Lucene search
K

956 matches found

Cvelist
Cvelist
added 2025/02/10 5:35 p.m.12 views

CVE-2025-25188 DNSSEC validation may accept broken authentication chains

Hickory DNS is a Rust based DNS client, server, and resolver. A vulnerability present starting in version 0.8.0 and prior to versions 0.24.3 and 0.25.0-alpha.5 impacts Hickory DNS users relying on DNSSEC verification in the client library, stub resolver, or recursive resolver. The DNSSEC validati...

7.1CVSS0.0026EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/02/10 12:0 a.m.5 views

Azure Linux 3.0 Security Update: edk2 / hvloader / nodejs18 / openssl (CVE-2023-0464)

The version of edk2 / hvloader / nodejs18 / openssl installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2023-0464 advisory. - A security vulnerability has been identified in all supported versions of OpenS...

7.5CVSS6.2AI score0.03658EPSS
Exploits0References2
OSV
OSV
added 2025/01/28 12:47 a.m.10 views

GO-2025-3373 Usage of IPv6 zone IDs can bypass URI name constraints in crypto/x509

A certificate with a URI which has a IPv6 address with a zone ID may incorrectly satisfy a URI name constraint that applies to the certificate chain. Certificates containing URIs are not permitted in the web PKI, so this only affects users of private PKIs which make use of URIs...

6.1CVSS6.1AI score0.00458EPSS
Exploits0References4
OSV
OSV
added 2025/01/21 1:15 p.m.8 views

AZL-55904 CVE-2024-57940 affecting package kernel for versions less than 6.6.76.1-1

In the Linux kernel, the following vulnerability has been resolved: exfat: fix the infinite loop in exfatreaddir If the file system is corrupted so that a cluster is linked to itself in the cluster chain, and there is an unused directory entry in the cluster, 'dentry' will not be incremented,...

5.5CVSS6.3AI score0.00218EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/01/01 12:0 a.m.9 views

PT-2026-4476

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The Linux kernel's netfilter module contains an issue within the nf tables component related to chain validation. The vulnerability can lead to CPU soft lock-ups during nft chain validat...

5.5CVSS5.4AI score0.00164EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2024/12/13 12:0 a.m.7 views

PT-2024-36551 · Unknown · Invoice Ninja

Name of the Vulnerable Software and Affected Versions: Invoice Ninja versions prior to 5.10.43 Description: The issue allows remote code execution from a pre-authenticated route when an attacker knows the APP KEY. This is exacerbated by .env files that have default APP KEY values. The route...

8.8CVSS10AI score0.065EPSS
Exploits5References8
Vulnrichment
Vulnrichment
added 2024/11/18 12:0 a.m.11 views

CVE-2019-25220

Bitcoin Core before 24.0.1 allows remote attackers to cause a denial of service daemon crash via a flood of low-difficulty header chains aka a "Chain Width Expansion" attack because a node does not first verify that a presented chain has enough work before committing to store it...

6.6AI score0.00783EPSS
Exploits0References3
CNNVD
CNNVD
added 2024/11/18 12:0 a.m.4 views

Bitcoin Core 安全漏洞

Bitcoin Core is a Bitcoin open source client for verifying the validity of blockchain transactions. A security vulnerability exists in versions of Bitcoin Core prior to 24.0.1 that stems from a failure to verify that the provided chain has sufficient workload, allowing an attacker to cause a deni...

7.5CVSS6.6AI score0.00783EPSS
Exploits0References3
Snyk
Snyk
added 2024/11/15 11:44 a.m.5 views

Deserialization of Untrusted Data

Overview Affected versions of this package are vulnerable to Deserialization of Untrusted Data through the filegetcontents function. An attacker can execute arbitrary code by uploading a file with a malicious phar:// protocol, leading to the deserialization and instantiation of arbitrary PHP...

9.8CVSS8.2AI score0.0143EPSS
Exploits1References2
NVD
NVD
added 2024/11/15 11:15 a.m.23 views

CVE-2021-3838

DomPDF before version 2.0.0 is vulnerable to PHAR deserialization due to a lack of checking on the protocol before passing it into the filegetcontents function. An attacker who can upload files of any type to the server can pass in the phar:// protocol to unserialize the uploaded file and...

