Lucene search
+L

718 matches found

PyPA
PyPA
added 2025/11/12 10:15 p.m.12 views

PYSEC-2025-112

DuckDB is a SQL database management system. DuckDB implemented block-based encryption of DB on the filesystem starting with DuckDB 1.4.0. There are a few issues related to this implementation. The DuckDB can fall back to an insecure random number generator pcg32 to generate cryptographic keys or...

6.9CVSS5.8AI score0.00108EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2025/11/12 10:15 p.m.10 views

PYSEC-2025-112

DuckDB is a SQL database management system. DuckDB implemented block-based encryption of DB on the filesystem starting with DuckDB 1.4.0. There are a few issues related to this implementation. The DuckDB can fall back to an insecure random number generator pcg32 to generate cryptographic keys or...

6.5CVSS5.8AI score0.00108EPSS
Exploits0References4
Cvelist
Cvelist
added 2025/11/12 9:32 p.m.16 views

CVE-2025-64429 DuckDB Encryption Crypto implementation is vulnerable

DuckDB is a SQL database management system. DuckDB implemented block-based encryption of DB on the filesystem starting with DuckDB 1.4.0. There are a few issues related to this implementation. The DuckDB can fall back to an insecure random number generator pcg32 to generate cryptographic keys or...

6.9CVSS0.00108EPSS
Exploits0References4
EUVD
EUVD
added 2025/11/12 9:32 p.m.6 views

EUVD-2025-150399

DuckDB is a SQL database management system. DuckDB implemented block-based encryption of DB on the filesystem starting with DuckDB 1.4.0. There are a few issues related to this implementation. The DuckDB can fall back to an insecure random number generator pcg32 to generate cryptographic keys or...

6.9CVSS6.9AI score0.00108EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2025/11/12 9:32 p.m.4 views

CVE-2025-64429 DuckDB Encryption Crypto implementation is vulnerable

DuckDB is a SQL database management system. DuckDB implemented block-based encryption of DB on the filesystem starting with DuckDB 1.4.0. There are a few issues related to this implementation. The DuckDB can fall back to an insecure random number generator pcg32 to generate cryptographic keys or...

6.9CVSS7.1AI score0.00108EPSS
Exploits0References4
Debian CVE
Debian CVE
added 2025/11/12 9:32 p.m.7 views

CVE-2025-64429

DuckDB is a SQL database management system. DuckDB implemented block-based encryption of DB on the filesystem starting with DuckDB 1.4.0. There are a few issues related to this implementation. The DuckDB can fall back to an insecure random number generator pcg32 to generate cryptographic keys or...

6.9CVSS5.9AI score0.00108EPSS
Exploits0
OSV
OSV
added 2025/11/12 9:32 p.m.11 views

CVE-2025-64429 DuckDB Encryption Crypto implementation is vulnerable

DuckDB is a SQL database management system. DuckDB implemented block-based encryption of DB on the filesystem starting with DuckDB 1.4.0. There are a few issues related to this implementation. The DuckDB can fall back to an insecure random number generator pcg32 to generate cryptographic keys or...

6.9CVSS7.3AI score0.00108EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2025/11/12 1:52 p.m.3 views

kernel: Bluetooth: Fix potential use-after-free when clear keys

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: Fix potential use-after-free when clear keys Similar to commit c5d2b6fa26b5 "Bluetooth: Fix use-after-free in hciremoveltk/hciremoveirk". We can not access k after kfreercu call...

7.8CVSS6.8AI score0.00139EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2025/11/12 8:15 a.m.5 views

kernel: Bluetooth: Fix potential use-after-free when clear keys

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: Fix potential use-after-free when clear keys Similar to commit c5d2b6fa26b5 "Bluetooth: Fix use-after-free in hciremoveltk/hciremoveirk". We can not access k after kfreercu call...

7.8CVSS6.8AI score0.00139EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2025/11/12 12:0 a.m.12 views

PT-2025-46723

Name of the Vulnerable Software and Affected Versions DuckDB versions 1.4.0 through 1.4.1 Description DuckDB, a SQL database management system, contains issues related to its block-based encryption implementation introduced in version 1.4.0. The system can fall back to an insecure random number...

6.9CVSS7.1AI score0.00108EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2025/11/12 12:0 a.m.9 views

PT-2025-46769

Name of the Vulnerable Software and Affected Versions Frappe Learning versions 2.0.0 through 2.40.9 Description Frappe Learning is a learning system used to structure content. A flaw exists where changes to user roles made by administrators were not immediately reflected due to caching mechanisms...

5.1CVSS6.3AI score0.00162EPSS
Exploits0References3
EUVD
EUVD
added 2025/11/01 6:30 a.m.5 views

EUVD-2025-37421

The Folderly plugin for WordPress is vulnerable to unauthorized modification of data due to an insufficient capability check on the /wp-json/folderly/v1/config/clear-all-data REST API endpoint in all versions up to, and including, 0.3. This makes it possible for authenticated attackers, with...

4.3CVSS5.1AI score0.00178EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/10/29 3:19 p.m.7 views

CVE-2025-36083

IBM Concert Software 1.0.0 through 2.0.0 could allow a local user to obtain sensitive information from buffers due to improper clearing of heap memory before release...

6.2CVSS6AI score0.00114EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/28 3:30 p.m.6 views

EUVD-2025-36532

IBM Concert Software 1.0.0 through 2.0.0 could allow a local user to obtain sensitive information from buffers due to improper clearing of heap memory before release...

6.2CVSS5.6AI score0.00114EPSS
Exploits0References2
OSV
OSV
added 2025/10/28 3:16 p.m.4 views

CVE-2025-36083

IBM Concert Software 1.0.0 through 2.0.0 could allow a local user to obtain sensitive information from buffers due to improper clearing of heap memory before release...

5.5CVSS6.1AI score
Exploits0References1
CVE
CVE
added 2025/10/28 2:55 p.m.18 views

CVE-2025-36083

IBM Concert Software (versions 1.0.0–2.0.0) exposes a local-information-disclosure vulnerability due to improper clearing of heap memory before release. This could allow a local attacker to obtain sensitive data from buffers. Remediation: upgrade to IBM Concert Software 2.1.0 as indicated by IBM’...

6.2CVSS5.7AI score0.00114EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2025/10/28 2:55 p.m.8 views

CVE-2025-36083 Multiple Vulnerabilities in IBM Concert Software.

IBM Concert Software 1.0.0 through 2.0.0 could allow a local user to obtain sensitive information from buffers due to improper clearing of heap memory before release...

6.2CVSS0.00114EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/10/28 2:55 p.m.3 views

CVE-2025-36083 Multiple Vulnerabilities in IBM Concert Software.

IBM Concert Software 1.0.0 through 2.0.0 could allow a local user to obtain sensitive information from buffers due to improper clearing of heap memory before release...

6.2CVSS5.7AI score0.00114EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/10/25 8:31 p.m.7 views

CVE-2025-62717

Emlog is an open source website building system. In version 2.5.23, Emlog Pro is vulnerable to a session verification code error due to a clearing logic error. This means the verification code could be reused anywhere an email verification code is required. This issue has been fixed in commit...

9.1CVSS7AI score0.00363EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/10/25 12:0 a.m.7 views

Emlog Pro 安全漏洞

Emlog Pro is an Emlog open source blogging system. A security vulnerability exists in Emlog Pro version 2.5.23, which stems from an error in the session CAPTCHA clearing logic that could lead to CAPTCHAs being reused...

9.1CVSS6.5AI score0.00363EPSS
Exploits0References1
Rows per page
Query Builder