Lucene search
K

6775 matches found

Snyk
Snyk
added 2025/03/20 12:32 p.m.3 views

Denial of Service (DoS)

Overview pytorch-lightning is a lightweight PyTorch wrapper for ML researchers. Scale your models. Write less boilerplate. Affected versions of this package are vulnerable to Denial of Service DoS through the /api/v1/state endpoint of LightningApp. An attacker can cause the server to shut down by...

8.7CVSS7.1AI score0.00588EPSS
Exploits1References2
Microsoft CVE
Microsoft CVE
added 2025/03/19 7:0 a.m.5 views

In the CGI gem before 0.4.2 for Ruby, the CGI::Cookie.parse method in the CGI library contains a potential Denial of Service (DoS) vulnerability. The method does not impose any limit on the length of the raw cookie value it processes. This oversight can lead to excessive resource consumption when parsing extremely large cookies.

...

7.5CVSS7.2AI score0.00784EPSS
Exploits0
OSV
OSV
added 2025/03/17 8:15 p.m.2 views

UBUNTU-CVE-2025-0495

Buildx is a Docker CLI plugin that extends build capabilities using BuildKit. Cache backends support credentials by setting secrets directly as attribute values in cache-to/cache-from configuration. When supplied as user input, these secure values may be inadvertently captured in OpenTelemetry...

4.1CVSS7.1AI score0.0018EPSS
Exploits0References4
Debian CVE
Debian CVE
added 2025/03/17 7:21 p.m.8 views

CVE-2025-0495

Buildx is a Docker CLI plugin that extends build capabilities using BuildKit. Cache backends support credentials by setting secrets directly as attribute values in cache-to/cache-from configuration. When supplied as user input, these secure values may be inadvertently captured in OpenTelemetry...

4.1CVSS7.6AI score0.0018EPSS
Exploits0
Microsoft CVE
Microsoft CVE
added 2025/03/14 7:0 a.m.5 views

An issue was discovered in uriparser through 0.9.7. ComposeQueryEngine in UriQuery.c has an integer overflow via long keys or values, with a resultant buffer overflow.

...

8.6CVSS7AI score0.01233EPSS
Exploits0
CVE
CVE
added 2025/03/14 4:22 a.m.58 views

CVE-2025-1528

CVE-2025-1528 affects WordPress Plug-in: Search & Filter Pro up to version 2.5.19, due to missing capability check in get_meta_values, allowing authenticated users with Subscriber+ to read arbitrary post Meta. Public references indicate a security release addressing this in 2.5.20. Affected produ...

4.3CVSS4.4AI score0.00235EPSS
Exploits0References2
Mageia
Mageia
added 2025/03/13 6:25 p.m.27 views

Updated opensc packages fix security vulnerabilities

Heap buffer overflow in openpgp driver when generating key. CVE-2024-8443 Usage of uninitialized values in libopensc and pkcs15init. CVE-2024-45615 Uninitialized values after incorrect check or usage of apdu response values in libopensc. CVE-2024-45616 Uninitialized values after incorrect or...

4.3CVSS4.7AI score0.00355EPSS
Exploits0References2
OSV
OSV
added 2025/03/13 6:25 p.m.16 views

MGASA-2025-0096 Updated opensc packages fix security vulnerabilities

Heap buffer overflow in openpgp driver when generating key. CVE-2024-8443 Usage of uninitialized values in libopensc and pkcs15init. CVE-2024-45615 Uninitialized values after incorrect check or usage of apdu response values in libopensc. CVE-2024-45616 Uninitialized values after incorrect or...

4.3CVSS7.2AI score0.00355EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2025/03/13 7:11 a.m.8 views

firefox: JIT corruption of WASM i32 return values on 64-bit CPUs

A flaw was found in Firefox. The Mozilla Foundation's Security Advisory describes the following issue: On 64-bit CPUs, when the JIT compiles WASM i32 return values they can pick up bits from left over memory. This can potentially cause them to be treated as a different type...

7.6CVSS7AI score0.00294EPSS
Exploits0References8
BDU FSTEC
BDU FSTEC
added 2025/03/12 12:0 a.m.6 views

The vulnerability of the MFlash secure data exchange platform lies in the lack of mechanisms for neutralizing elements related to CSV files, allowing attackers to execute arbitrary commands.

