Lucene search
K

263 matches found

CNNVD
CNNVD
added 2025/08/14 12:0 a.m.3 views

WordPress plugin Chartify 跨站请求伪造漏洞

WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site request forgery vulnerability exists in WordPress plugin Chartify 3.5.3 and earlier version...

4.3CVSS6.6AI score0.00144EPSS
Exploits0References1
SUSE CVE
SUSE CVE
added 2025/08/01 11:24 p.m.6 views

SUSE CVE-2025-8454

It was discovered that uscan, a tool to scan/watch upstream sources for new releases of software, included in devscripts a collection of scripts to make the life of a Debian Package maintainer easier, skips OpenPGP verification if the upstream source is already downloaded from a previous run even...

9.8CVSS6.6AI score0.00235EPSS
Exploits0References3
OSV
OSV
added 2025/08/01 6:15 a.m.5 views

DEBIAN-CVE-2025-8454

It was discovered that uscan, a tool to scan/watch upstream sources for new releases of software, included in devscripts a collection of scripts to make the life of a Debian Package maintainer easier, skips OpenPGP verification if the upstream source is already downloaded from a previous run even...

9.8CVSS5.2AI score0.00235EPSS
Exploits0References1
OSV
OSV
added 2025/08/01 6:15 a.m.82 views

UBUNTU-CVE-2025-8454

It was discovered that uscan, a tool to scan/watch upstream sources for new releases of software, included in devscripts a collection of scripts to make the life of a Debian Package maintainer easier, skips OpenPGP verification if the upstream source is already downloaded from a previous run even...

9.8CVSS5.8AI score0.00235EPSS
Exploits0References3
NVD
NVD
added 2025/07/04 3:15 p.m.6 views

CVE-2025-49600

In MbedTLS 3.3.0 before 3.6.4, mbedtlslmsverify may accept invalid signatures if hash computation fails and internal errors go unchecked, enabling LMS Leighton-Micali Signature forgery in a fault scenario. Specifically, unchecked return values in mbedtlslmsverify allow an attacker who can induce ...

4.9CVSS0.00125EPSS
Exploits0References1
SUSE Linux
SUSE Linux
added 2025/06/23 1:34 p.m.3 views

Security update for gpg2

This update for gpg2 fixes the following issues: CVE-2025-30258: Fixed a verification DoS due to a malicious subkey in the keyring. bsc1239119 Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch". Alternatively you...

2.7CVSS7.2AI score0.00179EPSS
Exploits1References4
OSV
OSV
added 2025/06/23 1:33 p.m.6 views

SUSE-SU-2025:20444-1 Security update for gpg2

This update for gpg2 fixes the following issues: - CVE-2025-30258: Fixed a verification DoS due to a malicious subkey in the keyring. bsc1239119...

4.7CVSS5.8AI score0.00179EPSS
Exploits1References3
RedhatCVE
RedhatCVE
added 2025/05/22 8:47 p.m.7 views

CVE-2021-22331

There is a JavaScript injection vulnerability in certain Huawei smartphones. A module does not verify some inputs sufficiently. Attackers can exploit this vulnerability by sending a malicious application request to launch JavaScript injection. This may compromise normal service. Affected product...

7.5CVSS7.1AI score0.00721EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 6:44 p.m.7 views

CVE-2021-40045

There is a vulnerability of signature verification mechanism failure in system upgrade through recovery mode.Successful exploitation of this vulnerability may affect service confidentiality...

5.5CVSS6.9AI score0.00152EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/22 4:19 p.m.10 views

CVE-2020-14129

A logic vulnerability exists in a Xiaomi product. The vulnerability is caused by an identity verification failure, which can be exploited by an attacker who can obtain a brief elevation of privilege...

9.8CVSS6.9AI score0.00911EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/22 11:33 a.m.11 views

CVE-2012-5808

The LinkPoint module in Zen Cart does not verify that the server hostname matches a domain name in the subject's Common Name CN or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate...

5.8CVSS6.9AI score0.00566EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 7:41 a.m.10 views

CVE-2019-10091

When TLS is enabled with ssl-endpoint-identification-enabled set to true, Apache Geode fails to perform hostname verification of the entries in the certificate SAN during the SSL handshake. This could compromise intra-cluster communication using a man-in-the-middle attack...

7.4CVSS6.6AI score0.01383EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 1:52 a.m.6 views

CVE-2011-5239

CiviCRM 4.0.5 and 4.1.1 does not verify that the server hostname matches a domain name in the subject's Common Name CN or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate...

5.8CVSS6.9AI score0.00527EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/21 9:2 p.m.11 views

CVE-2009-5008

Cisco Secure Desktop CSD, when used in conjunction with an AnyConnect SSL VPN server, does not properly perform verification, which allows local users to bypass intended policy restrictions via a modified executable file...

2.1CVSS6.6AI score0.00353EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/17 4:0 p.m.21 views

CVE-2025-2527

Mattermost versions 10.5.x = 10.5.2, 9.11.x = 9.11.11 failed to properly verify a user's permissions when accessing groups, which allows an attacker to view group information via an API request...

4.3CVSS6.5AI score0.00257EPSS
Exploits0References1
OSV
OSV
added 2025/04/03 12:55 p.m.1 views

OESA-2025-1376 gnupg2 security update

GnuPG is a complete and free implementation of the OpenPGP standard as defined by RFC4880 also known as PGP. GnuPG enables encryption and signing of data and communication, and features a versatile key management system as well as access modules for public key directories. Security Fixes: In GnuP...

4.7CVSS7AI score0.00179EPSS
Exploits1References2
Citrix
Citrix
added 2025/03/31 12:0 a.m.19 views

Licensed uberAgent still shows Evaluation Version splash screen at login

An operating system with uberAgent installed continues to show a splash screen during user login, stating the agent is running an Evaluation Version. The uberAgent.log file shows messages similar to the following: 2024-12-06 13:50:25.560 +0100,INFO ,WORKGROUP,SRV2016$,6372,LicenseCheck,Starting...

7.1AI score
Exploits0
Github Security Blog
Github Security Blog
added 2025/03/26 6:30 p.m.37 views

Suspended Directus user can continue to use session token to access API

Summary Since the user status is not checked when verifying a session token a suspended user can use the token generated in session auth mode to access the API despite their status. Details There is a check missing in verifySessionJWT to verify that a user is actually still active and allowed to...

4.3CVSS7.1AI score0.00337EPSS
Exploits1References4Affected Software3
RedhatCVE
RedhatCVE
added 2025/03/22 12:30 p.m.7 views

CVE-2024-12776

In langgenius/dify v0.10.1, the /forgot-password/resets endpoint does not verify the password reset code, allowing an attacker to reset the password of any user, including administrators. This vulnerability can lead to a complete compromise of the application...

8.1CVSS7AI score0.00614EPSS
Exploits1References1
OSV
OSV
added 2025/03/19 8:15 p.m.6 views

AZL-58935 CVE-2025-30258 affecting package gnupg2 2.4.9-2

In GnuPG before 2.5.5, if a user chooses to import a certificate with certain crafted subkey data that lacks a valid backsig or that has incorrect usage flags, the user loses the ability to verify signatures made from certain other signing keys, aka a "verification DoS."...

4.7CVSS6.6AI score0.00179EPSS
Exploits1References1
Rows per page
Query Builder