Lucene search
+L

362 matches found

OSV
OSV
added 2025/09/04 3:32 p.m.7 views

CVE-2025-38690 drm/xe/migrate: prevent infinite recursion

In the Linux kernel, the following vulnerability has been resolved: drm/xe/migrate: prevent infinite recursion If the buf + offset is not aligned to XECAHELINEBYTES we fallback to using a bounce buffer. However the bounce buffer here is allocated on the stack, and the only alignment requirement...

5.5CVSS6.6AI score0.00128EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2025/09/04 12:0 a.m.5 views

PT-2025-35963

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: The Linux kernel contains a flaw within the drm/xe/migrate component that could lead to infinite recursion and a potential kernel panic. This occurs when handling memory alignment duri...

6.2AI score0.00128EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2025/08/30 12:0 a.m.5 views

Linux Distros Unpatched Vulnerability : CVE-2020-8794

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - OpenSMTPD before 6.6.4 allows remote code execution because of an out-of-bounds read in mtaio in mtasession.c for multi-line replies. Although this vulnerabilit...

10CVSS9.2AI score0.889EPSS
Exploits10References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/08/14 6:52 p.m.2 views

Malicious code in xo-bounce (npm)

The package xo-bounce was found to contain malicious code...

7AI score
Exploits0
OSV
OSV
added 2025/08/14 6:52 p.m.0 views

MAL-2025-39899 Malicious code in xo-bounce (npm)

The package xo-bounce was found to contain malicious code...

7.2AI score
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/22 4:39 p.m.13 views

CVE-2020-36399

A stored cross site scripting XSS vulnerability in phplist 3.5.4 and below allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the "rule1" parameter under the "Bounce Rules" module...

5.4CVSS5.5AI score0.00509EPSS
Exploits1
RedhatCVE
RedhatCVE
added 2025/05/21 11:31 p.m.9 views

CVE-2007-6741

The ftpPORT function in FTPServer.py in pyftpdlib before 0.2.0 does not prevent TCP connections to privileged ports if the destination IP address matches the source IP address of the connection from the FTP client, which might allow remote authenticated users to conduct FTP bounce attacks via...

7.5CVSS6.5AI score0.01975EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/04/06 2:30 a.m.28 views

CVE-2025-25061

Unintended proxy or intermediary 'Confused Deputy' issue exists in HMI ViewJet C-more series and HMI GC-A2 series, which may allow a remote unauthenticated attacker to use the product as an intermediary for FTP bounce attack...

5.8CVSS7.1AI score0.00429EPSS
Exploits0References1
NVD
NVD
added 2025/04/04 2:15 a.m.7 views

CVE-2025-25061

Unintended proxy or intermediary 'Confused Deputy' issue exists in HMI ViewJet C-more series and HMI GC-A2 series, which may allow a remote unauthenticated attacker to use the product as an intermediary for FTP bounce attack...

5.8CVSS0.00429EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2025/04/04 2:10 a.m.7 views

CVE-2025-25061

Unintended proxy or intermediary 'Confused Deputy' issue exists in HMI ViewJet C-more series and HMI GC-A2 series, which may allow a remote unauthenticated attacker to use the product as an intermediary for FTP bounce attack...

5.8CVSS7.3AI score0.00429EPSS
Exploits0References3
Cvelist
Cvelist
added 2025/04/04 2:10 a.m.16 views

CVE-2025-25061

Unintended proxy or intermediary 'Confused Deputy' issue exists in HMI ViewJet C-more series and HMI GC-A2 series, which may allow a remote unauthenticated attacker to use the product as an intermediary for FTP bounce attack...

5.8CVSS0.00429EPSS
Exploits0References3
CVE
CVE
added 2025/04/04 2:10 a.m.52 views

CVE-2025-25061

CVE-2025-25061 affects JTEKT/HMI ViewJet C-more and HMI GC-A2 series. Description: an unintended proxy/intermediary (Confused Deputy) vulnerability could allow a remote unauthenticated attacker to use the product as an intermediary for an FTP bounce attack. Impact: attacker may misuse the product...

5.8CVSS7.3AI score0.00429EPSS
Exploits0References3
CNNVD
CNNVD
added 2025/04/04 12:0 a.m.13 views

JTEKT ELECTRONICS HMI ViewJet C-more 安全漏洞

JTEKT ELECTRONICS HMI ViewJet C-more is a series of human-machine interfaces from JTEKT ELECTRONICS, Japan. A security vulnerability exists in JTEKT ELECTRONICS HMI ViewJet C-more that stems from a proxy issue that could lead to an FTP bounce attack...

5.8CVSS5.8AI score0.00429EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2025/04/02 12:0 a.m.8 views

PT-2025-14826 · Unknown · Hmi Gc-A2 Series +1

Name of the Vulnerable Software and Affected Versions: HMI ViewJet C-more series affected versions not specified HMI GC-A2 series affected versions not specified Description: The issue is related to an unintended proxy or intermediary problem, also known as 'Confused Deputy', which may allow a...

5.8CVSS5.6AI score0.00429EPSS
Exploits0References12
AstraLinux
AstraLinux
added 2025/02/06 4:28 p.m.7 views

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: net: use a bounce buffer for copying skb-mark syzbot found arm64 builds would crash in sockrecvmark when CONFIGHARDENEDUSERCOPY=y x86 and powerpc are not detecting the issue because they define useraccessbegin. This will be handl...

7.1CVSS6.6AI score0.00227EPSS
Exploits0References1
NVD
NVD
added 2024/11/16 4:15 a.m.27 views

CVE-2024-9938

The Bounce Handler MailPoet 3 plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'page' parameter in all versions up to, and including, 1.3.21 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...

6.1CVSS0.0038EPSS
Exploits0References2
CVE
CVE
added 2024/11/16 3:20 a.m.51 views

CVE-2024-9938

CVE-2024-9938 concerns Bounce Handler MailPoet 3 for WordPress, vulnerable to a Reflected Cross-Site Scripting (XSS) via the page parameter in versions

6.1CVSS6AI score0.0038EPSS
Exploits0References2
CNNVD
CNNVD
added 2024/11/16 12:0 a.m.7 views

WordPress plugin Bounce Handler MailPoet 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...

6.1CVSS7.6AI score0.0038EPSS
Exploits0References2
Patchstack
Patchstack
added 2024/11/15 9:35 p.m.7 views

WordPress Bounce Handler MailPoet 3 plugin <= 1.3.21 - Reflected Cross-Site Scripting vulnerability

Reflected Cross-Site Scripting vulnerability discovered by Colin Xu in WordPress Plugin Bounce Handler MailPoet 3 versions = 1.3.21...

6.1CVSS6.3AI score0.0038EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2024/11/15 12:0 a.m.18 views

WordPress Bounce Handler MailPoet 3 Plugin <= 1.3.21 is vulnerable to Cross Site Scripting (XSS)

Software Bounce Handler MailPoet 3 Type Plugin Vulnerable versions = 1.3.21 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-9938 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID ab6f81da0c5a Credits Colin Xu...

6.1CVSS5.9AI score0.0038EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder