Lucene search
K

76 matches found

Tenable Nessus
Tenable Nessus
added 2026/06/28 12:0 a.m.7 views

Linux Distros Unpatched Vulnerability : CVE-2026-53188

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - RDMA/core: Validate the passed in fops for ibgetucaps Sashiko pointed out it is not safe to rely only on the devt because char/block alias so if the user finds ...

8.8CVSS6.1AI score0.00136EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/06/25 8:39 a.m.6 views

CVE-2026-53188

In the Linux kernel, the following vulnerability has been resolved: RDMA/core: Validate the passed in fops for ibgetucaps Sashiko pointed out it is not safe to rely only on the devt because char/block alias so if the user finds a block device with the same devt it can masquerade as a ucap cdev fd...

5.8AI score0.00136EPSS
Exploits0References4Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/05/05 3:5 p.m.4 views

CVE-2026-7865

A hidden console command is vulnerable to command injection flaw when control characters are passed to its second argument. A third party researcher Eugene Lim had discovered vulnerability in the way console command passes to a popen function call. Attackers with authenticated access to SSH...

7.4CVSS5.8AI score0.00753EPSS
Exploits0References3Affected Software1
EUVD
EUVD
added 2026/04/03 10:35 p.m.8 views

EUVD-2026-18901

Emlog is an open source website building system. In versions 2.6.2 and prior, a path traversal vulnerability exists in the emUnZip function include/lib/common.php:793. When extracting ZIP archives plugin/template uploads, backup imports, the function calls $zip-extractTo$path without sanitizing Z...

7.2CVSS6.1AI score0.00874EPSS
Exploits1References1
Cvelist
Cvelist
added 2026/04/02 2:46 p.m.17 views

CVE-2026-34818 Endian Firewall /manage/dnsmasq/localdomains/ remark Stored Cross-Site Scripting

Endian Firewall version 3.3.25 and prior allow stored cross-site scripting XSS via the remark parameter to /manage/dnsmasq/localdomains/. An authenticated attacker can inject arbitrary JavaScript that is stored and executed when other users view the affected page...

6.4CVSS0.00138EPSS
Exploits0References2
Snyk
Snyk
added 2025/10/16 7:51 a.m.2 views

Malicious Package

Overview redux-saga-inspector is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS6.8AI score
Exploits0References3
Packet Storm News
Packet Storm News
added 2025/10/12 12:0 a.m.5 views

DITTO: A Spoofing Attack Framework on Watermarked LLMs Via Knowledge Distillation

The promise of LLM watermarking rests on a core assumption that a specific watermark proves authorship by a specific model. We demonstrate that this assumption is dangerously flawed. We introduce the threat of watermark spoofing, a sophisticated attack that allows a malicious model to generate te...

7AI score
Exploits0
EUVD
EUVD
added 2025/10/07 12:30 a.m.8 views

EUVD-2018-5750

Malware in sbrugna...

8.8CVSS8.8AI score0.01684EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.7 views

EUVD-2024-17206

Malicious code in bioql PyPI...

3.4CVSS5.2AI score0.00422EPSS
Exploits0References7
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2024-36136

Malicious code in bioql PyPI...

8.8CVSS6.4AI score0.00219EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2025/08/25 3:58 p.m.8 views

imagemagick: heap-buffer overflow read in MNG magnification with alpha

Vulnerability Details When performing image magnification in ReadOneMNGIMage in coders/png.c, there is an issue around the handling of images with separate alpha channels. When loading an image with a color type that implies a separate alpha channel ie. jngcolortype = 12, we will load the alpha...

7.6CVSS6.8AI score0.00503EPSS
Exploits1References5Affected Software18
CVE
CVE
added 2025/07/16 7:55 p.m.32 views

CVE-2025-53908

RomM is affected by an authenticated path traversal vulnerability in the /api/raw endpoint. Versions prior to 3.10.3 and prior to 4.0.0-beta.3 are vulnerable. The issue can allow leakage of passwords and user data on systems with multiple users (including unprivileged users such as the kiosk user...

8.3CVSS6.7AI score0.00445EPSS
Exploits0References4
Packet Storm News
Packet Storm News
added 2025/06/10 12:0 a.m.5 views

Auditing Black-Box LLM APIs with a Rank-Based Uniformity Test

As API access becomes a primary interface to large language models LLMs, users often interact with black-box systems that offer little transparency into the deployed model. To reduce costs or maliciously alter model behaviors, API providers may discreetly serve quantized or fine-tuned variants,...

6.9AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2025/03/03 12:0 a.m.6 views

Azure Linux 3.0 Security Update: opensc (CVE-2024-1454)

The version of opensc installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-1454 advisory. - The use-after-free vulnerability was found in the AuthentIC driver in OpenSC packages, occuring in the card...

3.4CVSS5.9AI score0.00422EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2025/02/11 7:35 a.m.3 views

Astra Linux – Vulnerability in opensc

The “use-after-free” vulnerability was identified in the AuthentIC driver within the OpenSC package. It occurs during the card enrollment process, specifically when using the pkcs15-init function. An attacker must have physical access to the computer system and must use a specially crafted USB...

3.4CVSS6.4AI score0.00422EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/02/06 12:26 a.m.8 views

CVE-2022-30708

Webmin through 1.991, when the Authentic theme is used, allows remote code execution when a user has been manually created i.e., not created in Virtualmin or Cloudmin. This occurs because settings-editorwrite.cgi does not properly restrict the file parameter...

8.8CVSS7.7AI score0.03484EPSS
Exploits1References1
Microsoft CVE
Microsoft CVE
added 2024/06/30 2:0 p.m.3 views

Opensc: memory use after free in authentic driver when updating token info

...

3.4CVSS6AI score0.00422EPSS
Exploits0
BDU FSTEC
BDU FSTEC
added 2024/04/25 12:0 a.m.6 views

The vulnerability of the AuthentIC driver for software tools and libraries used to work with OpenSC smart cards allows a perpetrator to compromise card management operations.

The vulnerability of the AuthentIC driver for software tools and libraries used to work with OpenSC smart cards is related to the use of memory after it is freed. Exploiting this vulnerability can allow an attacker to compromise card management operations...

4.5CVSS6.4AI score0.00422EPSS
Exploits0References12Affected Software4
Redos
Redos
added 2024/04/22 12:0 a.m.21 views

ROS-20240422-01

Vulnerability in the OpenSC smart card software toolkit and libraries is related to a bug in the AuthentIC driver and occurs during card registration using pkcs15-init. a bug in the AuthentIC driver and occurs during the card registration process using pkcs15-init, when a user or administrator...

3.4CVSS7.1AI score0.00422EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2024/04/03 12:0 a.m.31 views

Amazon Linux 2023 : opensc (ALAS2023-2024-580)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2024-580 advisory. A vulnerability was found in OpenSC where PKCS1 encryption padding removal is not implemented as side- channel resistant. This issue may result in the potential leak of private data...

5.9CVSS5.7AI score0.01156EPSS
Exploits1References6
Rows per page
Query Builder