Lucene search
K

6771 matches found

OSV
OSV
added 2025/01/27 2:24 p.m.4 views

USN-7228-1 libreoffice vulnerabilities

Thomas Rinsma discovered that LibreOffice incorrectly handled paths when processing embedded font files. If a user or automated system were tricked into opening a specially crafted LibreOffice file, a remote attacker could possibly use this issue to create arbitrary files ending with ".ttf"...

6.7CVSS6AI score0.00528EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2025/01/25 3:46 a.m.4 views

SUSE CVE-2025-22865

Using ParsePKCS1PrivateKey to parse a RSA key that is missing the CRT values would panic when verifying that the key is well formed...

7.5CVSS6.9AI score0.00587EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2025/01/25 12:0 a.m.4 views

PT-2025-5343 · Webpack +2 · Webpack +2

Name of the Vulnerable Software and Affected Versions: Nuxt versions 3.0.0 through 3.15.12 Nuxt versions 3.12.2 through 3.152 Description: Source code may be stolen during development when using the webpack or rspack builder and a victim opens a malicious website. Because the request for classic...

5.3CVSS7.2AI score0.00325EPSS
Exploits0References9
CNNVD
CNNVD
added 2025/01/25 12:0 a.m.3 views

WordPress plugin Import WP – Export and Import CSV and XML files to WordPress 信息泄露漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. WordPress plugin Import WP -...

7.5CVSS8.1AI score0.00426EPSS
Exploits0References3
CNNVD
CNNVD
added 2025/01/23 12:0 a.m.3 views

KWHotel 安全漏洞

KWHotel is a hotel software for desktop, web and mobile devices from KWHotel, Inc. A security vulnerability exists in KWHotel version 0.47, which stems from a CSV formula injection in the Add Guest function...

9.8CVSS7.2AI score0.00359EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/01/23 12:0 a.m.3 views

KWHotel 安全漏洞

KWHotel is a hotel software for desktop, web and mobile devices from KWHotel, Inc. A security vulnerability exists in KWHotel version 0.47, which stems from a CSV formula injection in the Add Invoice feature...

9.8CVSS7.1AI score0.00471EPSS
Exploits1References2
RedhatCVE
RedhatCVE
added 2025/01/21 11:54 p.m.15 views

CVE-2025-22150

A flaw was found in the undici package for Node.js. Undici uses Math.random to choose the boundary for a multipart/form-data request. It is known that the output of Math.random can be predicted if several of its generated values are known. If an app has a mechanism that sends multipart requests t...

6.8CVSS6.3AI score0.00736EPSS
Exploits0References10
Github Security Blog
Github Security Blog
added 2025/01/21 9:10 p.m.50 views

Use of Insufficiently Random Values in undici

Impact Undici fetch uses Math.random to choose the boundary for a multipart/form-data request. It is known that the output of Math.random can be predicted if several of its generated values are known. If there is a mechanism in an app that sends multipart requests to an attacker-controlled websit...

6.8CVSS6.6AI score0.00736EPSS
Exploits0References9Affected Software1
NVD
NVD
added 2025/01/21 6:15 p.m.13 views

CVE-2025-22150

Undici is an HTTP/1.1 client. Starting in version 4.5.0 and prior to versions 5.28.5, 6.21.1, and 7.2.3, undici uses Math.random to choose the boundary for a multipart/form-data request. It is known that the output of Math.random can be predicted if several of its generated values are known. If...

6.8CVSS0.00736EPSS
Exploits0References7
Cvelist
Cvelist
added 2025/01/21 5:46 p.m.31 views

CVE-2025-22150 Undici Uses Insufficiently Random Values

Undici is an HTTP/1.1 client. Starting in version 4.5.0 and prior to versions 5.28.5, 6.21.1, and 7.2.3, undici uses Math.random to choose the boundary for a multipart/form-data request. It is known that the output of Math.random can be predicted if several of its generated values are known. If...