9.8CVSS0.0143EPSS
Exploits1References2
Microsoft CVE
Microsoft CVE
added 2024/11/09 8:0 a.m.2 views

Gnutls: potential crash during chain building/verification

...

5CVSS6.5AI score0.00386EPSS
Exploits0
Talos Blog
Talos Blog
added 2024/10/22 10:0 a.m.10 views

Threat actor abuses Gophish to deliver new PowerRAT and DCRAT

Cisco Talos recently discovered a phishing campaign using an open-source phishing toolkit called Gophish by an unknown threat actor. The campaign involves modular infection chains that are either Maldoc or HTML-based infections and require the victim's intervention to trigger the infection chain...

8.4AI score
Exploits0
The Hacker News
The Hacker News
added 2024/10/15 6:43 a.m.15 views

Researchers Uncover Hijack Loader Malware Using Stolen Code-Signing Certificates

Cybersecurity researchers have disclosed a new malware campaign that delivers Hijack Loader artifacts that are signed with legitimate code-signing certificates. French cybersecurity company HarfangLab, which detected the activity at the start of the month, said the attack chains aim to deploy an...

7.3AI score
Exploits0
CVE
CVE
added 2024/10/10 3:49 p.m.67 views

CVE-2023-25581

The CVE-2023-25581 entry concerns pac4j-core before 4.0.0, where a Java deserialization vulnerability in UserProfile attributes can be triggered by a serialized object with a {#sb64} prefix and Base64 encoding, potentially leading to RCE. Affected versions are prior to 4.0.0; 4.0.0 and later are ...

9.2CVSS7.3AI score0.01949EPSS
Exploits1References4
Tenable Nessus
Tenable Nessus
added 2024/10/09 12:0 a.m.21 views

CentOS 7 : thunderbird (RHSA-2020:2906)

The remote CentOS Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2020:2906 advisory. - Due to confusion about ValueTags on JavaScript Objects, an object may pass through the type barrier, resulting in memory corruption and a potentially...

9.3CVSS7.8AI score0.03034EPSS
Exploits2References7
Tenable Nessus
Tenable Nessus
added 2024/10/09 12:0 a.m.30 views

CentOS 6 : thunderbird (RHSA-2020:2966)

The remote CentOS Linux 6 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2020:2966 advisory. - Manipulating individual parts of a URL object could have caused an out-of-bounds read, leaking process memory to malicious JavaScript. This...

9.3CVSS7.8AI score0.03034EPSS
Exploits1References6
Chainguard
Chainguard
added 2024/10/01 6:13 p.m.6 views

GHSA-4F8R-QQR9-FQ8J vulnerabilities

Vulnerabilities for packages: wolfictl, kyverno-fips, spire-server-fips, falcoctl, rekor, trivy, zarf, kubescape, flux-source-controller, flux-source-controller-fips, tekton-chains, vexctl, tkn-fips, cosign, neuvector-sigstore-interface-fips, neuvector-sigstore-interface, kyverno, zot,...

5.9AI score
Exploits0
Chainguard
Chainguard
added 2024/10/01 4:15 p.m.7 views

CVE-2024-47534 vulnerabilities

Vulnerabilities for packages: wolfictl, kyverno-fips, spire-server-fips, falcoctl, rekor, trivy, zarf, kubescape, flux-source-controller, flux-source-controller-fips, tekton-chains, vexctl, tkn-fips, cosign, neuvector-sigstore-interface-fips, neuvector-sigstore-interface, kyverno, zot,...

8.2CVSS7.1AI score0.00486EPSS
Exploits0
The Hacker News
The Hacker News
added 2024/09/25 11:20 a.m.14 views

Expert Tips on How to Spot a Phishing Link

Phishing attacks are becoming more advanced and harder to detect, but there are still telltale signs that can help you spot them before it's too late. See these key indicators that security experts use to identify phishing links: 1. Check Suspicious URLs Phishing URLs are often long, confusing, o...

7.2AI score
Exploits0
The Hacker News
The Hacker News
added 2024/09/24 1:3 p.m.18 views

U.S. Proposes Ban on Connected Vehicles Using Chinese and Russian Tech

The U.S. Department of Commerce DoC said it's proposing a ban on the import or sale of connected vehicles that integrate software and hardware made by foreign adversaries, particularly that of the People's Republic of China PRC and Russia. "The proposed rule focuses on hardware and software...

6.8AI score
Exploits0
Rows per page
Query Builder