Lucene search
K

264 matches found

CVE
CVE
added 2025/09/03 1:55 p.m.16 views

CVE-2025-9822

CVE-2025-9822 affects mautic (core/lib related), describing an improper access control that allows an administrator to modify configuration and extract secrets (e.g., database credentials) via the elfinder component. The issue is documented across multiple sources (GitHub advisory GHSA-438M-6MHW-...

5.5CVSS6.3AI score0.00225EPSS
Exploits0References1
Amd
Amd
added 2025/08/08 12:0 a.m.11 views

Microarchitectural Attacks on the Stack Engine

Summary Researchers from ETH Zurich have published a paper titled “One Flew over the Stack Engine’s Nest: Practical Microarchitectural Attacks on the Stack Engine.” AMD continues to recommend software developers employ existing best practices including constant time algorithm and avoid...

7.1AI score
Exploits0
OSV
OSV
added 2025/06/10 3:47 p.m.7 views

CLSA-2025-1749570465 pam: Fix of 2 CVEs

CVE-2024-10041: fix possibility of leakage of secret information stored in memory - CVE-2024-22365: fix potential DoS via mkfifo because the openat call lacks ODIRECTORY...

5.5CVSS6.6AI score0.00459EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/06/08 4:1 p.m.28 views

CVE-2025-22482

A use of externally-controlled format string vulnerability has been reported to affect Qsync Central. If exploited, the vulnerability could allow remote attackers who have gained user access to obtain secret data or modify memory. We have already fixed the vulnerability in the following version:...

8.1CVSS6.6AI score0.00311EPSS
Exploits0References1
NVD
NVD
added 2025/06/06 4:15 p.m.10 views

CVE-2025-29871

An out-of-bounds read vulnerability has been reported to affect File Station 5. If a local attacker gains an administrator account, they can then exploit the vulnerability to obtain secret data. We have already fixed the vulnerability in the following version: File Station 5 5.5.6.4847 and later...

5.5CVSS0.00122EPSS
Exploits0References1
OSV
OSV
added 2025/06/06 4:15 p.m.4 views

CVE-2025-29871

An out-of-bounds read vulnerability has been reported to affect File Station 5. If a local attacker gains an administrator account, they can then exploit the vulnerability to obtain secret data. We have already fixed the vulnerability in the following version: File Station 5 5.5.6.4847 and later...

5.5CVSS5.7AI score0.00122EPSS
Exploits0References1
NVD
NVD
added 2025/06/06 4:15 p.m.11 views

CVE-2025-22482

A use of externally-controlled format string vulnerability has been reported to affect Qsync Central. If exploited, the vulnerability could allow remote attackers who have gained user access to obtain secret data or modify memory. We have already fixed the vulnerability in the following version:...

8.1CVSS0.00311EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/06/06 3:53 p.m.5 views

CVE-2025-22482 Qsync Central

A use of externally-controlled format string vulnerability has been reported to affect Qsync Central. If exploited, the vulnerability could allow remote attackers who have gained user access to obtain secret data or modify memory. We have already fixed the vulnerability in the following version:...

2.3CVSS7.2AI score0.00311EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/06/06 3:53 p.m.11 views

CVE-2025-22482 Qsync Central

A use of externally-controlled format string vulnerability has been reported to affect Qsync Central. If exploited, the vulnerability could allow remote attackers who have gained user access to obtain secret data or modify memory. We have already fixed the vulnerability in the following version:...

2.3CVSS0.00311EPSS
Exploits0References1
CVE
CVE
added 2025/06/06 3:53 p.m.61 views

CVE-2025-22482

CVE-2025-22482 affects QNAP Qsync Central. A use of externally-controlled format string vulnerability could allow remote attackers who gain user access to obtain secret data or modify memory. The affected product is Qsync Central; vulnerable component is the formatting operation exposed to extern...

