Lucene search
+L

718 matches found

NVD
NVD
added 2025/12/05 6:15 p.m.12 views

CVE-2025-66566

yawkat LZ4 Java provides LZ4 compression for Java. Insufficient clearing of the output buffer in Java-based decompressor implementations in lz4-java 1.10.0 and earlier allows remote attackers to read previous buffer contents via crafted compressed input. In applications where the output buffer is...

8.2CVSS0.00562EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/12/05 12:0 a.m.4 views

LZ4 Java 安全漏洞

LZ4 Java is a compression library for Java by the individual developer Jonas Konrad. A security vulnerability exists in LZ4 Java 1.10.0 and earlier versions, which stems from insufficient output buffer clearing and could lead to the disclosure of sensitive data...

8.2CVSS6.3AI score0.00562EPSS
Exploits0References4
Cvelist
Cvelist
added 2025/12/03 6:55 p.m.49 views

CVE-2025-12084 Quadratic complexity in node ID cache clearing

When building nested elements using xml.dom.minidom methods such as appendChild that have a dependency on clearidcache the algorithm is quadratic. Availability can be impacted when building excessively nested documents...

6.3CVSS0.00708EPSS
Exploits0References14
CVE
CVE
added 2025/12/03 6:55 p.m.125 views

CVE-2025-12084

CVE-2025-12084 affects Python’s xml.dom.minidom when building nested elements via methods like appendChild() that rely on _clear_id_cache(); the algorithm becomes quadratic, potentially impacting availability under heavily nested documents. Connected advisories confirm a patch exists across multi...

6.3CVSS6.6AI score0.00708EPSS
Exploits0References14Affected Software1
OSV
OSV
added 2025/11/28 9:17 a.m.18 views

RLSA-2025:21931 Moderate: kernel security update

The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: NFS: Fix filehandle bounds checking in nfsfhtodentry CVE-2025-39730 kernel: tcp: Clear tcpsksk-fastopenrsk in tcpdisconnect CVE-2025-39955 For more details about the security issues,...

7.6CVSS6.4AI score0.00181EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/11/22 8:35 a.m.16 views

CVE-2025-12170

The Checkbox plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'wpajaxnoprivcheckboxcleanlog' AJAX endpoint in all versions up to, and including, 2.8.10. This makes it possible for unauthenticated attackers to clear log files...

5.3CVSS5.4AI score0.002EPSS
Exploits0References1
Patchstack
Patchstack
added 2025/11/21 9:51 p.m.8 views

WordPress Checkbox plugin <= 2.8.10 - Missing Authorization to Unauthenticated Log Clearing vulnerability

Missing Authorization to Unauthenticated Log Clearing vulnerability discovered by Legion Hunter in WordPress Plugin Checkbox versions = 2.8.10...

5.3CVSS7AI score0.002EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2025/11/21 8:15 a.m.7 views

CVE-2025-12170

The Checkbox plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'wpajaxnoprivcheckboxcleanlog' AJAX endpoint in all versions up to, and including, 2.8.10. This makes it possible for unauthenticated attackers to clear log files...

5.3CVSS0.002EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/11/21 7:31 a.m.8 views

CVE-2025-12170 Checkbox <= 2.8.10 - Missing Authorization to Unauthenticated Log Clearing

The Checkbox plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'wpajaxnoprivcheckboxcleanlog' AJAX endpoint in all versions up to, and including, 2.8.10. This makes it possible for unauthenticated attackers to clear log files...

5.3CVSS0.002EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/11/21 7:31 a.m.3 views

CVE-2025-12170 Checkbox <= 2.8.10 - Missing Authorization to Unauthenticated Log Clearing

The Checkbox plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'wpajaxnoprivcheckboxcleanlog' AJAX endpoint in all versions up to, and including, 2.8.10. This makes it possible for unauthenticated attackers to clear log files...