The vulnerability of the MFlash secure messaging platform is related to the lack of mechanisms for neutralizing elements related to CSV files. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands...

9CVSS5.9AI score
Exploits0Affected Software1
Veracode
Veracode
added 2025/03/11 9:49 a.m.19 views

Information Disclosure

Jenkins is vulnerable to information disclosure. The vulnerability is due to improper redaction of encrypted secret values in config.xml when accessed via REST API or CLI, allowing attackers with View/Read permission to retrieve sensitive information...

4.3CVSS6.1AI score0.00298EPSS
Exploits0References4Affected Software1
Veracode
Veracode
added 2025/03/10 12:18 p.m.7 views

Log Injection

Rack is vulnerable to log injection. The vulnerability is due to the Rack::Sendfile middleware logging unsanitized header values from the X-Sendfile-Type header, allowing an attacker to inject escape sequences into logs...

7.5CVSS7.4AI score0.00699EPSS
Exploits0References8Affected Software1
RedHat Linux
RedHat Linux
added 2025/03/10 6:13 a.m.3 views

firefox: JIT corruption of WASM i32 return values on 64-bit CPUs

A flaw was found in Firefox. The Mozilla Foundation's Security Advisory describes the following issue: On 64-bit CPUs, when the JIT compiles WASM i32 return values they can pick up bits from left over memory. This can potentially cause them to be treated as a different type...

7.6CVSS7AI score0.00294EPSS
Exploits0References8
BDU FSTEC
BDU FSTEC
added 2025/03/10 12:0 a.m.6 views

The vulnerability of the KWHotel software for hotel management lies in the lack of a mechanism to neutralize elements in the CSV file, allowing a hacker to trigger a service failure.

The vulnerability of the KWHotel hotel management software is related to the lack of mechanisms for neutralizing elements in the CSV file. Exploiting this vulnerability could allow a malicious actor to cause service interruptions...

10CVSS5.5AI score0.00471EPSS
Exploits1References3Affected Software1
Vulnrichment
Vulnrichment
added 2025/03/07 9:10 a.m.2 views

CVE-2025-21843 drm/panthor: avoid garbage value in panthor_ioctl_dev_query()

In the Linux kernel, the following vulnerability has been resolved: drm/panthor: avoid garbage value in panthorioctldevquery 'prioritiesinfo' is uninitialized, and the uninitialized value is copied to user object when calling PANTHORUOBJSET. Using memset to initialize 'prioritiesinfo' to avoid th...

6.1AI score0.00192EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/03/06 5:4 a.m.9 views

CVE-2025-20908

Use of insufficiently random values in Auracast prior to SMR Mar-2025 Release 1 allows adjacent attackers to access Auracast broadcasting...

6.5CVSS0.00267EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/03/06 12:0 a.m.4 views

SAMSUNG Mobile devices 安全漏洞

SAMSUNG Mobile devices are a range of Samsung mobile devices, including cell phones, tablets, etc., from the South Korean company Samsung SAMSUNG. A security vulnerability exists in SAMSUNG Mobile devices, which stems from insufficient random values and could lead to an adjacent attacker accessin...

6.5CVSS6.5AI score0.00267EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/03/05 12:48 a.m.13 views

CVE-2025-27371

In certain IETF OAuth 2.0-related specifications, when the JSON Web Token Profile for OAuth 2.0 Client Authentication mechanism is used, there are ambiguities in the audience values of JWTs sent to authorization servers. The affected RFCs may include RFC 7523, and also RFC 7521, RFC 7522, RFC 910...

6.9CVSS6.8AI score0.00321EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2025/03/05 12:0 a.m.7 views

Linux Distros Unpatched Vulnerability : CVE-2022-41716

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Due to unsanitized NUL values, attackers may be able to maliciously set environment variables on Windows. In syscall.StartProcess and os/exec.Cmd, invalid...

7.5CVSS6.7AI score0.00778EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2025/03/05 12:0 a.m.13 views

Linux Distros Unpatched Vulnerability : CVE-2024-26638

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: nbd: always initialize struct msghdr completely syzbot complains that msg-msggetinq value ca...

4.4CVSS5.6AI score0.00222EPSS
Exploits0References3
Rows per page
Query Builder