Lucene search
K

37007 matches found

OSV
OSV
added 2025/04/23 9:15 p.m.3 views

DEBIAN-CVE-2025-46399

A flaw was found in fig2dev. This vulnerability allows availability via local input manipulation via gengeitpspline function...

5.5CVSS5.1AI score0.00199EPSS
Exploits1References1
OSV
OSV
added 2025/04/23 9:15 p.m.6 views

CVE-2025-46399

A flaw was found in fig2dev. This vulnerability allows availability via local input manipulation via gengeitpspline function...

5.5CVSS4.5AI score0.00199EPSS
Exploits1References4
NVD
NVD
added 2025/04/23 9:15 p.m.11 views

CVE-2025-46399

A flaw was found in fig2dev. This vulnerability allows availability via local input manipulation via gengeitpspline function...

5.5CVSS0.00199EPSS
Exploits1References4
NVD
NVD
added 2025/04/23 9:15 p.m.13 views

CVE-2025-46400

In xfig diagramming tool, a segmentation fault while running fig2dev allows an attacker to availability via local input manipulation via readarcobject function...

5.5CVSS0.00199EPSS
Exploits1References4
AlpineLinux
AlpineLinux
added 2025/04/23 8:55 p.m.7 views

CVE-2025-46400

In xfig diagramming tool, a segmentation fault while running fig2dev allows an attacker to availability via local input manipulation via readarcobject function...

5.5CVSS6.6AI score0.00199EPSS
Exploits1References4
CVE
CVE
added 2025/04/23 8:55 p.m.85 views

CVE-2025-46399

CVE-2025-46399 affects fig2dev (part of transfig) with a segmentation fault in genge_itp_spline, enabling local input-based disruption and potential denial of service. Related advisories confirm multiple vendors acknowledge the issue; Debian LTS reports a fix in fig2dev 1:3.2.8-3+deb11u3. Other e...

5.5CVSS4.6AI score0.00199EPSS
Exploits1References4Affected Software1
Cvelist
Cvelist
added 2025/04/23 8:55 p.m.17 views

CVE-2025-46399 Xfig: transfig: fig2dev segmentation fault vulnerability

A flaw was found in fig2dev. This vulnerability allows availability via local input manipulation via gengeitpspline function...

5.5CVSS0.00199EPSS
Exploits1References3
Debian CVE
Debian CVE
added 2025/04/23 8:55 p.m.8 views

CVE-2025-46399

A flaw was found in fig2dev. This vulnerability allows availability via local input manipulation via gengeitpspline function...

5.5CVSS5.1AI score0.00199EPSS
Exploits1
Vulnrichment
Vulnrichment
added 2025/04/23 3:27 p.m.13 views

CVE-2025-32968 org.xwiki.platform:xwiki-platform-oldcore allows SQL injection in short form select requests through the script query API

XWiki is a generic wiki platform. In versions starting from 1.6-milestone-1 to before 15.10.16, 16.4.6, and 16.10.1, it is possible for a user with SCRIPT right to escape from the HQL execution context and perform a blind SQL injection to execute arbitrary SQL statements on the database backend...

8.6CVSS7.7AI score0.00449EPSS
Exploits1References2
BDU FSTEC
BDU FSTEC
added 2025/04/23 12:0 a.m.5 views

The vulnerability of the CreateProject method in the software for managing and monitoring deleted objects in telemetry and telemechanics systems, allowing a perpetrator to compromise the confidentiality, integrity, and accessibility of protected information.

The vulnerability of the CreateProject method in the software for managing and monitoring removed objects in telemetry and telemechanics systems, such as the TeleControl Server Basic, is related to the lack of protective measures for the SQL query structure. Exploiting this vulnerability allows a...

9CVSS6.7AI score0.00648EPSS
Exploits0References3Affected Software1
BDU FSTEC
BDU FSTEC
added 2025/04/23 12:0 a.m.7 views

The vulnerability of the UpdateGateways method in the software for managing and monitoring remote devices in telemetering and telemechanics systems allows a perpetrator to compromise the confidentiality, integrity, and accessibility of the protected information.

The vulnerability of the UpdateGateways method in the software for managing and monitoring remote devices in telemetering and telemechanics systems is related to the lack of protective measures for the SQL query structure. Exploiting this vulnerability allows an attacker to compromise the...

9CVSS6.7AI score0.00604EPSS
Exploits0References3Affected Software1
BDU FSTEC
BDU FSTEC
added 2025/04/23 12:0 a.m.6 views

The vulnerability of the UpdateUsers method in the software for managing and monitoring deleted objects in telemetry and telemechanics systems, allowing a perpetrator to compromise the confidentiality, integrity, and accessibility of protected information.

