Lucene search
K

2225 matches found

Rosalinux
Rosalinux
added 2025/12/02 1:20 p.m.6 views

Advisory ROSA-SA-2025-3100

Software: PackageKit 1.1.12 OS: ROSA Virtualization 2.1 packageevrstring: PackageKit-1.1.12-7.0.1.rv3 CVE-ID: CVE-2024-0217 BDU-ID: None CVE-Crit: LOW CVE-DESC.: A use-after-free vulnerability in PackageKitd allows an attacker to access freed memory and potentially execute arbitrary code...

3.3CVSS7.5AI score0.00228EPSS
Exploits0
Snyk
Snyk
added 2025/12/01 6:42 p.m.4 views

Integer Overflow or Wraparound

Overview Affected versions of this package are vulnerable to Integer Overflow or Wraparound in the kissfftalloc function when the nfft parameter is not properly validated before being used in a size calculation. An attacker can cause a heap buffer overflow by supplying a large value for nfft on...

8.6CVSS7.5AI score0.00144EPSS
Exploits0References2
IBM Security Bulletins
IBM Security Bulletins
added 2025/12/01 11:8 a.m.6 views

Security Bulletin: Multiple Security Vulnerabilities in IBM Sterling B2B Integrator and IBM Sterling File Gateway (CVE-2025-48795 CVE-2025-48913)

Summary IBM Sterling B2B Integrator and IBM Sterling File Gateway have addressed the security vulnerabilities Vulnerability Details CVEID:CVE-2025-48795 DESCRIPTION: Apache CXF stores large stream based messages as temporary files on the local filesystem. A bug was introduced which means that the...

9.8CVSS7.1AI score0.00739EPSS
Exploits0Affected Software1
RedhatCVE
RedhatCVE
added 2025/11/27 1:55 a.m.18 views

CVE-2025-66266

The RupsMon.exe service executable in UPSilon 2000 has insecure permissions, allowing the 'Everyone' group Full Control. A local attacker can replace the executable with a malicious binary to execute code with SYSTEM privileges or simply change the config path of the service to a command; startin...

9.3CVSS7.6AI score0.0012EPSS
Exploits0References1
OSV
OSV
added 2025/11/25 10:3 p.m.6 views

JLSEC-2025-237 In libarchive before 3.6.2, the software does not check for an error after calling calloc function t...

In libarchive before 3.6.2, the software does not check for an error after calling calloc function that can return with a NULL pointer if the function fails, which leads to a resultant NULL pointer dereference. NOTE: the discoverer cites this CWE-476 remark but third parties dispute the...

9.8CVSS7AI score0.01936EPSS
Exploits0References13
Tenable Nessus
Tenable Nessus
added 2025/11/20 12:0 a.m.7 views

TencentOS Server 4: gdk-pixbuf2 (TSSA-2024:0598)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2024:0598 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities:...

7.8CVSS7.6AI score0.00415EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2025/11/18 12:0 a.m.6 views

PT-2025-47259

Name of the Vulnerable Software and Affected Versions Pie Forms for WP plugin for WordPress versions prior to 1.7 Description The Pie Forms for WP plugin for WordPress is susceptible to an Arbitrary File Upload issue through the format classic function. Insufficient file type validation within th...

8.1CVSS7.7AI score0.00574EPSS
Exploits0References8
Tenable Nessus
Tenable Nessus
added 2025/11/18 12:0 a.m.6 views

Mozilla Thunderbird < 91.1

The version of Thunderbird installed on the remote macOS or Mac OS X host is prior to 91.1. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2021-41 advisory. - Mozilla developers Tyson Smith, Christian Holler, and Gabriele Svelto reported memory safety bugs present...

8.8CVSS8.3AI score0.01118EPSS
Exploits1References3
EUVD
EUVD
added 2025/11/17 11:39 a.m.4 views

EUVD-2025-197784

A vulnerability has been identified in PS/IGES Parasolid Translator Component All versions V29.0.258. The affected applications contains an out of bounds read vulnerability while parsing specially crafted IGS files. This could allow an attacker to crash the application or execute code in the...

7.8CVSS6.8AI score0.00178EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/11/17 12:0 a.m.7 views

PT-2025-47142

Name of the Vulnerable Software and Affected Versions PS/IGES Parasolid Translator Component versions prior to 29.0.258 Description The PS/IGES Parasolid Translator Component contains an out-of-bounds read issue when processing specifically designed IGS files. This could potentially allow an...

