Lucene search
K

334 matches found

euvd
euvd
added 2025/10/03 8:7 p.m.18 views

EUVD-2022-6997

Malicious code in bioql PyPI...

5.3CVSS5.5AI score0.00666EPSS
Exploits0References5
redhatcve
redhatcve
added 2025/10/02 4:44 p.m.4 views

CVE-2025-59952

MinIO Java SDK is a Simple Storage Service aka S3 client to perform bucket and object operations to any Amazon S3 compatible object storage service. In minio-java versions prior to 8.6.0, XML tag values containing references to system properties or environment variables were automatically...

8.7CVSS6.2AI score0.00458EPSS
Exploits0References5
vulnrichment
vulnrichment
added 2025/09/29 11:32 p.m.2 views

CVE-2025-59952 minio-java Client XML Tag is Vulnerable to Value Substitution

MinIO Java SDK is a Simple Storage Service aka S3 client to perform bucket and object operations to any Amazon S3 compatible object storage service. In minio-java versions prior to 8.6.0, XML tag values containing references to system properties or environment variables were automatically...

8.7CVSS6.3AI score0.00458EPSS
Exploits0References3
cve
cve
added 2025/09/29 11:32 p.m.27 views

CVE-2025-59952

CVE-2025-59952 is a vulnerability in the MinIO Java SDK (minio-java). In versions prior to 8.6.0, XML tag values containing references to system properties or environment variables were substituted with their actual values during processing, potentially exposing sensitive information (credentials...

8.7CVSS6.3AI score0.00458EPSS
Exploits0References3
cvelist
cvelist
added 2025/09/29 11:32 p.m.14 views

CVE-2025-59952 minio-java Client XML Tag is Vulnerable to Value Substitution

MinIO Java SDK is a Simple Storage Service aka S3 client to perform bucket and object operations to any Amazon S3 compatible object storage service. In minio-java versions prior to 8.6.0, XML tag values containing references to system properties or environment variables were automatically...

8.7CVSS0.00458EPSS
Exploits0References3
github
github
added 2025/09/29 5:53 p.m.9 views

MinIO Java Client XML Tag Value Substitution Vulnerability

Description In minio-java versions prior to 8.6.0, XML tag values containing references to system properties or environment variables were automatically substituted with their actual values during processing. This unintended behavior could lead to the exposure of sensitive information, including...

8.7CVSS6.6AI score0.00458EPSS
Exploits0References5Affected Software1
gitee
gitee
added 2025/09/06 12:9 p.m.116 views

Exploit for Deserialization of Untrusted Data in Siemens 6Bk1602-0Aa12-0Tp0_Firmware

🤝 Show your support - give a ⭐️ if you liked the content | SHARE on Twitter | Follow me on --- 🐱‍💻 ✂️ 🤬 LOG4J Java exploit - WAF and patches bypass tricks 📝 Description CVE-2021-44228 works on: log4j: 2.0 Upper Lookup The UpperLookup converts the passed in argument to upper case. Presumably the...

10CVSS9AI score0.99999EPSS
Exploits357
nessus
nessus
added 2025/08/18 12:0 a.m.3 views

Linux Distros Unpatched Vulnerability : CVE-2023-50291

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Insufficiently Protected Credentials vulnerability in Apache Solr. This issue affects Apache Solr: from 6.0.0 through 8.11.2, from 9.0.0 before 9.3.0. One of th...

7.5CVSS6.8AI score0.03306EPSS
Exploits0References2
redhatcve
redhatcve
added 2025/05/23 4:7 a.m.9 views

CVE-2023-38300

A certain software build for the Orbic Maui device Orbic/RC545L/RC545L:10/ORB545LV1.4.2BVZPP/230106:user/release-keys leaks the IMEI and the ICCID to system properties that can be accessed by any local app on the device without any permissions or special privileges. Google restricted third-party...

6.2CVSS6.6AI score0.00184EPSS
Exploits0References1
redhatcve
redhatcve
added 2025/05/23 2:24 a.m.6 views

CVE-2023-38302

A certain software build for the Sharp Rouvo V device SHARP/VZWSTTM21VAPP/STTM21VAPP:12/SP1A.210812.016/1KN00530:user/release-keys leaks the Wi-Fi MAC address and the Bluetooth MAC address to system properties that can be accessed by any local app on the device without any permissions or special...

