Lucene search
K

6765 matches found

NVD
NVD
added 2025/04/01 1:15 p.m.12 views

CVE-2025-3031

An attacker could read 32 bits of values spilled onto the stack in a JIT compiled function. This vulnerability was fixed in Firefox 137 and Thunderbird 137...

6.5CVSS0.00262EPSS
Exploits0References3
Cvelist
Cvelist
added 2025/04/01 12:29 p.m.20 views

CVE-2025-3031 JIT optimization bug with different stack slot sizes

An attacker could read 32 bits of values spilled onto the stack in a JIT compiled function. This vulnerability was fixed in Firefox 137 and Thunderbird 137...

0.00262EPSS
Exploits0References3
CNNVD
CNNVD
added 2025/04/01 12:0 a.m.2 views

WordPress plugin Import Export Suite for CSV and XML Datafeed 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in...

8.1CVSS8.2AI score0.00985EPSS
Exploits0References3
CNNVD
CNNVD
added 2025/04/01 12:0 a.m.4 views

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from a failure of vmamodify to abort a merge operation when there is insufficient memory, which could result in...

5.5CVSS5.8AI score0.00173EPSS
Exploits0References4
CNNVD
CNNVD
added 2025/04/01 12:0 a.m.3 views

Mozilla Firefox和Mozilla Thunderbird 信息泄露漏洞

Mozilla Firefox and Mozilla Thunderbird are both products of the Mozilla Foundation in the U.S. Mozilla Firefox is an open source web browser. Mozilla Thunderbird is a separate set of Mozilla Application Suite from the Email client software. The software supports IMAP, POP mail protocols, and HTM...

6.5CVSS5.2AI score0.00262EPSS
Exploits0References5
CVE
CVE
added 2025/03/27 1:38 p.m.125 views

CVE-2025-21868

CVE-2025-21868 affects the Linux kernel networking path that manages small head cache and large MAX_SKB_FRAGS values. The issue arises when a specific revert and page-frag allocator behavior causes a splat in netif_napi_add_weight_locked during initialization, with the root cause tied to the smal...

5.5CVSS6.7AI score0.00176EPSS
Exploits0References4Affected Software1
Ubuntu
Ubuntu
added 2025/03/26 6:53 p.m.10 views

USN-7374-1: containerd vulnerability

Benjamin Koltermann discovered that containerd incorrectly handled large user id values. This could result in containers possibly being run as root, contrary to expectations...

7.8CVSS6.5AI score0.00275EPSS
Exploits1
NVD
NVD
added 2025/03/26 9:15 a.m.8 views

CVE-2024-13801

The BWL Advanced FAQ Manager plugin for WordPress is vulnerable to unauthorized modification of data that can lead to a denial of service due to a missing capability check on the 'bafsetnoticestatus' AJAX action in all versions up to, and including, 2.1.4. This makes it possible for authenticated...

8.1CVSS0.00303EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/03/26 12:0 a.m.3 views

PT-2025-18448

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A issue has been identified in the Linux kernel where the user can set any speed value, potentially leading to division by zero if the speed is greater than UINT MAX/8. This issue was...

5.5CVSS6.7AI score0.00161EPSS
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/03/25 2:41 a.m.4 views

Malicious code in generate_genesis_values (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 04696576e4143f9336947fb36650924f201a9a6c56b495e5c05c80ef25713275 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

6.9AI score
Exploits0References3
BDU FSTEC
BDU FSTEC
added 2025/03/21 12:0 a.m.6 views

Vulnerability of the vhost_vdpa_mmap() function in the drivers/vhost/vdpa.c module – It is a driver for the IoTLB implementation for vhost and vringh in the Linux operating system. This vulnerability allows a attacker to cause a service failure.

Vulnerability of the vhostvdpammap function in the drivers/vhost/vdpa.c module – The IoTLB implementation for vhost and vringh in the Linux operating system’s kernel is vulnerable due to incorrect handling of missing values. Exploiting this vulnerability could allow an attacker to cause service...

