Lucene search
K

37007 matches found

Cvelist
Cvelist
added 2025/04/28 9:7 a.m.24 views

CVE-2025-32470 Unauthenticated change of IP adress

A remote unauthenticated attacker may be able to change the IP adress of the device, and therefore affecting the availability of the device...

7.5CVSS0.0054EPSS
Exploits0References6
Vulnrichment
Vulnrichment
added 2025/04/28 9:7 a.m.7 views

CVE-2025-32470 Unauthenticated change of IP adress

A remote unauthenticated attacker may be able to change the IP adress of the device, and therefore affecting the availability of the device...

7.5CVSS7.6AI score0.0054EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2025/04/28 12:20 a.m.3 views

undertow: buffer leak on incoming websocket PONG message may lead to DoS

A flaw was found in Undertow. A buffer leak on the incoming WebSocket PONG message may lead to memory exhaustion. This flaw allows an attacker to cause a denial of service. The highest threat from this vulnerability is availability...

7.5CVSS7.2AI score0.01375EPSS
Exploits1References4
BDU FSTEC
BDU FSTEC
added 2025/04/28 12:0 a.m.5 views

The vulnerability of the nilfsPutPage() function in the fs/nilfs2/dir.c module of the Linux file system support module allows a attacker to compromise the confidentiality, integrity, and accessibility of the protected information.

The vulnerability of the nilfsputpage function in the fs/nilfs2/dir.c module of the Linux file system support module is related to the repeated use of previously freed memory. Exploiting this vulnerability could allow an attacker to compromise the confidentiality, integrity, and accessibility of...

7.8CVSS6.5AI score0.00208EPSS
Exploits0References24Affected Software6
BDU FSTEC
BDU FSTEC
added 2025/04/28 12:0 a.m.3 views

Vulnerability of the brd_init() function in the drivers/block/brd.c module – The driver for supporting block devices in the Linux operating system, which allows an attacker to compromise the confidentiality, integrity, and accessibility of protected information.

Vulnerability of the brdinit function in the drivers/block/brd.c module – The Linux block device driver relies on the reutilization of previously freed memory. Exploiting this vulnerability could allow an attacker to compromise the confidentiality, integrity, and accessibility of protected...

7.8CVSS6.7AI score0.00239EPSS
Exploits0References26Affected Software7
BDU FSTEC
BDU FSTEC
added 2025/04/28 12:0 a.m.4 views

The vulnerability of the register_intc_controller() function in the drivers/sh/intc/core.c module of the Linux operating system allows a attacker to compromise the confidentiality, integrity, and accessibility of the protected information.

The vulnerability of the registerintccontroller function in the drivers/sh/intc/core.c file of the Linux kernel is related to the reutilization of previously freed memory. Exploiting this vulnerability could allow an attacker to compromise the confidentiality, integrity, and accessibility of the...

7.8CVSS6.7AI score0.00246EPSS
Exploits0References28Affected Software6
BDU FSTEC
BDU FSTEC
added 2025/04/28 12:0 a.m.7 views

The vulnerability of the del_gendisk() function in the block/blk-sysfs.c module of the Linux kernel allows a attacker to compromise the confidentiality, integrity, and accessibility of the protected information.

The vulnerability of the delgendisk function in the block/blk-sysfs.c module of the Linux kernel is related to the reutilization of previously freed memory. Exploiting this vulnerability could allow an attacker to compromise the confidentiality, integrity, and accessibility of the protected...

7.8CVSS6.9AI score0.00235EPSS
Exploits0References20Affected Software6
BDU FSTEC
BDU FSTEC
added 2025/04/28 12:0 a.m.8 views

The vulnerability of the igen6_register_mci() function in the drivers/edac/igen6_edac.c module of the Linux kernel allows a attacker to compromise the confidentiality, integrity, and accessibility of the protected information.

The vulnerability of the igen6registermci function in the drivers/edac/igen6edac.c module of the Linux kernel is related to reclamation processes. Exploiting this vulnerability could allow an attacker to compromise the confidentiality, integrity, and accessibility of protected information...

7.8CVSS6.5AI score0.00246EPSS
Exploits0References24Affected Software7
Positive Technologies
Positive Technologies
added 2025/04/28 12:0 a.m.5 views

PT-2025-18086 · Unknown · Phpgurukul Nipah Virus Testing Management System

Name of the Vulnerable Software and Affected Versions: PHPGurukul Nipah Virus Testing Management System version 1.0 Description: A critical issue has been found in the processing of the file /profile.php. The manipulation of the adminname argument leads to SQL injection. The attack may be initiat...

