Lucene search
+L

291 matches found

Positive Technologies
Positive Technologies
added 2025/08/06 12:0 a.m.12 views

PT-2025-32021 · Huawei · Harmonyos

Name of the Vulnerable Software and Affected Versions: affected versions not specified Description: An input verification issue exists in the home screen module. Successful exploitation may affect availability. Recommendations: At the moment, there is no information about a newer version that...

6.2CVSS6.3AI score0.00098EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2025/08/06 12:0 a.m.9 views

PT-2025-32086 · Unknown · Kernel Gyroscope Module

Name of the Vulnerable Software and Affected Versions: kernel gyroscope module affected versions not specified Description: The issue is a buffer overflow caused by insufficient data verification within the kernel gyroscope module. Successful exploitation could impact system availability...

6.7CVSS6.6AI score0.00099EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/08/04 9:33 a.m.6 views

CVE-2025-54424

1Panel is a web interface and MCP Server that manages websites, files, containers, databases, and LLMs on a Linux server. In versions 2.0.5 and below, the HTTPS protocol used for communication between the Core and Agent endpoints has incomplete certificate verification during certificate...

9.8CVSS8.1AI score0.00901EPSS
Exploits5References1
RedhatCVE
RedhatCVE
added 2025/08/02 8:23 p.m.8 views

CVE-2025-54573

CVAT is an open source interactive video and image annotation tool for computer vision. In versions 1.1.0 through 2.41.0, email verification was not enforced when using Basic HTTP Authentication. As a result, users could create accounts using fake email addresses and use the product as verified...

6.5CVSS6.3AI score0.00268EPSS
Exploits0References1
NVD
NVD
added 2025/07/30 3:15 p.m.17 views

CVE-2025-54573

CVAT is an open source interactive video and image annotation tool for computer vision. In versions 1.1.0 through 2.41.0, email verification was not enforced when using Basic HTTP Authentication. As a result, users could create accounts using fake email addresses and use the product as verified...

6.5CVSS0.00268EPSS
Exploits0References2
OSV
OSV
added 2025/07/28 7:57 p.m.4 views

GO-2025-3777 Podman Improper Certificate Validation; machine missing TLS verification in github.com/containers/podman

Podman Improper Certificate Validation; machine missing TLS verification in github.com/containers/podman...

8.3CVSS5.9AI score0.00397EPSS
Exploits0References13
Cvelist
Cvelist
added 2025/07/28 7:47 p.m.13 views

CVE-2025-54419 Node-SAML Contains SAML Signature Verification Vulnerability

A SAML library not dependent on any frameworks that runs in Node. In version 5.0.1, Node-SAML loads the assertion from the unsigned original response document. This is different than the parts that are verified when checking signature. This allows an attacker to modify authentication details with...

10CVSS0.00357EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2025/07/20 12:0 a.m.8 views

PT-2025-30186 · Eluktronics · Eluktronics Control Center

Name of the Vulnerable Software and Affected Versions: Eluktronics Control Center version 5.23.51.41 Description: A problematic issue exists within the REG File Handler component of the software due to insufficient verification of data authenticity. This can be exploited on the local host. The...

4.8CVSS3.5AI score0.00123EPSS
Exploits0References8
Tenable Nessus
Tenable Nessus
added 2025/07/09 12:0 a.m.7 views

AlmaLinux 9 : podman (ALSA-2025:10550)

The remote AlmaLinux 9 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2025:10550 advisory. podman: podman missing TLS verification CVE-2025-6032 Tenable has extracted the preceding description block directly from the AlmaLinux security advisory. Note th...

8.3CVSS7.8AI score0.00397EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2025/07/08 10:34 a.m.8 views

CVE-2025-21004

Improper verification of intent by broadcast receiver in System UI for Galaxy Watch prior to SMR Jul-2025 Release 1 allows local attackers to power off the device...

6.2CVSS6.3AI score0.0008EPSS
Exploits0References1
AlmaLinux
AlmaLinux
added 2025/07/08 12:0 a.m.7 views

Important: podman security update

The podman tool manages pods, container images, and containers. It is part of the libpod library, which is for applications that use container pods. Container pods is a concept in Kubernetes. Security Fixes: podman: podman missing TLS verification CVE-2025-6032 For more details about the security...

8.3CVSS7.2AI score0.00397EPSS
Exploits0References4
Cvelist
Cvelist
added 2025/06/24 1:50 p.m.18 views

CVE-2025-6032 Podman: podman missing tls verification

A flaw was found in Podman. The podman machine init command fails to verify the TLS certificate when downloading the VM images from an OCI registry. This issue results in a Man In The Middle attack...

8.3CVSS0.00397EPSS
Exploits0References17
OpenVAS
OpenVAS
added 2025/06/10 12:0 a.m.4 views

Ubuntu: Security Advisory (USN-7560-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.2CVSS7.4AI score0.00523EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2025/06/09 12:40 p.m.19 views

Important: Red Hat Security Advisory: Red Hat build of Keycloak 26.2.5 Images Security Update

New images are available for Red Hat build of Keycloak 26.2.5 and Red Hat build of Keycloak 26.2.5 Operator, running on OpenShift Container Platform Red Hat build of Keycloak is an integrated sign-on solution, available as a Red Hat JBoss Middleware for OpenShift containerized image. The Red Hat...

8.2CVSS6.7AI score0.02015EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/06/04 4:45 a.m.6 views

CVE-2024-31127 MacOS Zscaler Client Connector Local Privilege Escalation

An improper verification of a loaded library in Zscaler Client Connector on Mac 4.2.0.241 may allow a local attacker to elevate their privileges...

7.3CVSS7.2AI score0.00092EPSS
Exploits0References1
OSV
OSV
added 2025/05/30 7:25 p.m.9 views

CVE-2025-48948 Navidrome Transcoding Permission Bypass Vulnerability Report

Navidrome is an open source web-based music collection server and streamer. A permission verification flaw in versions prior to 0.56.0 allows any authenticated regular user to bypass authorization checks and perform administrator-only transcoding configuration operations, including creating,...

8.7CVSS6.2AI score0.00398EPSS
Exploits1References5
RedhatCVE
RedhatCVE
added 2025/05/23 10:18 a.m.10 views

CVE-2024-45522

Linen before cd37c3e does not verify that the domain is linen.dev or www.linen.dev when resetting a password. This occurs in create in apps/web/pages/api/forgot-password/index.ts...

9.8CVSS6.9AI score0.0054EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 9:47 a.m.8 views

CVE-2024-21491

Versions of the package svix before 1.17.0 are vulnerable to Authentication Bypass due to an issue in the verify function where signatures of different lengths are incorrectly compared. An attacker can bypass signature verification by providing a shorter signature that matches the beginning of th...

6.5CVSS6.8AI score0.0041EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 8:4 a.m.10 views

CVE-2024-51529

Data verification vulnerability in the battery module Impact: Successful exploitation of this vulnerability may affect function stability...

5.5CVSS6.9AI score0.00108EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 7:7 a.m.8 views

CVE-2024-57545

Linksys E8450 v1.2.00.360516 was discovered to contain a buffer overflow vulnerability. The parsed field hiddendhcpnum is copied to the stack without length verification...

5.5CVSS7.8AI score0.00417EPSS
Exploits1References1
Rows per page
Query Builder