5.5CVSS5.5AI score0.00222EPSS
Exploits0References15Affected Software2
Snyk
Snyk
added 2025/03/20 12:32 p.m.3 views

Denial of Service (DoS)

Overview pytorch-lightning is a lightweight PyTorch wrapper for ML researchers. Scale your models. Write less boilerplate. Affected versions of this package are vulnerable to Denial of Service DoS through the /api/v1/state endpoint of LightningApp. An attacker can cause the server to shut down by...

8.7CVSS7.1AI score0.00588EPSS
Exploits1References2
Microsoft CVE
Microsoft CVE
added 2025/03/19 7:0 a.m.5 views

In the CGI gem before 0.4.2 for Ruby, the CGI::Cookie.parse method in the CGI library contains a potential Denial of Service (DoS) vulnerability. The method does not impose any limit on the length of the raw cookie value it processes. This oversight can lead to excessive resource consumption when parsing extremely large cookies.

...

7.5CVSS7.2AI score0.00784EPSS
Exploits0
OSV
OSV
added 2025/03/17 8:15 p.m.2 views

UBUNTU-CVE-2025-0495

Buildx is a Docker CLI plugin that extends build capabilities using BuildKit. Cache backends support credentials by setting secrets directly as attribute values in cache-to/cache-from configuration. When supplied as user input, these secure values may be inadvertently captured in OpenTelemetry...

4.1CVSS7.1AI score0.0018EPSS
Exploits0References4
Debian CVE
Debian CVE
added 2025/03/17 7:21 p.m.8 views

CVE-2025-0495

Buildx is a Docker CLI plugin that extends build capabilities using BuildKit. Cache backends support credentials by setting secrets directly as attribute values in cache-to/cache-from configuration. When supplied as user input, these secure values may be inadvertently captured in OpenTelemetry...

4.1CVSS7.6AI score0.0018EPSS
Exploits0
Microsoft CVE
Microsoft CVE
added 2025/03/14 7:0 a.m.5 views

An issue was discovered in uriparser through 0.9.7. ComposeQueryEngine in UriQuery.c has an integer overflow via long keys or values, with a resultant buffer overflow.

...

8.6CVSS7AI score0.01233EPSS
Exploits0
CVE
CVE
added 2025/03/14 4:22 a.m.57 views

CVE-2025-1528

CVE-2025-1528 affects WordPress Plug-in: Search & Filter Pro up to version 2.5.19, due to missing capability check in get_meta_values, allowing authenticated users with Subscriber+ to read arbitrary post Meta. Public references indicate a security release addressing this in 2.5.20. Affected produ...

4.3CVSS4.4AI score0.00235EPSS
Exploits0References2
OSV
OSV
added 2025/03/13 6:25 p.m.16 views

MGASA-2025-0096 Updated opensc packages fix security vulnerabilities

Heap buffer overflow in openpgp driver when generating key. CVE-2024-8443 Usage of uninitialized values in libopensc and pkcs15init. CVE-2024-45615 Uninitialized values after incorrect check or usage of apdu response values in libopensc. CVE-2024-45616 Uninitialized values after incorrect or...

4.3CVSS7.2AI score0.00355EPSS
Exploits0References3
Mageia
Mageia
added 2025/03/13 6:25 p.m.27 views

Updated opensc packages fix security vulnerabilities

Heap buffer overflow in openpgp driver when generating key. CVE-2024-8443 Usage of uninitialized values in libopensc and pkcs15init. CVE-2024-45615 Uninitialized values after incorrect check or usage of apdu response values in libopensc. CVE-2024-45616 Uninitialized values after incorrect or...

4.3CVSS4.7AI score0.00355EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2025/03/13 7:11 a.m.8 views

firefox: JIT corruption of WASM i32 return values on 64-bit CPUs

A flaw was found in Firefox. The Mozilla Foundation's Security Advisory describes the following issue: On 64-bit CPUs, when the JIT compiles WASM i32 return values they can pick up bits from left over memory. This can potentially cause them to be treated as a different type...

7.6CVSS7AI score0.00294EPSS
Exploits0References8
Rows per page
Query Builder