Lucene search
K

2989 matches found

Debian CVE
Debian CVE
added 2025/08/06 8:48 a.m.6 views

CVE-2025-8556

A flaw was found in CIRCL's implementation of the FourQ elliptic curve. This vulnerability allows an attacker to compromise session security via low-order point injection and incorrect point validation during Diffie-Hellman key exchange...

3.7CVSS8.1AI score0.00452EPSS
Exploits0
UbuntuCve
UbuntuCve
added 2025/08/06 12:15 a.m.5 views

CVE-2025-54571

ModSecurity is an open source, cross platform web application firewall WAF engine for Apache, IIS and Nginx. In versions 2.9.11 and below, an attacker can override the HTTP response’s Content-Type, which could lead to several issues depending on the HTTP scenario. For example, we have demonstrate...

6.9CVSS6.7AI score0.00263EPSS
Exploits1References4
Tenable Nessus
Tenable Nessus
added 2025/08/06 12:0 a.m.2 views

Linux Distros Unpatched Vulnerability : CVE-2020-14794

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Optimizer. Supported versions that are affected are 8.0.21 and prior. Easily...

4.9CVSS6AI score0.02336EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/08/06 12:0 a.m.3 views

Linux Distros Unpatched Vulnerability : CVE-2024-8381

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A potentially exploitable type confusion could be triggered when looking up a property name on an object being used as the with environment. This vulnerability...

9.8CVSS8.2AI score0.04395EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2025/08/06 12:0 a.m.2 views

Linux Distros Unpatched Vulnerability : CVE-2024-39338

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - axios 1.7.2 allows SSRF via unexpected behavior where requests for path relative URLs get processed as protocol relative URLs. CVE-2024-39338 Note that Nessus...

7.5CVSS6.7AI score0.01414EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2025/08/06 12:0 a.m.2 views

Linux Distros Unpatched Vulnerability : CVE-2025-38084

"The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - mm/hugetlb: unshare page tables during VMA split, not before Currently, splitvma triggers hugetlb page table unsharing through vmops-maysplit. This happens...

5.5CVSS6.6AI score0.00152EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2025/08/06 12:0 a.m.5 views

Linux Distros Unpatched Vulnerability : CVE-2023-21920

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Optimizer. Supported versions that are affected are 8.0.32 and prior. Easily...

4.9CVSS6AI score0.01456EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/08/06 12:0 a.m.2 views

Linux Distros Unpatched Vulnerability : CVE-2022-21617

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Connection Handling. Supported versions that are affected are 5.7.39 and prior and...

4.9CVSS6AI score0.01369EPSS
Exploits0References2
UbuntuCve
UbuntuCve
added 2025/08/05 8:15 p.m.3 views

CVE-2012-10024

XBMC version 11.0 contains a path traversal vulnerability in its embedded HTTP server. When accessed via HTTP Basic Authentication, the server fails to properly sanitize URI input, allowing authenticated users to request files outside the intended document root. An attacker can exploit this flaw ...

7.1CVSS5.9AI score0.0106EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2025/08/05 12:0 a.m.2 views

Linux Distros Unpatched Vulnerability : CVE-2025-38189

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - drm/v3d: Avoid NULL pointer dereference in v3djobupdatestats The following kernel Oops was recently reported by Mesa CI: 800.139824 Unable to handle kernel NULL...

5.5CVSS6.5AI score0.00145EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/08/05 12:0 a.m.2 views

Linux Distros Unpatched Vulnerability : CVE-2021-47109

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: neighbour: allow NUDNOARP entries to be forced GCed IFFPOINTOPOINT interfaces use NUDNOARP...

5.5CVSS6.2AI score0.00235EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/08/05 12:0 a.m.2 views

Linux Distros Unpatched Vulnerability : CVE-2025-37951

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - drm/v3d: Add job to pending list if the reset was skipped When a CL/CSD job times out, we check if the GPU has made any progress since the last timeout. If so,...

5.5CVSS6.5AI score0.00149EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2025/08/05 12:0 a.m.3 views

Linux Distros Unpatched Vulnerability : CVE-2025-21864

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: tcp: drop secpath at the same time as we currently drop dst Xiumei reported hitting the WARN...

5.5CVSS5.6AI score0.002EPSS
Exploits0References3
UbuntuCve
UbuntuCve
added 2025/08/04 8:15 p.m.4 views

CVE-2025-50340

An Insecure Direct Object Reference IDOR vulnerability was discovered in SOGo Webmail thru 5.6.0, allowing an authenticated user to send emails on behalf of other users by manipulating a user-controlled identifier in the email-sending request. The server fails to verify whether the authenticated...

4.3CVSS5.9AI score0.00304EPSS
Exploits0References2
UbuntuCve
UbuntuCve
added 2025/08/04 6:15 p.m.4 views

CVE-2025-46206

An issue in Artifex mupdf 1.25.6, 1.25.5 allows a remote attacker to cause a denial of service via an infinite recursion in the mutool clean utility. When processing a crafted PDF file containing cyclic /Next references in the outline structure, the stripoutline function enters infinite recursion...

6.5CVSS6.6AI score0.00383EPSS
Exploits1References5
UbuntuCve
UbuntuCve
added 2025/08/04 5:15 p.m.3 views

CVE-2025-50420

An issue in the pdfseparate utility of freedesktop poppler v25.04.0 allows attackers to cause an infinite recursion via supplying a crafted PDF file. This can lead to a Denial of Service DoS...

6.5CVSS6.6AI score0.0035EPSS
Exploits1References3
Debian CVE
Debian CVE
added 2025/08/04 12:0 a.m.14 views

CVE-2025-50420

An issue in the pdfseparate utility of freedesktop poppler v25.04.0 allows attackers to cause an infinite recursion via supplying a crafted PDF file. This can lead to a Denial of Service DoS...

6.5CVSS6.3AI score0.0035EPSS
Exploits1
UbuntuCve
UbuntuCve
added 2025/08/03 6:15 p.m.2 views

CVE-2025-54956

The gh package before 1.5.0 for R delivers an HTTP response in a data structure that includes the Authorization header from the corresponding HTTP request...

3.2CVSS5.9AI score0.00134EPSS
Exploits0References4
UbuntuCve
UbuntuCve
added 2025/08/03 2:15 a.m.3 views

CVE-2025-54350

In iperf before 3.19.1, iperfauth.c has a Base64Decode assertion failure and application exit upon a malformed authentication attempt...

5.3CVSS6.1AI score0.00385EPSS
Exploits0References4
UbuntuCve
UbuntuCve
added 2025/08/03 12:15 a.m.6 views

CVE-2025-54955

OpenNebula Community Edition CE before 7.0.0 and Enterprise Edition EE before 6.10.3 have a critical FireEdge race condition that can lead to full account takeover. By exploiting this, an unauthenticated attacker can obtain a valid JSON Web Token JWT belonging to a legitimate user without knowled...

8.1CVSS5.9AI score0.00329EPSS
Exploits0References6
Rows per page
Query Builder