Lucene search
K

276 matches found

Vulnrichment
Vulnrichment
added 2025/09/09 12:0 a.m.3 views

CVE-2025-57538

A stored cross-site scripting XSS vulnerability in the HTTP Proxy field within the Datacenter configuration panel of Proxmox Virtual Environment PVE 8.4 allows an authenticated user to inject malicious input. The input is stored and executed in the context of other users' browsers when they view...

5.2AI score0.00308EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2025/09/09 12:0 a.m.5 views

PT-2025-36792

Name of the Vulnerable Software and Affected Versions: Proxmox Virtual Environment version 8.4 Description: A stored cross-site scripting XSS vulnerability exists in the HTTP Proxy field within the Datacenter configuration panel. This allows an authenticated user to inject malicious input that is...

5.4CVSS5.3AI score0.00308EPSS
Exploits1References6
CVE
CVE
added 2025/09/09 12:0 a.m.30 views

CVE-2025-57539

Vulnerability summary (CVE-2025-57539) : Proxmox Virtual Environment 8.4 is affected by a stored XSS in the U2F Origin field of the Datacenter configuration. Authenticated users can store input that is rendered unsafely in the Web UI and executed when viewed by others, potentially enabling sessio...

5.4CVSS5.1AI score0.00267EPSS
Exploits1References3Affected Software1
OSV
OSV
added 2025/08/11 1:53 p.m.6 views

BIT-LIBPYTHON-2024-9287 Virtual environment (venv) activation scripts don't quote paths

A vulnerability has been found in the CPython venv module and CLI where path names provided when creating a virtual environment were not quoted properly, allowing the creator to inject commands into virtual environment "activation" scripts ie "source venv/bin/activate". This means that...

7.8CVSS7.1AI score0.00647EPSS
Exploits0References13
Tenable Nessus
Tenable Nessus
added 2025/07/25 12:0 a.m.10 views

NewStart CGSL MAIN 7.02 : python3.11 Multiple Vulnerabilities (NS-SA-2025-0109)

The remote NewStart CGSL host, running version MAIN 7.02, has python3.11 packages installed that are affected by multiple vulnerabilities: - A vulnerability has been found in the CPython venv module and CLI where path names provided when creating a virtual environment were not quoted properly,...

9.4CVSS6.7AI score0.02527EPSS
Exploits14References23
SUSE Linux
SUSE Linux
added 2025/07/23 12:45 p.m.7 views

Security update 5.0.5 for Multi-Linux Manager Salt Bundle

This update fixes the following issues: venv-salt-minion: Security issues fixed: CVE-2024-38822: Fixed Minion token validation bsc1244561 CVE-2024-38823: Fixed server vulnerability to replay attacks when not using a TLS encrypted transport bsc1244564 CVE-2024-38824: Fixed directory traversal...

9.6CVSS7.6AI score0.00982EPSS
Exploits0References52
SUSE Linux
SUSE Linux
added 2025/07/23 12:44 p.m.7 views

Security update 5.0.5 for Multi-Linux Manager Salt Bundle

This update fixes the following issues: venv-salt-minion: Security issues fixed: CVE-2024-38822: Fixed Minion token validation bsc1244561 CVE-2024-38823: Fixed server vulnerability to replay attacks when not using a TLS encrypted transport bsc1244564 CVE-2024-38824: Fixed directory traversal...

9.6CVSS7.6AI score0.00982EPSS
Exploits0References52
OSV
OSV
added 2025/07/23 12:43 p.m.5 views

SUSE-SU-2025:02491-1 Security update 5.0.5 for Multi-Linux Manager Salt Bundle

This update fixes the following issues: venv-salt-minion: - Security issues fixed: - CVE-2024-38822: Fixed Minion token validation bsc1244561 - CVE-2024-38823: Fixed server vulnerability to replay attacks when not using a TLS encrypted transport bsc1244564 - CVE-2024-38824: Fixed directory...

9.6CVSS7AI score0.00982EPSS
Exploits0References26
SUSE Linux
SUSE Linux
added 2025/06/25 3:4 p.m.1 views

Security update for the Linux Kernel (Live Patch 15 for SLE 15 SP5)

This update for the Linux Kernel 5.14.21-1505005568 fixes several issues. The following security issues were fixed: CVE-2024-56601: net: inet: do not leave a dangling sk pointer in inetcreate bsc1235231. CVE-2024-50127: net: sched: fix use-after-free in tapriochange bsc1232908. CVE-2024-50279: dm...

