Lucene search
K

7841 matches found

Cvelist
Cvelist
added 2025/09/22 7:39 p.m.10 views

CVE-2025-59434 Critical Multi-Tenant Variable Disclosure in Flowise Cloud via Custom JavaScript Function

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to August 2025 Cloud-Hosted Flowise, an authenticated vulnerability in Flowise Cloud allows any user on the free tier to access sensitive environment variables from other tenants via the Custom JavaScri...

9.6CVSS0.03146EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2025/09/22 3:36 p.m.5 views

org.keycloak/keycloak-model-storage-service: Variable injection into environment variables

A flaw was found in org.keycloak/keycloak-model-storage-service. The KeycloakRealmImport custom resource substitutes placeholders within imported realm documents, potentially referencing environment variables. This substitution process allows for injection attacks when crafted realm documents are...

4.9CVSS5.8AI score0.00464EPSS
Exploits0References4
OSV
OSV
added 2025/09/19 3:30 p.m.6 views

CVE-2025-59427 Cloudflare vite plugin exposes secrets over the built-in dev server

The Cloudflare Vite plugin enables a full-featured integration between Vite and the Workers runtime. When utilising the Cloudflare Vite plugin in its default configuration, all files are exposed by the local dev server, including files in the root directory that contain secret information such as...

6.3CVSS6.2AI score0.00358EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 2025/09/18 3:27 p.m.3 views

CVE-2025-36244

IBM AIX 7.2, 7.3, IBM VIOS 3.1, and 4.1, when configured to use Kerberos network authentication, could allow a local user to write to files on the system with root privileges due to improper initialization of critical variables...

7.4CVSS6.5AI score0.00113EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/09/17 10:46 p.m.3 views

CVE-2025-43294

An issue existed in the handling of environment variables. This issue was addressed with improved validation. This issue is fixed in iOS 26.1 and iPadOS 26.1, macOS Tahoe 26, tvOS 26.1, watchOS 26.1. An app may be able to access sensitive user data...

3.3CVSS5.8AI score0.00169EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/09/17 12:0 a.m.3 views

Dassault Systèmes SOLIDWORKS eDrawings 安全漏洞

Dassault Systèmes SOLIDWORKS eDrawings is a collaboration tool for viewing, sharing, and labeling 2D/3D design files from Dassault Systèmes, France. A security vulnerability exists in Dassault Systèmes SOLIDWORKS eDrawings, which stems from the use of uninitialized variables during the read proce...

7.8CVSS6.7AI score0.00159EPSS
Exploits0References1
SUSE CVE
SUSE CVE
added 2025/09/16 11:34 p.m.2 views

SUSE CVE-2022-50270

In the Linux kernel, the following vulnerability has been resolved: f2fs: fix the assign logic of iocb commit 18ae8d12991b "f2fs: show more DIO information in tracepoint" introduces iocb field in 'f2fsdirectIOenter' trace event And it only assigns the pointer and later it accesses its field in...

7.1CVSS6.3AI score0.00147EPSS
Exploits0References3
CVE
CVE
added 2025/09/16 2:38 p.m.17 views

CVE-2025-36244

CVE-2025-36244 : IBM AIX/VIOS Kerberos vulnerability allowing a local user to write to arbitrary files with root privileges due to improper initialization of critical variables. Affected: AIX 7.2, 7.3; VIOS 3.1, 4.1; vulnerable fileset: krb5.client.rte (1.16.1.0–1.16.1.7). CVSS base score 7.4 (HI...

7.4CVSS6.1AI score0.00113EPSS
Exploits0References1Affected Software2
CNNVD
CNNVD
added 2025/09/16 12:0 a.m.4 views

IBM AIX和IBM VIOS 安全漏洞

IBM AIX and IBM VIOS are both products of the International Business Machines IBM Corporation.IBM AIX is an open standards-based UNIX operating system developed for the IBM Power architecture.IBM VIOS is part of the PowerVm® Editions hardware feature. IBM VIOS is part of the PowerVm® Editions...

7.4CVSS6.1AI score0.00113EPSS
Exploits0References3
NVD
NVD
added 2025/09/15 11:15 p.m.2 views

CVE-2025-43294

An issue existed in the handling of environment variables. This issue was addressed with improved validation. This issue is fixed in iOS 26.1 and iPadOS 26.1, macOS Tahoe 26, tvOS 26.1, watchOS 26.1. An app may be able to access sensitive user data...