6.8CVSS0.00736EPSS
Exploits0References7
Vulnrichment
Vulnrichment
added 2025/01/21 5:46 p.m.33 views

CVE-2025-22150 Undici Uses Insufficiently Random Values

Undici is an HTTP/1.1 client. Starting in version 4.5.0 and prior to versions 5.28.5, 6.21.1, and 7.2.3, undici uses Math.random to choose the boundary for a multipart/form-data request. It is known that the output of Math.random can be predicted if several of its generated values are known. If...

6.8CVSS6.3AI score0.00736EPSS
Exploits0References7
CVE
CVE
added 2025/01/21 5:46 p.m.610 views

CVE-2025-22150

Undici (HTTP/1.1 client) is affected by CVE-2025-22150 in versions prior to 5.28.5, 6.21.1, and 7.2.3 due to using Math.random() to generate multipart/form-data boundaries. This can enable an attacker-controlled endpoint to tamper with requests if specific conditions are met, potentially affectin...

6.8CVSS6.4AI score0.00736EPSS
Exploits0References7
AlpineLinux
AlpineLinux
added 2025/01/21 5:46 p.m.10 views

CVE-2025-22150

Undici is an HTTP/1.1 client. Starting in version 4.5.0 and prior to versions 5.28.5, 6.21.1, and 7.2.3, undici uses Math.random to choose the boundary for a multipart/form-data request. It is known that the output of Math.random can be predicted if several of its generated values are known. If...

6.8CVSS7AI score0.00736EPSS
Exploits0
SUSE Linux
SUSE Linux
added 2025/01/20 9:4 a.m.1 views

Security update for pam_u2f

This update for pamu2f fixes the following issues: CVE-2025-23013: Fixed problematic PAMIGNORE return values in pamsmauthenticate bsc1233517 Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch". Alternatively you ca...

7.8CVSS7.3AI score0.00397EPSS
Exploits0References4
CNNVD
CNNVD
added 2025/01/19 12:0 a.m.2 views

WordPress plugin Import any XML or CSV File to WordPress PRO 跨站脚本漏洞

WordPress and the WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. WordPress plugin Import any XML or CSV Fil...

5.5CVSS7.5AI score0.00332EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2025/01/18 3:49 a.m.2 views

SUSE CVE-2024-55565

nanoid aka Nano ID before 5.0.9 mishandles non-integer values. 3.3.8 is also a fixed version...

4.3CVSS6.7AI score0.00666EPSS
Exploits0References3
OSV
OSV
added 2025/01/17 10:52 p.m.5 views

CLSA-2025-1737153705 squid34: Fix of CVE-2024-25617

CVE-2024-25617: Improve handling of expanding HTTP header values to prevent DoS...

7.5CVSS6.8AI score0.88864EPSS
Exploits0References1
OSV
OSV
added 2025/01/17 10:46 p.m.4 views

CLSA-2025-1737153996 squid34: Fix of CVE-2024-25617

CVE-2024-25617: Improve handling of expanding HTTP header values to prevent DoS...

7.5CVSS6.8AI score0.88864EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2025/01/16 12:0 a.m.17 views

SUSE SLES15 Security Update : kernel (Live Patch 28 for SLE 15 SP4) (SUSE-SU-2025:0111-1)

The remote SUSE Linux SLES15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:0111-1 advisory. This update for the Linux Kernel 5.14.21-15040024125 fixes several issues. The following security issues were fixed: - CVE-2024-50264:...

7.8CVSS6.9AI score0.00352EPSS
Exploits1References20
OSV
OSV
added 2025/01/14 6:15 p.m.19 views

CVE-2024-12086

A flaw was found in rsync. It could allow a server to enumerate the contents of an arbitrary file from the client's machine. This issue occurs when files are being copied from a client to a server. During this process, the rsync server will send checksums of local data to the client to compare wi...

6.8CVSS6.3AI score0.72059EPSS
Exploits8References7
Rows per page
Query Builder