8.1CVSS7AI score0.00311EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2025/06/06 3:52 p.m.4 views

CVE-2025-29871 File Station 5

An out-of-bounds read vulnerability has been reported to affect File Station 5. If a local attacker gains an administrator account, they can then exploit the vulnerability to obtain secret data. We have already fixed the vulnerability in the following version: File Station 5 5.5.6.4847 and later...

2.4CVSS6.7AI score0.00122EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/06/06 3:52 p.m.8 views

CVE-2025-29871 File Station 5

An out-of-bounds read vulnerability has been reported to affect File Station 5. If a local attacker gains an administrator account, they can then exploit the vulnerability to obtain secret data. We have already fixed the vulnerability in the following version: File Station 5 5.5.6.4847 and later...

2.4CVSS0.00122EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/06/06 12:0 a.m.12 views

PT-2025-24293 · Qnap · Qsync Central

Name of the Vulnerable Software and Affected Versions: Qsync Central versions prior to 4.5.0.6 Description: A use of externally-controlled format string vulnerability has been reported. If exploited, the vulnerability could allow remote attackers who have gained user access to obtain secret data ...

2.3CVSS6.5AI score0.00311EPSS
Exploits0References3
CNNVD
CNNVD
added 2025/06/06 12:0 a.m.5 views

QNAP Qsync Central 格式化字符串错误漏洞

QNAP Qsync Central is a cloud-based file synchronization service on a NAS from Taiwan, China-based QNAP Technology QNAP. A Formatting String Error vulnerability exists in QNAP Qsync Central, which originates from an externally controlled formatting string and could allow a remote attacker to obta...

8.1CVSS6.8AI score0.00311EPSS
Exploits0References2
BDU FSTEC
BDU FSTEC
added 2025/05/28 12:0 a.m.8 views

The vulnerability of Siemens Scalance LPE9403 industrial switches’ microprogramming software, related to the transmission of secret information in the form of open text, allows a intruder to gain unauthorized access to the protected information.

The vulnerability of Siemens Scalance LPE9403 industrial switches’ microprogramming software relates to the transmission of secret information in the form of open text. Exploiting this vulnerability can allow an intruder to gain unauthorized access to the protected information...

4.6CVSS5.4AI score0.00097EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/05/23 6:41 a.m.10 views

CVE-2024-50401

A use of externally-controlled format string vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained administrator access to obtain secret data or modify memory. We have already fixed the...

2.1CVSS6.9AI score0.00574EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/23 6:41 a.m.9 views

CVE-2024-50396

A use of externally-controlled format string vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers to obtain secret data or modify memory. We have already fixed the vulnerability in the following versions: QT...

7.7CVSS6.9AI score0.00638EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/22 6:44 p.m.11 views

CVE-2021-41077

The activation process in Travis CI, for certain 2021-09-03 through 2021-09-10 builds, causes secret data to have unexpected sharing that is not specified by the customer-controlled .travis.yml file. In particular, the desired behavior if .travis.yml has been created locally by a customer, and...

7.5CVSS6.9AI score0.01485EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/22 10:31 a.m.9 views

CVE-2019-14355

On ShapeShift KeepKey devices, a side channel for the row-based OLED display was found. The power consumption of each row-based display cycle depends on the number of illuminated pixels, allowing a partial recovery of display contents. For example, a hardware implant in the USB cable might be abl...

2.4CVSS6.4AI score0.00347EPSS
Exploits0References1
BDU FSTEC
BDU FSTEC
added 2025/04/30 12:0 a.m.8 views

The vulnerability of the Linux-PAM authentication module, related to the insecure storage of confidential information, allows a perpetrator to gain unauthorized access to protected information.

The vulnerability of the Linux-PAM authentication module is related to the insecure storage of confidential information. Exploiting this vulnerability can allow an attacker to gain unauthorized access to protected information...

4.7CVSS6.5AI score0.00265EPSS
Exploits0References9Affected Software7
Rows per page
Query Builder