9.8CVSS7.6AI score0.00432EPSS
Exploits1References9
Positive Technologies
Positive Technologies
added 2025/04/28 12:0 a.m.5 views

PT-2025-18054 · Sick Ag · Sick Flx0-Gpnt100 +1

Name of the Vulnerable Software and Affected Versions: The product name cannot be determined. Description: A remote unauthenticated attacker may be able to change the IP address of the device, and therefore affect the availability of the device. Recommendations: At the moment, there is no...

7.5CVSS6.3AI score0.0054EPSS
Exploits0References13
OSV
OSV
added 2025/04/27 3:15 p.m.4 views

CVE-2025-3973

A vulnerability, which was classified as critical, was found in PHPGurukul COVID19 Testing Management System 1.0. This affects an unknown part of the file /checkavailability.php. The manipulation of the argument mobnumber leads to sql injection. It is possible to initiate the attack remotely. The...

9.8CVSS5.7AI score0.00414EPSS
Exploits0References5
CNNVD
CNNVD
added 2025/04/27 12:0 a.m.2 views

SIOS Technology Quick Agent 安全漏洞

SIOS Technology Quick Agent is a component of a high availability and disaster recovery solution from SIOS Technology, Inc. that is used to monitor and protect business-critical applications. A security vulnerability exists in SIOS Technology Quick Agent V3 and V2, which stems from an improperly...

6.9CVSS6.1AI score0.00436EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/04/26 5:14 p.m.18 views

CVE-2025-46528

Cross-Site Request Forgery CSRF vulnerability in Steve Availability Calendar availability allows Stored XSS.This issue affects Availability Calendar: from n/a through = 0.2.4...

7.1CVSS7.2AI score0.00116EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/04/26 5:9 p.m.26 views

CVE-2025-31324

SAP NetWeaver Visual Composer Metadata Uploader is not protected with a proper authorization, allowing unauthenticated agent to upload potentially malicious executable binaries that could severely harm the host system. This could significantly affect the confidentiality, integrity, and availabili...

10CVSS7AI score0.99359EPSS
Exploits18References1
RedhatCVE
RedhatCVE
added 2025/04/26 8:22 a.m.17 views

CVE-2025-0639

An issue has been discovered affecting service availability via issue preview in GitLab CE/EE affecting all versions from 16.7 before 17.9.7, 17.10 before 17.10.5, and 17.11 before 17.11.1...

7.5CVSS6.6AI score0.00398EPSS
Exploits0References1
OSV
OSV
added 2025/04/26 6:31 a.m.15 views

BIT-GITLAB-2025-0639 Allocation of Resources Without Limits or Throttling in GitLab

An issue has been discovered affecting service availability via issue preview in GitLab CE/EE affecting all versions from 16.7 before 17.9.7, 17.10 before 17.10.5, and 17.11 before 17.11.1...

7.5CVSS6.2AI score0.00398EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/04/25 11:42 p.m.8 views

CVE-2025-2197

Browser is affected by type confusion vulnerability, successful exploitation of this vulnerability may affect service availability...

4.3CVSS7AI score0.00239EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/04/25 12:18 a.m.6 views

CVE-2025-43864 React Router allows a DoS via cache poisoning by forcing SPA mode

React Router is a router for React. Starting in version 7.2.0 and prior to version 7.5.2, it is possible to force an application to switch to SPA mode by adding a header to the request. If the application uses SSR and is forced to switch to SPA, this causes an error that completely corrupts the...

7.5CVSS7AI score0.23628EPSS
Exploits0References3
CVE
CVE
added 2025/04/25 12:18 a.m.156 views

CVE-2025-43864

CVE-2025-43864: React Router (versions 7.2.0–7.5.1) allows forcing SPA mode by a request header, which on SSR apps can trigger a page-corrupting error. If a cache stores the error response, this enables cache poisoning and degrades availability. Patch: upgrade to React Router 7.5.2 (or later).

7.5CVSS7.6AI score0.23628EPSS
Exploits0References3
BDU FSTEC
BDU FSTEC
added 2025/04/25 12:0 a.m.5 views

The vulnerability of the LockProjectUserRights method in the software for managing and monitoring deleted objects in telemetry and telemechanics systems, allowing a perpetrator to compromise the confidentiality, integrity, and accessibility of protected information.

The vulnerability of the LockProjectUserRights method in the software for managing and monitoring deleted objects in telemetry and telemechanics systems related to the lack of protective measures for the SQL query structure. Exploiting this vulnerability allows an attacker to compromise the...

9CVSS5.6AI score0.00604EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder