Lucene search
K

6771 matches found

OSV
OSV
added 2025/02/03 9:3 a.m.3 views

SUSE-SU-2025:20072-1 Security update for opensc

This update for opensc fixes the following issues: - CVE-2024-8443: Fixed heap buffer overflow in OpenPGP driver when generating key bsc1230364 - CVE-2024-45620: Fixed incorrect handling of the length of buffers or files in pkcs15init bsc1230076 - CVE-2024-45619: Fixed incorrect handling length o...

4.3CVSS6.1AI score0.00355EPSS
Exploits0References15
SUSE Linux
SUSE Linux
added 2025/02/01 9:53 a.m.1 views

Security update for buildah

This update for buildah fixes the following issues: Update to version 1.35.5 CVE-2024-11218: Fix TOCTOU error when bind and cache mounts use "src" values. bsc1236272 Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper...

8.7CVSS6.8AI score0.00358EPSS
Exploits0References6
OSV
OSV
added 2025/01/31 6:15 a.m.4 views

CVE-2024-12772

The Ninja Tables WordPress plugin before 5.0.17 does not sanitize and escape a parameter before outputting it back in the page when importing a CSV, leading to a Cross Site Scripting vulnerability...

5.4CVSS7.3AI score0.0032EPSS
Exploits1References1
CNNVD
CNNVD
added 2025/01/31 12:0 a.m.7 views

WordPress plugin Ninja Tables 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers with PHP and MySQL. WordPress plugin is an application plugin. A security vulnerability exists in th...

6.1CVSS7.7AI score0.0032EPSS
Exploits1References1
OSV
OSV
added 2025/01/30 8:15 p.m.3 views

UBUNTU-CVE-2024-10603

Weaknesses in the generation of TCP/UDP source ports and some other header values in Google's gVisor allowed them to be predicted by an external attacker in some circumstances...

6.3CVSS5.8AI score0.00258EPSS
Exploits1References5
OSV
OSV
added 2025/01/30 7:13 p.m.26 views

BIT-GOLANG-2025-22865

Using ParsePKCS1PrivateKey to parse a RSA key that is missing the CRT values would panic when verifying that the key is well formed...

7.5CVSS7.4AI score0.00587EPSS
Exploits0References4
Cvelist
Cvelist
added 2025/01/30 3:30 p.m.13 views

CVE-2025-23216 Argo CD does not scrub secret values from patch errors

Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. A vulnerability was discovered in Argo CD that exposed secret values in error messages and the diff view when an invalid Kubernetes Secret resource was synced from a repository. The vulnerability assumes the user has write...

6.8CVSS0.00458EPSS
Exploits0References3
OSV
OSV
added 2025/01/30 3:30 p.m.13 views

CVE-2025-23216 Argo CD does not scrub secret values from patch errors

Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. A vulnerability was discovered in Argo CD that exposed secret values in error messages and the diff view when an invalid Kubernetes Secret resource was synced from a repository. The vulnerability assumes the user has write...

6.8CVSS6.4AI score0.00458EPSS
Exploits0References5
NVD
NVD
added 2025/01/30 2:15 p.m.10 views

CVE-2024-13646

The Single-user-chat plugin for WordPress is vulnerable to unauthorized modification of data that can lead to a denial of service due to insufficient validation on the 'singleuserchatupdatelogin' function in all versions up to, and including, 0.5. This makes it possible for authenticated attacker...

8.1CVSS0.0036EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/01/30 12:0 a.m.6 views

Wiesemann & Theis ComServer Use of Insufficiently Random Values (CVE-2022-42787)

Multiple W&T products of the Comserver Series use a small number space for allocating sessions ids. After login of an user an unathenticated remote attacker can brute force the users session id and get access to his account on the the device. As the user needs to log in for the attack to be...

