Lucene search
K

160 matches found

EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2009-5004

Malware in sbrugna...

9.8CVSS7.5AI score
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2025-6857

Malicious code in bioql PyPI...

3.4CVSS6.3AI score
Exploits0References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2025-27483

Malicious code in bioql PyPI...

8.8CVSS6.3AI score0.19313EPSS
Exploits4References5
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2024-53126

Malicious code in bioql PyPI...

8.1CVSS6.5AI score0.00314EPSS
Exploits0References2
Snyk
Snyk
added 2025/09/09 8:45 p.m.2 views

Embedded Malicious Code

Overview duckdb is a Node.js API for DuckDB, the "SQLite for Analytics". The API for this client is somewhat compliant to the SQLite Node.js client for easier transition and transition you must eventually. Affected versions of this package are vulnerable to Embedded Malicious Code. This package...

9.8CVSS6.8AI score0.00349EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/07/08 12:0 a.m.5 views

PT-2025-28393 · Sinec Nms · Sinec Nms

Name of the Vulnerable Software and Affected Versions: SINEC NMS versions prior to V4.0 Description: A vulnerability has been identified that makes the affected devices vulnerable to SQL injection. This could allow an unauthenticated remote attacker to execute arbitrary SQL queries on the server...

9CVSS8AI score0.0046EPSS
Exploits0References5
CNNVD
CNNVD
added 2025/07/08 12:0 a.m.3 views

Microsoft Windows BitLocker 安全漏洞

Microsoft Windows BitLocker is a BitLocker by Microsoft Corporation USA Ensure secure backup of recovery keys before activating protection. A security vulnerability exists in Microsoft Windows BitLocker. An attacker exploiting this vulnerability could bypass certain features. The following produc...

6.8CVSS6.5AI score0.00387EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/06/24 12:0 a.m.6 views

PT-2025-26731

Name of the Vulnerable Software and Affected Versions: Firefox versions prior to 140 Description: The exception page for the HTTPS-Only feature, displayed when a website is opened via HTTP, lacked an anti-clickjacking delay, potentially allowing an attacker to trick a user into granting an...

9.8CVSS7.8AI score0.09348EPSS
Exploits2References159
Github Security Blog
Github Security Blog
added 2025/06/13 8:46 p.m.12 views

XWiki does not require right warnings for XClass definitions

Impact When an attacker without script or programming right creates an XClass definition in XWiki requires edit right, and that same document is later edited by a user with script, admin, or programming right, malicious code could be executed with the rights of the editing user without prior...

8.6CVSS6.5AI score0.0036EPSS
Exploits1References5Affected Software1
Github Security Blog
Github Security Blog
added 2025/06/13 8:45 p.m.11 views

XWiki does not require right warnings for notification displayer objects

Impact When a user without script right creates a document with an XWiki.Notifications.Code.NotificationDisplayerClass object, and later an admin edits and saves that document, the possibly malicious content of that object is output as raw HTML, allowing XSS attacks. While the notification...

8CVSS5.7AI score0.0036EPSS
Exploits1References5Affected Software1
RedhatCVE
RedhatCVE
added 2025/05/23 10:47 a.m.7 views

CVE-2024-52800

veraPDF is an open source PDF/A validation library. Executing policy checks using custom schematron files via the CLI invokes an XSL transformation that may theoretically lead to a remote code execution RCE vulnerability. This doesn't affect the standard validation and policy checks functionality...

2.3CVSS7.8AI score0.01063EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 10:2 a.m.7 views

CVE-2024-28131

EasyRange Ver 1.41 contains an issue with the executable file search path when displaying an extracted file on Explorer, which may lead to loading an executable file resides in the same folder where the extracted file is placed. If this vulnerability is exploited, arbitrary code may be executed...

7.8CVSS7.4AI score0.00188EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 9:55 a.m.8 views

CVE-2024-28237

OctoPrint provides a web interface for controlling consumer 3D printers. OctoPrint versions up until and including 1.9.3 contain a vulnerability that allows malicious admins to configure or talk a victim with administrator rights into configuring a webcam snapshot URL which when tested through th...

4.8CVSS6.8AI score0.00435EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/23 6:24 a.m.5 views

CVE-2024-51990

jj, or Jujutsu, is a Git-compatible VCS written in rust. In affected versions specially crafted Git repositories can cause jj to write files outside the clone. This issue has been addressed in version 0.23.0. Users are advised to upgrade. Users unable to upgrade should avoid cloning repos from...

9.3CVSS6.7AI score0.0059EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 2:19 a.m.5 views

CVE-2023-38505

DietPi-Dashboard is a web dashboard for the operating system DietPi. The dashboard only allows for one TLS handshake to be in process at a given moment. Once a TCP connection is established in HTTPS mode, it will assume that it should be waiting for a handshake, and will stay this way indefinitel...

7.5CVSS6.7AI score0.00651EPSS
Exploits1References1
Malwarebytes
Malwarebytes
added 2025/03/31 8:30 a.m.18 views

Why we’re no longer doing April Fools’ Day

The internet is filled with falsehoods. We’re forever investigating new scams here at Malwarebytes, and so we get how hard it is to know what—or who—to trust online. There’s the scam that takes advantage of grieving people and tricks them into paying for a funeral live stream. There’s the fake...

7.6AI score
Exploits0
OSV
OSV
added 2025/03/25 3:8 a.m.3 views

MAL-2025-2714 Malicious code in truchuhhbuh (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware e8810fe0d195e5777e68fcf99f39f501f98ab2b6d41bc2b49fbdb4c97751559e Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

7AI score
Exploits0References1
SUSE CVE
SUSE CVE
added 2025/01/17 12:23 a.m.6 views

SUSE CVE-2024-52005

Git is a source code management tool. When cloning from a server or fetching, or pushing, informational or error messages are transported from the remote Git process to the client via the so-called "sideband channel". These messages will be prefixed with "remote:" and printed directly to the...

7.5CVSS8.1AI score0.00494EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2024/12/27 12:0 a.m.4 views

PT-2024-36832 · Tcpdf +1 · Tcpdf +1

Name of the Vulnerable Software and Affected Versions: TCPDF versions prior to 6.8.0 Description: An issue was discovered in the Error function, which lacks an htmlspecialchars call for the error message. This could potentially lead to issues with error message handling. Recommendations: For...

7.5CVSS6.8AI score0.01325EPSS
Exploits3References35
Vulnrichment
Vulnrichment
added 2024/11/29 6:20 p.m.10 views

CVE-2024-52800 Potential XXE (XML External Entity Injection) vulnerability in veraPDF CLI

veraPDF is an open source PDF/A validation library. Executing policy checks using custom schematron files via the CLI invokes an XSL transformation that may theoretically lead to a remote code execution RCE vulnerability. This doesn't affect the standard validation and policy checks functionality...

2.3CVSS7.8AI score0.01063EPSS
Exploits0References2
Rows per page
Query Builder