Lucene search
K

7041 matches found

CNNVD
CNNVD
added 2025/07/29 12:0 a.m.4 views

FlashMQ 安全漏洞

FlashMQ is a fast and lightweight MQTT proxy server from the individual developer Wiebe Cazemier. A security vulnerability exists in FlashMQ version 1.14.0, which stems from a specially crafted reserved message that causes an assertion failure, potentially leading to a denial-of-service attack...

7.5CVSS6.7AI score0.00495EPSS
Exploits1References4
CVE
CVE
added 2025/07/29 12:0 a.m.19 views

CVE-2024-42645

CVE-2024-42645 affects FlashMQ v1.14.0. A crafted retain message can trigger an assertion failure, causing a Denial of Service. The provided documents do not specify a patch version or remediation; no further exploit details are given.

7.5CVSS6.5AI score0.00495EPSS
Exploits1References3Affected Software1
CNNVD
CNNVD
added 2025/07/29 12:0 a.m.2 views

FlashMQ 安全漏洞

FlashMQ is a fast and lightweight MQTT proxy server by Wiebe Cazemier. A security vulnerability exists in FlashMQ version 1.14.0, which stems from an assertion failure in the PublishCopyFactory::getNewPublish function, triggered when the QoS value of the publish object is greater than zero...

7.5CVSS6.7AI score0.00495EPSS
Exploits1References4
Vulnrichment
Vulnrichment
added 2025/07/29 12:0 a.m.2 views

CVE-2024-42644

FlashMQ v1.14.0 was discovered to contain an assertion failure in the function PublishCopyFactory::getNewPublish, which occurs when the QoS value of the publish object is greater than 0...

7.5AI score0.00495EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2025/07/29 12:0 a.m.3 views

CVE-2024-42645

An issue in FlashMQ v1.14.0 allows attackers to cause an assertion failure via sending a crafted retain message, leading to a Denial of Service DoS...

7AI score0.00495EPSS
Exploits1References3
Cvelist
Cvelist
added 2025/07/29 12:0 a.m.7 views

CVE-2024-42645

An issue in FlashMQ v1.14.0 allows attackers to cause an assertion failure via sending a crafted retain message, leading to a Denial of Service DoS...

0.00495EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2025/07/29 12:0 a.m.4 views

PT-2025-31213 · Flashmq · Flashmq

Name of the Vulnerable Software and Affected Versions: FlashMQ version 1.14.0 Description: FlashMQ version 1.14.0 contains an assertion failure in the PublishCopyFactory::getNewPublish function when the Quality of Service QoS value of the publish object is greater than 0. Recommendations: At the...

7.5CVSS7AI score0.00495EPSS
Exploits1References9
Positive Technologies
Positive Technologies
added 2025/07/29 12:0 a.m.6 views

PT-2025-31214 · Flashmq · Flashmq

Name of the Vulnerable Software and Affected Versions: FlashMQ version 1.14.0 Description: An issue in FlashMQ version 1.14.0 allows attackers to cause an assertion failure by sending a crafted retain message, leading to a Denial of Service DoS. Recommendations: At the moment, there is no...

7.5CVSS6.1AI score0.00495EPSS
Exploits1References10
Snyk
Snyk
added 2025/07/28 8:38 p.m.2 views

Improper Verification of Cryptographic Signature

Overview @node-saml/node-saml is a SAML 2.0 implementation for Node.js Affected versions of this package are vulnerable to Improper Verification of Cryptographic Signature via validatePostResponseAsync due to loading of the assertion from the unsigned original response document. An attacker can...

10CVSS7.1AI score0.00405EPSS
Exploits0References3
OSV
OSV
added 2025/07/28 8:38 p.m.1 views

GHSA-4MXG-3P6V-XGQ3 Node-SAML SAML Signature Verification Vulnerability

Node-SAML loads the assertion from the unsigned original response document. This is different than the parts that are verified when checking signature. This allows an attacker to modify authentication details within a valid SAML assertion. For example, in one attack it is possible to remove any...

