Lucene search
K

537 matches found

Cvelist
Cvelist
added 2025/09/17 11:33 a.m.25 views

CVE-2025-10157 PickleScan Bypasses Unsafe Globals Check Using Submodule Imports

A Protection Mechanism Failure vulnerability in mmaitre314 picklescan versions up to and including 0.0.30 allows a remote attacker to bypass the unsafe globals check. This is possible because the scanner performs an exact match for module names, allowing malicious payloads to be loaded via...

9.3CVSS0.00761EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2025/09/12 12:0 a.m.7 views

PT-2025-37315

Name of the Vulnerable Software and Affected Versions: httpsig-rs versions prior to 0.0.19 Description: httpsig-rs is a Rust implementation of IETF RFC 9421 http message signatures. The HMAC signature comparison is not timing-safe in versions prior to 0.0.19, potentially allowing an attacker to...

5.9CVSS6.4AI score0.00264EPSS
Exploits0References9
Cvelist
Cvelist
added 2025/09/11 6:3 p.m.8 views

CVE-2025-59047 matrix-sdk-base has panic in the `RoomMember::normalized_power_level()` method

matrix-sdk-base is the base component to build a Matrix client library. In matrix-sdk-base before 0.14.1, calling the RoomMember::normalizedpowerlevel method can cause a panic if a room member has a power level of Int::Min. The issue is fixed in matrix-sdk-base 0.14.1. The affected method isn’t...

6.9CVSS0.00374EPSS
Exploits0References4
Cvelist
Cvelist
added 2025/09/11 7:24 a.m.8 views

CVE-2025-9634 Plugin updates blocker <= 0.2 - Cross-Site Request Forgery

The Plugin updates blocker plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.2. This is due to missing or incorrect nonce validation on the pubsave action handler. This makes it possible for unauthenticated attackers to disable or enable plug...

4.3CVSS0.00124EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/09/11 12:0 a.m.4 views

PT-2025-37152

The Plugin updates blocker plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.2. This is due to missing or incorrect nonce validation on the pub save action handler. This makes it possible for unauthenticated attackers to disable or enable...

4.3CVSS5.3AI score0.00124EPSS
Exploits0References3
NVD
NVD
added 2025/09/10 2:15 p.m.6 views

CVE-2025-56404

An issue was discovered in MariaDB MCP 0.1.0 allowing attackers to gain sensitive information via the SSE service as the SSE service lacks user validation...

7.5CVSS0.00317EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2025/09/10 12:0 a.m.2 views

CVE-2025-56406

An issue was discovered in mcp-neo4j 0.3.0 allowing attackers to obtain sensitive information or execute arbitrary commands via the SSE service. NOTE: the Supplier's position is that authentication is not mandatory for MCP servers, and the mcp-neo4j MCP server is only intended for use in a local...

6.8AI score0.00448EPSS
Exploits0References3
OSV
OSV
added 2025/09/08 7:37 p.m.6 views

CVE-2025-54994 @akoskm/create-mcp-server-stdio has Command Injection in MCP Server due to unsafe `exec` API

@akoskm/create-mcp-server-stdio is an MCP server starter kit that uses the StdioServerTransport. Prior to version 0.0.13, the MCP Server is written in a way that is vulnerable to command injection vulnerability attacks as part of some of its MCP Server tool definition and implementation. The MCP...

9.3CVSS7.3AI score0.01371EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2025/09/08 12:0 a.m.5 views

PT-2025-36503

Name of the Vulnerable Software and Affected Versions: @akoskm/create-mcp-server-stdio versions prior to 0.0.13 Description: The @akoskm/create-mcp-server-stdio package, a MCP server starter kit utilizing the StdioServerTransport, contains a command injection issue in versions prior to 0.0.13. Th...

9.3CVSS6.9AI score0.01371EPSS
Exploits0References12
Vulnrichment
Vulnrichment
added 2025/09/05 1:45 p.m.1 views

CVE-2025-58830 WordPress Parallax Scrolling Enllax.js Plugin <= 0.0.6 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in snagysandor Parallax Scrolling Enllax.js parallax-scrolling-enllax-js allows Stored XSS.This issue affects Parallax Scrolling Enllax.js: from n/a through = 0.0.6...

