Lucene search
+L

774 matches found

CNNVD
CNNVD
added 2025/05/20 12:0 a.m.27 views

VMware ESXi和VMware vCenter Server 安全漏洞

VMware ESXi and VMware vCenter Server are both products of VMware, Inc.VMware ESXi is a server virtualization platform that can be installed directly on physical servers.VMware vCenter Server is a suite of server and virtualization management software. The software provides a centralized platform...

4.3CVSS5.5AI score0.00785EPSS
Exploits2References2
Packet Storm News
Packet Storm News
added 2025/05/16 12:0 a.m.7 views

Side Channel Analysis in Homomorphic Encryption

Homomorphic encryption provides many opportunities for privacy-aware processing, including with methods related to machine learning. Many of our existing cryptographic methods have been shown in the past to be susceptible to side channel attacks. With these, the implementation of the cryptographi...

6.8AI score
Exploits0
BDU FSTEC
BDU FSTEC
added 2025/05/15 12:0 a.m.11 views

The vulnerability in the Accessibility component of operating system frameworks like iPadOS, iOS, and MacOS allows attackers to disclose protected information.

The vulnerability of the Accessibility component in iPadOS, iOS, and MacOS is related to deficiencies in access control. Exploiting this vulnerability can allow attackers to disclose protected information...

5.5CVSS5.4AI score0.00249EPSS
Exploits0References4Affected Software3
BDU FSTEC
BDU FSTEC
added 2025/05/14 12:0 a.m.9 views

The vulnerability of the Core Bluetooth framework in operating systems such as macOS, tvOS, iPadOS, iOS, visionOS, and watchOS allows attackers to disclose sensitive information.

The vulnerability of the Core Bluetooth framework in operating systems such as macOS, tvOS, iPadOS, iOS, visionOS, and watchOS is related to deficiencies in access control. Exploiting this vulnerability can allow attackers to disclose sensitive information that should be protected...

5.5CVSS5.3AI score0.00176EPSS
Exploits0References6Affected Software6
NVD
NVD
added 2025/05/07 2:15 a.m.40 views

CVE-2025-3218

IBM i 7.2, 7.3, 7.4, 7.5, and 7.6 is vulnerable to authentication and authorization attacks due to incorrect validation processing in IBM i Netserver. A malicious actor could use the weaknesses, in conjunction with brute force authentication attacks or to bypass authority restrictions, to access...

5.4CVSS0.00217EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/05/02 12:0 a.m.5 views

IBM Concert 加密问题漏洞

IBM Concert Software is a new tool from International Business Machines IBM Inc. that uses generative AI to help manage complex cloud-native applications. IBM Concert Software suffers from a cryptographic issue vulnerability that stems from the use of weak encryption algorithms, which could be...

5.9CVSS6.7AI score0.00173EPSS
Exploits0References2
BDU FSTEC
BDU FSTEC
added 2025/04/30 12:0 a.m.9 views

The vulnerability of the Multi-Factor Authentication component in the virtual learning environment Moodle allows a perpetrator to gain unauthorized access to protected information.

The vulnerability of the Multi-Factor Authentication component in the virtual learning environment Moodle is related to deficiencies in the authentication process. Exploiting this vulnerability could allow a malicious actor to gain unauthorized access to protected information...

4.3CVSS5.5AI score0.00307EPSS
Exploits0References4Affected Software2
Packet Storm News
Packet Storm News
added 2025/04/29 12:0 a.m.32 views

SecRepoBench: Benchmarking LLMs for Secure Code Generation in Real-World Repositories

This paper introduces SecRepoBench, a benchmark to evaluate LLMs on secure code generation in real-world repositories. SecRepoBench has 318 code generation tasks in 27 C/C++ repositories, covering 15 CWEs. We evaluate 19 state-of-the-art LLMs using our benchmark and find that the models struggle...

7.1AI score
Exploits0
BDU FSTEC
BDU FSTEC
added 2025/04/25 12:0 a.m.11 views

The vulnerability of the UpdateProjectUserRights method in the software for managing and monitoring deleted objects in telemetry and telemechanics systems, allowing a perpetrator to compromise the confidentiality, integrity, and accessibility of protected information.

The vulnerability of the UpdateProjectUserRights method in the software for managing and monitoring deleted objects in telemetry and telemechanics systems is related to the lack of protective measures for the SQL query structure. Exploiting this vulnerability allows an attacker to compromise the...

9CVSS5.6AI score0.00733EPSS
Exploits0References2Affected Software1
BDU FSTEC
BDU FSTEC
added 2025/04/23 12:0 a.m.11 views

The vulnerability of the SAP NetWeaver Application Server ABAP software integration platform, related to deficiencies in the authentication process, allows attackers to compromise the confidentiality of protected information.

