Lucene search
K

120936 matches found

NVD
NVD
added 2025/10/16 4:15 p.m.3 views

CVE-2025-62494

A type confusion vulnerability exists in the handling of the string addition + operation within the QuickJS engine. The code first checks if the left-hand operand is a string. It then attempts to convert the right-hand operand to a primitive value using JSToPrimitiveFree. This conversion can...

8.8CVSS0.00469EPSS
Exploits1References2
OSV
OSV
added 2025/10/16 4:15 p.m.3 views

DEBIAN-CVE-2025-62494

A type confusion vulnerability exists in the handling of the string addition + operation within the QuickJS engine. The code first checks if the left-hand operand is a string. It then attempts to convert the right-hand operand to a primitive value using JSToPrimitiveFree. This conversion can...

8.8CVSS6.6AI score0.00469EPSS
Exploits1References1
OSV
OSV
added 2025/10/16 4:15 p.m.3 views

UBUNTU-CVE-2025-62494

A type confusion vulnerability exists in the handling of the string addition + operation within the QuickJS engine. The code first checks if the left-hand operand is a string. It then attempts to convert the right-hand operand to a primitive value using JSToPrimitiveFree. This conversion can...

8.8CVSS6.3AI score0.00469EPSS
Exploits1References4
Veracode
Veracode
added 2025/10/16 1:31 p.m.7 views

Insecure Deserialization

monai is vulnerable to Insecure Deserialization. The vulnerability is due to loading of untrusted checkpoint files like torch.load used without safe guards. This allows an attacker to supply a crafted checkpoint that executes arbitrary code during deserialization...

8.8CVSS7.4AI score0.00684EPSS
Exploits1References5Affected Software1
OSV
OSV
added 2025/10/16 9:15 a.m.6 views

CVE-2025-54539

A Deserialization of Untrusted Data vulnerability exists in the Apache ActiveMQ NMS AMQP Client. This issue affects all versions of Apache ActiveMQ NMS AMQP up to and including 2.3.0, when establishing connections to untrusted AMQP servers. Malicious servers could exploit unbounded deserializatio...

9.8CVSS6.2AI score0.02016EPSS
Exploits0References2
Debian
Debian
added 2025/10/16 9:8 a.m.8 views

[SECURITY] [DSA 6026-1] chromium security update

------------------------------------------------------------------------- Debian Security Advisory DSA-6026-1 [email protected] https://www.debian.org/security/ Andres Salomon October 16, 2025 https://www.debian.org/security/faq -...

8.8CVSS7AI score0.00428EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/10/16 8:33 a.m.4 views

CVE-2025-11722

The Woocommerce Category and Products Accordion Panel plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.0 via the 'categoryaccordionpanel' shortcode. This makes it possible for authenticated attackers, with Contributor-level access and above, to...

7.5CVSS7.1AI score0.00584EPSS
Exploits0References1
Ubuntu
Ubuntu
added 2025/10/16 7:48 a.m.7 views

USN-7826-1: Samba vulnerabilities

Andrew Walker discovered that Samba incorrectly initialized memory in the vfsstreamsxattr module. An authenticated attacker could possibly use this issue to obtain sensitive information. CVE-2025-9640 Igor Morgenstern discovered that Samba incorrectly handled names passed to the WINS hook program...

10CVSS5.4AI score0.39677EPSS
Exploits2
Veracode
Veracode
added 2025/10/16 7:23 a.m.5 views

Deserialization Of Untrusted Data

monai is vulnerable to Unsafe Deserialization. The vulnerability is due to the pickleoperations function automatically deserializing dictionary key-value pairs with a specific suffix without any validation, An attackers can supply crafted pickle payloads to execute arbitrary code when those value...

8.8CVSS7.9AI score0.00602EPSS
Exploits1References5Affected Software1
RedhatCVE
RedhatCVE
added 2025/10/16 6:33 a.m.8 views

CVE-2025-26860

RemoteCall Remote Support Program for Operator versions prior to 5.1.0 contain an uncontrolled search path element vulnerability. If a crafted DLL is placed in the same folder with the affected product, it may cause an arbitrary code execution...

