Lucene search
K

265 matches found

OSV
OSV
added 2025/06/27 4:15 p.m.4 views

CVE-2025-50369

A Cross-Site Request Forgery CSRF vulnerability exists in the Manage Card functionality /mcgs/admin/manage-card.php of PHPGurukul Medical Card Generation System 1.0. The vulnerable endpoint allows an authorized admin to delete medical card records by sending a simple GET request without verifying...

6.5CVSS5.8AI score0.00137EPSS
Exploits0References1
OSV
OSV
added 2025/05/07 6:15 p.m.5 views

CVE-2025-20181

A vulnerability in Cisco IOS Software for Cisco Catalyst 2960X, 2960XR, 2960CX, and 3560CX Series Switches could allow an authenticated, local attacker with privilege level 15 or an unauthenticated attacker with physical access to the device to execute persistent code at boot time and break the...

6.8CVSS6.9AI score0.00159EPSS
Exploits0References1
BDU FSTEC
BDU FSTEC
added 2025/04/17 12:0 a.m.7 views

The vulnerability of the Navigation components in Google Chrome and Microsoft Edge allows attackers to circumvent existing security restrictions.

The vulnerability of the Navigation components in Google Chrome and Microsoft Edge is related to a lack of mechanisms for verifying the source of the page. Exploiting this vulnerability allows an attacker to bypass existing security restrictions by using a specially created HTML page...

6.4CVSS6.1AI score0.00235EPSS
Exploits0References15Affected Software7
BDU FSTEC
BDU FSTEC
added 2025/04/10 12:0 a.m.6 views

The vulnerability of the web page rendering modules in WebKitGTK and WPE WebKit, related to a lack of mechanisms for verifying the source, allows attackers to access confidential data.

The vulnerability of the Web page rendering modules in WebKitGTK and WPE WebKit is related to a lack of mechanisms for verifying the source of the data. Exploiting this vulnerability can allow an attacker to gain access to confidential data...

7.8CVSS6.9AI score0.00638EPSS
Exploits0References14Affected Software4
BDU FSTEC
BDU FSTEC
added 2025/04/01 12:0 a.m.5 views

The vulnerability of the OBN component of the SAP NetWeaver Enterprise Portal software integration platform lies in the lack of authenticity verification for a critical function. This allows attackers to circumvent existing security restrictions.

The vulnerability of the OBN component in the SAP NetWeaver Enterprise Portal software integration platform is related to the lack of authenticity verification for a critical function. Exploiting this vulnerability could allow an attacker to circumvent existing security restrictions remotely...

5.3CVSS5.5AI score0.00281EPSS
Exploits0References3
OSV
OSV
added 2025/02/26 10:15 p.m.3 views

UBUNTU-CVE-2024-55581

When AdaCore Ada Web Server 25.0.0 is linked with GnuTLS, the default behaviour of AWS.Client is vulnerable to a man-in-the-middle attack because of lack of verification of an HTTPS server's certificate unless the using program specifies a TLS configuration...

7.4CVSS5.8AI score0.00267EPSS
Exploits1References3
BDU FSTEC
BDU FSTEC
added 2025/02/10 12:0 a.m.4 views

The vulnerability of microprogrammed software for programmable logic controllers ABB FBXi, FBVi, FBTi, and CBXi lies in the lack of origin verification in WebSockets. This allows attackers to circumvent security restrictions and gain unauthorized access to protected information.

The vulnerability of microprogrammed programmable logic controllers ABB FBXi, FBVi, FBTi, and CBXi is related to the lack of origin verification in WebSockets. Exploiting this vulnerability allows a malicious actor to bypass security restrictions and gain unauthorized access to protected...

9.7CVSS7.7AI score0.00888EPSS
Exploits4References3Affected Software11
OSV
OSV
added 2025/01/08 4:15 a.m.6 views

CVE-2024-56456

Vulnerability of input parameters not being verified during glTF model loading in the 3D engine module Impact: Successful exploitation of this vulnerability may affect availability...

5.5CVSS5.8AI score
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/01/08 12:0 a.m.4 views

PT-2025-3299 · Unknown · 3D Engine Module

Name of the Vulnerable Software and Affected Versions: 3D engine module affected versions not specified Description: The issue concerns the lack of verification of input parameters during the loading of glTF models in the 3D engine module. Successful exploitation of this issue may impact...

