Lucene search
K

9293 matches found

OSV
OSV
added 2025/05/14 2:15 p.m.6 views

CVE-2024-57273

Netgate pfSense CE prior to 2.8.0 beta release and corresponding Plus builds is vulnerable to Cross-site scripting XSS in the Automatic Configuration Backup ACB service, allowing remote attackers to execute arbitrary JavaScript, delete backups, or leak sensitive information via an unsanitized...

5.4CVSS7.8AI score0.01138EPSS
Exploits1References4
Tenable Nessus
Tenable Nessus
added 2025/05/14 12:0 a.m.10 views

Mozilla Thunderbird < 128.10.1

The version of Thunderbird installed on the remote macOS or Mac OS X host is prior to 128.10.1. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2025-34 advisory. - It was possible to craft an email that showed a tracking link as an attachment. If the user attempted...

8.1CVSS7.1AI score0.00363EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2025/05/14 12:0 a.m.7 views

CVE-2024-57273

Netgate pfSense CE prior to 2.8.0 beta release and corresponding Plus builds is vulnerable to Cross-site scripting XSS in the Automatic Configuration Backup ACB service, allowing remote attackers to execute arbitrary JavaScript, delete backups, or leak sensitive information via an unsanitized...

5.7AI score0.01138EPSS
Exploits1References4
CVE
CVE
added 2025/05/14 12:0 a.m.101 views

CVE-2024-57273

CVE-2024-57273 affects Netgate pfSense CE and Plus builds older than pfSense 2.8.0 beta, with a stored/reflected XSS in the Automatic Configuration Backup (ACB) service. The unsanitized Reason field (and a derivable device key from the public SSH key) enables remote attacker JavaScript execution,...

5.4CVSS6.3AI score0.01138EPSS
Exploits1References4Affected Software2
Positive Technologies
Positive Technologies
added 2025/05/14 12:0 a.m.6 views

PT-2025-21163 · Netgate · Pfsense Ce

Name of the Vulnerable Software and Affected Versions: Netgate pfSense CE versions prior to 2.8.0 beta release Netgate pfSense CE corresponding Plus builds versions prior to 2.8.0 beta release Description: The issue allows remote attackers to execute arbitrary JavaScript, delete backups, or leak...

5.4CVSS8.8AI score0.01138EPSS
Exploits1References12
CNNVD
CNNVD
added 2025/05/14 12:0 a.m.2 views

Netgate pfSense CE 跨站脚本漏洞

Netgate pfSense CE is a FreeBSD-based open source firewall and routing platform from Netgate that supports enterprise-class network security and network management features. A cross-site scripting vulnerability exists in Netgate pfSense CE versions prior to 2.8.0 beta, which stems from a cross-si...

5.4CVSS8.1AI score0.01138EPSS
Exploits1References5
Tenable Nessus
Tenable Nessus
added 2025/05/14 12:0 a.m.9 views

Mozilla Thunderbird < 128.10.1

The version of Thunderbird installed on the remote Windows host is prior to 128.10.1. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2025-34 advisory. - It was possible to craft an email that showed a tracking link as an attachment. If the user attempted to open t...

8.1CVSS7.1AI score0.00363EPSS
Exploits0References4
Cvelist
Cvelist
added 2025/05/14 12:0 a.m.11 views

CVE-2024-57273

Netgate pfSense CE prior to 2.8.0 beta release and corresponding Plus builds is vulnerable to Cross-site scripting XSS in the Automatic Configuration Backup ACB service, allowing remote attackers to execute arbitrary JavaScript, delete backups, or leak sensitive information via an unsanitized...

0.01138EPSS
Exploits1References4
Tenable Nessus
Tenable Nessus
added 2025/05/14 12:0 a.m.10 views

Mozilla Thunderbird < 138.0.1

The version of Thunderbird installed on the remote Windows host is prior to 138.0.1. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2025-35 advisory. - It was possible to craft an email that showed a tracking link as an attachment. If the user attempted to open th...

8.1CVSS7.1AI score0.00363EPSS
Exploits0References4
Packet Storm News
Packet Storm News
added 2025/05/13 12:0 a.m.8 views

ROSA: Finding Backdoors with Fuzzing

A code-level backdoor is a hidden access, programmed and concealed within the code of a program. For instance, hard-coded credentials planted in the code of a file server application would enable maliciously logging into all deployed instances of this application. Confirmed software supply chain...

