Lucene search
K

1376 matches found

GithubExploit
GithubExploit
added 2026/02/06 7:40 a.m.150 views

davids-xss-lab

XSS Attack & Defense EXPERIMENT 1: Stored XSS Attack aler...

5.2AI score
Exploits0
Snyk
Snyk
added 2026/02/02 8:12 p.m.2 views

Missing Validation of OpenSSL Certificate

Overview Affected versions of this package are vulnerable to Missing Validation of OpenSSL Certificate due to the default configuration of DefaultConfig where TLS certificate verification is disabled for outgoing storage driver communications. An attacker can intercept, decrypt, and manipulate al...

9.2CVSS5.5AI score0.00239EPSS
Exploits0References2
Snyk
Snyk
added 2026/01/23 5:8 a.m.7 views

Unsafe Dependency Resolution

Overview lfx is a lfx is a command-line tool for running Langflow workflows. It provides two main commands: serve and run. Affected versions of this package are vulnerable to Unsafe Dependency Resolution via the execglobals parameter in the validate endpoint. An attacker can execute arbitrary cod...

9.8CVSS8.9AI score0.10371EPSS
Exploits8References2
Huntr
Huntr
added 2025/12/29 5:53 p.m.6 views

Unauthenticated File Upload in LollMS

Executive Summary A critical security vulnerability has been identified in LollMS that allows unauthenticated users to upload and process files through the /api/files/extract-text endpoint. This endpoint lacks authentication requirements, contradicting the application's documented "Secure...

9.8CVSS5.8AI score0.0043EPSS
Exploits1
Packet Storm News
Packet Storm News
added 2025/12/25 12:0 a.m.5 views

Exploring the Security Threats of Retriever Backdoors in Retrieval-Augmented Code Generation

Retrieval-Augmented Code Generation RACG is increasingly adopted to enhance Large Language Models for software development, yet its security implications remain dangerously underexplored. This paper conducts the first systematic exploration of a critical and stealthy threat: backdoor attacks...

7AI score
Exploits0
RedhatCVE
RedhatCVE
added 2025/12/13 10:0 p.m.4 views

CVE-2025-43513

A permissions issue was addressed by removing the vulnerable code. This issue is fixed in macOS Sequoia 15.7.3, macOS Sonoma 14.8.3, macOS Tahoe 26.2. An app may be able to read sensitive location information...

5.5CVSS5.8AI score0.00174EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/12/12 8:56 p.m.17 views

CVE-2025-43513

A permissions issue was addressed by removing the vulnerable code. This issue is fixed in macOS Sequoia 15.7.3, macOS Sonoma 14.8.3, macOS Tahoe 26.2. An app may be able to read sensitive location information...

0.00174EPSS
Exploits0References3
EUVD
EUVD
added 2025/12/12 8:56 p.m.3 views

EUVD-2025-203147

A permissions issue was addressed by removing the vulnerable code. This issue is fixed in macOS Sonoma 14.8.3, macOS Sequoia 15.7.3. An app may be able to read sensitive location information...

5.7AI score0.00174EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2025/12/12 8:56 p.m.4 views

CVE-2025-43513

A permissions issue was addressed by removing the vulnerable code. This issue is fixed in macOS Tahoe 26.2, macOS Sequoia 15.7.3, macOS Sonoma 14.8.3. An app may be able to read sensitive location information...

5.5AI score0.00174EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2025/12/12 12:0 a.m.5 views

PT-2025-51009

Name of the Vulnerable Software and Affected Versions macOS versions prior to Sonoma 14.8.3 macOS versions prior to Sequoia 15.7.3 Description A flaw allowed an application to potentially access sensitive location data. The vulnerable code has been removed in updated versions. Recommendations...

6.7AI score0.00174EPSS
Exploits0References4
Packet Storm News
Packet Storm News
added 2025/12/09 12:0 a.m.4 views

LLM-Based Vulnerable Code Augmentation: Generate or Refactor?

Vulnerability code-bases often suffer from severe imbalance, limiting the effectiveness of Deep Learning-based vulnerability classifiers. Data Augmentation could help solve this by mitigating the scarcity of under-represented CWEs. In this context, we investigate LLM-based augmentation for...