3.3CVSS0.00169EPSS
Exploits0References5
OSV
OSV
added 2025/09/15 11:15 p.m.7 views

CVE-2025-43294

An issue existed in the handling of environment variables. This issue was addressed with improved validation. This issue is fixed in tvOS 26.1, macOS Tahoe 26, watchOS 26.1, iOS 26.1 and iPadOS 26.1. An app may be able to access sensitive user data...

3.3CVSS5.7AI score0.00169EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2025/09/15 10:35 p.m.1 views

CVE-2025-43294

An issue existed in the handling of environment variables. This issue was addressed with improved validation. This issue is fixed in tvOS 26.1, macOS Tahoe 26, watchOS 26.1, iOS 26.1 and iPadOS 26.1. An app may be able to access sensitive user data...

5.2AI score0.00169EPSS
Exploits0References4
CVE
CVE
added 2025/09/15 10:35 p.m.26 views

CVE-2025-43294

CVE-2025-43294 involves mishandling of environment variables in Apple platforms. The issue is addressed with improved validation and is fixed in tvOS 26.1, macOS Tahoe 26, watchOS 26.1, iOS 26.1, and iPadOS 26.1. Affected component exposure could allow an app to access sensitive user data, with i...

3.3CVSS5.8AI score0.00169EPSS
Exploits0References5Affected Software1
Cvelist
Cvelist
added 2025/09/15 10:35 p.m.7 views

CVE-2025-43294

An issue existed in the handling of environment variables. This issue was addressed with improved validation. This issue is fixed in iOS 26.1 and iPadOS 26.1, macOS Tahoe 26, tvOS 26.1, watchOS 26.1. An app may be able to access sensitive user data...

0.00169EPSS
Exploits0References4
Snyk
Snyk
added 2025/09/15 7:51 p.m.3 views

Arbitrary Code Injection

Overview flowise-components is a Flowiseai Components Affected versions of this package are vulnerable to Arbitrary Code Injection via the supabaseRPCFilter parameter. An attacker with administrative privileges can execute arbitrary server-side code, access sensitive environment variables, and...

9.1CVSS7.8AI score
Exploits0References2
Cvelist
Cvelist
added 2025/09/15 2:21 p.m.7 views

CVE-2022-50270 f2fs: fix the assign logic of iocb

In the Linux kernel, the following vulnerability has been resolved: f2fs: fix the assign logic of iocb commit 18ae8d12991b "f2fs: show more DIO information in tracepoint" introduces iocb field in 'f2fsdirectIOenter' trace event And it only assigns the pointer and later it accesses its field in...

0.00147EPSS
Exploits0References3
OSV
OSV
added 2025/09/15 2:21 p.m.5 views

CVE-2022-50270 f2fs: fix the assign logic of iocb

In the Linux kernel, the following vulnerability has been resolved: f2fs: fix the assign logic of iocb commit 18ae8d12991b "f2fs: show more DIO information in tracepoint" introduces iocb field in 'f2fsdirectIOenter' trace event And it only assigns the pointer and later it accesses its field in...

7.1CVSS6AI score0.00147EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2025/09/15 12:0 a.m.2 views

PT-2025-37804

Name of the Vulnerable Software and Affected Versions: macOS versions prior to Tahoe 26 Description: An issue existed in the handling of environment variables. This issue was addressed with improved validation. An app may be able to access sensitive user data. Recommendations: Update to macOS Tah...

3.3CVSS5.8AI score0.00169EPSS
Exploits0References4
Gitee
Gitee
added 2025/09/14 3:29 p.m.118 views

clusterd

This is an open-source application server attack toolkit called clusterd. It automates the fingerprinting, reconnaissance, and exploitation phases of an application server attack. The toolkit currently supports six different application server platforms, with several more in development and...

7AI score
Exploits0
Gitee
Gitee
added 2025/09/14 9:55 a.m.83 views

Exploit for OS Command Injection in Gnu Bash

PoC exploit for CVE-2014-6271 Shellshock. The target product/service is Apache httpd, and the vulnerability class/vector is RCE Remote Code Execution via environment variable manipulation. The probable entry point is the CGI Common Gateway Interface handler. Notable dependencies/tooling include t...

10CVSS8.5AI score0.99999EPSS
Exploits130
Rows per page
Query Builder