Lucene search
K

555 matches found

Microsoft CVE
Microsoft CVE
added 2025/01/14 8:0 a.m.44 views

Windows Virtualization-Based Security (VBS) Security Feature Bypass Vulnerability

...

5.5CVSS7.1AI score0.00443EPSS
Exploits0
Microsoft CVE
Microsoft CVE
added 2025/01/14 8:0 a.m.12 views

MapUrlToZone Security Feature Bypass Vulnerability

...

4.3CVSS7.1AI score0.01917EPSS
Exploits0
OSV
OSV
added 2024/12/09 12:0 a.m.19 views

DLA-3988-1 jinja2 - security update

Bulletin has no description...

6.1CVSS6.7AI score0.00979EPSS
Exploits0
Microsoft CVE
Microsoft CVE
added 2024/12/05 8:0 a.m.127 views

Microsoft Edge (Chromium-based) Spoofing Vulnerability

...

4.3CVSS7.1AI score0.0107EPSS
Exploits0
Spring Security Advisories
Spring Security Advisories
added 2024/12/05 12:0 a.m.29 views

A Bootiful Podcast: Spring Security lead Rob Winch on the amazing Spring Security 6.4 release

Hi, Spring fans! In this installment, we'll talk to the amazing Rob Winch, lead of Spring Security 6.4, about the jam-packed new release! spring springboot security java...

7.1AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2024/11/29 12:0 a.m.13 views

JVN#43845108: Multiple FCNT Android devices vulnerable to authentication bypass

Multiple FCNT Android devices provide security features such as "privacy mode" where arbitrary applications can be set not to be displayed, etc. The devices contain an authentication bypass vulnerability CWE-306, where, under certain conditions, the setting pages may be accessed without...

3.1CVSS7.3AI score0.00205EPSS
Exploits0
Veracode
Veracode
added 2024/10/21 8:28 a.m.6 views

Improper Authorization

magento/community-edition is vulnerable to Improper Authorization. The vulnerability is due to improper authorization mechanisms in the affected versions of Adobe Commerce, allows attackers to exploit security features that should restrict access based on user privileges...

5.4CVSS6.7AI score0.0044EPSS
Exploits0References2Affected Software1
CNVD
CNVD
added 2024/10/13 12:0 a.m.9 views

Adobe Commerce Competitive Conditions Vulnerability

Adobe Commerce is the United States of America Odobie Adobe company's a business and brand-oriented global leader in digital commerce solutions. A competitive condition vulnerability exists in Adobe Commerce that could be exploited by an attacker to cause a security feature bypass...

3.1CVSS6.6AI score0.00361EPSS
Exploits0References1
The Hacker News
The Hacker News
added 2024/09/13 11:17 a.m.22 views

TrickMo Android Trojan Exploits Accessibility Services for On-Device Banking Fraud

Cybersecurity researchers have uncovered a new variant of an Android banking trojan called TrickMo that comes packed with new capabilities to evade analysis and display fake login screens to capture victims' banking credentials. "The mechanisms include using malformed ZIP files in combination wit...

6.7AI score
Exploits0
Vulnrichment
Vulnrichment
added 2024/09/02 4:54 p.m.17 views

CVE-2024-45313 Insecure default setting for Server Pro installed via Overleaf toolkit

Overleaf is a web-based collaborative LaTeX editor. When installing Server Pro using the Overleaf Toolkit from before 2024-07-17 or legacy docker-compose.yml from before 2024-08-28, the configuration for LaTeX compiles was insecure by default, requiring the administrator to enable the security...

5.4CVSS7AI score0.00341EPSS
Exploits0References4
Cvelist
Cvelist
added 2024/09/02 4:54 p.m.20 views

CVE-2024-45313 Insecure default setting for Server Pro installed via Overleaf toolkit

Overleaf is a web-based collaborative LaTeX editor. When installing Server Pro using the Overleaf Toolkit from before 2024-07-17 or legacy docker-compose.yml from before 2024-08-28, the configuration for LaTeX compiles was insecure by default, requiring the administrator to enable the security...