5.5CVSS7AI score0.00105EPSS
Exploits0References4
OSV
OSV
added 2024/12/27 10:15 a.m.1 views

CVE-2020-9089

There is an information vulnerability in Huawei smartphones. A function in a module can be called without verifying the caller's access. Attackers with user access can exploit this vulnerability to obtain some information. This can lead to information leak. Vulnerability ID: HWPSIRT-2019-12141 Th...

3.3CVSS5.7AI score0.00138EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2024/11/05 12:0 a.m.5 views

PT-2024-34682 · Unknown · Hdc Module

Name of the Vulnerable Software and Affected Versions: HDC module affected versions not specified Description: The issue concerns the lack of verification of input parameters in the HDC module. Successful exploitation may impact availability. Recommendations: At the moment, there is no informatio...

5.5CVSS7AI score0.00109EPSS
Exploits0References4
RustSec
RustSec
added 2024/05/22 12:0 p.m.8 views

Traversal outside working tree enables arbitrary code execution

Summary During checkout, gitoxide does not verify that paths point to locations in the working tree. A specially crafted repository can, when cloned, place new files anywhere writable by the application. Details Although gix-worktree-state checks for collisions with existing files, it does not...

8.8CVSS8AI score0.00816EPSS
Exploits0Affected Software1
CNNVD
CNNVD
added 2024/05/03 12:0 a.m.3 views

Hancom Office 安全漏洞

Hancom Office is a mobile office program from the Korean company Hancom. The program supports viewing and editing documents in multiple formats. A security vulnerability exists in Hancom Office that originates from not verifying the existence of an object before performing an operation on it...

8.8CVSS6.8AI score0.00722EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2024/04/16 1:45 p.m.0 views

shim: Out-of-bounds read in verify_buffer_authenticode() malformed PE file

An out-of-bounds read flaw was found in Shim due to the lack of proper boundary verification during the load of a PE binary. This flaw allows an attacker to load a crafted PE binary, triggering the issue and crashing Shim, resulting in a denial of service...

6.2CVSS6.5AI score0.00409EPSS
Exploits0References4
CNNVD
CNNVD
added 2024/04/15 12:0 a.m.2 views

Lunary 安全漏洞

lunary is a production toolkit for LLM. An insecure direct object reference vulnerability exists in lunary, which stems from an endpoint that does not validate that a supplied project ID belongs to a currently authenticated user, and can be exploited by an attacker to cause unauthorized...

9.1CVSS6.6AI score0.00479EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2024/04/07 12:0 a.m.5 views

PT-2024-14607 · Unknown · Vsp Driver

Name of the Vulnerable Software and Affected Versions: vsp driver affected versions not specified Description: The issue is related to a possible missing verification of incorrect input in the vsp driver. This could lead to a local denial of service with no additional execution privileges needed...

4.4CVSS6.9AI score0.00078EPSS
Exploits0References5
OSV
OSV
added 2024/03/30 1:15 a.m.3 views

CVE-2024-28288

Ruijie RG-NBR700GW 10.34b12 router lacks cookie verification when resetting the password, resulting in an administrator password reset vulnerability. An attacker can use this vulnerability to log in to the device and disrupt the business of the enterprise...

9.8CVSS5.8AI score0.00724EPSS
Exploits0References2
SUSE CVE
SUSE CVE
added 2024/03/19 4:9 a.m.4 views

SUSE CVE-2018-25099

In the CryptX module before 0.062 for Perl, gcmdecryptverify and chacha20poly1305decryptverify do not verify the tag...

9.8CVSS7AI score0.00489EPSS
Exploits0References4
OSV
OSV
added 2024/03/18 5:15 a.m.3 views

UBUNTU-CVE-2018-25099

In the CryptX module before 0.062 for Perl, gcmdecryptverify and chacha20poly1305decryptverify do not verify the tag...

9.8CVSS5.8AI score0.00489EPSS
Exploits0References11
OSV
OSV
added 2024/03/05 6:46 p.m.8 views

USN-6678-1 libgit2 vulnerabilities

It was discovered that libgit2 mishandled equivalent filenames on NTFS partitions. If a user or automated system were tricked into cloning a specially crafted repository, an attacker could possibly use this issue to execute arbitrary code. This issue only affected Ubuntu 16.04 LTS and Ubuntu 18.0...

9.8CVSS5.9AI score0.0511EPSS
Exploits0References6
Rows per page
Query Builder