6.7AI score
Exploits0
Snyk
Snyk
added 2025/11/20 3:30 p.m.5 views

Access Control Bypass

Overview phppgadmin/phppgadmin is a web-based administration tool for PostgreSQL. It is perfect for PostgreSQL DBAs, newbies, and hosting services. Affected versions of this package are vulnerable to Access Control Bypass via the handling of user-controlled parameters in sql.php. An attacker can...

6.1CVSS7.5AI score0.00191EPSS
Exploits0References2
Snyk
Snyk
added 2025/11/12 9:43 p.m.3 views

Denial of Service (DoS)

Amendment This was deemed not a vulnerability. Overview torch is a Tensors and Dynamic neural networks in Python with strong GPU acceleration Affected versions of this package are vulnerable to Denial of Service DoS due to the omission of calling profiler.stop during the finalization process. An...

8.7CVSS6.7AI score0.00116EPSS
Exploits1References2
RedHat Linux
RedHat Linux
added 2025/11/12 1:23 a.m.7 views

thunderbird: firefox: Memory safety bugs

A flaw was found in Thunderbird and Firefox. The Mozilla Foundation's Security Advisory describes the following issue: Memory safety bugs present in Firefox ESR 115.28, Firefox ESR 140.3, Thunderbird ESR 140.3, Firefox 143 and Thunderbird 143. Some of these bugs showed evidence of memory corrupti...

8.8CVSS7.4AI score0.00306EPSS
Exploits0References6
Snyk
Snyk
added 2025/11/10 9:42 p.m.2 views

Use After Free

Overview Affected versions of this package are vulnerable to Use After Free via the PyObjectStealAttrString function. An attacker can execute arbitrary code or cause a crash by passing a dangling pointer to APIs such as PyLongAsLong or PyFloatAsDouble after the reference has been decremented. PoC...

7.5CVSS6.1AI score0.00266EPSS
Exploits1References2
RedhatCVE
RedhatCVE
added 2025/11/05 2:14 a.m.3 views

CVE-2025-43389

A privacy issue was addressed by removing the vulnerable code. This issue is fixed in iOS 18.7.2 and iPadOS 18.7.2, iOS 26.1 and iPadOS 26.1, macOS Sequoia 15.7.2, macOS Sonoma 14.8.2, macOS Tahoe 26.1, visionOS 26.1. An app may be able to access sensitive user data...

5.5CVSS6.5AI score0.00169EPSS
Exploits0References1
OSV
OSV
added 2025/11/04 2:15 a.m.2 views

CVE-2025-43397

A permissions issue was addressed by removing the vulnerable code. This issue is fixed in macOS Sequoia 15.7.2, macOS Tahoe 26.1, macOS Sonoma 14.8.2. An app may be able to cause a denial-of-service...

5.5CVSS5.8AI score0.00162EPSS
Exploits0References3
NVD
NVD
added 2025/11/04 2:15 a.m.4 views

CVE-2025-43389

A privacy issue was addressed by removing the vulnerable code. This issue is fixed in iOS 18.7.2 and iPadOS 18.7.2, iOS 26.1 and iPadOS 26.1, macOS Sequoia 15.7.2, macOS Sonoma 14.8.2, macOS Tahoe 26.1, visionOS 26.1. An app may be able to access sensitive user data...

5.5CVSS0.00169EPSS
Exploits0References6
OSV
OSV
added 2025/11/04 2:15 a.m.4 views

CVE-2025-43389

A privacy issue was addressed by removing the vulnerable code. This issue is fixed in macOS Tahoe 26.1, iOS 26.1 and iPadOS 26.1, iOS 18.7.2 and iPadOS 18.7.2, macOS Sequoia 15.7.2, macOS Sonoma 14.8.2, visionOS 26.1. An app may be able to access sensitive user data...

5.5CVSS5.7AI score0.00169EPSS
Exploits0References6
CVE
CVE
added 2025/11/04 1:16 a.m.10 views

CVE-2025-43397

CVE-2025-43397 is a local-permissions issue affecting Apple macOS Sonoma 14.8.2, macOS Sequoia 15.7.2, and macOS Tahoe 26.1. The underlying problem is described as a permissions issue that was addressed by removing vulnerable code, with the consequence that an app may be able to cause a denial-of...

5.5CVSS6.5AI score0.00162EPSS
Exploits0References3Affected Software1
Rows per page
Query Builder