Lucene search
K

15 matches found

Positive Technologies
Positive Technologies
added 2026/06/02 12:0 a.m.8 views

PT-2026-48838

A flaw was found in tar. A remote attacker could exploit this vulnerability by crafting a malicious archive, leading to hidden file injection with fully attacker-controlled content. This bypasses pre-extraction inspection mechanisms, potentially allowing an attacker to introduce malicious files...

5.4AI score
Exploits0References6
NVD
NVD
added 2026/04/15 6:17 p.m.18 views

CVE-2026-5758

JavaScript is vulnerable to prototype pollution in Mafintosh's protocol-buffers-schema Version 3.6.0, where an attacker may alter the application logic, bypass security checks, cause a DoS or achieve remote code execution...

6.5CVSS0.00534EPSS
Exploits0References2
OSV
OSV
added 2026/02/04 10:15 p.m.5 views

UBUNTU-CVE-2026-25537

jsonwebtoken is a JWT lib in rust. Prior to version 10.3.0, there is a Type Confusion vulnerability in jsonwebtoken, specifically, in its claim validation logic. When a standard claim such as nbf or exp is provided with an incorrect JSON type Like a String instead of a Number, the library’s...

7.5CVSS5.8AI score0.00443EPSS
Exploits1References4
FreeBSD
FreeBSD
added 2024/07/24 12:0 a.m.27 views

Gitlab -- Vulnerabilities

Gitlab reports: XSS via the Maven Dependency Proxy Project level analytics settings leaked in DOM Reports can access and download job artifacts despite use of settings to prevent it Direct Transfer - Authorised project/group exports are accessible to other users Bypassing tag check and branch che...

6.8AI score
Exploits0References1
Code423n4
Code423n4
added 2023/10/06 12:0 a.m.12 views

A Malicious user can create a rootBridgeAgent with a malicious endpoint and execute calls directly with the rootBridgeAgent.

Lines of code Vulnerability details Impact A Malicious user can create a rootBridgeAgent with a malicious endpoint and execute calls directly with the rootBridgeAgent. Since anyone can create a rootBridgeAgent with desired values for port, endpoint and router address in anychain. The Attacker can...

7.1AI score
Exploits0
Positive Technologies
Positive Technologies
added 2023/09/12 12:0 a.m.4 views

PT-2023-5291 · Rockwell Automation · Factorytalk View Machine Edition

Name of the Vulnerable Software and Affected Versions: Rockwell Automation FactoryTalk View Machine Edition affected versions not specified Description: The issue arises from improper verification of user input, allowing an unauthenticated attacker to achieve remote code execution via crafted...

10CVSS7.9AI score0.10974EPSS
Exploits0References17
Code423n4
Code423n4
added 2023/07/31 12:0 a.m.8 views

The onlyProfileOwnerOrDelegatedExecutor and whenNotPaused checks can be bypassed

Lines of code Vulnerability details Impact The LensHub.sol functions setProfileMetadataURI, setProfileMetadataURIWithSig, setFollowModule, setFollowModuleWithSig, collect, collectWithSig, act, actWithSig, setProfileImageURI, setProfileImageURIWithSig and others use...

7.1AI score
Exploits0
Vulnrichment
Vulnrichment
added 2023/06/22 6:50 a.m.10 views

CVE-2023-32449

Dell PowerStore versions prior to 3.5 contain an improper verification of cryptographic signature vulnerability. An attacker can trick a high privileged user to install a malicious binary by bypassing the existing cryptographic signature checks...

7.2CVSS6.8AI score0.0012EPSS
Exploits0References1
Veracode
Veracode
added 2022/10/01 12:52 a.m.33 views

Denial Of Service (DoS)

rpm is vulnerable to denial of service. An attacker can bypass the checks introduced in response to CVE-2017-7500 and CVE-2017-7501, potentially gaining root privileges and causing an application crash...

7.8CVSS6.8AI score0.00415EPSS
Exploits1References6Affected Software1
OSV
OSV
added 2022/08/29 3:15 p.m.75 views

CVE-2022-0336

The Samba AD DC includes checks when adding service principals names SPNs to an account to ensure that SPNs do not alias with those already in the database. Some of these checks are able to be bypassed if an account modification re-adds an SPN that was previously present on that account, such as...

8.8CVSS3.6AI score0.01301EPSS
Exploits0References7
Code423n4
Code423n4
added 2022/07/19 12:0 a.m.11 views

[PNM-004] An additional domain can be registered for free

Lines of code Vulnerability details Description The ETHRegistrarController added new functionality to support set multiple records while registering a ETH 2LD. It uses the following code to support this functionality. function setRecords address resolver, bytes32 label, bytes calldata data intern...

7AI score
Exploits0
Code423n4
Code423n4
added 2022/07/08 12:0 a.m.8 views

migrate can change the controller and bypass all the checks

Lines of code Vulnerability details Impact Controller can use migrate to change controller address, leading to the project owner changing a new controller with different logic that users may unexpect and bypassing the condition check / permission check of the previous controller. Proof of Concept...

6.7AI score
Exploits0
Debian
Debian
added 2018/08/15 10:4 a.m.24 views

[SECURITY] [DLA 1464-1] postgresql-9.4 security update

Package : postgresql-9.4 Version : 9.4.19-0+deb8u1 CVE ID : CVE-2018-10915 An unprivileged user of dblink or postgresfdw could bypass the checks intended to prevent use of server-side credentials, such as a /.pgpass file owned by the operating-system user running the server. Servers allowing peer...

8.5CVSS8AI score0.05154EPSS
Exploits0
Hacker One
Hacker One
added 2015/04/09 12:0 a.m.18 views

Internet Bug Bounty: str_repeat() sign mismatch based memory corruption

OVERVIEW strrepeat suffers from a sign mismatch based integer overflow that results in creation of corrupted ZVALs; this condition, depending on the context, can be abused to bypass PHP-level checks or trigger any kind of memory error: a successful exploitation of this issue is likely to produce...

7.7AI score
Exploits0
myhack58
myhack58
added 2009/04/30 12:0 a.m.211 views

intval()is used improperly cause a security vulnerability analysis-vulnerability warning-the black bar safety net

A description of the classification intval function has two characteristics:"until the encounter on the numbers or the positive and negative symbols before starting to do the conversion, and then encounter non-numeric or string at the end\0end of conversion",in certain applications due to the...

7.6AI score
Exploits0
Rows per page
Query Builder