8.5CVSS8AI score0.00272EPSS
Exploits0References36
Tenable Nessus
Tenable Nessus
added 2025/06/16 12:0 a.m.5 views

TencentOS Server 4: python3.11 (TSSA-2024:0758)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2024:0758 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities:...

7.8CVSS6.8AI score0.00647EPSS
Exploits0References2
Veeam
Veeam
added 2025/06/09 12:0 a.m.29 views

Could not apply snapshot: Device has active dirty bitmaps

Challenge When the user attempts to use the Rollback function for a snapshot on a Proxmox Virtual Environment PVE Virtual Machine VM that is protected by Veeam Backup & Replication, the following error occurs: qemu-img: Could not apply snapshot '%%': Device has active dirty bitmaps Cause This err...

7.2AI score
Exploits0Affected Software1
Tenable Nessus
Tenable Nessus
added 2025/06/09 12:0 a.m.10 views

NewStart CGSL MAIN 7.02 : python3.11 Multiple Vulnerabilities (NS-SA-2025-0074)

The remote NewStart CGSL host, running version MAIN 7.02, has python3.11 packages installed that are affected by multiple vulnerabilities: - A vulnerability has been found in the CPython venv module and CLI where path names provided when creating a virtual environment were not quoted properly,...

7.8CVSS6.8AI score0.02303EPSS
Exploits3References11
OSV
OSV
added 2025/05/21 7:7 p.m.6 views

CLSA-2025-1747854434 Fix CVE(s): CVE-2024-9287

SECURITY UPDATE: Path names provided when creating a virtual environment were not quoted properly - debian/patches/CVE-2024-9287.patch: Quote template strings in venv activation - CVE-2024-9287...

7.8CVSS6.7AI score0.00647EPSS
Exploits0References1
GithubExploit
GithubExploit
added 2025/04/27 6:37 p.m.369 views

Exploit for Unrestricted Upload of File with Dangerous Type in Boxbilling

CVE-2022-3552 In order to exploit the vulnerability in BoxBli...

7.2CVSS6.8AI score0.44002EPSS
Exploits7
Amazon
Amazon
added 2025/04/07 12:0 a.m.4 views

Medium: python3

Issue Overview: A vulnerability has been found in the CPython venv module and CLI where path names provided when creating a virtual environment were not quoted properly, allowing the creator to inject commands into virtual environment "activation" scripts ie "source venv/bin/activate". This means...

7.8CVSS7AI score0.00647EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2025/04/07 12:0 a.m.17 views

Amazon Linux 2 : python3 (ALAS-2025-2817)

The version of python3 installed on the remote host is prior to 3.7.16-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2025-2817 advisory. A vulnerability has been found in the CPython venv module and CLI where path names provided when creating a virtual environment we...

7.8CVSS6.8AI score0.00647EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2025/03/27 12:0 a.m.14 views

Amazon Linux 2023 : python3, python3-devel, python3-idle (ALAS2023-2025-900)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2025-900 advisory. The urllib.parse.urlsplit and urlparse functions improperly validated bracketed hosts , allowing hosts that weren't IPv6 or IPvFuture. This behavior was not conformant to RFC 3986 and potential...

7.8CVSS6.5AI score0.0067EPSS
Exploits0References6
Amazon
Amazon
added 2025/03/26 12:0 a.m.6 views

Medium: python3.9

Issue Overview: The urllib.parse.urlsplit and urlparse functions improperly validated bracketed hosts , allowing hosts that weren't IPv6 or IPvFuture. This behavior was not conformant to RFC 3986 and potentially enabled SSRF if a URL is processed by more than one URL parser. CVE-2024-11168 A...

7.8CVSS7.8AI score0.0067EPSS
Exploits0
Amazon
Amazon
added 2025/03/26 12:0 a.m.5 views

Medium: python3.9

Issue Overview: The urllib.parse.urlsplit and urlparse functions improperly validated bracketed hosts , allowing hosts that weren't IPv6 or IPvFuture. This behavior was not conformant to RFC 3986 and potentially enabled SSRF if a URL is processed by more than one URL parser. CVE-2024-11168 A...

7.8CVSS7.8AI score0.0067EPSS
Exploits0
OSV
OSV
added 2025/03/20 10:27 a.m.8 views

CLSA-2025-1742466441 Fix CVE(s): CVE-2024-9287

SECURITY UPDATE: Incorrect path quoting in venv allows command injection - debian/patches/CVE-2024-9287.patch: Quote template strings in venv activation - CVE-2024-9287...

7.8CVSS6.8AI score0.00647EPSS
Exploits0References1
Rows per page
Query Builder