Lucene search
K

37007 matches found

CVE
CVE
added 2025/04/30 6:27 p.m.62 views

CVE-2025-46558

The CVE-2025-46558 issue affects XWiki Contrib's Syntax Markdown (org.xwiki.contrib.markdown:syntax-markdown-commonmark12). A cross-site scripting (XSS) vulnerability exists in Markdown syntax versions 8.2 through before 8.9 via HTML, allowing any user to embed JavaScript that executes in other u...

9CVSS8.5AI score0.00392EPSS
Exploits1References3Affected Software1
OSV
OSV
added 2025/04/30 2:55 p.m.13 views

CVE-2025-32974 org.xwiki.platform:xwiki-platform-security-requiredrights-default required rights analysis doesn't consider TextAreas with default content type

XWiki is a generic wiki platform. In versions starting from 15.9-rc-1 to before 15.10.8 and from 16.0.0-rc-1 to before 16.2.0, the required rights analysis doesn't consider TextAreas with default content type. When editing a page, XWiki warns since version 15.9 when there is content on the page...

9CVSS6.5AI score0.00298EPSS
Exploits0References5
Cvelist
Cvelist
added 2025/04/30 2:55 p.m.27 views

CVE-2025-32974 org.xwiki.platform:xwiki-platform-security-requiredrights-default required rights analysis doesn't consider TextAreas with default content type

XWiki is a generic wiki platform. In versions starting from 15.9-rc-1 to before 15.10.8 and from 16.0.0-rc-1 to before 16.2.0, the required rights analysis doesn't consider TextAreas with default content type. When editing a page, XWiki warns since version 15.9 when there is content on the page...

9CVSS0.00298EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/04/30 10:9 a.m.13 views

CVE-2025-32470

A remote unauthenticated attacker may be able to change the IP adress of the device, and therefore affecting the availability of the device...

7.5CVSS7.1AI score0.0054EPSS
Exploits0References8
BDU FSTEC
BDU FSTEC
added 2025/04/30 12:0 a.m.5 views

The vulnerability of the sub_49E098 function in Tenda AC8 microprogrammed router software allows a attacker to influence the confidentiality, integrity, and accessibility of the protected information.

The vulnerability of the sub49E098 function in Tenda AC8 software lies in buffer overflows during the processing of the list parameter. Exploiting this vulnerability allows an attacker to compromise the confidentiality, integrity, and accessibility of the protected information...

9CVSS7.9AI score0.01257EPSS
Exploits1References3Affected Software1
F5 Networks
F5 Networks
added 2025/04/29 7:1 p.m.12 views

K000151082: PostgreSQL vulnerability CVE-2021-32027

Security Advisory Description A flaw was found in postgresql in versions before 13.3, before 12.7, before 11.12, before 10.17 and before 9.6.22. While modifying certain SQL array values, missing bounds checks let authenticated database users write arbitrary bytes to a wide area of server memory...

8.8CVSS8.2AI score0.0199EPSS
Exploits0Affected Software12
OSV
OSV
added 2025/04/29 12:15 p.m.7 views

CVE-2025-3891

A flaw was found in the modauthopenidc module for Apache httpd. This flaw allows a remote, unauthenticated attacker to trigger a denial of service by sending an empty POST request when the OIDCPreservePost directive is enabled. The server crashes consistently, affecting availability...

7.5CVSS6.7AI score0.01214EPSS
Exploits0References14
Vulnrichment
Vulnrichment
added 2025/04/29 11:56 a.m.7 views

CVE-2025-3891 Mod_auth_openidc: dos via empty post in mod_auth_openidc with oidcpreservepost enabled

A flaw was found in the modauthopenidc module for Apache httpd. This flaw allows a remote, unauthenticated attacker to trigger a denial of service by sending an empty POST request when the OIDCPreservePost directive is enabled. The server crashes consistently, affecting availability...

7.5CVSS5.3AI score0.01214EPSS
Exploits0References13
Debian CVE
Debian CVE
added 2025/04/29 11:56 a.m.4 views

CVE-2025-3891

A flaw was found in the modauthopenidc module for Apache httpd. This flaw allows a remote, unauthenticated attacker to trigger a denial of service by sending an empty POST request when the OIDCPreservePost directive is enabled. The server crashes consistently, affecting availability...

7.5CVSS6AI score0.01214EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/04/29 11:56 a.m.11 views

CVE-2025-3891

A flaw was found in the modauthopenidc module for Apache httpd. This flaw allows a remote, unauthenticated attacker to trigger a denial of service by sending an empty POST request when the OIDCPreservePost directive is enabled. The server crashes consistently, affecting availability...

