Lucene search
+L

18 matches found

nessus
nessus
added 2026/04/25 12:0 a.m.8 views

Linux Distros Unpatched Vulnerability : CVE-2026-40254

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - FreeRDP is a free implementation of the Remote Desktop Protocol. Versions prior to 3.25.0 have an off-by- one in the path traversal filter in...

6.1CVSS5.6AI score0.002EPSS
Exploits1References4
debiancve
debiancve
added 2026/04/24 2:24 a.m.9 views

CVE-2026-40254

FreeRDP is a free implementation of the Remote Desktop Protocol. Versions prior to 3.25.0 have an off-by-one in the path traversal filter in channels/drive/client/drivefile.c. The containsdotdot function catches ../ and ..\ mid-path but misses .. when it's the last component with no trailing...

6.1CVSS5.5AI score0.002EPSS
Exploits1
ptsecurity
ptsecurity
added 2026/04/24 12:0 a.m.10 views

PT-2026-34838

Name of the Vulnerable Software and Affected Versions FreeRDP versions prior to 3.25.0 Description An off-by-one error exists in the path traversal filter within channels/drive/client/drive file.c. The contains dotdot function fails to detect .. when it is the final component of a path without a...

6.1CVSS5.8AI score0.002EPSS
Exploits1References36
nessus
nessus
added 2026/01/15 12:0 a.m.3 views

Linux Distros Unpatched Vulnerability : CVE-2026-22791

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - openCryptoki is a PKCS11 library and tools for Linux and AIX. In 3.25.0 and 3.26.0, there is a heap buffer overflow vulnerability in the CKMECDHAESKEYWRAP...

6.6CVSS5.7AI score0.00237EPSS
Exploits1References3
euvd
euvd
added 2025/10/03 8:7 p.m.4 views

EUVD-2025-6822

Malicious code in bioql PyPI...

7.5CVSS7.5AI score0.0059EPSS
Exploits1References3
snyk
snyk
added 2025/08/26 4:19 p.m.5 views

Insertion of Sensitive Information into Log File

Overview Affected versions of this package are vulnerable to Insertion of Sensitive Information into Log File via the process of logging error details during SQL query execution. An attacker can obtain sensitive information by intentionally causing SQL errors and subsequently accessing the log...

7.4CVSS7.2AI score0.00388EPSS
Exploits0References2
nvd
nvd
added 2025/08/26 4:15 p.m.57 views

CVE-2025-57813

traQ is a messenger application built for Digital Creators Club traP. Prior to version 3.25.0, a vulnerability exists where sensitive information, such as OAuth tokens, are recorded in log files when an error occurs during the execution of an SQL query. An attacker could intentionally trigger an...

5.9CVSS0.00388EPSS
Exploits0References3
cve
cve
added 2025/08/26 4:6 p.m.29 views

CVE-2025-57813

CVE-2025-57813 affects the traQ messenger (github.com/traPtitech/traQ). Before version 3.25.0, error handling during SQL queries can write sensitive data (e.g., OAuth tokens) to log files. An attacker with log access could trigger SQL errors to illicitly read recorded secrets. The issue is fixed ...

5.9CVSS7.5AI score0.00388EPSS
Exploits0References3
redhatcve
redhatcve
added 2025/03/22 12:41 p.m.15 views

CVE-2025-0189

In version 3.25.0 of aimhubio/aim, the tracking server is vulnerable to a denial of service attack. The server overrides the maximum size for websocket messages, allowing very large images to be tracked. This causes the server to become unresponsive to other requests while processing the large...

7.5CVSS6.9AI score0.0059EPSS
Exploits1References1
redhatcve
redhatcve
added 2025/03/22 12:41 p.m.20 views

CVE-2025-0190

In version 3.25.0 of aimhubio/aim, a denial of service vulnerability exists. By tracking a large number of Text objects and then querying them simultaneously through the web API, the Aim web server becomes unresponsive to other requests for an extended period while processing and returning these...

7.5CVSS7AI score0.0059EPSS
Exploits1References1
redhatcve
redhatcve
added 2025/03/22 12:23 p.m.19 views

CVE-2024-12778

A vulnerability in aimhubio/aim version 3.25.0 allows for a denial of service DoS attack. The issue arises when a large number of tracked metrics are retrieved simultaneously from the Aim web API, causing the web server to become unresponsive. The root cause is the lack of a limit on the number o...

7.5CVSS6.9AI score0.00727EPSS
Exploits1References1
osv
osv
added 2025/03/20 12:32 p.m.28 views

GHSA-J5QJ-RG5J-J7C2 Aim Uncontrolled Resource Consumption vulnerability

In version 3.25.0 of aimhubio/aim, the tracking server is vulnerable to a denial of service attack. The server overrides the maximum size for websocket messages, allowing very large images to be tracked. This causes the server to become unresponsive to other requests while processing the large...

7.5CVSS7AI score0.0059EPSS
Exploits1References3
osv
osv
added 2025/03/20 10:10 a.m.8 views

CVE-2025-0189 Denial of Service in aimhubio/aim

In version 3.25.0 of aimhubio/aim, the tracking server is vulnerable to a denial of service attack. The server overrides the maximum size for websocket messages, allowing very large images to be tracked. This causes the server to become unresponsive to other requests while processing the large...

7.5CVSS7AI score0.0059EPSS
Exploits1References3
cvelist
cvelist
added 2025/03/20 10:8 a.m.34 views

CVE-2025-0190 Denial of Service in aimhubio/aim

In version 3.25.0 of aimhubio/aim, a denial of service vulnerability exists. By tracking a large number of Text objects and then querying them simultaneously through the web API, the Aim web server becomes unresponsive to other requests for an extended period while processing and returning these...

7.5CVSS0.0059EPSS
Exploits1References1
osv
osv
added 2025/03/20 10:8 a.m.10 views

CVE-2025-0190 Denial of Service in aimhubio/aim

In version 3.25.0 of aimhubio/aim, a denial of service vulnerability exists. By tracking a large number of Text objects and then querying them simultaneously through the web API, the Aim web server becomes unresponsive to other requests for an extended period while processing and returning these...

7.5CVSS7AI score0.0059EPSS
Exploits1References3
vulnrichment
vulnrichment
added 2025/03/20 10:8 a.m.8 views

CVE-2025-0190 Denial of Service in aimhubio/aim

In version 3.25.0 of aimhubio/aim, a denial of service vulnerability exists. By tracking a large number of Text objects and then querying them simultaneously through the web API, the Aim web server becomes unresponsive to other requests for an extended period while processing and returning these...

7.5CVSS7.5AI score0.0059EPSS
Exploits1References1
cnnvd
cnnvd
added 2025/03/20 12:0 a.m.5 views

Aim 资源管理错误漏洞

Aim is an easy-to-use and high-performance open source experiment tracker from Aim Open Source USA. Aim version 3.25.0 suffers from a resource management error vulnerability that stems from the tracking server's susceptibility to denial-of-service attacks, which may cause the server to be...

7.5CVSS7.4AI score0.0059EPSS
Exploits1References1
cnnvd
cnnvd
added 2025/03/20 12:0 a.m.5 views

Aim 安全漏洞

Aim is an easy-to-use and high-performance open source experiment tracker from Aim Open Source USA. A security vulnerability exists in Aim version 3.25.0 that stems from an unset timeout and could lead to a denial of service attack...

5.9CVSS5.6AI score0.00442EPSS
Exploits1References1
Rows per page
Query Builder