Lucene search
K

5124 matches found

OSSF Malicious Packages
OSSF Malicious Packages
added 2025/11/11 7:16 a.m.2 views

Malicious code in pure_silkworm_z3n (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1b88a7fb2163702e962a2b76738a5db869703cbe644d27220da8647a32658925 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

6.9AI score
Exploits0
Positive Technologies
Positive Technologies
added 2025/11/11 12:0 a.m.3 views

PT-2025-46538

Name of the Vulnerable Software and Affected Versions Solid Edge SE2025 versions prior to V225.0 Update 11 Description The application does not properly validate client certificates when connecting to the License Service endpoint. This could allow a remote attacker to perform man-in-the-middle...

8.7CVSS6.5AI score0.00193EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2025/11/11 12:0 a.m.5 views

PT-2025-46388

Name of the Vulnerable Software and Affected Versions IntelR KillerTM Performance Suite versions prior to 4.0 40.25.509.1465 Description An uncontrolled search path exists in some IntelR KillerTM Performance Suite software. This issue, occurring within Ring 3 User Applications, may allow an...

6.7CVSS6.3AI score0.00103EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2025/11/11 12:0 a.m.5 views

PT-2025-46286

Name of the Vulnerable Software and Affected Versions Preload Current Images plugin for WordPress versions prior to 1.4 Description The Preload Current Images plugin for WordPress is susceptible to Stored Cross-Site Scripting through the complete parameter within the 'preload progress bar'...

6.4CVSS5.2AI score0.00193EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2025/11/11 12:0 a.m.6 views

PT-2025-46257

Name of the Vulnerable Software and Affected Versions Twitter Feed plugin for WordPress versions up to and including 1.3.1 Description The Twitter Feed plugin for WordPress is susceptible to Stored Cross-Site Scripting through the 'ottwitter feed' shortcode. This occurs because the plugin does no...

6.4CVSS5.3AI score0.00161EPSS
Exploits0References4
OSV
OSV
added 2025/11/10 9:12 a.m.2 views

SUSE-SU-2025:4025-1 Security update for govulncheck-vulndb

This update for govulncheck-vulndb fixes the following issues: - Update to version 0.0.20251105T184115 2025-11-05T18:41:15Z. jscPED-11136: Go CVE Numbering Authority IDs added or updated with aliases: GO-2025-3987 GHSA-fmjh-f678-cv3x GO-2025-3988 GHSA-wpwj-69cm-q9c5 GO-2025-3999 GHSA-3g72-chj4-22...

5.8AI score
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/11/08 12:0 a.m.9 views

PT-2025-45548

Name of the Vulnerable Software and Affected Versions HTML Forms – Simple WordPress Forms Plugin versions up to and including 1.5.5 Description The software contains a flaw that allows an attacker with administrator-level permissions to inject malicious web scripts into pages. This is due to...

4.4CVSS6.3AI score0.00171EPSS
Exploits0References5
EUVD
EUVD
added 2025/11/07 6:30 p.m.4 views

EUVD-2025-38282

An allocation of resources without limits or throttling vulnerability has been reported to affect File Station 5. If a remote attacker gains a user account, they can then exploit the vulnerability to prevent other systems, applications, or processes from accessing the same type of resource. We ha...

7.1CVSS6.4AI score0.00413EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/11/07 12:0 a.m.4 views

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : runc (SUSE-SU-2025:3950-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:3950-1 advisory. - CVE-2025-31133: Fixed container escape via 'masked path' abuse due to mount race conditions...

8.4CVSS6.9AI score0.00673EPSS
Exploits4References8
Positive Technologies
Positive Technologies
added 2025/11/06 12:0 a.m.5 views

PT-2025-45440

Name of the Vulnerable Software and Affected Versions KubeVirt versions prior to 1.5.3 KubeVirt versions prior to 1.6.1 Description KubeVirt, a virtual machine management add-on for Kubernetes, contains a flaw where the virt-handler does not validate if the launcher-sock is a symbolic link or a...

5CVSS5.4AI score0.00191EPSS
Exploits1References57
Positive Technologies
Positive Technologies
added 2025/11/05 12:0 a.m.6 views

PT-2026-22403

Name of the Vulnerable Software and Affected Versions Docker Model Runner versions prior to 1.0.16 Docker Desktop versions prior to 4.61.0 when Model Runner is enabled Description Docker Model Runner is software used to manage, run, and deploy AI models using Docker. Versions prior to 1.0.16 expo...

