Lucene search
K

544 matches found

CVE
CVE
added 2025/03/27 10:55 a.m.47 views

CVE-2025-30839

CVE-2025-30839 – Taxi Booking Manager for WooCommerce (Ecab) has a Missing Authorization vulnerability affecting versions from n/a up to 1.2.1. The issue arises from incorrectly configured access control security levels that permit unauthorized access or actions. The connected ENISA vulnerability...

5.3CVSS7.2AI score0.00458EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/03/27 12:0 a.m.3 views

PT-2025-13289 · Linux +3 · Linux Kernel +3

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: The issue is related to an incorrect offset calculation in the Linux kernel, specifically in the erofs/zmap.c file. This miscalculation resulted in the iomap-length being set to 0,...

4.6CVSS4.9AI score0.00176EPSS
Exploits0References19
Positive Technologies
Positive Technologies
added 2025/03/20 12:0 a.m.7 views

PT-2025-12022 · Parisneo · Lollms-Webui

Name of the Vulnerable Software and Affected Versions: parisneo/lollms-webui versions v9.9 to the latest Description: The issue allows an attacker to list arbitrary directories on a Windows system by sending a specially crafted HTTP request to the "/open file" endpoint. This enables the attacker ...

5.3CVSS5.3AI score0.00954EPSS
Exploits1References5
OSV
OSV
added 2025/03/11 7:24 p.m.17 views

GHSA-2865-HH9G-W894 Microsoft Security Advisory CVE-2025-24070: .NET Elevation of Privilege Vulnerability

Microsoft Security Advisory CVE-2025-24070: .NET Elevation of Privilege Vulnerability Executive summary Microsoft is releasing this security advisory to provide information about a vulnerability in ASP.NET Core 9.0, ASP.NET Core 8.0, ASP.NET Core 6.0, and ASP.NET Core 2.3. This advisory also...

7CVSS7AI score0.00911EPSS
Exploits1References5
CVE
CVE
added 2025/03/11 4:59 p.m.122 views

CVE-2025-24055

CVE-2025-24055 is a Windows USB Video Driver vulnerability described as an out-of-bounds read that could allow an authorized attacker to disclose information with a physical attack. The CVSSv3.1 base score is 4.3 (Medium), with privileges required as Low, attack vector Physical, and impact restri...

4.3CVSS4.1AI score0.00767EPSS
Exploits1References1Affected Software15
Arista
Arista
added 2025/03/11 12:0 a.m.35 views

Security Advisory 0112

Security Advisory 0112 . CSAF PDF Date: March 11, 2025 Revision | Date | Changes ---|---|--- 1.0 | March 11, 2025 | Initial release The CVE-ID tracking this issue: CVE-2024-9448 CVSSv3.1 Base Score: 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N Common Weakness Enumeration: CWE-284 Improper...

7.5CVSS5.7AI score0.00485EPSS
Exploits0Affected Software1
OpenVAS
OpenVAS
added 2025/03/05 12:0 a.m.4 views

Debian: Security Advisory (DSA-5873-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.8CVSS8.7AI score0.00291EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/03/04 12:0 a.m.5 views

Linux Distros Unpatched Vulnerability : CVE-2017-5433

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A use-after-free vulnerability in SMIL animation functions occurs when pointers to animation elements in an array are dropped from the animation controller whil...

9.8CVSS7.5AI score0.03622EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2025/03/04 12:0 a.m.9 views

Linux Distros Unpatched Vulnerability : CVE-2020-15658

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The code for downloading files did not properly take care of special characters, which led to an attacker being able to cut off the file ending at an earlier...

6.5CVSS7.6AI score0.01202EPSS
Exploits0References3
OSV
OSV
added 2025/03/03 7:22 p.m.25 views

GO-2025-3489 Rancher's SAML-based login via CLI can be denied by unauthenticated users in github.com/rancher/rancher

Rancher's SAML-based login via CLI can be denied by unauthenticated users in github.com/rancher/rancher. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is causing false-positive reports from...

5.3CVSS6.5AI score0.00508EPSS
Exploits0References1
CVE
CVE
added 2025/03/03 8:0 a.m.64 views

CVE-2025-1857

Summary of CVE-2025-1857 (PHPGurukul Nipah Virus Testing Management System 1.0) A critical SQL injection vulnerability exists in an unspecified part of the file /check_availability.php, caused by manipulation of the employeeid argument. The issue allows remote initiation of an attack and the expl...