8.8CVSS7.9AI score0.00734EPSS
Exploits0References2
IBM Security Bulletins
IBM Security Bulletins
added 2025/01/29 10:54 a.m.13 views

Security Bulletin: IBM App Connect Enterprise Certified Container operands are vulnerable to use of insufficient random values [CVE-2025-22150]

Summary Node.js module undici is used by IBM App Connect Enterprise Certified Container for http calls. IBM App Connect Enterprise Certified Container DesignerAuthoring, IntegrationServer and IntegrationRuntime operands are vulnerable to use of insufficient random values. This bulletin provides...

6.8CVSS6.3AI score0.00736EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/01/28 9:51 p.m.14 views

Security Bulletin: IBM App Connect Enterprise is vulnerable to non-integer values mishandles due to nanoid (CVE-2024-55565)

Summary IBM App Connect Enterprise Connector Discovery and OpenAPI Editor, IBM App Connect Enterprise Discovery Connectors and IBM App Connect Enterprise Runtime are vulnerable to non-integer value mishandles due to nanoid. Vulnerability Details CVEID:CVE-2024-55565 DESCRIPTION: nanoid aka Nano I...

4.3CVSS6.2AI score0.00666EPSS
Exploits0Affected Software1
RedHat Linux
RedHat Linux
added 2025/01/28 8:56 p.m.20 views

Important: Red Hat Security Advisory: Multicluster Engine for Kubernetes 2.6.5 security updates and bug fixes

Multicluster Engine for Kubernetes 2.6.5 General Availability release images, which provide enhancements, bug fixes, and updated container images. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which...

9.1CVSS6.7AI score0.03092EPSS
Exploits2References4
OSV
OSV
added 2025/01/28 2:15 a.m.1 views

DEBIAN-CVE-2025-22865

Using ParsePKCS1PrivateKey to parse a RSA key that is missing the CRT values would panic when verifying that the key is well formed...

7.5CVSS7AI score0.00587EPSS
Exploits0References1
OSV
OSV
added 2025/01/28 2:15 a.m.12 views

CVE-2025-22865

Using ParsePKCS1PrivateKey to parse a RSA key that is missing the CRT values would panic when verifying that the key is well formed...

7.4AI score
Exploits0References4
OSV
OSV
added 2025/01/28 2:15 a.m.2 views

UBUNTU-CVE-2025-22865

Using ParsePKCS1PrivateKey to parse a RSA key that is missing the CRT values would panic when verifying that the key is well formed...

7.5CVSS7AI score0.00587EPSS
Exploits0References5
CVE
CVE
added 2025/01/28 1:3 a.m.115 views

CVE-2025-22865

CVE-2025-22865 corresponds to a panic in RSA key parsing when CRT values are missing observed in multiple advisories. IBM Storage Ceph’s Grafana-based dashboard uses Golang components and lists this CVE among affected versions (IBM Storage Ceph 6.x–8.x ranges) with a remediation to upgrade to IBM...

7.5CVSS7.1AI score0.00587EPSS
Exploits0References4
Debian CVE
Debian CVE
added 2025/01/28 1:3 a.m.9 views

CVE-2025-22865

Using ParsePKCS1PrivateKey to parse a RSA key that is missing the CRT values would panic when verifying that the key is well formed...

7.5CVSS7AI score0.00587EPSS
Exploits0
Snyk
Snyk
added 2025/01/28 12:47 a.m.3 views

Uncaught Exception

Overview std/crypto/x509 is a Go standard library package std/crypto/x509 Affected versions of this package are vulnerable to Uncaught Exception. Go Vulnerability Report: Using ParsePKCS1PrivateKey to parse a RSA key that is missing the CRT values would panic when verifying that the key is well...

8.7CVSS6.7AI score0.00587EPSS
Exploits0References3
OSV
OSV
added 2025/01/28 12:47 a.m.20 views

GO-2025-3421 ParsePKCS1PrivateKey panic with partial keys in crypto/x509

Using ParsePKCS1PrivateKey to parse a RSA key that is missing the CRT values would panic when verifying that the key is well formed...

7.5CVSS7.4AI score0.00587EPSS
Exploits0References3
Rows per page
Query Builder