7.5CVSS6.1AI score0.00226EPSS
Exploits0References14
Tenable Nessus
Tenable Nessus
added 2025/11/05 12:0 a.m.6 views

Fedora 44 : docker-buildkit (2025-c1b04cbaba)

The remote Fedora 44 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2025-c1b04cbaba advisory. Automatic update for docker-buildkit-0.25.2-1.fc44. Changelog Wed Nov 5 2025 Bradley G Smith - 0.25.2-1 - Update to v0.25.2 - CVE-2025-58183;...

7.5CVSS7.3AI score0.00626EPSS
Exploits0References6
SUSE Linux
SUSE Linux
added 2025/11/04 12:47 p.m.3 views

Security update for govulncheck-vulndb

This update for govulncheck-vulndb fixes the following issues: Update to version 0.0.20251029T215107 2025-10-29T21:51:07Z. jscPED-11136: GO-2025-4006 GO-2025-4007 GO-2025-4008 GO-2025-4009 GO-2025-4010 GO-2025-4011 GO-2025-4012 GO-2025-4013 GO-2025-4014 GO-2025-4015 Patch Instructions: To install...

7.1AI score
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/10/31 12:0 a.m.3 views

SUSE SLED15: himmelblau / himmelblau-sshd-config / libnss_himmelblau2 / etc (SUSE-SU-2025:3869-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2025:3869-1 advisory. Update to version 0.7.18+git.0.8485a75. - CVE-2025-58160: tracing-subscriber: untrusted user input containing ANSI esca...

2.3CVSS5.8AI score0.00303EPSS
Exploits0References4
OSV
OSV
added 2025/10/30 1:45 p.m.1 views

SUSE-SU-2025:3869-1 Security update for himmelblau

This update for himmelblau fixes the following issues: Update to version 0.7.18+git.0.8485a75. - CVE-2025-58160: tracing-subscriber: untrusted user input containing ANSI escape sequences could be injected into terminal output when logged bsc1249013...

2.3CVSS5.8AI score0.00303EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2025/10/30 12:0 a.m.5 views

PT-2025-44400

Name of the Vulnerable Software and Affected Versions CSZ-CMS versions prior to 1.3.1 Description A SQL injection issue exists in the Form Builder view functionality. The vulnerability is located in the field parameter of the form viewing feature, allowing authenticated administrators to execute...

6.5CVSS7.8AI score0.00197EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2025/10/29 12:0 a.m.5 views

PT-2025-44275

Name of the Vulnerable Software and Affected Versions Call Now Button versions prior to 1.5.5 Description The Call Now Button plugin for WordPress is susceptible to unauthorized data access because of a missing capability check in multiple functions. Attackers with Subscriber-level access or high...

4.3CVSS6AI score0.00246EPSS
Exploits0References10
Positive Technologies
Positive Technologies
added 2025/10/29 12:0 a.m.6 views

PT-2025-44260

Name of the Vulnerable Software and Affected Versions Rometheme RTMKit versions through 1.6.7 Description An authorization bypass exists in Rometheme RTMKit rometheme-for-elementor due to incorrectly configured access control security levels. This allows exploitation through a user-controlled key...

6.5CVSS6.6AI score0.00247EPSS
Exploits0References4
CVE
CVE
added 2025/10/28 8:53 p.m.11 views

CVE-2025-62794

CVE-2025-62794 affects the GitHub Workflow Updater VS Code extension. Before version 0.0.7, the extension stored provided GitHub tokens in plaintext JSON in editor configuration on disk instead of using securestorage. This allowed a local attacker with read access to the user’s home directory to ...

3.8CVSS6.4AI score0.00116EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2025/10/28 12:0 a.m.3 views

PT-2025-44151

Name of the Vulnerable Software and Affected Versions Asseco mMedica versions prior to 11.9.5 Description An unauthenticated user can connect to a publicly accessible database using arbitrary credentials. The system grants full access to the database by leveraging a previously authenticated...

9.3CVSS7AI score0.00528EPSS
Exploits0References7
Rows per page
Query Builder