2027 matches found
CVE-2024-38798
EDK2 contains a vulnerability in BIOS where an attacker may cause “Exposure of Sensitive Information to an Unauthorized Actor” by local access. Successful exploitation of this vulnerability will lead to possible information disclosure or escalation of privilege and impact Confidentiality...
SAP BusinessObjects Business Intelligence Platform 安全漏洞
SAP BusinessObjects Business Intelligence Platform is a complete business analytics platform from SAP. The platform combines market-leading SAP data integration products, data management products, and business intelligence BI products to eliminate system integration challenges and quickly and...
GHSA-3W8Q-XQ97-5J7X Rhino has high CPU usage and potential DoS when passing specific numbers to `toFixed()` function
When an application passed an attacker controlled float poing number into the toFixed function, it might lead to high CPU consumption and a potential Denial of Service. Small numbers go through this call stack: NativeNumber.numTo DToA.JSdtostr DToA.JSdtoa DToA.pow5mult where pow5mult attempts to...
CVE-2025-63534
A cross-site scripting XSS vulnerability exists in the Blood Bank Management System 1.0 within the login.php component. The application fails to properly sanitize or encode user-supplied input before rendering it in response. An attacker can inject malicious JavaScript payloads into the msg and...
EUVD-2025-200093
mJobtime 15.7.2 handles authorization on the client side, which allows an attacker to modify the client-side code and gain access to administrative features. Additionally, they can craft requests based on the client-side code to call these administrative functions directly...
kernel: wifi: cfg80211: fix use-after-free in cmp_bss()
A use after free vulnerbility exists in the linux kernel wifi module in the cmpbss function,an attacker could create a crafted payload to trigger, leading to damage availability and integrity of the system...
CVE-2025-66382
In libexpat through 2.7.3, a crafted file with an approximate size of 2 MiB can lead to dozens of seconds of processing time...
GHSA-2MM6-624X-FQRR pretix has Email Content Injection Through Maliciously Formatted Names
Emails sent by pretix can utilize placeholders that will be filled with customer data. For example, when name is used in an email template, it will be replaced with the buyer's name for the final email. If the name of the attendee contained HTML or Markdown formatting, this was rendered as HTML i...
kernel: ip6mr: Fix skb_under_panic in ip6mr_cache_report()
A buffer underwrite vulnerability exists in the linux kernel in the function skbunderpanic in ip6mrcachereport, leading to an attacker, via crafting a payload, could result in damage to system availability and integrity...
Revive Adserver User Management System Design Insecurity Vulnerability
Revive Adserver is an open source ad serving system that allows advertisers, publishers, and networks to place ads on multiple platforms e.g., websites, apps, video players and supports ad effectiveness tracking, campaign management, and placement rule definition. Revive Adserver has a user...
CVE-2025-36160 IBM Concert Information Disclosure
IBM Concert 1.0.0 through 2.0.0 could disclose sensitive server information from HTTP response headers that could aid in further attacks against the system...
Apache OpenOffice Security Bypass Vulnerability
Apache OpenOffice is an open source office software suite from the U.S. Apache Apache Foundation. The suite contains text documents , spreadsheets , presentations , drawings , databases and so on. A security bypass vulnerability exists in Apache OpenOffice, which can be exploited by an attacker t...
EUVD-2025-198098
Open Forms allows users create and publish smart forms. Prior to versions 3.2.7 and 3.3.3, forms where the prefill data fields are dynamically set to readonly/disabled can be modified by malicious users deliberately trying to modify data they're not supposed to. For regular users, the form fields...
EUVD-2025-148381
Malicious code in tealove-nameka5 npm...
Malicious code in zain-soto97-sluey (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7ba2cd5b25bac11c37c4d882531ce1ecabc4817c022881b88520a9ac81dd53b7 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Lucee Administration Panel Login Form Detected
Lucee Administration Panel has been detected on the target web application. This may present an attacker with an exploit vector which could be leveraged using other techniques, such as a Brute-Force or Dictionary Attack, allowing an attacker to gain access to administrative functionality. No sour...
CVE-2025-64343
conda Constructor is a tool that enables users to create installers for conda package collections. In versions 3.12.2 and below, the installation directory inherits permissions from its parent directory. Outside of restricted directories, the permissions are very permissive and often allow write...
CVE-2025-64343 (conda) Constructor: Excessive permissions during and after installation
conda Constructor is a tool that enables users to create installers for conda package collections. In versions 3.12.2 and below, the installation directory inherits permissions from its parent directory. Outside of restricted directories, the permissions are very permissive and often allow write...
EUVD-2025-38241
conda Constructor is a tool that enables users to create installers for conda package collections. In versions 3.12.2 and below, the installation directory inherits permissions from its parent directory. Outside of restricted directories, the permissions are very permissive and often allow write...
CVE-2025-64343 (conda) Constructor: Excessive permissions during and after installation
conda Constructor is a tool that enables users to create installers for conda package collections. In versions 3.12.2 and below, the installation directory inherits permissions from its parent directory. Outside of restricted directories, the permissions are very permissive and often allow write...