Lucene search
K

148 matches found

RedhatCVE
RedhatCVE
added 2025/05/23 10:1 a.m.9 views

CVE-2024-25996

An unauthenticated remote attacker can perform a remote code execution due to an origin validation error. The access is limited to the service user...

9.8CVSS8AI score0.00391EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 7:47 a.m.11 views

CVE-2024-46894

A vulnerability has been identified in SINEC INS All versions V1.0 SP2 Update 3. The affected application does not properly validate authorization of a user to query the "/api/sftp/users" endpoint. This could allow an authenticated remote attacker to gain knowledge about the list of configured...

6.3CVSS6.2AI score0.00262EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/23 6:26 a.m.5 views

CVE-2024-56319

In Matter aka connectedhomeip or Project CHIP through 1.4.0.0 before e3277eb, unlimited user label appends in a userlabel cluster can lead to a denial of service resource exhaustion...

7.5CVSS6.8AI score0.00512EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 1:44 a.m.5 views

CVE-2023-20999

In multiple locations, there is a possible way to trigger a persistent reboot loop due to improper input validation. This could lead to local denial of service with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID:...

5.5CVSS6.6AI score0.00092EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 10:20 p.m.6 views

CVE-2022-20195

In the keystore library, there is a possible prevention of access to system Settings due to unsafe deserialization. This could lead to local denial of service with User execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID:...

5CVSS6.6AI score0.00164EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 9:31 p.m.14 views

CVE-2021-21317

uap-core in an open-source npm package which contains the core of BrowserScope's original user agent string parser. In uap-core before version 0.11.0, some regexes are vulnerable to regular expression denial of service REDoS due to overlapping capture groups. This allows remote attackers to...

5.3CVSS6.7AI score0.02517EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 6:11 p.m.9 views

CVE-2021-1053

NVIDIA GPU Display Driver for Windows and Linux, all versions, contains a vulnerability in the kernel mode layer nvlddmkm.sys handler for DxgkDdiEscape or IOCTL in which improper validation of a user pointer may lead to denial of service...

5.5CVSS6.6AI score0.00388EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 3:50 p.m.13 views

CVE-2020-23895

A User Mode Write AV in Editor+0x76af of WildBit Viewer v6.6 allows attackers to cause a denial of service DoS via a crafted tiff file...

5.5CVSS6.7AI score0.00642EPSS
Exploits1
CVE
CVE
added 2025/05/13 5:9 p.m.41 views

CVE-2025-30320

CVE-2025-30320 affects Adobe InDesign Desktop versions ID19.5.2, ID20.2 and earlier. The vulnerability is a NULL pointer dereference that could crash the application and cause a denial of service. Exploitation requires the user to open a malicious file, i.e., user interaction is needed. Remediati...

5.5CVSS6.6AI score0.00207EPSS
Exploits0References1Affected Software1
Tenable Nessus
Tenable Nessus
added 2025/05/06 12:0 a.m.7 views

RHEL 9 : ruby:3.1 (RHSA-2025:4488)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2025:4488 advisory. Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system...

7.5CVSS7.1AI score0.01493EPSS
Exploits0References17
NVD
NVD
added 2025/04/25 3:15 p.m.9 views

CVE-2025-3645

A flaw was found in Moodle. Insufficient capability checks in a messaging web service allowed users to view other users' names and online statuses...

4.3CVSS0.00302EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/04/22 1:26 p.m.13 views

CVE-2025-3645

A flaw was found in Moodle. Insufficient capability checks in a messaging web service allowed users to view other users' names and online statuses...

4.3CVSS6.8AI score0.00302EPSS
Exploits0References4
CNNVD
CNNVD
added 2025/04/10 12:0 a.m.3 views

openSUSE Tumbleweed 安全漏洞

openSUSE Tumbleweed is a desktop and server operating system from openSUSE Germany. A security vulnerability exists in openSUSE Tumbleweed versions prior to 2.5.0-1.1, which stems from an incorrect default privilege that could cause a service user to elevate to root privileges...

7.8CVSS6.5AI score0.00135EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/04/08 5:30 p.m.11 views

CVE-2025-27185 After Effects | NULL Pointer Dereference (CWE-476)

After Effects versions 25.1, 24.6.4 and earlier are affected by a NULL Pointer Dereference vulnerability that could result in an application denial-of-service. An attacker could exploit this vulnerability to crash the application, leading to a denial-of-service condition. Exploitation of this iss...

5.5CVSS0.00254EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/03/14 12:27 p.m.10 views

CVE-2025-27170

Illustrator versions 29.2.1, 28.7.4 and earlier are affected by a NULL Pointer Dereference vulnerability that could result in an application denial-of-service. An attacker could exploit this vulnerability to crash the application, leading to a denial of service condition. Exploitation of this iss...

5.5CVSS6.5AI score0.0019EPSS
Exploits0References3
Cvelist
Cvelist
added 2025/03/11 5:43 p.m.13 views

CVE-2025-27179 InDesign Desktop | NULL Pointer Dereference (CWE-476)

InDesign Desktop versions ID20.1, ID19.5.2 and earlier are affected by a NULL Pointer Dereference vulnerability that could result in an application denial-of-service. An attacker could exploit this vulnerability to crash the application, leading to a denial-of-service condition. Exploitation of...

5.5CVSS0.00229EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/03/10 12:0 a.m.4 views

LF Edge eKuiper 跨站脚本漏洞

LF Edge eKuiper is an edge lightweight IoT data analytics software from LF Edge open source. A cross-site scripting vulnerability exists in LF Edge eKuiper versions prior to 2.0.8, which originates from a user with Modify Service privileges being able to inject a cross-site scripting payload into...

5.4CVSS5.7AI score0.00313EPSS
Exploits0References10
RedhatCVE
RedhatCVE
added 2025/02/05 2:26 a.m.9 views

CVE-2024-42019

A vulnerability that allows an attacker to access the NTLM hash of the Veeam Reporter Service service account. This attack requires user interaction and data collected from Veeam Backup & Replication...

9CVSS6.8AI score0.00513EPSS
Exploits0References1
OSV
OSV
added 2024/12/13 7:14 a.m.7 views

BIT-MATTERMOST-2024-28949

Mattermost Server versions 9.5.x before 9.5.2, 9.4.x before 9.4.4, 9.3.x before 9.3.3, 8.1.x before 8.1.11 don't limit the number of user preferences which allows an attacker to send a large number of user preferences potentially causing denial of service...

6.5CVSS5.1AI score0.00562EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2024/12/06 1:15 p.m.4 views

CVE-2024-10771

Due to missing input validation during one step of the firmware update process, the product is vulnerable to remote code execution. With network access and the user level ”Service”, an attacker can execute arbitrary system commands in the root user’s contexts...

8.8CVSS6.4AI score0.01074EPSS
Exploits0References7
Rows per page
Query Builder