7.6AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2025/05/13 12:0 a.m.6 views

IBM DB2 Multiple Vulnerabilities (7232529, 7232528) (Windows)

According to its self-reported version number, IBM Db2 on Windows may be affected by multiple vulnerabilites: - IBM Db2 for Linux, UNIX and Windows includes Db2 Connect Server under specific configurations could allow an authenticated user to cause a denial of service due to insufficient release ...

6.5CVSS6.4AI score0.00315EPSS
Exploits0References4
CNNVD
CNNVD
added 2025/05/12 12:0 a.m.3 views

Apple iOS和Apple iPadOS 安全漏洞

Apple iOS and Apple iPadOS are products of Apple Inc. Apple iOS is an operating system developed for mobile devices, and Apple iPadOS is an operating system for iPad tablets. A security vulnerability exists in Apple iOS and Apple iPadOS that stems from an insufficient restriction of options on...

9.1CVSS6.2AI score0.00397EPSS
Exploits0References2
OSV
OSV
added 2025/05/09 12:15 p.m.3 views

DEBIAN-CVE-2025-4382

A flaw was found in systems utilizing LUKS-encrypted disks with GRUB configured for TPM-based auto-decryption. When GRUB is set to automatically decrypt disks using keys stored in the TPM, it reads the decryption key into system memory. If an attacker with physical access can corrupt the underlyi...

5.9CVSS5.9AI score0.00309EPSS
Exploits0References1
Packet Storm News
Packet Storm News
added 2025/05/09 12:0 a.m.2 views

Remote Rowhammer Attack Using Adversarial Observations on Federated Learning Clients

Federated Learning FL has the potential for simultaneous global learning amongst a large number of parallel agents, enabling emerging AI such as LLMs to be trained across demographically diverse data. Central to this being efficient is the ability for FL to perform sparse gradient updates and...

7AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/05/06 12:0 a.m.3 views

Rollbaccine : Herd Immunity against Storage Rollback Attacks in TEEs [Technical Report]

Today, users can "lift-and-shift" unmodified applications into modern, VM-based Trusted Execution Environments TEEs in order to gain hardware-based security guarantees. However, TEEs do not protect applications against disk rollback attacks, where persistent storage can be reverted to an earlier...

7.1AI score
Exploits0
Cvelist
Cvelist
added 2025/05/05 8:55 p.m.20 views

CVE-2025-1000 IBM Db2 denial of service

IBM Db2 for Linux, UNIX and Windows includes DB2 Connect Server 11.5.0 through 11.5.9 and 12.1.0 through 12.1.1 could allow an authenticated user to cause a denial of service when connecting to a z/OS database due to improper handling of automatic client rerouting...

5.3CVSS0.00315EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/05/05 8:55 p.m.13 views

CVE-2025-1000 IBM Db2 denial of service

IBM Db2 for Linux, UNIX and Windows includes DB2 Connect Server 11.5.0 through 11.5.9 and 12.1.0 through 12.1.1 could allow an authenticated user to cause a denial of service when connecting to a z/OS database due to improper handling of automatic client rerouting...

5.3CVSS6.6AI score0.00315EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2025/05/02 4:15 p.m.4 views

CVE-2023-53039

In the Linux kernel, the following vulnerability has been resolved: HID: intel-ish-hid: ipc: Fix potential use-after-free in work function When a reset notify IPC message is received, the ISR schedules a work function and passes the ISHTP device to it via a global pointer ishtpdev. If ishprobe...

7.8CVSS6.3AI score0.00163EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2025/05/02 4:15 p.m.2 views

UBUNTU-CVE-2023-53039

In the Linux kernel, the following vulnerability has been resolved: HID: intel-ish-hid: ipc: Fix potential use-after-free in work function When a reset notify IPC message is received, the ISR schedules a work function and passes the ISHTP device to it via a global pointer ishtpdev. If ishprobe...

7.8CVSS6.1AI score0.00163EPSS
Exploits0References7
GithubExploit
GithubExploit
added 2025/05/01 10:39 p.m.290 views

Exploit for SQL Injection in Valvepress Automatic

WP Automatic Plugin SQL Injection Exploit CVE-2024-27956 !...

9.9CVSS9.1AI score0.93971EPSS
Exploits16
Rows per page
Query Builder