5.3CVSS5AI score0.002EPSS
Exploits0References2
CVE
CVE
added 2025/11/21 7:31 a.m.24 views

CVE-2025-12170

CVE-2025-12170 applies to the WordPress Checkbox plugin (

5.3CVSS5AI score0.002EPSS
Exploits0References2
EUVD
EUVD
added 2025/11/21 5:32 a.m.9 views

EUVD-2025-198378

The ELEX WordPress HelpDesk & Customer Ticketing System plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'wpajaxehcrmsettingsemptyscheduledactions' AJAX Action in all versions up to, and including, 3.3.0. This makes it possible for...

4.3CVSS4.7AI score0.00168EPSS
Exploits0References3
NVD
NVD
added 2025/11/20 3:17 p.m.5 views

CVE-2025-60794

Session tokens and passwords in couch-auth 0.21.2 are stored in JavaScript objects and remain in memory without explicit clearing in src/user.ts lines 700-707. This creates a window of opportunity for sensitive data extraction through memory dumps, debugging tools, or other memory access...

6.5CVSS0.00186EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/11/17 7:3 a.m.15 views

CVE-2025-64307

The Brightpick Internal Logic Control web interface is accessible without requiring user authentication. An unauthorized user could exploit this interface to manipulate robot control functions, including initiating or halting runners, assigning jobs, clearing stations, and deploying storage totes...

7.1CVSS6.8AI score0.00233EPSS
Exploits0References1
NVD
NVD
added 2025/11/15 12:15 a.m.8 views

CVE-2025-64307

The Brightpick Internal Logic Control web interface is accessible without requiring user authentication. An unauthorized user could exploit this interface to manipulate robot control functions, including initiating or halting runners, assigning jobs, clearing stations, and deploying storage totes...

7.1CVSS0.00233EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2025/11/14 11:34 p.m.5 views

CVE-2025-64307 Brightpick Mission Control / Internal Logic Control Missing Authentication for Critical Function

The Brightpick Internal Logic Control web interface is accessible without requiring user authentication. An unauthorized user could exploit this interface to manipulate robot control functions, including initiating or halting runners, assigning jobs, clearing stations, and deploying storage totes...

7.1CVSS5.9AI score0.00233EPSS
Exploits0References3
EUVD
EUVD
added 2025/11/14 11:34 p.m.4 views

EUVD-2025-197666

The Brightpick Internal Logic Control web interface is accessible without requiring user authentication. An unauthorized user could exploit this interface to manipulate robot control functions, including initiating or halting runners, assigning jobs, clearing stations, and deploying storage totes...

7.1CVSS6.3AI score0.00233EPSS
Exploits0References4
CNNVD
CNNVD
added 2025/11/14 12:0 a.m.3 views

Alto CMS 安全漏洞

Alto CMS is a content management system from AltoCMS open source. A security vulnerability exists in Alto CMS version 1.1.13, which stems from not properly clearing input and could lead to a cross-site scripting attack...

6.1CVSS6AI score0.00252EPSS
Exploits1References3
OSV
OSV
added 2025/11/12 10:27 p.m.12 views

CVE-2025-64707 Frappe LMS revoking access did not show immediate effect as roles were cached

Frappe Learning is a learning system that helps users structure their content. Starting in version 2.0.0 and prior to version 2.41.0, when admins revoked a role from the user, the effect was not immediate because of caching. The issue has been fixed in version 2.41.0 by ensuring the cache is...

5.1CVSS6.7AI score0.00162EPSS
Exploits0References3
NVD
NVD
added 2025/11/12 10:15 p.m.8 views

CVE-2025-64429

DuckDB is a SQL database management system. DuckDB implemented block-based encryption of DB on the filesystem starting with DuckDB 1.4.0. There are a few issues related to this implementation. The DuckDB can fall back to an insecure random number generator pcg32 to generate cryptographic keys or...

6.9CVSS0.00108EPSS
Exploits0References4
Rows per page
Query Builder