Lucene search
+L

170 matches found

Vulnrichment
Vulnrichment
added 2025/11/13 9:12 a.m.4 views

CVE-2025-7704 Supermicro BMC SMASH services has a Stack-based buffer overflow vulnerability

Supermicro BMC Insyde SMASH shell program has a stacked-based overflow vulnerability...

5.4CVSS6.9AI score0.00227EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/11/13 9:12 a.m.10 views

CVE-2025-7704 Supermicro BMC SMASH services has a Stack-based buffer overflow vulnerability

Supermicro BMC Insyde SMASH shell program has a stacked-based overflow vulnerability...

5.4CVSS0.00227EPSS
Exploits0References1
CVE
CVE
added 2025/11/13 9:12 a.m.12 views

CVE-2025-7704

CVE-2025-7704 describes a stack-based overflow in the Insyde SMASH shell used by Supermicro BMC. The issue affects the SMASH service component on Supermicro BMC, with the underlying cause identified as a stack-based buffer overflow in the shell. Public descriptions consistently reference a potent...

5.4CVSS6.9AI score0.00227EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/11/13 12:0 a.m.6 views

Supermicro BMC 安全漏洞

The SuperMicro BMC is a firmware from SuperMicro USA used in devices such as servers, top-of-rack switches or RAID devices. A security vulnerability exists in Supermicro BMC that stems from a stack-based buffer overflow in the Insyde SMASH shell program...

5.4CVSS7.3AI score0.00227EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/11/13 12:0 a.m.8 views

PT-2025-46795

Name of the Vulnerable Software and Affected Versions Supermicro BMC Insyde SMASH affected versions not specified Description The Insyde SMASH shell program within Supermicro BMC contains a stacked-based overflow issue. This flaw could allow for remote code execution. Recommendations At the momen...

5.4CVSS7.7AI score0.00227EPSS
Exploits0References4
NVD
NVD
added 2025/10/22 3:15 p.m.6 views

CVE-2025-49937

Missing Authorization vulnerability in Syed Balkhi Smash Balloon Social Post Feed custom-facebook-feed allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Smash Balloon Social Post Feed: from n/a through = 4.3.2...

4.3CVSS0.00215EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/10/22 2:32 p.m.6 views

CVE-2025-49937 WordPress Smash Balloon Social Post Feed plugin <= 4.3.2 - Broken Access Control vulnerability

Missing Authorization vulnerability in Syed Balkhi Smash Balloon Social Post Feed custom-facebook-feed allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Smash Balloon Social Post Feed: from n/a through = 4.3.2...

4.3CVSS6.6AI score0.00215EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/10/22 2:32 p.m.13 views

CVE-2025-49937 WordPress Smash Balloon Social Post Feed plugin <= 4.3.2 - Broken Access Control vulnerability

Missing Authorization vulnerability in Syed Balkhi Smash Balloon Social Post Feed custom-facebook-feed allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Smash Balloon Social Post Feed: from n/a through = 4.3.2...

4.3CVSS0.00215EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/10/22 12:0 a.m.6 views

PT-2025-43201

Name of the Vulnerable Software and Affected Versions Smash Balloon Social Post Feed versions through 4.3.2 Description An authorization issue exists in Syed Balkhi Smash Balloon Social Post Feed custom-facebook-feed. This allows exploitation of incorrectly configured access control security...

4.3CVSS6.6AI score0.00215EPSS
Exploits0References4
Patchstack
Patchstack
added 2025/10/09 9:41 a.m.9 views

WordPress Smash Balloon Social Post Feed plugin <= 4.3.2 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Legion Hunter in WordPress Plugin Smash Balloon Social Post Feed versions = 4.3.2...

4.3CVSS7AI score0.00215EPSS
Exploits0Affected Software1
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2023-56810

Malicious code in bioql PyPI...

8.8CVSS9AI score0.00223EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2024-29275

Malicious code in bioql PyPI...

4.3CVSS6.4AI score0.002EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2022-37010

Malicious code in bioql PyPI...

8.8CVSS9AI score0.00248EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2022-51821

Malicious code in bioql PyPI...

5.4CVSS5.8AI score0.00507EPSS
Exploits1References1
Patchstack
Patchstack
added 2025/09/02 12:41 p.m.5 views

WordPress Smash theme <= 1.7 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Bonds in WordPress Theme Smash versions = 1.7...

8.1CVSS7AI score0.00415EPSS
Exploits0Affected Software1
Tenable Nessus
Tenable Nessus
added 2025/08/29 12:0 a.m.3 views

AlmaLinux 9 : thunderbird (ALSA-2025:14640)

The remote AlmaLinux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the ALSA-2025:14640 advisory. firefox: thunderbird: Denial-of-service due to out-of-memory in the Graphics: WebRender component CVE-2025-9182 thunderbird: firefox: Sandbox escape due ...

9.8CVSS7.8AI score0.0053EPSS
Exploits0References7
RedhatCVE
RedhatCVE
added 2025/06/12 12:21 p.m.5 views

CVE-2025-4577

The Smash Balloon Social Post Feed – Simple Social Feeds for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the data-color attribute in all versions up to, and including, 4.3.1 due to insufficient input sanitization and output escaping. This makes it possible for...

6.4CVSS5.8AI score0.0027EPSS
Exploits0References1
NVD
NVD
added 2025/06/10 12:15 p.m.8 views

CVE-2025-4577

The Smash Balloon Social Post Feed – Simple Social Feeds for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the data-color attribute in all versions up to, and including, 4.3.1 due to insufficient input sanitization and output escaping. This makes it possible for...

6.4CVSS0.0027EPSS
Exploits0References3
OSV
OSV
added 2025/06/10 12:15 p.m.7 views

CVE-2025-4577

The Smash Balloon Social Post Feed – Simple Social Feeds for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the data-color attribute in all versions up to, and including, 4.3.1 due to insufficient input sanitization and output escaping. This makes it possible for...

5.4CVSS5.9AI score0.0027EPSS
Exploits0References3
CVE
CVE
added 2025/06/10 11:22 a.m.77 views

CVE-2025-4577

The CVE entry CVE-2025-4577 concerns the Smash Balloon Social Post Feed (Custom Facebook Feed) WordPress plugin. Connected sources confirm a Stored Cross-Site Scripting (XSS) vulnerability via the data-color attribute in all versions up to and including 4.3.1, caused by insufficient input sanitiz...

6.4CVSS5.8AI score0.0027EPSS
Exploits0References3Affected Software1
Rows per page
Query Builder