Lucene search
+L

437 matches found

github
github
added 2025/04/14 5:47 p.m.40 views

Argo Events users can gain privileged access to the host system and cluster with EventSource and Sensor CR

Summary: A user with permission to create/modify EventSource and Sensor custom resources can gain privileged access to the host system and cluster, even without having direct administrative privileges. Details: The EventSource and Sensor CRs allow the corresponding orchestrated pod to be customiz...

9.9CVSS7.3AI score0.00724EPSS
Exploits0References6Affected Software1
nessus
nessus
added 2025/04/10 12:0 a.m.12 views

MongoDB Shell < 2.3.9 Control Character Injection (MONGOSH-2024, MONGOSH-2025, MONGOSH-2026)

The version of MongoDB Shell installed on the remote host is prior to 2.3.9. It is, therefore, affected by a vulnerability as referenced in the MONGOSH-2024, MONGOSH-2025, MONGOSH-2026 advisories. - The MongoDB Shell may be susceptible to control character injection where an attacker with control...

8.8CVSS6AI score0.00287EPSS
Exploits0References6
ossf
ossf
added 2025/03/28 12:54 p.m.5 views

Malicious code in paypal-url-generator (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware eee5e504dfd1a8b2c6e07c8e238a743be5b370d288b12b38eb37e16d82051ae9 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

6.9AI score
Exploits0References3
redhatcve
redhatcve
added 2025/03/15 2:15 a.m.21 views

CVE-2025-27913

Passbolt API before 5, if the server is misconfigured with an incorrect installation process and disregarding of Health Check results, can send email messages with a domain name taken from an attacker-controlled HTTP Host header...

7.5CVSS6.9AI score0.00172EPSS
Exploits0References1
nvd
nvd
added 2025/03/12 4:15 p.m.40 views

CVE-2025-20141

A vulnerability in the handling of specific packets that are punted from a line card to a route processor in Cisco IOS XR Software Release 7.9.2 could allow an unauthenticated, adjacent attacker to cause control plane traffic to stop working on multiple Cisco IOS XR platforms. This vulnerability ...

7.4CVSS0.00227EPSS
Exploits0References2
cnvd
cnvd
added 2025/03/07 12:0 a.m.3 views

Ubiquiti UniFi Protect Cameras Firmware Update Insufficient Authentication Vulnerability

Ubiquiti UniFi Protect Cameras is a line of security cameras from Ubiquiti Networks that support the UniFi Protect platform for centralized management with remote access, smart monitoring and more. Ubiquiti UniFi Protect Cameras suffers from a Firmware Update Validation Insufficiency vulnerabilit...

6.8CVSS7.2AI score0.00223EPSS
Exploits0References1
redhatcve
redhatcve
added 2025/03/01 1:22 p.m.9 views

CVE-2025-1693

The MongoDB Shell may be susceptible to control character injection where an attacker with control over the database cluster contents can inject control characters into the shell output. This may result in the display of falsified messages that appear to originate from mongosh or the underlying...

3.9CVSS6.9AI score0.00194EPSS
Exploits0References3
ossf
ossf
added 2025/02/28 3:53 p.m.6 views

Malicious code in react-content-loader-fork (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 29f4fac1cd9b3669fd66345e097ee2be915ef08de77e2fe1a0473640df479d33 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

6.9AI score
Exploits0References1
vulnrichment
vulnrichment
added 2025/02/28 12:0 a.m.9 views

CVE-2025-26326

A vulnerability was identified in the NVDA Remote version 2.6.4 and Tele NVDA Remote version 2025.3.3 remote connection add-ons, which allows an attacker to obtain total control of the remote system by guessing a weak password. The problem occurs because these add-ons accept any password entered ...

9.1AI score0.01492EPSS
Exploits0References6
github
github
added 2025/02/27 3:31 p.m.34 views

MongoDB Shell may be susceptible to control character Injection via shell output

The MongoDB Shell may be susceptible to control character injection where an attacker with control over the database cluster contents can inject control characters into the shell output. This may result in the display of falsified messages that appear to originate from mongosh or the underlying...

6.8CVSS7AI score0.00194EPSS
Exploits0References3Affected Software1
cvelist
cvelist
added 2025/02/27 12:39 p.m.25 views

CVE-2025-1693 MongoDB Shell may be susceptible to control character Injection via shell output

The MongoDB Shell may be susceptible to control character injection where an attacker with control over the database cluster contents can inject control characters into the shell output. This may result in the display of falsified messages that appear to originate from mongosh or the underlying...

