Lucene search
+L

412 matches found

AlpineLinux
AlpineLinux
added 2025/12/30 9:3 p.m.4 views

CVE-2025-61594

URI is a module providing classes to handle Uniform Resource Identifiers. In versions 0.12.4 and earlier bundled in Ruby 3.2 series 0.13.2 and earlier bundled in Ruby 3.3 series, 1.0.3 and earlier bundled in Ruby 3.4 series, when using the + operator to combine URIs, sensitive information like...

7.5CVSS6.3AI score0.0051EPSS
Exploits0
CNNVD
CNNVD
added 2025/12/30 12:0 a.m.5 views

URI 安全漏洞

URI is a Ruby open source module that provides classes to handle Uniform Resource Identifiers. A security vulnerability exists in URI versions prior to 0.12.5, 0.13.3, and 1.0.4, which stems from the possibility that sensitive information such as passwords in the original URI may be disclosed whe...

7.5CVSS7AI score0.0051EPSS
Exploits0References5
Fedora
Fedora
added 2025/12/21 12:52 a.m.12 views

[SECURITY] Fedora 42 Update: uriparser-1.0.0-1.fc42

Uriparser is a strictly RFC 3986 compliant URI parsing library written in C. uriparser is cross-platform, fast, supports Unicode and is licensed under the New BSD license...

2.9CVSS7AI score0.00122EPSS
Exploits0
EUVD
EUVD
added 2025/12/19 3:31 p.m.5 views

EUVD-2025-204536

A flaw was found in libnbd. A malicious actor could exploit this by convincing libnbd to open a specially crafted Uniform Resource Identifier URI. This vulnerability arises because non-standard hostnames starting with '-o' are incorrectly interpreted as arguments to the Secure Shell SSH process,...

4.8CVSS6.9AI score0.00118EPSS
Exploits0References4
NVD
NVD
added 2025/12/19 1:16 p.m.5 views

CVE-2025-14946

A flaw was found in libnbd. A malicious actor could exploit this by convincing libnbd to open a specially crafted Uniform Resource Identifier URI. This vulnerability arises because non-standard hostnames starting with '-o' are incorrectly interpreted as arguments to the Secure Shell SSH process,...

4.8CVSS0.00118EPSS
Exploits0References3
AlpineLinux
AlpineLinux
added 2025/12/19 1:16 p.m.7 views

CVE-2025-14946

A flaw was found in libnbd. A malicious actor could exploit this by convincing libnbd to open a specially crafted Uniform Resource Identifier URI. This vulnerability arises because non-standard hostnames starting with '-o' are incorrectly interpreted as arguments to the Secure Shell SSH process,...

4.8CVSS7.1AI score0.00118EPSS
Exploits0References3
UbuntuCve
UbuntuCve
added 2025/12/19 1:16 p.m.6 views

CVE-2025-14946

A flaw was found in libnbd. A malicious actor could exploit this by convincing libnbd to open a specially crafted Uniform Resource Identifier URI. This vulnerability arises because non-standard hostnames starting with '-o' are incorrectly interpreted as arguments to the Secure Shell SSH process,...

4.8CVSS5.9AI score0.00118EPSS
Exploits0References5
OSV
OSV
added 2025/12/19 1:16 p.m.5 views

UBUNTU-CVE-2025-14946

A flaw was found in libnbd. A malicious actor could exploit this by convincing libnbd to open a specially crafted Uniform Resource Identifier URI. This vulnerability arises because non-standard hostnames starting with '-o' are incorrectly interpreted as arguments to the Secure Shell SSH process,...

4.8CVSS6.3AI score0.00118EPSS
Exploits0References6
CVE
CVE
added 2025/12/19 1:2 p.m.25 views

CVE-2025-14946

Affects: libnbd (part of libguestfs). Vulnerability arises from parsing of URIs where non-standard hostnames beginning with “-o” are incorrectly treated as SSH arguments rather than hostnames, enabling arbitrary code execution with the privileges of the user running libnbd. According to multiple ...

4.8CVSS7.1AI score0.00118EPSS
Exploits0References3
Cvelist
Cvelist
added 2025/12/19 1:2 p.m.29 views

CVE-2025-14946 Libnbd: libnbd: arbitrary code execution via ssh argument injection through a malicious uri

A flaw was found in libnbd. A malicious actor could exploit this by convincing libnbd to open a specially crafted Uniform Resource Identifier URI. This vulnerability arises because non-standard hostnames starting with '-o' are incorrectly interpreted as arguments to the Secure Shell SSH process,...

4.8CVSS0.00118EPSS
Exploits0References3
OSV
OSV
added 2025/12/19 1:2 p.m.3 views

CVE-2025-14946 Libnbd: libnbd: arbitrary code execution via ssh argument injection through a malicious uri

A flaw was found in libnbd. A malicious actor could exploit this by convincing libnbd to open a specially crafted Uniform Resource Identifier URI. This vulnerability arises because non-standard hostnames starting with '-o' are incorrectly interpreted as arguments to the Secure Shell SSH process,...

4.8CVSS6.5AI score0.00118EPSS
Exploits0References7
Tenable Nessus
Tenable Nessus
added 2025/12/19 12:0 a.m.6 views

Linux Distros Unpatched Vulnerability : CVE-2025-14946

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw was found in libnbd. A malicious actor could exploit this by convincing libnbd to open a specially crafted Uniform Resource Identifier URI. This...

4.8CVSS6.5AI score0.00118EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2025/12/19 12:0 a.m.10 views

PT-2025-52446

A flaw was found in libnbd. A malicious actor could exploit this by convincing libnbd to open a specially crafted Uniform Resource Identifier URI. This vulnerability arises because non-standard hostnames starting with '-o' are incorrectly interpreted as arguments to the Secure Shell SSH process,...

4.8CVSS7.4AI score0.00118EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2025/12/16 5:2 a.m.2 views

CVE-2025-14777 Keycloak: keycloak idor in realm client creating/deleting

A flaw was found in Keycloak. An IDOR Broken Access Control vulnerability exists in the admin API endpoints for authorization resource management, specifically in ResourceSetService and PermissionTicketService. The system checks authorization against the resourceServer client ID provided in the A...

6CVSS6.1AI score0.0032EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2025/12/16 5:2 a.m.6 views

CVE-2025-14777

A flaw was found in Keycloak. An IDOR Broken Access Control vulnerability exists in the admin API endpoints for authorization resource management, specifically in ResourceSetService and PermissionTicketService. The system checks authorization against the resourceServer client ID provided in the A...

6CVSS6AI score0.0032EPSS
Exploits0References3
Snyk
Snyk
added 2025/12/16 4:57 a.m.4 views

Authentication Bypass by Alternate Name

Overview org.keycloak:keycloak-services is an open source identity and access management solution for modern applications and services. Affected versions of this package are vulnerable to Authentication Bypass by Alternate Name via the ResourceSetService and PermissionTicketService modules due to...

7CVSS5.8AI score0.0032EPSS
Exploits0References2
Snyk
Snyk
added 2025/12/15 11:28 p.m.2 views

CRLF Injection

Overview io.netty:netty-codec-http is a network application framework for rapid development of maintainable high performance protocol servers & clients. Affected versions of this package are vulnerable to CRLF Injection in HttpRequestEncoder, due to improper sanitization of a URI with line-breaks...

6.9CVSS6.7AI score0.00298EPSS
Exploits1References2
RedHat Linux
RedHat Linux
added 2025/12/11 7:50 p.m.7 views

uri: URI module: Credential exposure via URI + operator

A flaw was found in the URI module. A remote attacker could exploit this vulnerability by using the + operator to combine Uniform Resource Identifiers URIs. This bypasses a previous fix and can lead to the leakage of sensitive information, such as user credentials passwords, from the original URI...

7.5CVSS5.8AI score0.0051EPSS
Exploits0References9
RedHat Linux
RedHat Linux
added 2025/12/10 6:31 p.m.3 views

uri: URI module: Credential exposure via URI + operator

A flaw was found in the URI module. A remote attacker could exploit this vulnerability by using the + operator to combine Uniform Resource Identifiers URIs. This bypasses a previous fix and can lead to the leakage of sensitive information, such as user credentials passwords, from the original URI...

7.5CVSS5.8AI score0.0051EPSS
Exploits0References9
RedHat Linux
RedHat Linux
added 2025/12/10 5:51 p.m.2 views

uri: URI module: Credential exposure via URI + operator

A flaw was found in the URI module. A remote attacker could exploit this vulnerability by using the + operator to combine Uniform Resource Identifiers URIs. This bypasses a previous fix and can lead to the leakage of sensitive information, such as user credentials passwords, from the original URI...

7.5CVSS5.8AI score0.0051EPSS
Exploits0References9
Rows per page
Query Builder