploits0References4
OSV
OSV
added 2025/02/25 6:18 p.m.4 views

MAL-2025-191900 Malicious code in time-check-server (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 a5da6618a6f04ceb52acd56bc78e318cb7fbffa07ef3acc041729afe52428c44 This campaign is built from two parts: 1 packages named like time-check-server, snapshot-photo contain an innocent-looking code that sends "date" to a remote...

7.2AI score
Exploits0References4
Schneier on Security
Schneier on Security
added 2025/02/19 3:7 p.m.8 views

Device Code Phishing

This isn't new, but it's increasingly popular: The technique is known as device code phishing. It exploits "device code flow," a form of authentication formalized in the industry-wide OAuth standard. Authentication through device code flow is designed for logging printers, smart TVs, and similar...

7.9AI score
Exploits0
Metasploit
Metasploit
added 2025/02/18 6:55 p.m.510 views

InvokeAI RCE

InvokeAI has a critical vulnerability leading to remote code execution in the /api/v2/models/install API through unsafe model deserialization. The API allows users to specify a model URL, which is downloaded and loaded server-side using torch.load without proper validation. This functionality...

9.8CVSS9.3AI score0.05342EPSS
Exploits5
OSV
OSV
added 2025/02/13 8:34 p.m.11 views

RLSA-2025:0845 Important: git-lfs security update

Git Large File Storage LFS replaces large files such as audio samples, videos, datasets, and graphics with text pointers inside Git, while storing the file contents on a remote server. Security Fixes: git-lfs: Git LFS permits exfiltration of credentials via crafted HTTP URLs CVE-2024-53263 For mo...

8.5CVSS9.3AI score0.0104EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/02/11 12:0 a.m.23 views

Security Update for Microsoft Visual Studio Code (February 2025)

The version of Microsoft Visual Studio Code installed on the remote host is prior to 1.97.1. It is, therefore, affected by multiple vulnerabilities: - An elevation of privilege vulnerability exists in VS Code 1.97.0 and earlier versions for users of the code serve-web command on Windows. An...

7.3CVSS8.3AI score0.00702EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2025/02/05 2:45 p.m.8 views

CVE-2020-6225

SAP NetWeaver Knowledge Management, versions KMC-CM - 7.00, 7.01, 7.02, 7.30, 7.31, 7.40, 7.50 and KMC-WPC 7.30, 7.31, 7.40, 7.50, does not sufficiently validate path information provided by users, thus characters representing traverse to parent directory are passed through to the file APIs,...

9.1CVSS6.9AI score0.01107EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/02/04 10:58 p.m.9 views

CVE-2024-0763

Any user can delete an arbitrary folder recursively on a remote server due to bad input sanitization leading to path traversal. The attacker would need access to the server at some privilege level since this endpoint is protected and requires authorization...

8.1CVSS7.1AI score0.00901EPSS
Exploits1References1
RedHat Linux
RedHat Linux
added 2025/01/30 4:56 a.m.12 views

Important: Red Hat Security Advisory: git-lfs security update

An update for git-lfs is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4 Telecommunications Update Service, and Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions. Red Hat Product Security has rated this update as...

8.5CVSS7.2AI score0.0104EPSS
Exploits0References2
IBM Security Bulletins
IBM Security Bulletins
added 2025/01/28 10:8 p.m.20 views

Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server shipped with WebSphere Service Registry and Repository (CVE-2024-45072)

Summary WebSphere Application Server is shipped as a component of WebSphere Service Registry and Repository. Information about an XML External Entity Injection XXE attack vulnerability affecting WebSphere Application Server has been published in a security bulletin. Vulnerability Details Refer to...

5.5CVSS6.6AI score0.00439EPSS
Exploits0Affected Software1
Rows per page
Query Builder