Lucene search
+L

412 matches found

Cvelist
Cvelist
added 2025/11/26 2:44 p.m.20 views

CVE-2025-13601 Glib: integer overflow in in g_escape_uri_string()

A heap-based buffer overflow problem was found in glib through an incorrect calculation of buffer size in the gescapeuristring function. If the string to escape contains a very large number of unacceptable characters which would need escaping, the calculation of the length of the escaped string...

7.7CVSS0.00313EPSS
Exploits1References32
Tenable Nessus
Tenable Nessus
added 2025/11/18 12:0 a.m.1 views

SUSE SLES15: openssh / openssh-askpass-gnome / openssh-clients / openssh-common / etc (SUSE-SU-2025:4112-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:4112-1 advisory. - CVE-2025-61984: Fixed code execution via control characters in usernames when a ProxyCommand is used bsc1251198 - CVE-2025-61985:...

3.6CVSS6.8AI score0.00284EPSS
Exploits2References7
OSV
OSV
added 2025/11/14 9:46 a.m.2 views

SUSE-SU-2025:21044-1 Security update for openssh

This update for openssh fixes the following issues: - CVE-2025-61984: Fixed code execution via control characters in usernames when a ProxyCommand is used bsc1251198. - CVE-2025-61985: Fixed code execution via '\0' character in ssh:// URI when a ProxyCommand is used bsc1251199...

3.6CVSS6.3AI score0.00284EPSS
Exploits2References5
OSV
OSV
added 2025/11/13 11:37 p.m.6 views

MGASA-2025-0290 Updated ruby packages fix security vulnerabilities

Net::IMAP vulnerable to possible DoS by memory exhaustion. CVE-2025-25186 In the CGI gem before 0.4.2 for Ruby, the CGI::Cookie.parse method in the CGI library contains a potential Denial of Service DoS vulnerability. The method does not impose any limit on the length of the raw cookie value it...

7.5CVSS6.8AI score0.00784EPSS
Exploits0References3
CNNVD
CNNVD
added 2025/11/09 12:0 a.m.5 views

Skuul school management system 安全漏洞

Skuul school management system is a school management system by the individual developer Marvellous Ifezue. A security vulnerability exists in Skuul school management system version 2.6.5 and earlier, which stems from incorrect manipulation of the parameter invoiceid in the file...

5.3CVSS4.1AI score0.00366EPSS
Exploits1References6
RedhatCVE
RedhatCVE
added 2025/11/08 6:51 p.m.10 views

CVE-2025-64430

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. In versions 4.2.0 through 7.5.3, and 8.0.0 through 8.3.1-alpha.1, there is a Server-Side Request Forgery SSRF vulnerability in the file upload functionality when trying to upload a Parse.File...

7.5CVSS7AI score0.0061EPSS
Exploits0References1
NVD
NVD
added 2025/11/07 6:15 p.m.9 views

CVE-2025-64430

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. In versions 4.2.0 through 7.5.3, and 8.0.0 through 8.3.1-alpha.1, there is a Server-Side Request Forgery SSRF vulnerability in the file upload functionality when trying to upload a Parse.File...

7.5CVSS0.0061EPSS
Exploits0References5
EUVD
EUVD
added 2025/11/07 5:55 p.m.6 views

EUVD-2025-37936

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. In versions 4.2.0 through 7.5.3, and 8.0.0 through 8.3.1-alpha.1, there is a Server-Side Request Forgery SSRF vulnerability in the file upload functionality when trying to upload a Parse.File...

7.5CVSS6.5AI score0.0061EPSS
Exploits0References6
CVE
CVE
added 2025/11/07 5:55 p.m.17 views

CVE-2025-64430

CVE-2025-64430 affects Parse Server: SSRF in the file upload path when using a Parse.File with a uri parameter. Versions affected are 4.2.0–7.5.3 and 8.0.0–8.3.1-alpha.1. The issue arises because the server retrieves file data from the provided URI during upload, but the response is not stored an...

7.5CVSS6.6AI score0.0061EPSS
Exploits0References5
OSV
OSV
added 2025/11/07 5:55 p.m.7 views

CVE-2025-64430 Parse Server Vulnerable to Server-Side Request Forgery (SSRF) in File Upload via URI Format

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. In versions 4.2.0 through 7.5.3, and 8.0.0 through 8.3.1-alpha.1, there is a Server-Side Request Forgery SSRF vulnerability in the file upload functionality when trying to upload a Parse.File...

7.5CVSS7AI score0.0061EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2025/10/31 12:0 a.m.8 views

PT-2025-44671

Name of the Vulnerable Software and Affected Versions Summer Pearl Group Vacation Rental Management Platform versions prior to 1.0.2 Description The Summer Pearl Group Vacation Rental Management Platform is affected by inadequate server-side authorization. Authenticated attackers can access and...

6.3CVSS6.7AI score0.00178EPSS
Exploits0References5
Cvelist
Cvelist
added 2025/10/27 8:45 a.m.15 views

CVE-2025-12080 Intent Abuse in Google Messages for Wear OS for Silent Message Sending

On Wear OS devices, when Google Messages is configured as the default SMS/MMS/RCS application, the handling of ACTIONSENDTO intents utilizing the sms:, smsto:, mms:, and mmsto: Uniform Resource Identifier URI schemes is incorrectly implemented. Due to this misconfiguration, an attacker capable of...

6.9CVSS0.0015EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2025/10/14 12:0 a.m.4 views

Linux Distros Unpatched Vulnerability : CVE-2021-3907

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - OctoRPKI does not escape a URI with a filename containing .., this allows a repository to create a file, ex...

9.8CVSS8.9AI score0.04065EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2020-27395

Malware in sbrugna...

6.7CVSS6.6AI score0.00335EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2004-2299

Malware in sbrugna...

5CVSS6.4AI score0.14538EPSS
Exploits1References4
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2012-6602

Malware in sbrugna...

10CVSS6.4AI score0.01412EPSS
Exploits0References7
RubySec
RubySec
added 2025/10/07 12:0 a.m.16 views

URI Credential Leakage Bypass

A vulnerability in the URI library bundled with Ruby allows sensitive user credentials such as usernames or passwords in a URI to be unintentionally leaked when combining URIs using the + operator. This issue bypasses the previous fix for CVE-2025-27221. The issue affects Ruby's built-in URI...

7.5CVSS7.2AI score0.0051EPSS
Exploits0References1Affected Software1
EUVD
EUVD
added 2025/10/06 9:30 p.m.3 views

EUVD-2025-32590

ssh in OpenSSH before 10.1 allows the '\0' character in an ssh:// URI, potentially leading to code execution when a ProxyCommand is used...

3.6CVSS7AI score0.00118EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/03 8:7 p.m.7 views

EUVD-2024-22158

Malicious code in bioql PyPI...

9.8CVSS6.3AI score0.01304EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2025-27247

Malicious code in bioql PyPI...

7.3CVSS6.5AI score0.00519EPSS
Exploits0References1
Rows per page
Query Builder