5.3CVSS5.2AI score0.01214EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/04/29 9:45 a.m.15 views

CVE-2025-22235

A flaw was found in the Spring Boot configuration. This vulnerability allows unauthorised access to the /null/ path via misconfigured security matchers when referencing disabled or non-exposed Spring Boot actuator endpoints. Mitigation Mitigation for this issue is either not available or the...

7.3CVSS7AI score0.00358EPSS
Exploits0References5
IBM Security Bulletins
IBM Security Bulletins
added 2025/04/29 2:25 a.m.72 views

Security Bulletin: IBM Common Cryptographic Architecture (CCA) is vulnerable to denial of service (CVE-2022-22423)

Summary Insufficient input validation in IBM Common Cryptographic Architecture CCA may affect Hardware Security Module HSM availability. An affected IBM 4767 or IBM 4769 HSM may be forced into a check-stop condition by specially-crafted requests from HSM users. Recovery from a check-stop conditio...

6.5CVSS5.3AI score0.00245EPSS
Exploits0Affected Software9
Amazon
Amazon
added 2025/04/29 12:0 a.m.4 views

Important: runc

Issue Overview: A flaw was found in runc. An attacker who controls the container image for two containers that share a volume can race volume mounts during container initialization, by adding a symlink to the rootfs that points to a directory on the volume. The highest threat from this...

7CVSS6.7AI score0.00457EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2025/04/29 12:0 a.m.8 views

Amazon Linux 2 : runc (ALASECS-2025-062)

The version of runc installed on the remote host is prior to 1.0.0-0.3.20210225.git12644e6. It is, therefore, affected by a vulnerability as referenced in the ALAS2ECS-2025-062 advisory. The runc package is vulnerable to a symlink exchange attack whereby an attacker can request a seemingly...

8.5CVSS7.5AI score0.06604EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2025/04/29 12:0 a.m.7 views

Amazon Linux 2 : runc (ALASECS-2025-064)

The version of runc installed on the remote host is prior to 1.0.0-0.1.20200204.gitdc9208a. It is, therefore, affected by a vulnerability as referenced in the ALAS2ECS-2025-064 advisory. A flaw was found in runc. An attacker who controls the container image for two containers that share a volume...

7CVSS6.9AI score0.00457EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2025/04/29 12:0 a.m.10 views

F5 Networks BIG-IP : PostgreSQL vulnerability (K000151082)

The version of F5 Networks BIG-IP installed on the remote host is prior to 17.1.1. It is, therefore, affected by a vulnerability as referenced in the K000151082 advisory. A flaw was found in postgresql in versions before 13.3, before 12.7, before 11.12, before 10.17 and before 9.6.22. While...

8.8CVSS7.3AI score0.0199EPSS
Exploits0References2
SUSE CVE
SUSE CVE
added 2025/04/28 2:36 p.m.3 views

SUSE CVE-2025-43864

React Router is a router for React. Starting in version 7.2.0 and prior to version 7.5.2, it is possible to force an application to switch to SPA mode by adding a header to the request. If the application uses SSR and is forced to switch to SPA, this causes an error that completely corrupts the...

7.5CVSS8.2AI score0.23628EPSS
Exploits0References3
Sick AG
Sick AG
added 2025/04/28 10:0 a.m.8 views

Vulnerabilities in SICK Flexi Compact

SICK has found two vulnerabilities that affect the SICK Flexi Compact. The vulnerabilities may affect the availability and confidentiality of the products. SICK is currently not aware of any public exploits...

7.5CVSS7.1AI score0.0054EPSS
Exploits0
NVD
NVD
added 2025/04/28 9:15 a.m.16 views

CVE-2025-32470

A remote unauthenticated attacker may be able to change the IP adress of the device, and therefore affecting the availability of the device...

7.5CVSS0.0054EPSS
Exploits0References6
CVE
CVE
added 2025/04/28 9:7 a.m.72 views

CVE-2025-32470

CVE-2025-32470 describes a remote unauthenticated capability to change the IP address of a device, potentially impacting availability. Connected sources associate this CVE with SICK Flexi Compact products (e.g., FLX0-GPNT100, FLX3-CPUC200) and similar vendor advisories. The available material con...

7.5CVSS7.1AI score0.0054EPSS
Exploits0References6
Rows per page
Query Builder