5.4CVSS0.00341EPSS
Exploits0References4
CVE
CVE
added 2024/09/02 4:54 p.m.60 views

CVE-2024-45313

Summary: CVE-2024-45313 affects Overleaf Server Pro when installed via the Overleaf Toolkit or legacy docker-compose deployments prior to mid-2024. By default, LaTeX compiles could access the sharelatex container resources (filesystem, network, environment variables) if security features were not...

5.4CVSS5.5AI score0.00341EPSS
Exploits0References4Affected Software1
CNVD
CNVD
added 2024/08/29 12:0 a.m.16 views

Fortinet FortiOS Access Control Error Vulnerability (CNVD-2024-37339)

Fortinet FortiOS is a set of security operating system dedicated to FortiGate network security platform from American Fita Fortinet. The system provides users with firewall, antivirus, IPSec/SSLVPN, Web content filtering and anti-spam and other security features. An access control error...

5.5CVSS6.7AI score0.00159EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2024/08/16 1:11 a.m.20 views

CVE-2024-41909

A flaw was found in Apache MINA SSHD. This flaw allows an attacker who can intercept traffic between the client and server to drop certain packets from the stream. This potentially causes a Terrapin attack where the client and server consequently end up with a connection for which some security...

5.9CVSS5.8AI score0.00581EPSS
Exploits0References5
OSV
OSV
added 2024/08/14 12:35 p.m.7 views

GHSA-RF4Q-M23C-7Q8R Magento Open Source Cross-Site Request Forgery (CSRF) vulnerability

Magento Open Source versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by a Cross-Site Request Forgery CSRF vulnerability that could allow an attacker to bypass security features and perform minor unauthorised actions on behalf of a user. The vulnerability could be exploited...

5.3CVSS5AI score0.00449EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2024/08/14 12:35 p.m.6 views

Magento Improper Authorization Leading to Security feature bypass

Magento versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by an Improper Authorization vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and disclose minor information...

4.3CVSS6.6AI score0.00442EPSS
Exploits0References3Affected Software2
CNNVD
CNNVD
added 2024/08/13 12:0 a.m.6 views

Microsoft SmartScreen 安全漏洞

Microsoft SmartScreen is a Microsoft-developed security technology designed to help users identify and block potential malware and phishing attacks. A security vulnerability exists in Microsoft SmartScreen. An attacker could exploit the vulnerability to bypass certain features. The following...

8.8CVSS6.2AI score0.0151EPSS
Exploits0References3
Cvelist
Cvelist
added 2024/08/12 4:0 p.m.57 views

CVE-2024-41909 Apache MINA SSHD: integrity check bypass

Like many other SSH implementations, Apache MINA SSHD suffered from the issue that is more widely known as CVE-2023-48795. An attacker that can intercept traffic between client and server could drop certain packets from the stream, potentially causing client and server to consequently end up with...

0.00581EPSS
Exploits0References2
CNVD
CNVD
added 2024/07/25 12:0 a.m.20 views

Adobe Experience Manager Input Validation Error Vulnerability (CNVD-2024-33892)

Adobe Experience Manager AEM is a set of content management solutions that can be used to build websites, mobile applications and forms from the American company Odobie Adobe. The program supports mobile content management, marketing and sales campaign management and multi-site management. An inp...

3.5CVSS6.6AI score0.00414EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2024/07/23 2:57 p.m.2 views

kernel: dmaengine/idxd: hardware erratum allows potential security problem with direct access by untrusted application

Hardware logic with insecure de-synchronization in IntelR DSA and IntelR IAA for some IntelR 4th or 5th generation XeonR processors may allow an authorized user to potentially enable escalation of privilege local access...

7.5CVSS7.3AI score0.00196EPSS
Exploits0References4
Rows per page
Query Builder