Lucene search
K

1838 matches found

SUSE CVE
SUSE CVE
added 2025/08/11 11:22 p.m.3 views

SUSE CVE-2025-54997

OpenBao exists to provide a software solution to manage, store, and distribute sensitive data including secrets, certificates, and keys. In versions 2.3.1 and below, some OpenBao deployments intentionally limit privileged API operators from executing system code or making network connections...

9.1CVSS7.5AI score0.00346EPSS
Exploits0References4
Veracode
Veracode
added 2025/08/10 10:21 p.m.6 views

Improper Access Control

github.com/openbao/openbao is vulnerable to improper access control. The vulnerability is due to the ability of privileged API operators to bypass restrictions on system code execution and network connections through manipulation of audit log prefixes, which allows an attacker to execute...

9.1CVSS7.5AI score0.00346EPSS
Exploits0References6Affected Software2
CNNVD
CNNVD
added 2025/08/09 12:0 a.m.13 views

OpenBao 代码注入漏洞

OpenBao is OpenBao open source a sensitive data management software . A code injection vulnerability exists in OpenBao 2.3.1 and earlier versions that can be exploited by attackers to cause unauthorized code execution and network access...

9.1CVSS7.7AI score0.00346EPSS
Exploits0References5
Rosalinux
Rosalinux
added 2025/08/06 8:30 a.m.4 views

Advisory ROSA-SA-2025-2926

software: yelp 42.2 WASP: ROSA-CHROME unaffected versions = yelp-42.2-2 affected versions yelp-42.2-2 CVE-ID: CVE-2025-3155 BDU-ID: 2025-03944 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the Yelp help system is related to the inclusion of features from an invalid controlled scope when processing...

7.4CVSS7.7AI score0.10598EPSS
Exploits1
NVD
NVD
added 2025/07/30 8:15 p.m.5 views

CVE-2025-54583

GitProxy is an application that stands between developers and a Git remote endpoint e.g., github.com. Versions 1.19.1 and below allow users to push to remote repositories while bypassing policies and explicit approvals. Since checks and plugins are skipped, code containing secrets or unwanted...

8.3CVSS0.00436EPSS
Exploits1References4
Zero Day Initiative
Zero Day Initiative
added 2025/07/29 12:0 a.m.6 views

AVG TuneUp for PC TuneupSvc Link Following Local Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on affected installations of AVG TuneUp for PC. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the AVG TuneUp...

7.8CVSS6.7AI score0.00137EPSS
Exploits0
Github Security Blog
Github Security Blog
added 2025/07/27 9:30 a.m.9 views

smolagents has Sandbox Escape Vulnerability in the local_python_executor.py Module

A sandbox escape vulnerability was identified in huggingface/smolagents version 1.14.0, allowing attackers to bypass the restricted execution environment and achieve remote code execution RCE. The vulnerability stems from the localpythonexecutor.py module, which inadequately restricts Python code...

10CVSS7.9AI score0.18654EPSS
Exploits1References4Affected Software1
NVD
NVD
added 2025/07/21 8:15 p.m.5 views

CVE-2025-7254

IrfanView CADImage Plugin DXF File Parsing Memory Corruption Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView CADImage Plugin. User interaction is required to exploit this vulnerability in that the...

7.8CVSS0.0022EPSS
Exploits0References1
NVD
NVD
added 2025/07/20 1:15 a.m.14 views

CVE-2025-53770

Deserialization of untrusted data in on-premises Microsoft SharePoint Server allows an unauthorized attacker to execute code over a network. Microsoft is aware that an exploit for CVE-2025-53770 exists in the wild. Microsoft is preparing and fully testing a comprehensive update to address this...

9.8CVSS0.99982EPSS
Exploits41References13
Tenable Nessus
Tenable Nessus
added 2025/07/20 12:0 a.m.13 views

Security Updates for Microsoft SharePoint Server 2019

The Microsoft SharePoint Server 2019 installation on the remote host is missing security updates. It is, therefore, affected by multiple vulnerabilities: - Improper limitation of a pathname to a restricted directory 'path traversal' in Microsoft Office SharePoint allows an authorized attacker to...

9.8CVSS8.3AI score0.99982EPSS
Exploits41References5
CISA KEV Catalog
CISA KEV Catalog
added 2025/07/20 12:0 a.m.51 views

Microsoft SharePoint Deserialization of Untrusted Data Vulnerability

Microsoft SharePoint Server on-premises contains a deserialization of untrusted data vulnerability that could allow an unauthorized attacker to execute code over a network. This vulnerability could be chained with CVE-2025-53771. CVE-2025-53770 is a patch bypass for CVE-2025-49704, and the update...

9.8CVSS8.7AI score0.99982EPSS
In wildExploits41
RedhatCVE
RedhatCVE
added 2025/07/10 5:18 p.m.4 views

CVE-2025-49670

Heap-based buffer overflow in Windows Routing and Remote Access Service RRAS allows an unauthorized attacker to execute code over a network...

6.5CVSS8.2AI score0.00852EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/07/10 5:18 p.m.4 views

CVE-2025-49753

Heap-based buffer overflow in Windows Routing and Remote Access Service RRAS allows an unauthorized attacker to execute code over a network...

8.8CVSS8.2AI score0.00748EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/07/10 5:18 p.m.8 views

CVE-2025-49714

Trust boundary violation in Visual Studio Code - Python extension allows an unauthorized attacker to execute code locally...

7.8CVSS7.7AI score0.00398EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/07/10 5:18 p.m.3 views

CVE-2025-49657

Heap-based buffer overflow in Windows Routing and Remote Access Service RRAS allows an unauthorized attacker to execute code over a network...

8.8CVSS8.2AI score0.00921EPSS
Exploits0References1
NVD
NVD
added 2025/07/08 5:16 p.m.7 views

CVE-2025-49735

Use after free in Windows KDC Proxy Service KPSSVC allows an unauthorized attacker to execute code over a network...

8.1CVSS0.01061EPSS
Exploits0References1
NVD
NVD
added 2025/07/08 5:15 p.m.10 views

CVE-2025-49714

Trust boundary violation in Visual Studio Code - Python extension allows an unauthorized attacker to execute code locally...

7.8CVSS0.00398EPSS
Exploits0References1
OSV
OSV
added 2025/07/08 5:15 p.m.9 views

CVE-2025-49714

Trust boundary violation in Visual Studio Code - Python extension allows an unauthorized attacker to execute code locally...

7.8CVSS6.6AI score0.00398EPSS
Exploits0References1
NVD
NVD
added 2025/07/08 5:15 p.m.5 views

CVE-2025-49691

Heap-based buffer overflow in Windows Media allows an unauthorized attacker to execute code over an adjacent network...

8CVSS0.00451EPSS
Exploits0References1
CVE
CVE
added 2025/07/08 4:58 p.m.45 views

CVE-2025-49729

Technical details about CVE-2025-49729 are not provided in the connected documents. The initial description notes a heap-based buffer overflow in RRAS that could enable remote code execution, but no affected product/version specifics or mitigations are included.

8.8CVSS7.5AI score0.00574EPSS
Exploits0References1Affected Software7
Rows per page
Query Builder