Lucene search
K

313 matches found

EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2022-2198

Malicious code in bioql PyPI...

9.8CVSS9.2AI score0.02675EPSS
Exploits0References16
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2024-35559

Malicious code in bioql PyPI...

6.1CVSS6.4AI score0.00278EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2021-33440

Malicious code in bioql PyPI...

6.5CVSS6.8AI score0.04513EPSS
Exploits0References20
NVD
NVD
added 2025/10/01 10:15 p.m.15 views

CVE-2025-54811

OpenPLCV3 has a vulnerability in the enipThread function that occurs due to the lack of a return value. This leads to a crash when the server loop ends and execution hits an illegal ud2 instruction. This issue can be triggered remotely without authentication by starting the same server multiple...

7.1CVSS0.00199EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/08/27 12:0 a.m.5 views

Linux Distros Unpatched Vulnerability : CVE-2019-14198

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in Das U-Boot through 2019.07. There is an unbounded memcpy with a failed length check at nfsreadreply when calling storeblock in the...

9.8CVSS7.4AI score0.0235EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/08/14 12:0 a.m.7 views

CVE-2025-27845

In ESPEC North America Web Controller 3 before 3.3.4, /api/v4/auth/ with any invalid authentication request results in exposing a JWT secret. This allows for elevated permissions to the UI...

7.3AI score0.00428EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/08/10 12:0 a.m.4 views

Linux Distros Unpatched Vulnerability : CVE-2019-14858

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A vulnerability was found in Ansible engine 2.x up to 2.8 and Ansible tower 3.x up to 3.5. When a module has an argumentspec with sub parameters marked as nolog...

7.3CVSS6.6AI score0.00427EPSS
Exploits0References2
Gitee
Gitee
added 2025/07/27 3:51 a.m.90 views

Exploit for Improper Restriction of Operations within the Bounds of a Memory Buffer in Microsoft

SMBGhost Simple scanner for CVE-2020-0796 - SMBv3 RCE. The scanner is for meant only for testing whether a server is vulnerable. It is not meant for research or development, hence the fixed payload. It checks for SMB dialect 3.1.1 and compression capability through a negotiate request. A network...

10CVSS9AI score0.9981EPSS
Exploits125
OSV
OSV
added 2025/07/10 6:31 p.m.7 views

CVE-2025-53625 DynamicPageList3 exposes hidden/suppressed usernames

The DynamicPageList3 extension is a reporting tool for MediaWiki, listing category members and intersections with various formats and details. Several dpl parameters can leak usernames that have been hidden using revision deletion, suppression, or the hideuser block flag. The vulnerability is fix...

8.7CVSS6.6AI score0.00447EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2025/07/03 12:0 a.m.12 views

Bootstrap < 4.0.0 Multiples Cross-Site Scripting

According to its self-reported version number, Bootstrap is prior to 4.0.0. Therefore, it may be affected by Multiples Cross-Site Scripting XSS vulnerability : - A Cross-Site Scripting XSS vulnerability has been identified within the Bootstrap 3 Button component. - A Cross-Site Scripting XSS...

6.4CVSS5.9AI score0.00494EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2025/05/21 7:37 p.m.9 views

CVE-2008-7121

Cross-site scripting XSS vulnerability in Mr. CGI Guy Hot Links SQL-PHP 3 and earlier allows remote attackers to inject arbitrary web script or HTML via the search bar...

4.3CVSS6AI score0.00899EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2025/04/15 12:0 a.m.7 views

PT-2025-16346

Name of the Vulnerable Software and Affected Versions Edimax AC1200 Wave 2 Dual-Band Gigabit Router BR-6478AC version V3 1.0.15 Description A command injection issue was discovered via the groupname at the "/boafrm/formDiskCreateGroup" API endpoint. This allows for potential exploitation...

6.5CVSS5.8AI score0.0766EPSS
Exploits1References10
Github Security Blog
Github Security Blog
added 2025/04/01 2:19 p.m.19 views

jooby-pac4j: deserialization of untrusted data

Impact Versions after 2.x and before 3.x of io.jooby:jooby-pac4j can cause deserialization of untrusted data Patches - 2.17.0 2.x - 3.7.0 3.x Workarounds - Not using io.jooby:jooby-pac4j until it gets patches. - Check what values you put/save on session References Version 2.x:...

8.8CVSS7.1AI score0.00612EPSS
Exploits0References6Affected Software1
OpenVAS
OpenVAS
added 2025/04/01 12:0 a.m.18 views

Huawei EulerOS: Security Advisory for python-jinja2 (EulerOS-SA-2025-1324)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

8.8CVSS7.6AI score0.005EPSS
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/03/28 1:5 p.m.5 views

Malicious code in 3-0 (PyPI)

--- -= Per source details. Do not edit below this line.=-...

7AI score
Exploits0
OSV
OSV
added 2025/03/27 6:1 p.m.8 views

GHSA-PFQJ-W6R6-G86V Pitchfork HTTP Request/Response Splitting vulnerability

Impact HTTP Response Header Injection in Pitchfork Versions 0.11.0 when used in conjunction with Rack 3 Patches The issue was fixed in Pitchfork release 0.11.0 Workarounds There are no known work arounds. Users must upgrade...

4.3CVSS7.4AI score0.00269EPSS
Exploits0References5
CNNVD
CNNVD
added 2025/03/25 12:0 a.m.4 views

Mbed TLS 安全漏洞

Mbed TLS is an open source, portable, easy to use, readable and flexible SSL library from Mbed TLS Open Source. A security vulnerability exists in Mbed TLS versions prior to 2.28.10 and 3.x versions prior to 3.6.3, which stems from the use of uninitialized stack memory under certain circumstances...

5.4CVSS6.5AI score0.00274EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2025/03/22 12:8 p.m.10 views

CVE-2024-10553

A vulnerability in the h2oai/h2o-3 REST API versions 3.46.0.4 allows unauthenticated remote attackers to execute arbitrary code via deserialization of untrusted data. The vulnerability exists in the endpoints POST /99/ImportSQLTable and POST /3/SaveToHiveTable, where user-controlled JDBC URLs are...

9.8CVSS7.9AI score0.01441EPSS
Exploits1References1
Cvelist
Cvelist
added 2025/02/24 9:21 p.m.15 views

CVE-2025-27140 WeGIA vulnerable to OS Command Injection at endpoint 'importar_dump.php' parameter 'import' (RCE)

WeGIA is a Web manager for charitable institutions. An OS Command Injection vulnerability was discovered in versions prior to 3.2.15 of the WeGIA application, importardump.php endpoint. This vulnerability could allow an attacker to execute arbitrary code remotely. The command is basically a comma...

10CVSS0.03021EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2025/02/23 12:0 a.m.4 views

PT-2025-9097 · Git +1 · Net-Snmp

Name of the Vulnerable Software and Affected Versions: The product name cannot be determined. Description: A heap buffer overflow issue was identified, which can cause a crash. The crash occurs during the setup engineID, init snmpv3 post premib config, and snmp call callbacks functions...

7.5AI score
Exploits0References2
Rows per page
Query Builder