3.9CVSS0.00194EPSS
Exploits0References1
osv
osv
added 2025/02/23 5:16 a.m.4 views

MAL-2025-1543 Malicious code in fgrttry565be (npm)

This package runs commands in a pre-install script that exfils sensitive data to a attacker-controlled domain...

7AI score
Exploits0
nvd
nvd
added 2025/02/14 8:15 p.m.19 views

CVE-2025-25304

Vega is a visualization grammar, a declarative format for creating, saving, and sharing interactive visualization designs. Prior to version 5.26.0 of vega and 5.4.2 of vega-selections, the vlSelectionTuples function can be used to call JavaScript functions, leading to cross-site...

6.9CVSS0.00628EPSS
Exploits0References3
github
github
added 2025/02/14 5:33 p.m.31 views

Vega allows Cross-site Scripting via the vlSelectionTuples function

Summary The vlSelectionTuples function can be used to call JavaScript functions, leading to XSS. Details vlSelectionTuples calls multiple functions that can be controlled by an attacker, including one call with an attacker-controlled argument. Example call: vlSelectionTuplesdatum:, fields:getter:...

6.9CVSS6.8AI score0.00628EPSS
Exploits0References5Affected Software2
osv
osv
added 2025/02/14 5:33 p.m.12 views

GHSA-MP7W-MHCV-673J Vega allows Cross-site Scripting via the vlSelectionTuples function

Summary The vlSelectionTuples function can be used to call JavaScript functions, leading to XSS. Details vlSelectionTuples calls multiple functions that can be controlled by an attacker, including one call with an attacker-controlled argument. Example call: vlSelectionTuplesdatum:, fields:getter:...

6.9CVSS6.4AI score0.00628EPSS
Exploits0References5
redhatcve
redhatcve
added 2025/02/05 2:45 p.m.9 views

CVE-2020-6296

SAP NetWeaver ABAP Server and ABAP Platform, versions - 700, 701, 702, 710, 711, 730, 731, 740, 750, 751, 753, 755, allows an attacker to inject code that can be executed by the application, leading to Code Injection. An attacker could thereby control the behavior of the application...

8.8CVSS7AI score0.01327EPSS
Exploits0References1
redhatcve
redhatcve
added 2025/02/05 2:38 p.m.10 views

CVE-2020-6262

Service Data Download in SAP Application Server ABAP ST-PI, before versions 2008146C, 20081620, 20081640, 20081700, 20081710, 740 allows an attacker to inject code that can be executed by the application. An attacker could thereby control the behavior of the application and the whole ABAP system...

9.9CVSS7AI score0.01174EPSS
Exploits0References1
nvd
nvd
added 2025/01/15 3:15 p.m.36 views

CVE-2024-12084

A heap-based buffer overflow flaw was found in the rsync daemon. This issue is due to improper handling of attacker-controlled checksum lengths s2length in the code. When MAXDIGESTLEN exceeds the fixed SUMLENGTH 16 bytes, an attacker can write out of bounds in the sum2 buffer...

9.8CVSS0.72059EPSS
Exploits4References8
vulnrichment
vulnrichment
added 2025/01/09 2:36 p.m.9 views

CVE-2023-24010 Data Distribution Service (DDS) Chain of Trust (CoT) violation in Fast DDS

An attacker can arbitrarily craft malicious DDS Participants or ROS 2 Nodes with valid certificates to compromise and get full control of the attacked secure DDS databus system by exploiting vulnerable attributes in the configuration of PKCS7 certificate’s validation. This is caused by a...

8.2CVSS8.1AI score0.00332EPSS
Exploits0References2
redhat
redhat
added 2025/01/08 12:3 p.m.7 views

cups: libppd: remote command injection via attacker controlled data in PPD file

A security vulnerability was found in OpenPrinting CUPS. The function ppdCreatePPDFromIPP2 in the libppd library is responsible for generating a PostScript Printer Description PPD file based on attributes retrieved from an Internet Printing Protocol IPP response. Essentially, it takes printer...

9.8CVSS5.9AI score0.62474EPSS
Exploits6References7
Rows per page
Query Builder