7.8CVSS7.1AI score0.00178EPSS
Exploits0References11
Snyk
Snyk
added 2025/11/13 10:22 p.m.3 views

Uncontrolled Search Path Element

Overview Affected versions of this package are vulnerable to Uncontrolled Search Path Element due to unqualified SQL function and operator references in the database dialect components. An attacker can execute malicious code with elevated privileges by creating crafted functions with names that...

8.6CVSS7.8AI score0.00381EPSS
Exploits0References3
Cvelist
Cvelist
added 2025/11/12 10:6 p.m.8 views

CVE-2022-4983 TEC-IT TBarCode SDK 11.15 Remote File Create

TEC-IT TBarCode version 11.15 contains a vulnerability in the TBarCode11.ocx ActiveX/OCX control's licensing handling INI-file based that can be abused to cause remote creation of files on the host filesystem. Depending on where files can be created and which filenames are allowed, this can allow...

6.9CVSS0.00341EPSS
Exploits0References2
OSV
OSV
added 2025/11/11 5:15 p.m.8 views

CVE-2025-23361

NVIDIA NeMo Framework for all platforms contains a vulnerability in a script, where malicious input created by an attacker may cause improper control of code generation. A successful exploit of this vulnerability may lead to code execution, escalation of privileges, information disclosure, and da...

7.8CVSS7AI score0.00253EPSS
Exploits0References3
AlpineLinux
AlpineLinux
added 2025/11/10 9:27 p.m.8 views

CVE-2025-64182

OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. In versions 3.2.0 through 3.2.4, 3.3.0 through 3.3.5, and 3.4.0 through 3.4.2, a memory safety bug in the legacy OpenEXR Python adapter the deprecated...

7.8CVSS8.1AI score0.0021EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2025/11/07 12:0 a.m.3 views

Amazon Linux 2023 : cuda-compat-13-0 (ALAS2023NVIDIA-2025-259)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023NVIDIA-2025-259 advisory. NVIDIA Display Driver for Linux contains a vulnerability where an attacker could cause a use-after-free. A successful exploit of this vulnerability might lead to code execution, escalatio...

7CVSS6.2AI score0.00224EPSS
Exploits0References12
RedhatCVE
RedhatCVE
added 2025/11/02 6:43 a.m.19 views

CVE-2025-12171

The RESTful Content Syndication plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the ingestimage function in versions 1.1.0 to 1.5.0. This makes it possible for authenticated attackers, with Author-level access and above, to upload arbitrary file...

8.8CVSS7.5AI score0.00493EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/10/31 10:7 p.m.4 views

CVE-2021-47700

Nagios XI versions prior to 5.8.7 used a temporary directory for Highcharts exports with overly permissive ownership/permissions under the Apache user. Local or co-hosted processes could read/overwrite export artifacts or manipulate paths, risking disclosure or tampering and potential code...

8.5CVSS7.3AI score0.0032EPSS
Exploits0References1
Snyk
Snyk
added 2025/10/29 10:12 p.m.7 views

Improper Validation of Syntactic Correctness of Input

Overview uv is an An extremely fast Python package and project manager, written in Rust. Affected versions of this package are vulnerable to Improper Validation of Syntactic Correctness of Input in ZIP archives filenames processing. An attacker can cause malicious code to be executed or files to ...

6.3CVSS6.9AI score0.0015EPSS
Exploits0References3
NVD
NVD
added 2025/10/24 8:15 a.m.26 views

CVE-2025-6440

The WooCommerce Designer Pro plugin for WordPress, used by the Pricom - Printing Company & Design Services WordPress theme, is vulnerable to arbitrary file uploads due to missing file type validation in the 'wcdpsavecanvasdesignajax' function in all versions up to, and including, 1.9.26. This mak...

9.8CVSS0.31827EPSS
Exploits12References2
VulnCheck KEV
VulnCheck KEV
added 2025/10/20 12:0 a.m.6 views

VulnCheck KEV: CVE-2022-48503

The issue was addressed with improved bounds checks. This issue is fixed in tvOS 15.6, watchOS 8.7, iOS 15.6 and iPadOS 15.6, macOS Monterey 12.5, Safari 15.6. Processing web content may lead to arbitrary code execution...

8.8CVSS7.5AI score0.03213EPSS
In wildExploits0References4
Rows per page
Query Builder