Lucene search
K

537 matches found

Vulnrichment
Vulnrichment
added 2025/10/17 12:0 a.m.3 views

CVE-2025-60514

Tillywork v0.1.3 and below is vulnerable to SQL Injection in app/common/helpers/query.builder.helper.ts...

7.6AI score0.00279EPSS
Exploits0References2
OSV
OSV
added 2025/10/15 6:57 p.m.3 views

GHSA-FR8M-434R-G3XP gnark-crypto doesn't range check input values during ECDSA and EdDSA signature deserialization

Impact During deserialization of ECDSA and EdDSA signatures gnark-crypto did not check that the values are in the range 1, n-1 with n being the corresponding modulus either base field modulus in case of R in EdDSA, and scalar field modulus in case of s,r in ECDSA and s in EdDSA. As this also...

5.1CVSS6.8AI score0.00844EPSS
Exploits0References6
EUVD
EUVD
added 2025/10/11 12:30 p.m.19 views

EUVD-2025-33845

The Code Quality Control Tool plugin for WordPress is vulnerable to Sensitive Information Exposure in version 0.1 through publicly exposed log files. This makes it possible for unauthenticated attackers to view potentially sensitive information contained in the exposed log files...

5.3CVSS5.7AI score0.00287EPSS
Exploits0References3
Cvelist
Cvelist
added 2025/10/10 5:0 a.m.10 views

CVE-2025-11570

Versions of the package drupal-pattern-lab/unified-twig-extensions from 0.0.0 are vulnerable to Cross-site Scripting XSS due to insufficient filtering of data. Note: This is exploitable only if the code is executed outside of Drupal; the function is intended to be shared between Drupal and Patter...

4.8CVSS0.00197EPSS
Exploits0References3
NVD
NVD
added 2025/10/08 7:15 p.m.3 views

CVE-2025-11491

A vulnerability was found in wonderwhy-er DesktopCommanderMCP up to 0.2.13. The impacted element is the function CommandManager of the file src/command-manager.ts. Performing manipulation results in os command injection. It is possible to initiate the attack remotely. The exploit has been made...

9.8CVSS0.04354EPSS
Exploits1References5
CNNVD
CNNVD
added 2025/10/08 12:0 a.m.4 views

Desktop Commander MCP 安全漏洞

Desktop Commander MCP is an MCP server by the individual developer Eduard Ruzga. A security vulnerability exists in Desktop Commander MCP version 0.2.13 and earlier, which stems from os command injection in the extractBaseCommand function of the src/command-manager.ts file in the Absolute Path...

9.8CVSS6.8AI score0.03591EPSS
Exploits1References6
EUVD
EUVD
added 2025/10/07 2:6 p.m.5 views

EUVD-2025-32853

vLLM is an inference and serving engine for large language models LLMs. Before version 0.11.0rc2, the API key support in vLLM performs validation using a method that was vulnerable to a timing attack. API key validation uses a string comparison that takes longer the more characters the provided A...

7.5CVSS6.5AI score0.00538EPSS
Exploits1References6
Cvelist
Cvelist
added 2025/10/07 2:6 p.m.9 views

CVE-2025-59425 vLLM vulnerable to timing attack at bearer auth

vLLM is an inference and serving engine for large language models LLMs. Before version 0.11.0rc2, the API key support in vLLM performs validation using a method that was vulnerable to a timing attack. API key validation uses a string comparison that takes longer the more characters the provided A...

7.5CVSS0.00538EPSS
Exploits1References4
EUVD
EUVD
added 2025/10/06 8:9 a.m.4 views

EUVD-2025-32517

When decoding a frame for a SANM file ANIM v0 variant, the decoded data can be larger than the buffer allocated for it. Frames encoded with codec 48 can specify their resolution width x height. A buffer of appropriate size is allocated depending on the resolution. This codec can encode the frame...

5.7CVSS6.5AI score0.00146EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2025-28122

Malicious code in bioql PyPI...

8.6CVSS6.4AI score0.00399EPSS
Exploits1References4
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2025-28205

Malicious code in bioql PyPI...

4.3CVSS6.4AI score0.00116EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2025-26904

Malicious code in bioql PyPI...

5.9CVSS6.5AI score0.0017EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.3 views

EUVD-2025-31230

Malicious code in bioql PyPI...

5.4CVSS6.5AI score0.00159EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/10/03 12:0 a.m.9 views

MyClub 安全漏洞

MyClub is a club management software for jibux individual developers. A security vulnerability exists in MyClub version 0.5, which stems from insufficient cleanup of query parameter inputs and could lead to an SQL injection attack...

6.5CVSS7.6AI score0.00425EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2025/10/02 9:30 p.m.3 views

CVE-2025-61600 Unbounded Memory Allocation in Stalwart IMAP parser

Stalwart is a mail and collaboration server. Versions 0.13.3 and below contain an unbounded memory allocation vulnerability in the IMAP protocol parser which allows remote attackers to exhaust server memory, potentially triggering the system's out-of-memory OOM killer and causing a denial of...

7.5CVSS6.7AI score0.00524EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2025/09/29 11:54 p.m.5 views

CVE-2024-58040 Crypt::RandomEncryption for Perl uses insecure rand() function during encryption

Crypt::RandomEncryption for Perl version 0.01 uses insecure rand function during encryption...

6.6AI score0.00221EPSS
Exploits0References3
Cvelist
Cvelist
added 2025/09/29 11:54 p.m.10 views

CVE-2024-58040 Crypt::RandomEncryption for Perl uses insecure rand() function during encryption

Crypt::RandomEncryption for Perl version 0.01 uses insecure rand function during encryption...

0.00221EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2025/09/25 12:0 a.m.2 views

CVE-2025-26278

A prototype pollution in the lib.set function of dref v0.1.2 allows attackers to cause a Denial of Service DoS via supplying a crafted payload...

6.3AI score0.00365EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/09/22 12:0 a.m.3 views

WordPress plugin CF7 Submissions 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerabili...

4.3CVSS6.5AI score0.0023EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/09/19 12:0 a.m.1 views

CVE-2025-54761

An issue was discovered in PPress 0.0.9 allowing attackers to gain escilated privlidges via crafted session cookie...

6.8AI score0.00298EPSS
Exploits3References2
Rows per page
Query Builder