8.5CVSS7.8AI score0.00157EPSS
Exploits0References1
The Hacker News
The Hacker News
added 2025/10/16 4:26 a.m.7 views

CISA Flags Adobe AEM Flaw with Perfect 10.0 Score — Already Under Active Attack

The U.S. Cybersecurity and Infrastructure Security Agency CISA on Wednesday added a critical security flaw impacting Adobe Experience Manager to its Known Exploited Vulnerabilities KEV catalog, based on evidence of active exploitation. The vulnerability in question is CVE-2025-54253 CVSS score:...

10CVSS9.7AI score0.89824EPSS
Exploits8
RedhatCVE
RedhatCVE
added 2025/10/16 1:41 a.m.6 views

CVE-2011-10033

The WordPress plugin is-human = v1.4.2 contains an eval injection vulnerability in /is-human/engine.php that can be triggered via the 'type' parameter when the 'action' parameter is set to 'log-reset'. The root cause is unsafe use of eval on user-controlled input, which can lead to execution of...

9.3CVSS8.2AI score0.00436EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/10/16 12:0 a.m.2 views

Delta Electronics ASDA-Soft 安全漏洞

Delta Electronics ASDA-Soft is an AC servo motor from Delta Electronics China. The Delta Electronics ASDA-Soft suffers from a stack buffer overflow vulnerability that is caused by incorrect boundary checking. An attacker could exploit the vulnerability to execute arbitrary code on the system or...

7.8CVSS8.1AI score0.00185EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/10/16 12:0 a.m.2 views

Reolink Video Doorbell Wi-Fi – DB_566128M5MP_W 安全漏洞

Reolink Video Doorbell Wi-Fi - DB566128M5MPW is a visual doorbell from Reolink USA. A security vulnerability exists in Reolink Video Doorbell Wi-Fi - DB566128M5MPW, which stems from insufficient signature verification of a firmware update and could lead to the execution of arbitrary code with roo...

5.1CVSS7.4AI score0.00115EPSS
Exploits0References3
CNNVD
CNNVD
added 2025/10/16 12:0 a.m.4 views

Ilevia EVE X1 Server 安全漏洞

Ilevia EVE X1 Server is a smart home and building automation from Ilevia, Italy. A security vulnerability exists in Ilevia EVE X1 Server 4.7.18.0.eden and prior versions, which stems from a reflected cross-site scripting vulnerability in index.php that could lead to the execution of arbitrary cod...

6.1CVSS6.2AI score0.00374EPSS
Exploits3References4
Positive Technologies
Positive Technologies
added 2025/10/16 12:0 a.m.4 views

PT-2025-42491

Name of the Vulnerable Software and Affected Versions QuickJS affected versions not specified Description A type confusion issue exists in the QuickJS engine related to how the string addition + operation is handled. The issue arises because an attacker can manipulate the type of the left-hand...

8.8CVSS7.5AI score0.00469EPSS
Exploits1References12
Vulnrichment
Vulnrichment
added 2025/10/16 12:0 a.m.1 views

CVE-2025-60855

Reolink Video Doorbell WiFi DB566128M5MPW performs insufficient validation of firmware update signatures. This allows attackers to load malicious firmware images, resulting in arbitrary code execution with root privileges. NOTE: this is disputed by the Supplier because the integrity of updates is...

7.5AI score0.00115EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/10/16 12:0 a.m.3 views

Delta Electronics ASDA-Soft 安全漏洞

Delta Electronics ASDA-Soft is an AC servo motor from Delta Electronics China. The Delta Electronics ASDA-Soft suffers from a stack buffer overflow vulnerability that can be exploited by an attacker to execute arbitrary code on a system or cause an application to crash...

7.8CVSS8.1AI score0.00191EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2025/10/16 12:0 a.m.10 views

Alibaba Cloud Linux 3 : 0157: compat-libtiff3 (ALINUX3-SA-2025:0157)

The remote Alibaba Cloud Linux 3 host has packages installed that are affected by a vulnerability as referenced in the ALINUX3-SA-2025:0157 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2025-9900: A flaw was found in Libtiff. This...

8.8CVSS6.3AI score0.00739EPSS
Exploits0References2
CVE
CVE
added 2025/10/16 12:0 a.m.9 views

CVE-2025-61514

CVE-2025-61514 affects SageMath, Inc. CoCalc prior to the fix commit 0d2ff58, where an attacker can upload a crafted SVG file to achieve arbitrary code execution. The issue is triggered by an arbitrary file upload vulnerability in the CoCalc front-end/back-end stack, enabling code execution on th...

6.5CVSS7.5AI score0.0037EPSS
Exploits0References3
Rows per page
Query Builder