Lucene search
K

6771 matches found

RedHat Linux
RedHat Linux
added 2025/02/12 12:11 a.m.3 views

python-django: Potential SQL injection in QuerySet.values() and values_list()

A flaw was found in Django. The QuerySet.values and QuerySet.valueslist methods on models with a JSONField were subject to SQL injection in column aliases via a crafted JSON object key as a passed arg...

9.8CVSS7.1AI score0.01227EPSS
Exploits0References5
CNNVD
CNNVD
added 2025/02/12 12:0 a.m.2 views

WordPress plugin Click Mag 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

8.1CVSS8.2AI score0.00425EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/02/12 12:0 a.m.2 views

WordPress plugin ZoxPress 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...

8.1CVSS8.2AI score0.00384EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/02/12 12:0 a.m.3 views

OpenSearch Dashboards Reports 安全漏洞

OpenSearch Dashboards Reports is an OpenSearch open source application. It is used to export and automate PNG, PDF and CSV reports in OpenSearch Dashboard. A security vulnerability exists in OpenSearch Dashboards Reports version 2.19, which stems from the Dashboards Reports module containing a...

6.4CVSS7AI score0.00557EPSS
Exploits2References7
Tenable Nessus
Tenable Nessus
added 2025/02/12 12:0 a.m.8 views

RHEL 8 : nodejs:20 (RHSA-2025:1351)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2025:1351 advisory. Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language...

7.7CVSS6.6AI score0.01282EPSS
Exploits0References8
OSV
OSV
added 2025/02/11 6:31 p.m.7 views

GHSA-V3VC-6QCV-4VRX Apache NiFi: Potential Insertion of Sensitive Parameter Values in Debug Log

Apache NiFi 1.16.0 through 1.28.0 and 2.0.0-M1 through 2.0.0-M4 include optional debug logging of Parameter Context values during the flow synchronization process. An authorized administrator with access to change logging levels could enable debug logging for framework flow synchronization, causi...

6.9CVSS5.9AI score0.00737EPSS
Exploits0References7
AstraLinux
AstraLinux
added 2025/02/11 7:35 a.m.8 views

Astra Linux – Vulnerability in Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: media: ar0521 – No overflow occurs when checking PLL values. According to Coverity reports, the PLL checks compare 64-bit integers with 32-bit ones. Depending on the values of the variables, this may lead to underflow. The issue...

5.5CVSS6AI score0.00227EPSS
Exploits0References3
AstraLinux
AstraLinux
added 2025/02/11 7:35 a.m.1 views

Astra Linux - уязвимость в imagemagick

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to version 7.1.2-1, when preparing to transform from Log to sRGB colorspaces, the logmap construction fails to handle cases where the reference-black or reference-white value is larger than 1024...

5.5CVSS6.8AI score0.00243EPSS
Exploits1References2
RedhatCVE
RedhatCVE
added 2025/02/06 12:1 a.m.6 views

CVE-2022-29208

TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implementation of tf.rawops.EditDistance has incomplete validation. Users can pass negative values to cause a segmentation fault based denial of service. In multiple places throughout...

7.1CVSS6.6AI score0.00378EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/02/06 12:0 a.m.7 views

CVE-2022-29219

Lodestar is a TypeScript implementation of the Ethereum Consensus specification. Prior to version 0.36.0, there is a possible consensus split given maliciously-crafted AttesterSlashing or ProposerSlashing being included on-chain. Because the developers represent uint64 values as native javascript...

7.5CVSS6.6AI score0.01228EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/02/05 11:43 p.m.7 views

CVE-2022-41158

Remote code execution vulnerability can be achieved by using cookie values as paths to a file by this builder program. A remote attacker could exploit the vulnerability to execute or inject malicious code...

9.8CVSS7.6AI score0.01837EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/02/05 7:38 p.m.10 views

CVE-2022-39218

The JS Compute Runtime for Fastly's Compute@Edge platform provides the environment JavaScript is executed in when using the Compute@Edge JavaScript SDK. In versions prior to 0.5.3, the Math.random and crypto.getRandomValues methods fail to use sufficiently random values. The initial value to seed...

7.5CVSS6.5AI score0.00752EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/02/05 7:36 p.m.10 views

CVE-2022-39327

Azure CLI is the command-line interface for Microsoft Azure. In versions previous to 2.40.0, Azure CLI contains a vulnerability for potential code injection. Critical scenarios are where a hosting machine runs an Azure CLI command where parameter values have been provided by an external source. T...

9.8CVSS7.3AI score0.03207EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/02/05 10:45 a.m.14 views

CVE-2024-21522

All versions of the package audify are vulnerable to Improper Validation of Array Index when frameSize is provided to the new OpusDecoder.decode or new OpusDecoder.decodeFloat functions it is not checked for negative values. This can lead to a process crash...

7.5CVSS6.7AI score0.00611EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2025/02/05 8:58 a.m.20 views

Important: Red Hat Security Advisory: Red Hat OpenShift Service Mesh Containers for 2.5.8

Red Hat OpenShift Service Mesh Containers for 2.5.8 This update has a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the References section. Red Hat OpenShift...

8.7CVSS6.7AI score0.00856EPSS
Exploits0References4
CNNVD
CNNVD
added 2025/02/05 12:0 a.m.3 views

Mobile Security Framework 跨站脚本漏洞

Mobile Security Framework MobSF is an automated all-in-one mobile application from Mobile Security Framework open source. Used for penetration testing, malware analysis and security assessments, it is capable of performing both static and dynamic analysis. Mobile Security Framework MobSF suffers...

8.4CVSS5.7AI score0.00358EPSS
Exploits1References3
OSV
OSV
added 2025/02/04 10:6 p.m.10 views

GO-2025-3433 Argo CD does not scrub secret values from patch errors in github.com/argoproj/argo-cd

Argo CD does not scrub secret values from patch errors in github.com/argoproj/argo-cd...

6.8CVSS6.7AI score0.00458EPSS
Exploits0References5
OSV
OSV
added 2025/02/04 10:6 p.m.11 views

GO-2025-3437 Argo CD GitOps Engine does not scrub secret values from patch errors in github.com/argoproj/gitops-engine

Argo CD GitOps Engine does not scrub secret values from patch errors in github.com/argoproj/gitops-engine. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is causing false-positive reports from...

6.8AI score
Exploits0References4
OSV
OSV
added 2025/02/04 10:6 p.m.18 views

GO-2025-3431 kube-audit-rest's example logging configuration could disclose secret values in the audit log in github.com/RichardoC/kube-audit-rest

kube-audit-rest's example logging configuration could disclose secret values in the audit log in github.com/RichardoC/kube-audit-rest...

5.1CVSS9.3AI score0.00191EPSS
Exploits0References3
Snyk
Snyk
added 2025/02/03 9:43 p.m.3 views

Class Pollution

Overview django-unicorn is an A magical full-stack framework for Django. Affected versions of this package are vulnerable to Class Pollution in the setpropertyvalue function. An attacker can manipulate the Python runtime environment and trigger unintended behaviors by providing malicious values i...

10CVSS7.1AI score0.00451EPSS
Exploits0References3
Rows per page
Query Builder