9.8CVSS7.6AI score0.00487EPSS
Exploits1References5Affected Software1
NVD
NVD
added 2025/02/28 4:15 a.m.12 views

CVE-2025-1744

Out-of-bounds Write vulnerability in radareorg radare2 allows heap-based buffer over-read or buffer overflow.This issue affects radare2: before 5.9.9...

10CVSS0.00468EPSS
Exploits0References1
IBM Security Bulletins
IBM Security Bulletins
added 2025/02/27 12:37 p.m.13 views

Security Bulletin: Vulnerability in paramiko affects IBM Cloud Pak for Data System 2.0 (CPDS 2.0) [CVE-2023-48795]

Summary The paramiko package is used by IBM Cloud Pak for Data System 2.0 . IBM Cloud Pak for Data System 2.0 has addressed the applicable CVEs CVE-2023-48795. Vulnerability Details CVEID:CVE-2023-48795 DESCRIPTION: The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH befo...

5.9CVSS6.4AI score0.93305EPSS
Exploits4Affected Software1
RedhatCVE
RedhatCVE
added 2025/02/26 11:58 a.m.9 views

CVE-2022-49325

In the Linux kernel, the following vulnerability has been resolved: tcp: add accessors to read/set tp-sndcwnd We had various bugs over the years with code breaking the assumption that tp-sndcwnd is greater than zero. Lately, syzbot reported the WARNONONCE!tp-priorcwnd added in commit 8b8a321ff72c...

5.5CVSS6.4AI score0.00252EPSS
Exploits0References4
Arista
Arista
added 2025/02/25 12:0 a.m.38 views

Security Advisory 0111

Security Advisory 0111 . CSAF PDF Date: February 25, 2025 Revision | Date | Changes ---|---|--- 1.0 | February 25, 2025 | Initial release The CVE-ID tracking this issue: CVE-2025-1259 CVSSv3.1 Base Score: 7.7 CVSS:3.1 AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N Common Weakness Enumeration: CWE-284:...

9.1CVSS6AI score0.00407EPSS
Exploits0Affected Software1
OSV
OSV
added 2025/02/24 9:35 a.m.9 views

GHSA-5FWX-P6XH-VJRH Mattermost allows reading arbitrary files related to importing boards

Mattermost versions 10.4.x = 10.4.1, 9.11.x = 9.11.7, 10.3.x = 10.3.2, 10.2.x = 10.2.2 fail to properly validate board blocks when importing boards which allows an attacker could read any arbitrary file on the system via importing and exporting a specially crafted import archive in Boards...

9.9CVSS6.7AI score0.2251EPSS
Exploits1References5
RedhatCVE
RedhatCVE
added 2025/02/15 7:23 p.m.6 views

CVE-2024-11346

: Access of Resource Using Incompatible Type 'Type Confusion' vulnerability in Lexmark International CX, XC, CS, et. Al. Postscript interpreter modules allows Resource Injection.This issue affects CX, XC, CS, et. Al.: from 001.001:0 through 081.231, from ..P001 through ..P233, from ..P001 through...

7.3CVSS6.9AI score0.00414EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/02/11 12:0 a.m.3 views

PT-2025-6190 · Unknown · Octopus Server

Name of the Vulnerable Software and Affected Versions: Octopus Server affected versions not specified Description: The issue arises from the unsafe handling of error messages on the error page in affected versions of Octopus Server. If an adversary can control any part of the error message, they...

5.4CVSS6.3AI score0.00234EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2025/02/11 12:0 a.m.4 views

PT-2025-6221 · Undefined · Undefined

Name of the Vulnerable Software and Affected Versions: No information is available about the vulnerable software and its affected versions. Description: The reason for rejection is mentioned, but no further details are provided about the issue. Recommendations: At the moment, there is no...

6.9AI score
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/02/07 12:0 a.m.4 views

PT-2025-6002 · Trojan · Trojan

Name of the Vulnerable Software and Affected Versions: trojan versions 2.0.0 through 2.15.3 Description: An issue in trojan allows a remote attacker to escalate privileges via the initialization interface "/auth/register". Recommendations: For trojan versions 2.0.0 through 2.15.3, consider...

9.8CVSS5.5AI score0.01322EPSS
Exploits2References10
Rows per page
Query Builder