Lucene search
K

21 matches found

AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.6 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: dpaa2-eth: The virtual address is retrieved before calling dmaunmap. The TSO header was unmapped via DMA before the virtual address was retrieved, and then the buffer was freed using that address. This meant that we actually...

5.5CVSS6AI score0.00204EPSS
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/21 12:9 a.m.11 views

Malicious code in anthropic-shared-logger (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e54ef50a83e2f379965286ed404d16ca3389a9ce5c8593718ef4e6f307cc6084 This package impersonates Anthropic's internal namespace and self-describes as 'Full RCE PoC - Alex Birsan Style'. Its package.json declares a...

5.8AI score
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/06 11:27 a.m.8 views

CVE-2026-43139

In the Linux kernel, the following vulnerability has been resolved: xfrm6: fix uninitialized saddr in xfrm6getsaddr xfrm6getsaddr does not check the return value of ipv6devgetsaddr. When ipv6devgetsaddr fails to find a suitable source address returns -EADDRNOTAVAIL, saddr-in6 is left uninitialize...

5.7AI score0.00375EPSS
Exploits0References9Affected Software1
Positive Technologies
Positive Technologies
added 2025/12/28 12:0 a.m.6 views

PT-2025-53670

Name of the Vulnerable Software and Affected Versions PbootCMS versions prior to 3.2.12 Description A security issue exists in PbootCMS that allows for remote manipulation of the X-Forwarded-For argument. This manipulation impacts the get user ip function within the core/function/handle.php file,...

6.9CVSS6.2AI score0.00215EPSS
Exploits1References9
EUVD
EUVD
added 2025/12/16 3:30 p.m.9 views

EUVD-2025-203631

In the Linux kernel, the following vulnerability has been resolved: spi: rockchip-sfc: Fix DMA-API usage Use DMA-API dmamapsingle call for getting the DMA address of the transfer buffer instead of hacking with virttophys. This fixes the following DMA-API debug warning: ------------ cut here...

6.2AI score0.00155EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.8 views

EUVD-2022-15458

Malicious code in bioql PyPI...

4.3CVSS4.9AI score0.00752EPSS
Exploits1References1
OSV
OSV
added 2024/11/25 10:15 p.m.10 views

AZL-54601 CVE-2024-53100 affecting package kernel 5.15.200.1-1

In the Linux kernel, the following vulnerability has been resolved: nvme: tcp: avoid race between queuelock lock and destroy Commit 76d54bf20cdc "nvme-tcp: don't access released socket during error recovery" added a mutexlock call for the queue-queuelock in nvmetcpgetaddress. However, the mutexlo...

4.7CVSS6.3AI score0.00161EPSS
Exploits0References1
CNNVD
CNNVD
added 2024/07/12 12:0 a.m.3 views

Linux kernel security vulnerabilities

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from the xfrm6 component failing to properly check the return value of the ip6dstidev function when obtaining a...

5.5CVSS6.4AI score0.00278EPSS
Exploits0References10
Positive Technologies
Positive Technologies
added 2024/01/16 12:0 a.m.8 views

PT-2024-15100 · Unknown · Wp Customer Area

Name of the Vulnerable Software and Affected Versions: WP Customer Area versions prior to 8.2.1 Description: The issue arises from improper validation of user capabilities in certain AJAX actions, allowing any user to retrieve another user's account address. Recommendations: For versions prior to...

6.5CVSS7.2AI score0.00483EPSS
Exploits1References6
NVD
NVD
added 2023/11/27 5:15 p.m.22 views

CVE-2023-5239

The Security & Malware scan by CleanTalk WordPress plugin before 2.121 retrieves client IP addresses from potentially untrusted headers, allowing an attacker to manipulate its value. This may be used to bypass bruteforce protection...

7.5CVSS0.00653EPSS
Exploits2References1
Prion
Prion
added 2023/11/27 5:15 p.m.14 views

Design/Logic Flaw

The Security & Malware scan by CleanTalk WordPress plugin before 2.121 retrieves client IP addresses from potentially untrusted headers, allowing an attacker to manipulate its value. This may be used to bypass bruteforce protection...

