Lucene search
K

179 matches found

Positive Technologies
Positive Technologies
added 2025/09/18 12:0 a.m.7 views

PT-2025-42245

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A flaw exists in the Linux kernel's i40e driver related to input validation for the action meta component. The issue involves a condition check that was insufficient, potentially leading...

6CVSS7.3AI score0.00197EPSS
Exploits0
Vulnrichment
Vulnrichment
added 2025/09/16 2:32 p.m.7 views

CVE-2009-20005 InterSystems Caché UtilConfigHome.csp Stack Buffer Overflow

A stack-based buffer overflow exists in the UtilConfigHome.csp endpoint of InterSystems Caché 2009.1. The vulnerability is triggered by sending a specially crafted HTTP GET request containing an oversized argument to the .csp handler. Due to insufficient bounds checking, the input overflows a sta...

9.3CVSS7.3AI score0.01269EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2025/09/16 12:0 a.m.4 views

PT-2025-37993

Name of the Vulnerable Software and Affected Versions: E1 Informatics Web Application versions through 20250916 Description: The E1 Informatics Web Application contains a SQL Injection issue due to improper neutralization of special elements used in an SQL command. This allows attackers to perfor...

8.6CVSS7.1AI score0.00306EPSS
Exploits0References5
Cvelist
Cvelist
added 2025/08/26 12:22 p.m.11 views

CVE-2025-53811 TCC Bypass via misconfigured Node fuses in Mosh-Pro

The configuration of Mosh-Pro on macOS, specifically the "RunAsNode" fuse enabled, allows a local attacker with unprivileged access to execute arbitrary code that inherits Mosh-Pro TCC Transparency, Consent, and Control permissions. Acquired resource access is limited to previously granted...

4.8CVSS0.00119EPSS
Exploits0References2
CVE
CVE
added 2025/08/26 12:22 p.m.14 views

CVE-2025-53811

CVE-2025-53811 describes a TCC-related bypass in Mosh-Pro on macOS caused by misconfigured RunAsNode fuses. A local, unprivileged attacker could execute arbitrary code that runs with Mosh-Pro’s TCC permissions, limited to permissions the user has already granted. Additional resource access beyond...

4.8CVSS7.5AI score0.00119EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/08/26 12:0 a.m.5 views

Linux Distros Unpatched Vulnerability : CVE-2019-1010025

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may guess the heap addresses of pthreadcreated thread. The component is: glibc. NOTE...

5.3CVSS6.1AI score0.02286EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2025/08/21 12:0 a.m.8 views

PT-2025-34232 · Sourcecodester · Online Bank Management System

Name of the Vulnerable Software and Affected Versions: SourceCodester Online Bank Management System version 1.0 Description: A weakness has been identified that allows for SQL injection. The issue impacts an unknown function within the /bank/show.php file. Manipulation of the ID argument can lead...

9.8CVSS7.6AI score0.00387EPSS
Exploits1References10
Tenable Nessus
Tenable Nessus
added 2025/08/18 12:0 a.m.4 views

Linux Distros Unpatched Vulnerability : CVE-2025-4050

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Out of bounds memory access in DevTools in Google Chrome prior to 136.0.7103.59 allowed a remote attacker who convinced a user to engage in specific UI gestures...

8.8CVSS7.2AI score0.00462EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/08/14 12:0 a.m.10 views

PT-2025-33140 · Ctrlx Os · Ctrlx Os

Name of the Vulnerable Software and Affected Versions: ctrlX OS affected versions not specified Description: Ambiguous wording in the web interface of the setup mechanism could lead a user to believe that the backup file is encrypted when a password is set. However, only the private key – if...

7.1CVSS7AI score0.00113EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2025/08/12 12:0 a.m.5 views

PT-2025-32770 · Microsoft · Edge For Android

Name of the Vulnerable Software and Affected Versions: Microsoft Edge for Android affected versions not specified Description: A user interface UI misrepresentation of critical information in Microsoft Edge for Android can allow an unauthorized attacker to perform spoofing over a network...

4.3CVSS6.7AI score0.00464EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2025/08/12 12:0 a.m.4 views

PT-2025-32767 · Microsoft · Windows

Name of the Vulnerable Software and Affected Versions: Microsoft Windows versions affected versions not specified Description: A race condition exists in the Microsoft Graphics Component due to improper synchronization during concurrent execution using a shared resource. This allows an authorized...

6.7CVSS6.9AI score0.0046EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2025/08/12 12:0 a.m.4 views

PT-2025-32830 · Microsoft · Windows

Name of the Vulnerable Software and Affected Versions: Windows versions affected versions not specified Description: An issue exists in Windows Push Notifications related to access of a resource using an incompatible type 'type confusion'. This allows an authorized attacker to elevate privileges...

7.8CVSS6.9AI score0.0043EPSS
Exploits0References7
Tenable Nessus
Tenable Nessus
added 2025/08/12 12:0 a.m.7 views

Linux Distros Unpatched Vulnerability : CVE-2024-27076

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: media: imx: csc/scaler: fix v4l2ctrlhandler memory leak Free the memory allocated in...

5.5CVSS6.1AI score0.00289EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/08/12 12:0 a.m.7 views

Linux Distros Unpatched Vulnerability : CVE-2021-46971

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: perf/core: Fix unconditional securitylockeddown call Currently, the lockdown state is querie...

3.3CVSS6.4AI score0.0023EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/08/11 12:0 a.m.3 views

Linux Distros Unpatched Vulnerability : CVE-2025-38194

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - jffs2: check that raw node were preallocated before writing summary Syzkaller detected a kernel bug in jffs2linknoderef, caused by fault injection in...

5.5CVSS6.6AI score0.00181EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/08/11 12:0 a.m.2 views

Linux Distros Unpatched Vulnerability : CVE-2025-37915

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - netsched: drr: Fix double list add in class with netem as child qdisc As described in Gerrard's report 1, there are use cases where a netem child qdisc will mak...

7CVSS6.8AI score0.00166EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2025/08/08 12:0 a.m.10 views

PT-2025-32398 · Xoda · Xoda

Name of the Vulnerable Software and Affected Versions: XODA version 0.4.5 Description: XODA version 0.4.5 contains an unauthenticated file upload vulnerability that allows remote attackers to execute arbitrary PHP code on the server. The flaw resides in the upload functionality, which fails to...

9.3CVSS7.8AI score0.01141EPSS
Exploits0References8
RedhatCVE
RedhatCVE
added 2025/06/29 5:7 p.m.9 views

CVE-2024-12143

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Mobilteg Mobile Informatics Mikro Hand Terminal - MikroDB allows SQL Injection. This issue affects Mikro Hand Terminal - MikroDB. NOTE: The vendor did not inform about the completion of the fixing...

9.8CVSS5.8AI score0.00351EPSS
Exploits0References1
OSV
OSV
added 2025/06/17 9:43 p.m.5 views

CVE-2025-49825 Teleport allows remote authentication bypass

Teleport provides connectivity, authentication, access controls and audit for infrastructure. Community Edition versions before and including 17.5.1 are vulnerable to remote authentication bypass. At time of posting, there is no available open-source patch...

9.8CVSS7.2AI score0.07754EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2025/04/17 12:0 a.m.10 views

PT-2025-22162

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A vulnerability in the Linux kernel has been resolved, specifically in the iommu copy struct from user function. The issue involved a NULL pointer that should be rejected prior to...

5.5CVSS6.7AI score0.00157EPSS
Exploits0
Rows per page
Query Builder