The vulnerability of the UpdateUsers method in software for managing and monitoring removed objects in telemetry and telemechanics systems is related to the lack of protective measures for the SQL query structure. Exploiting this vulnerability allows an attacker to compromise the confidentiality,...

9CVSS6.7AI score0.00648EPSS
Exploits0References3Affected Software1
BDU FSTEC
BDU FSTEC
added 2025/04/23 12:0 a.m.7 views

The vulnerability of the setRebootScheCfg function in the microprogrammed routing software of TOTOLINK CA300-PoE allows a attacker to compromise the confidentiality, integrity, and accessibility of the protected information.

The vulnerability of the setRebootScheCfg function in TOTOLINK CA300-PoE router microprogramming systems is related to the lack of measures taken to clean data at the management level. Exploiting this vulnerability can allow an attacker, operating remotely, to compromise the confidentiality,...

10CVSS7.7AI score0.01946EPSS
Exploits1References2Affected Software1
BDU FSTEC
BDU FSTEC
added 2025/04/23 12:0 a.m.5 views

The vulnerability of the UpdateOpcSettings method in the software for managing and monitoring removed objects in telemetry and telemechanics systems, allowing a perpetrator to compromise the confidentiality, integrity, and accessibility of the protected information.

The vulnerability of the UpdateOpcSettings method in the software for managing and monitoring removed objects in telemetry and telemechanics systems, such as the TeleControl Server Basic, is related to the lack of protective measures for the SQL query structure. Exploiting this vulnerability allo...

9CVSS6.7AI score0.00604EPSS
Exploits0References3Affected Software1
BDU FSTEC
BDU FSTEC
added 2025/04/23 12:0 a.m.5 views

The vulnerability of the CreateTrace method in the software for managing and monitoring deleted objects in telemetry and telemechanics systems, allowing a perpetrator to compromise the confidentiality, integrity, and accessibility of protected information.

The vulnerability of the CreateTrace method in software for managing and monitoring deleted objects in telemetry and telemechanics systems is related to the lack of protective measures for the SQL query structure. Exploiting this vulnerability allows an attacker to compromise the confidentiality,...

10CVSS7.8AI score0.00807EPSS
Exploits0References3Affected Software1
Positive Technologies
Positive Technologies
added 2025/04/23 12:0 a.m.6 views

PT-2025-17705 · Gitlab · Gitlab Ce/Ee

Name of the Vulnerable Software and Affected Versions: GitLab CE/EE versions 16.7 through 17.9.7 GitLab CE/EE versions 17.10 through 17.10.5 GitLab CE/EE versions 17.11 through 17.11.1 Description: An issue has been discovered affecting service availability via issue preview in GitLab CE/EE. The...

7.5CVSS6.1AI score0.00398EPSS
Exploits0References15
Node JS Blog
Node JS Blog
added 2025/04/23 12:0 a.m.11 views

Node.js Test CI Security Incident

Node.js Test CI Security Incident Update 23-April-2025 Node.js Test CI Security Incident – Full Disclosure Summary On March 21, 2025, we received a security report via HackerOne link restricted at time of writing, detailing a successful compromise of several Node.js test CI hosts. According to th...

6.2AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/04/21 12:0 a.m.6 views

A Security Framework for General Blockchain Layer 2 Protocols

Layer 2 L2 solutions are the cornerstone of blockchain scalability, enabling high-throughput and low-cost interactions by shifting execution off-chain while maintaining security through interactions with the underlying ledger. Despite their common goals, the principal L2 paradigms -- payment...

7AI score
Exploits0
CNVD
CNVD
added 2025/04/18 12:0 a.m.2 views

Huawei HarmonyOS Buffer Overflow Vulnerability

Huawei HarmonyOS is an operating system from the Chinese company Huawei. Huawei HarmonyOS suffers from a buffer overflow vulnerability, which originates in the codec module, that can be exploited by an attacker to affect availability...

7.5CVSS6.8AI score0.00317EPSS
Exploits0References1
CNVD
CNVD
added 2025/04/18 12:0 a.m.3 views

Unspecified vulnerability in Huawei HarmonyOS (CNVD-2025-15527)

Huawei HarmonyOS is an operating system from Huawei China. It provides a full-scenario distributed operating system based on a microkernel. A security vulnerability exists in Huawei HarmonyOS, which stems from a security issue that can be exploited by attackers to affect availability...

7.5CVSS7AI score0.00226EPSS
Exploits0References1
Rows per page
Query Builder