5CVSS7AI score0.00653EPSS
Exploits2References1Affected Software1
Code423n4
Code423n4
added 2023/07/28 12:0 a.m.12 views

If a lower multiplier for a particular NFT was set the owner of this NFT can avoid syncing votes with new values.

Lines of code Vulnerability details Impact The current situation presents an issue as it is impossible to identify the addresses of users who possess specific NFT tokens locked in the contract. Consequently, if a new multiplier is lower than the previous one, a "malicious" user could exploit this...

6.8AI score
Exploits0
Vulnrichment
Vulnrichment
added 2023/06/23 4:20 p.m.14 views

CVE-2023-34467 XWiki Platform may retrieve email addresses of all users

XWiki Platform is a generic wiki platform. Starting in version 3.5-milestone-1 and prior to versions 14.4.8, 14.10.4, and 15.0-rc-1, the mail obfuscation configuration was not fully taken into account. While the mail displayed to the end user was obfuscated, the rest response was also containing...

7.5CVSS6.7AI score0.00961EPSS
Exploits1References3
Kitploit
Kitploit
added 2023/02/11 11:30 a.m.164 views

Powershell-Backdoor-Generator - Obfuscated Powershell Reverse Backdoor With Flipper Zero And USB Rubber Ducky Payloads

Reverse backdoor written in Powershell and obfuscated with Python. Allowing the backdoor to have a new signature after every run. Also can generate auto run scripts for Flipper Zero and USB Rubber Ducky. usage: listen.py -h --ip-address IPADDRESS --port PORT --random --out OUT --verbose --delay...

7.5AI score
Exploits0References1
OSV
OSV
added 2022/10/17 12:15 p.m.4 views

CVE-2022-3541

A vulnerability classified as critical has been found in Linux Kernel. This affects the function spl2swnvmemgetmacaddress of the file drivers/net/ethernet/sunplus/spl2swdriver.c of the component BPF. The manipulation leads to use after free. It is recommended to apply a patch to fix this issue. T...

7.8CVSS6.6AI score
Exploits0References3
Hacker One
Hacker One
added 2022/10/07 10:40 p.m.33 views

Liberapay: Email Address Exposure via Gratipay Migration Tool

Through the /migrate route, an attacker can input the username of any user on the site and retrieve their primary email address without any authorization required. Steps to reproduce: Note: This cannot be performed with hackerone-target, because that account seems to return a None as an email. 1...

6.8AI score
Exploits0
CNNVD
CNNVD
added 2022/08/26 12:0 a.m.3 views

WordPress plugin Limit Login Attempts 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin that supports personal blog sites on servers running PHP and MySQL. A security vulnerability exists in WordPres...

5.3CVSS6.6AI score0.00332EPSS
Exploits0References4
Prion
Prion
added 2022/01/26 4:15 p.m.13 views

Default configuration

BuddyBoss Platform through 1.8.0 allows remote attackers to obtain the email address of each user. When creating a new user, it generates a Unique ID for their profile. This UID is their private email address with symbols removed and periods replaced with hyphens. For example. email protected wou...

5CVSS5.3AI score0.01117EPSS
Exploits0References2Affected Software1
Exploit DB
Exploit DB
added 2021/05/21 12:0 a.m.286 views

DELL dbutil_2_3.sys 2.3 - Arbitrary Write to Local Privilege Escalation (LPE)

Exploit Title: DELL dbutil23.sys 2.3 - Arbitrary Write to Local Privilege Escalation LPE Date: 10/05/2021 Exploit Author: Paolo Stagno aka VoidSec Version: include include include include define IOCTLCODE 0x9B0C1EC8 // IOCTLCODE value, used to reach the vulnerable function taken from IDA define...

8.8CVSS7.9AI score0.57474EPSS
Exploits17
Kitploit
Kitploit
added 2018/04/11 1:9 p.m.29 views

Mercury - A Hacking Tool Used To Collect Information And Use The Information To Further Hurt The Target

Mercury is a hacking tool used to collect information and use the information to further hurt the target. Installation Requires Python2 Linux apt-get install python2 git clone https://www.github.com/MetaChar/Mercury pip install -r requirements.txt Features BruteForce Mercury uses Selenium to...

7.1AI score
Exploits0References1
Rows per page
Query Builder