10CVSS5.9AI score0.00357EPSS
Exploits0References5
CNNVD
CNNVD
added 2025/07/28 12:0 a.m.0 views

node-saml 安全漏洞

node-saml is a SAML library that does not depend on any framework running in Node.js. A security vulnerability exists in node-saml version 5.0.1 that stems from not properly validating SAML assertions, which could lead to an authentication bypass...

10CVSS6.6AI score0.00357EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2025/07/28 12:0 a.m.5 views

PT-2025-31149

Name of the Vulnerable Software and Affected Versions: Node-SAML versions 5.0.1 and below Description: Node-SAML improperly loads the assertion from the unsigned original response document, differing from the parts verified during signature checking. This allows modification of authentication...

10CVSS6.5AI score0.00357EPSS
Exploits0References15
SUSE CVE
SUSE CVE
added 2025/07/25 11:22 p.m.8 views

SUSE CVE-2025-38461

In the Linux kernel, the following vulnerability has been resolved: vsock: Fix transport TOCTOU Transport assignment may race with module unload. Protect newtransport from becoming a stale pointer. This also takes care of an insecure call in vsockuselocaltransport; add a lockdep assert. BUG: unab...

4.7CVSS6.4AI score0.00113EPSS
Exploits0References24
Vulnrichment
Vulnrichment
added 2025/07/25 3:27 p.m.11 views

CVE-2025-38461 vsock: Fix transport_* TOCTOU

In the Linux kernel, the following vulnerability has been resolved: vsock: Fix transport TOCTOU Transport assignment may race with module unload. Protect newtransport from becoming a stale pointer. This also takes care of an insecure call in vsockuselocaltransport; add a lockdep assert. BUG: unab...

6AI score0.00113EPSS
Exploits0References7
OSV
OSV
added 2025/07/25 3:27 p.m.9 views

CVE-2025-38461 vsock: Fix transport_* TOCTOU

In the Linux kernel, the following vulnerability has been resolved: vsock: Fix transport TOCTOU Transport assignment may race with module unload. Protect newtransport from becoming a stale pointer. This also takes care of an insecure call in vsockuselocaltransport; add a lockdep assert. BUG: unab...

4.7CVSS6.3AI score0.00113EPSS
Exploits0References12
OSV
OSV
added 2025/07/25 2:8 p.m.2 views

GHSA-M837-G268-MMV7 Node-SAML SAML Authentication Bypass

Node-SAML loads the assertion from the unsigned original response document. This is different than the parts that are verified when checking signature. This allows an attacker to modify authentication details within a valid SAML assertion. For example, in one attack it is possible to remove any...

9.3CVSS7.1AI score0.00405EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2025/07/25 2:8 p.m.13 views

Node-SAML SAML Authentication Bypass

Node-SAML loads the assertion from the unsigned original response document. This is different than the parts that are verified when checking signature. This allows an attacker to modify authentication details within a valid SAML assertion. For example, in one attack it is possible to remove any...

9.3CVSS6.5AI score0.00405EPSS
Exploits0References5Affected Software2
CVE
CVE
added 2025/07/25 12:47 p.m.24 views

CVE-2025-38358

CVE-2025-38358 relates to a race in Linux kernel’s btrfs async reclaim path. The bug occurs when an ordered iput is delayed while BTRFS_FS_STATE_NO_DELAYED_IPUT is already set, triggering an assertion in btrfs_add_delayed_iput during close_ctree. The described scenario: async reclaim schedules wr...

4.7CVSS6.1AI score0.00096EPSS
Exploits0References2Affected Software1
Debian CVE
Debian CVE
added 2025/07/25 12:47 p.m.5 views

CVE-2025-38358

In the Linux kernel, the following vulnerability has been resolved: btrfs: fix race between async reclaim worker and closectree Syzbot reported an assertion failure due to an attempt to add a delayed iput after we have set BTRFSFSSTATENODELAYEDIPUT in the fsinfo state: WARNING: CPU: 0 PID: 65 at...

4.7CVSS5AI score0.00096EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2025/07/25 12:0 a.m.4 views

PT-2025-30758 · Btrfs +1 · Btrfs +1

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: The Linux kernel contains a flaw related to a race condition between the asynchronous reclaim worker and the close ctree function within the Btrfs filesystem. This issue arises from an...

5.9AI score0.00096EPSS
Exploits0References7
Rows per page
Query Builder