6.5CVSS5.9AI score0.0019EPSS
Exploits0References1
OSV
OSV
added 2025/09/03 11:52 p.m.6 views

CVE-2025-58355 Soft Serve is vulnerable to arbitrary file writing through its SSH API

Soft Serve is a self-hostable Git server for the command line. In versions 0.9.1 and below, attackers can create or override arbitrary files with uncontrolled data through its SSH API. This issue is fixed in version 0.10.0...

7.7CVSS7.1AI score0.00315EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/08/30 6:18 p.m.4 views

CVE-2025-50129

A memory corruption vulnerability exists in the PCX Image Decoding functionality of the SAIL Image Decoding Library v0.9.8. When decoding the image data from a specially crafted .tga file, a heap-based buffer overflow can occur which allows for remote code execution. An attacker will need to...

8.8CVSS8.1AI score0.00691EPSS
Exploits1References1
OSV
OSV
added 2025/08/29 3:15 p.m.6 views

AZL-66711 CVE-2025-54080 affecting package exiv2 0.28.3-1

Exiv2 is a C++ library and a command-line utility to read, write, delete and modify Exif, IPTC, XMP and ICC image metadata. An out-of-bounds read was found in Exiv2 versions 0.28.5 and earlier. The out-of-bounds read is triggered when Exiv2 is used to write metadata into a crafted image file. An...

5.5CVSS5.7AI score0.00132EPSS
Exploits0References1
OSV
OSV
added 2025/08/28 10:3 p.m.5 views

CVE-2025-58061 OpenEBS Local PV RawFile persistent volume data is world readable

OpenEBS Local PV RawFile allows dynamic deployment of Stateful Persistent Node-Local Volumes & Filesystems for Kubernetes. Prior to version 0.10.0, persistent volume data is world readable and that would allow non-privileged users to access sensitive data such as databases of k8s workload. The...

5.5CVSS6.4AI score0.00125EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2025/08/27 12:0 a.m.3 views

Linux Distros Unpatched Vulnerability : CVE-2025-1372

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A vulnerability was found in GNU elfutils 0.192. It has been declared as critical. Affected by this vulnerability is the function...

7.8CVSS5.5AI score0.00327EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2025/08/27 12:0 a.m.3 views

Linux Distros Unpatched Vulnerability : CVE-2025-29785

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - quic-go is an implementation of the QUIC protocol in Go. The loss recovery logic for path probe packets that was added in the v0.50.0 release can be used to...

7.5CVSS5.9AI score0.00402EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/08/25 5:32 a.m.5 views

CVE-2025-7842

The Silencesoft RSS Reader plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.6. This is due to missing or incorrect nonce validation on the 'silrsseditpage' page. This makes it possible for unauthenticated attackers to delete RSS feeds via a...

4.3CVSS6.7AI score0.00124EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/08/21 12:0 a.m.8 views

CVE-2025-55524

Insecure permissions in Agent-Zero v0.8. allow attackers to arbitrarily reset the system via unspecified vectors...

0.00323EPSS
Exploits1References2
Github Security Blog
Github Security Blog
added 2025/08/20 6:30 p.m.9 views

Spree Commerce is vulnerable to RCE through Search API

Spreecommerce versions prior to 0.50.x contain a remote command execution vulnerability in the API's search functionality. Improper input sanitation allows attackers to inject arbitrary shell commands via the searchinstanceeval parameter, which is dynamically invoked using Ruby’s send method. Thi...

9.8CVSS7.9AI score0.02464EPSS
Exploits1References11Affected Software2
Tenable Nessus
Tenable Nessus
added 2025/08/19 12:0 a.m.4 views

Linux Distros Unpatched Vulnerability : CVE-2009-3604

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The Splash::drawImage function in Splash.cc in Xpdf 2.x and 3.x before 3.02pl4, and Poppler 0.x, as used in GPdf and kdegraphics KPDF, does not properly allocat...

9.3CVSS6.5AI score0.08703EPSS
Exploits1References2
Rows per page
Query Builder