4.3CVSS6.6AI score0.00352EPSS
Exploits0References1
redhatcve
redhatcve
added 2025/05/23 1:20 a.m.7 views

CVE-2022-43424

Jenkins Compuware Xpediter Code Coverage Plugin 1.0.7 and earlier implements an agent/controller message that does not limit where it can be executed, allowing attackers able to control agent processes to obtain the values of Java system properties from the Jenkins controller process...

5.3CVSS6.8AI score0.00647EPSS
Exploits0References1
redhatcve
redhatcve
added 2025/05/23 12:5 a.m.8 views

CVE-2022-43423

Jenkins Compuware Source Code Download for Endevor, PDS, and ISPW Plugin 2.0.12 and earlier implements an agent/controller message that does not limit where it can be executed, allowing attackers able to control agent processes to obtain the values of Java system properties from the Jenkins...

5.3CVSS6.8AI score0.00579EPSS
Exploits0References1
redhatcve
redhatcve
added 2025/05/23 12:1 a.m.15 views

CVE-2022-43422

Jenkins Compuware Topaz Utilities Plugin 1.0.8 and earlier implements an agent/controller message that does not limit where it can be executed, allowing attackers able to control agent processes to obtain the values of Java system properties from the Jenkins controller process...

5.3CVSS6.6AI score0.00666EPSS
Exploits0References1
redhatcve
redhatcve
added 2025/05/23 12:0 a.m.8 views

CVE-2022-43428

Jenkins Compuware Topaz for Total Test Plugin 2.4.8 and earlier implements an agent/controller message that does not limit where it can be executed, allowing attackers able to control agent processes to obtain the values of Java system properties from the Jenkins controller process...

5.3CVSS6.6AI score0.00647EPSS
Exploits0References1
redhatcve
redhatcve
added 2025/05/22 11:18 p.m.5 views

CVE-2022-36900

Jenkins Compuware zAdviser API Plugin 1.0.3 and earlier does not restrict execution of a controller/agent message to agents, allowing attackers able to control agent processes to retrieve Java system properties...

8.2CVSS7.3AI score0.00832EPSS
Exploits0References1
redhatcve
redhatcve
added 2025/05/22 7:1 p.m.8 views

CVE-2021-0681

In system properties, there is a possible information disclosure due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android SoCAndroid ID:...

5.5CVSS6.2AI score0.00104EPSS
Exploits0References1
redhatcve
redhatcve
added 2025/05/22 10:21 a.m.5 views

CVE-2019-15364

The Dexp BL250 Android device with a build fingerprint of DEXP/BL250/BL250:8.1.0/O11019/1530858027:user/release-keys contains a pre-installed app with a package name of com.mediatek.wfo.impl app versionCode=27, versionName=8.1.0 that allows any app co-located on the device to modify a system...

5.5CVSS6.6AI score0.00285EPSS
Exploits0References1
redhatcve
redhatcve
added 2025/05/22 10:20 a.m.6 views

CVE-2019-15430

The Bluboo D3 Pro Android device with a build fingerprint of BLUBOO/BlubooD2Pro/BlubooD2Pro:7.0/NRD90M/1510370501:user/release-keys contains a pre-installed app with a package name of com.qiku.cleaner app versionCode=2, versionName=2.0.0VER32516508295515 that allows other pre-installed apps to...

5.5CVSS6.7AI score0.00285EPSS
Exploits0References1
redhatcve
redhatcve
added 2025/05/22 10:20 a.m.5 views

CVE-2019-15385

The Infinix Note 5 Android device with a build fingerprint of Infinix/H633B/Infinix-X604sprout:8.1.0/O11019/L-IN-180206V64:user/release-keys contains a pre-installed app with a package name of com.mediatek.wfo.impl app versionCode=27, versionName=8.1.0 that allows any app co-located on the device...

5.5CVSS6.6AI score0.00285EPSS
Exploits0References1
redhatcve
redhatcve
added 2025/05/22 10:20 a.m.7 views

CVE-2019-15431

The Evercoss U50A Android device with a build fingerprint of EVERCOSS/U50A./EVERCOSS:7.0/NRD90M/1499911028:eng/test-keys contains a pre-installed app with a package name of com.qiku.cleaner app versionCode=2, versionName=2.0VER2017.04.2117:55:55 that allows other pre-installed apps to perform...

5.5CVSS6.7AI score0.00285EPSS
Exploits0References1
Rows per page
Query Builder