Lucene search
K

265 matches found

OSV
OSV
added 2025/11/07 8:15 a.m.4 views

CVE-2025-10966

curl's code for managing SSH connections when SFTP was done using the wolfSSH powered backend was flawed and missed host verification mechanisms. This prevents curl from detecting MITM attackers and more...

4.3CVSS5.6AI score0.00373EPSS
Exploits1References4
OSV
OSV
added 2025/11/03 8:12 p.m.3 views

GHSA-Q747-C74M-69PR MantisBT lacks verification when changing a user's email address

When a user edits their profile to change their e-mail address, the system saves it without validating that it actually belongs to the user. Impact This could result in storing an invalid email address, preventing the user from receiving system notifications. Notifications sent to another person'...

5.4CVSS6.5AI score0.00136EPSS
Exploits1References5
NVD
NVD
added 2025/10/17 3:15 p.m.18 views

CVE-2025-55085

In NextX Duo before 6.4.4, in the HTTP client module, the network support code for Eclipse Foundation ThreadX, the parsing of HTTP header fields was missing bounds verification. A crafted server response could cause undefined behavior...

8.8CVSS0.00554EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2025/10/17 2:22 p.m.3 views

CVE-2025-55085 Web http client: Unchecked Server-Side Malicious Packet Issue

In NextX Duo before 6.4.4, in the HTTP client module, the network support code for Eclipse Foundation ThreadX, the parsing of HTTP header fields was missing bounds verification. A crafted server response could cause undefined behavior...

8.8CVSS6.7AI score0.00554EPSS
Exploits1References1
EUVD
EUVD
added 2025/10/17 12:0 a.m.4 views

EUVD-2025-34920

The Restaurant Brands International RBI assistant platform through 2025-09-06 has an "Anyone Can Join This Party" signup API that does not verify user account creation, allowing a remote unauthenticated attacker to create a user account...

5.8CVSS6.6AI score0.00443EPSS
Exploits0References6
Cvelist
Cvelist
added 2025/10/04 2:24 a.m.9 views

CVE-2025-10746 Integrate Dynamics 365 CRM <= 1.0.9 - Missing Authorization

The Integrate Dynamics 365 CRM plugin for WordPress is vulnerable to unauthorized access in all versions up to, and including, 1.0.9. This is due to missing capability checks and nonce verification on functions hooked to 'init'. This makes it possible for unauthenticated attackers to deactivate t...

6.5CVSS0.00252EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/03 8:7 p.m.3 views

EUVD-2025-31575

Malicious code in bioql PyPI...

3.5CVSS6.6AI score0.00281EPSS
Exploits1References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2025-25108

Malicious code in bioql PyPI...

6.8CVSS6.6AI score0.00261EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.8 views

EUVD-2025-30236

Malicious code in bioql PyPI...

4.3CVSS6.5AI score0.0037EPSS
Exploits1References1
Rockylinux
Rockylinux
added 2025/10/03 7:56 p.m.3 views

podman security update

An update is available for podman. This update affects Rocky Linux 10. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The podman tool manages pods, container images, and containers. It is part of...

8.3CVSS6.8AI score0.00397EPSS
Exploits0
NVD
NVD
added 2025/09/30 6:15 p.m.7 views

CVE-2025-56513

NiceHash QuickMiner 6.12.0 perform software updates over HTTP without validating digital signatures or hash checks. An attacker capable of intercepting or redirecting traffic to the update url and can hijack the update process and deliver arbitrary executables that are automatically executed,...

9.8CVSS0.00415EPSS
Exploits2References2
OSV
OSV
added 2025/09/24 5:15 p.m.5 views

CVE-2025-56815

Datart 1.0.0-rc.3 is vulnerable to Directory Traversal in the POST /viz/image interface, since the server directly uses MultipartFile.transferTo to save the uploaded file to a path controllable by the user, and lacks strict verification of the file name...

7.1CVSS5.8AI score0.00582EPSS
Exploits2References2
GithubExploit
GithubExploit
added 2025/09/17 3:31 a.m.31 views

MYCVE

Hnaoyun Inc. PbootCMS Project V3.2.12 apps/home/controller/Mem...

5.5AI score
Exploits0
Huntr
Huntr
added 2025/08/27 12:0 a.m.8 views

Account takeover due to missing oauth audience verification in google sign in

Description The web application integrates Google OAuth for user authentication. Upon successful Google sign-in and user consent, the application receives a token from Google. This token is used by the web application to fetch user profile information such as email and name and complete the login...

9.3CVSS6AI score0.00417EPSS
Exploits2
Tenable Nessus
Tenable Nessus
added 2025/08/20 12:0 a.m.3 views

Linux Distros Unpatched Vulnerability : CVE-2018-17187

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The Apache Qpid Proton-J transport includes an optional wrapper layer to perform TLS, enabled by use of the 'transport.ssl...' methods. Unless a verification mo...

7.4CVSS7.2AI score0.02539EPSS
Exploits0References2
CVE
CVE
added 2025/08/13 2:46 p.m.19 views

CVE-2025-54809

CVE-2025-54809 (F5 Access for Android) affects Android clients of F5 Access prior to version 3.1.2. The vulnerability arises because, when using HTTPS, the client does not verify the remote endpoint identity, enabling potential man-in-the-middle interception. Affected versions are 3.1.0–3.1.1; a ...

8.8CVSS7.3AI score0.00234EPSS
Exploits0References1Affected Software1
Tenable Nessus
Tenable Nessus
added 2025/08/07 12:0 a.m.7 views

Linux Distros Unpatched Vulnerability : CVE-2018-8034

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The host name verification when using TLS with the WebSocket client was missing. It is now enabled by default. Versions Affected: Apache Tomcat 9.0.0.M1 to 9.0....

7.5CVSS7.5AI score0.213EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/08/05 12:0 a.m.3 views

DENX Software Engineering Das U-Boot 安全漏洞

DENX Software Engineering Das U-Boot is a Universal Bootloader from DENX Software Engineering, Germany. A security vulnerability exists in DENX Software Engineering Das U-Boot version v1.1.3, which stems from a lack of signature verification in the bootloader and could lead to the execution of...

6.5CVSS6.7AI score0.00301EPSS
Exploits1References2
BDU FSTEC
BDU FSTEC
added 2025/07/14 12:0 a.m.7 views

The vulnerability of the trusted execution environment of the Virtualization-Based Security (VBS) Enclave in Microsoft Windows operating systems allows attackers to enhance their privileges.

The vulnerability of the trusted execution environment for Virtualization-Based Security VBS in Microsoft Windows operating systems is related to the absence of control data for verifying integrity. Exploiting this vulnerability can allow attackers to enhance their privileges...

6.8CVSS5.7AI score0.00258EPSS
Exploits0References2
CNVD
CNVD
added 2025/07/07 12:0 a.m.2 views

Medical Card Generation System Manage Card Function Cross-Site Request Forgery Vulnerability

Medical Card Generation System is a medical card generation system. The Medical Card Generation System suffers from a cross-site request forgery vulnerability that stems from the lack of CSRF protection in the Manage Card feature, which can be exploited by an attacker to send a simple GET request...

6.5CVSS6.8AI score0.00137EPSS
Exploits0References1
Rows per page
Query Builder