The vulnerability of the SAP NetWeaver Application Server ABAP software integration platform is related to deficiencies in the authentication process. Exploiting this vulnerability allows an attacker to compromise the confidentiality of the protected information...

4.3CVSS5.5AI score0.00261EPSS
Exploits0References3
OSV
OSV
added 2025/04/17 8:15 p.m.7 views

CVE-2024-42177

HCL MyXalytics is affected by SSL∕TLS Protocol affected with BREACH & LUCKY13 vulnerabilities. Attackers can exploit the weakness in the ciphers to intercept and decrypt encrypted data, steal sensitive information, or inject malicious code into the system...

6.4CVSS5.8AI score0.00144EPSS
Exploits0References1
OSV
OSV
added 2025/04/15 6:15 a.m.10 views

UBUNTU-CVE-2025-3576

A vulnerability in the MIT Kerberos implementation allows GSSAPI-protected messages using RC4-HMAC-MD5 to be spoofed due to weaknesses in the MD5 checksum design. If RC4 is preferred over stronger encryption types, an attacker could exploit MD5 collisions to forge message integrity codes. This ma...

5.9CVSS6.9AI score0.00331EPSS
Exploits0References5
BDU FSTEC
BDU FSTEC
added 2025/04/15 12:0 a.m.10 views

The software client’s vulnerability for providing remote access with SonicWall NetExtender allows a intruder to gain access to modify data.

The vulnerability of the software client for remote access support provided by SonicWall NetExtender is related to deficiencies in access control. Exploiting this vulnerability can allow an attacker to gain access to modify data...

7.2CVSS7.1AI score0.0034EPSS
Exploits0References2Affected Software1
BDU FSTEC
BDU FSTEC
added 2025/04/14 12:0 a.m.11 views

The vulnerability of the PowerScale OneFS operating system, related to deficiencies in authentication procedures, allows a perpetrator to gain access to user accounts.

The vulnerability of the PowerScale OneFS operating system is related to deficiencies in the authentication process. Exploiting this vulnerability could allow an attacker to gain access to the user account...

7CVSS5.5AI score0.00149EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2025/04/08 5:24 p.m.22 views

CVE-2025-29809 Windows Kerberos Security Feature Bypass Vulnerability

...

7.1CVSS0.04073EPSS
Exploits0References1
Redos
Redos
added 2025/04/03 12:0 a.m.7 views

ROS-20250403-05

A vulnerability in the Media component of the Google Chrome browser is related to memory usage after it is released. after it has been freed. Exploitation of the vulnerability could allow an attacker acting remotely to execute arbitrary code using a specially crafted HTML page V8 JavaScript scrip...

8.8CVSS8.6AI score0.06387EPSS
Exploits1
BDU FSTEC
BDU FSTEC
added 2025/03/24 12:0 a.m.7 views

The vulnerability of the Process Chains component of the SAP Business Warehouse system allows attackers to compromise the integrity of the protected information.

The vulnerability of the Process Chains component in the SAP Business Warehouse data management and analytics system is related to deficiencies in the authentication process. Exploiting this vulnerability could allow a malicious actor to compromise the integrity of the protected information...

5.7CVSS5.5AI score0.00205EPSS
Exploits0References7
BDU FSTEC
BDU FSTEC
added 2025/03/24 12:0 a.m.6 views

The vulnerability of Siemens Scalance LPE9403 industrial switches’ microprogramming software, related to deficiencies in access control, allows attackers to escalate their privileges.

The vulnerability of Siemens Scalance LPE9403 industrial switches’ microprogramming software is related to deficiencies in access control. Exploiting this vulnerability could allow a malicious actor to enhance their privileges remotely...

9CVSS5.4AI score0.00406EPSS
Exploits0References3Affected Software1
RedhatCVE
RedhatCVE
added 2025/03/21 4:20 p.m.6 views

CVE-2025-26486

Broken or Risky Cryptographic Algorithm, Use of Password Hash With Insufficient Computational Effort, Use of Weak Hash, Use of a One-Way Hash with a Predictable Salt vulnerabilities in Beta80 "Life 1st Identity Manager" enable an attacker with access to password hashes to bruteforce user password...

6CVSS7.1AI score0.00113EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2025/03/21 9:30 a.m.16 views

Mattermost Fails to Enforce Certain Search APIs

Mattermost versions 10.4.x = 10.4.2, 10.3.x = 10.3.3, 9.11.x = 9.11.8 fail to enforce MFA on certain search APIs, which allows authenticated attackers to bypass MFA protections via user search, channel search, or team search queries...

6.5CVSS7AI score0.00291EPSS
Exploits0References3Affected Software1
Rows per page
Query Builder