Lucene search
+L

795 matches found

Tenable Nessus
Tenable Nessus
added 2025/08/07 12:0 a.m.2 views

Linux Distros Unpatched Vulnerability : CVE-2025-22044

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: acpi: nfit: fix narrowing conversion in acpinfitctl Syzkaller has reported a warning in...

5.5CVSS5.7AI score0.00199EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2025/08/07 12:0 a.m.5 views

Linux Distros Unpatched Vulnerability : CVE-2025-21890

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: idpf: fix checksums set in idpfrxrsc idpfrxrsc uses skbtransportoffsetskb while the transpor...

5.5CVSS6.2AI score0.00176EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2025/08/04 12:0 a.m.4 views

Linux Distros Unpatched Vulnerability : CVE-2025-22115

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - btrfs: fix block group refcount race in btrfscreatependingblockgroups Block group creation is done in two phases, which results in a slightly unintuitive...

4.7CVSS5.2AI score0.0013EPSS
Exploits0References3
OSV
OSV
added 2025/07/29 2:40 a.m.3 views

MAL-2025-6343 Malicious code in storybook-core-core-server-presets-0 (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware c26c4c0005ab8afcf7090a2e281324e67b2250f8a69956e559c51775ec00efca Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

7AI score
Exploits0References1
OSV
OSV
added 2025/07/23 3:9 a.m.1 views

MAL-2025-6217 Malicious code in bingo-pretty (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware db9cd7f456a7e51d21294046604654fa4f3ec5b9ee11c7acd713ab08ad6838da Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

7AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/07/22 1:42 a.m.4 views

Malicious code in kiwi-module-seo-featured (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 8c24e834cb597541f0c8dcba8a3ce294a90caaefaec74f82d2e208a5b590581f Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

6.9AI score
Exploits0References1
OSV
OSV
added 2025/07/15 6:10 p.m.3 views

MAL-2025-5976 Malicious code in white-oganesson (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 59cd363bc35266e8da511b349bb11e84db784a1bbd5fe29148aadb24aaeef2f0 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

7AI score
Exploits0References1
OSV
OSV
added 2025/07/15 12:45 a.m.5 views

MAL-2025-5937 Malicious code in neolang-ui (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 9a41d15d10a19dc41dd5c801307932369ed7f51380fcc0fdb1478e0ac2b7ce9e Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

7AI score
Exploits0References1
Qualys Blog
Qualys Blog
added 2025/07/10 7:28 a.m.9 views

Google Chrome to Distrust Chunghwa & Netlock Certificates: How Qualys Certificate View Helps You Respond

In a major change to the global certificate ecosystem, Google Chrome has announced that it will no longer trust any new digital certificates issued by Chunghwa Telecom and Netlock, two long-standing Certificate Authorities CAs, after July 31, 2025. This move is part of Chrome’s ongoing efforts to...

7AI score
Exploits0
The Hacker News
The Hacker News
added 2025/07/05 6:12 a.m.10 views

Taiwan NSB Alerts Public on Data Risks from Douyin, Weibo, and RedNote Over China Ties

Taiwan's National Security Bureau NSB has warned that China-developed applications like RedNote aka Xiaohongshu, Weibo, Douyin, WeChat, and Baidu Cloud pose security risks due to excessive data collection and data transfer to China. The alert comes following an inspection of these apps carried ou...

6.7AI score
Exploits0
OSV
OSV
added 2025/06/18 5:50 p.m.5 views

MAL-2025-5148 Malicious code in sentry-docs (npm)

The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 688bb145ba010593bc53d4870250dfa7bc897a70a613291ed2352ba008314c84 Any computer that has this package installed or running should be considered...

7AI score
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/06/15 6:2 p.m.4 views

CVE-2025-49585

XWiki is a generic wiki platform. In versions before 15.10.16, 16.0.0-rc-1 through 16.4.6, and 16.5.0-rc-1 through 16.10.1, when an attacker without script or programming right creates an XClass definition in XWiki requires edit right, and that same document is later edited by a user with script,...

8.6CVSS6.4AI score0.0036EPSS
Exploits1References1
The Hacker News
The Hacker News
added 2025/06/03 7:48 a.m.13 views

Google Chrome to Distrust Two Certificate Authorities Over Compliance and Conduct Issues

Google has revealed that it will no longer trust digital certificates issued by Chunghwa Telecom and Netlock citing "patterns of concerning behavior observed over the past year." The changes are expected to be introduced in Chrome 139, which is scheduled for public release in early August 2025. T...

6.9AI score
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/22 7:21 p.m.8 views

CVE-2021-24386

The WP SVG images WordPress plugin before 3.4 did not sanitise the SVG files uploaded, which could allow low privilege users such as author+ to upload a malicious SVG and then perform XSS attacks by inducing another user to access the file directly. In v3.4, the plugin restricted such upload to...

5.4CVSS6.1AI score0.00659EPSS
Exploits2References1
Cvelist
Cvelist
added 2025/05/20 5:22 p.m.23 views

CVE-2025-46724 Langroid has a Code Injection vulnerability in TableChatAgent

Langroid is a Python framework to build large language model LLM-powered applications. Prior to version 0.53.15, TableChatAgent uses pandas eval. If fed by untrusted user input, like the case of a public-facing LLM application, it may be vulnerable to code injection. Langroid 0.53.15 sanitizes...

9.8CVSS0.00741EPSS
Exploits1References2
Malwarebytes
Malwarebytes
added 2025/04/24 3:18 p.m.6 views

Zoom attack tricks victims into allowing remote access to install malware and steal money

Be careful when talking to people you've not met with before over the Zoom video conferencing system; you might get more than you bargained for. Two CEOs were recently targeted by a Zoom-based attack. One spotted it in time - and sadly, one did not. The attack is by a crime group that the Securit...

7.3AI score
Exploits0
RedhatCVE
RedhatCVE
added 2025/04/05 6:38 a.m.22 views

CVE-2025-31334

Issue that bypasses the "Mark of the Web" security warning function for files when opening a symbolic link that points to an executable file exists in WinRAR versions prior to 7.11. If a symbolic link specially crafted by an attacker is opened on the affected product, arbitrary code may be execut...

6.8CVSS7.3AI score0.01233EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/04/03 12:0 a.m.23 views

WinRAR 安全漏洞

WinRAR is a file compressor from WinRAR. The product supports compression and decompression of files in RAR, ZIP, and other formats, among others. A security vulnerability exists in WinRAR versions prior to 7.11 that stems from a symbolic link bypassing the security warning feature, which could...

6.8CVSS7AI score0.01233EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/03/28 12:0 a.m.6 views

PT-2025-14579 · Winrar · Winrar

Name of the Vulnerable Software and Affected Versions: WinRAR versions prior to 7.11 Description: A security issue exists in WinRAR that bypasses the "Mark of the Web" security warning function for files when opening a symbolic link that points to an executable file. If a symbolic link specially...

9CVSS7.9AI score0.01233EPSS
Exploits0References46
Tenable Nessus
Tenable Nessus
added 2025/03/06 12:0 a.m.8 views

Linux Distros Unpatched Vulnerability : CVE-2025-21634

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - cgroup/cpuset: remove kernfs active break A warning was found: WARNING: CPU: 10 PID: 3486953 at fs/kernfs/file.c:828 CPU: 10 PID: 3486953 Comm: rmdir Kdump:...

5.5CVSS6.7AI score0.00138EPSS
Exploits0References4
Rows per page
Query Builder