Lucene search
K

13681 matches found

Vulnrichment
Vulnrichment
added 2025/02/10 10:11 p.m.16 views

CVE-2025-25190 [XBOW-025-033] Cross-Site Scripting (XSS) via EchoProcess Service in ZOO-Project WPS Server

The ZOO-Project is an open source processing platform. The ZOO-Project Web Processing Service WPS Server contains a Cross-Site Scripting XSS vulnerability in its EchoProcess service prior to commit 7a5ae1a. The vulnerability exists because the EchoProcess service directly reflects user input in i...

6.9CVSS5.3AI score0.00511EPSS
Exploits0References2
CVE
CVE
added 2025/02/10 10:11 p.m.48 views

CVE-2025-25190

CVE-2025-25190 affects the ZOO-Project Web Processing Service (WPS) EchoProcess, where user input is echoed without proper sanitization. The vulnerability arises when handling complex inputs (XML, JSON, SVG); processing SVG content returned with image/svg+xml can expose arbitrary JavaScript via a...

6.9CVSS5.3AI score0.00511EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/02/10 10:11 p.m.12 views

CVE-2025-25190 [XBOW-025-033] Cross-Site Scripting (XSS) via EchoProcess Service in ZOO-Project WPS Server

The ZOO-Project is an open source processing platform. The ZOO-Project Web Processing Service WPS Server contains a Cross-Site Scripting XSS vulnerability in its EchoProcess service prior to commit 7a5ae1a. The vulnerability exists because the EchoProcess service directly reflects user input in i...

6.9CVSS0.00511EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/02/10 10:5 p.m.5 views

CVE-2025-25189 [XBOW-025-031] Reflected Cross-Site Scripting via jobid Parameter in ZOO-Project WPS publish.py CGI Script

The ZOO-Project is an open source processing platform. A reflected Cross-Site Scripting vulnerability exists in the ZOO-Project Web Processing Service WPS publish.py CGI script prior to commit 7a5ae1a. The script reflects user input from the jobid parameter in its HTTP response without proper HTM...

6.9CVSS6.1AI score0.00418EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/02/10 10:5 p.m.10 views

CVE-2025-25189 [XBOW-025-031] Reflected Cross-Site Scripting via jobid Parameter in ZOO-Project WPS publish.py CGI Script

The ZOO-Project is an open source processing platform. A reflected Cross-Site Scripting vulnerability exists in the ZOO-Project Web Processing Service WPS publish.py CGI script prior to commit 7a5ae1a. The script reflects user input from the jobid parameter in its HTTP response without proper HTM...

6.9CVSS0.00418EPSS
Exploits0References2
CVE
CVE
added 2025/02/10 10:5 p.m.51 views

CVE-2025-25189

CVE-2025-25189 describes a reflected cross-site scripting vulnerability in the ZOO-Project Web Processing Service (WPS) publish.py CGI script, prior to commit 7a5ae1a. The issue stems from the script reflecting the user-supplied jobid parameter into the HTML response without HTML encoding or sani...

6.9CVSS5.9AI score0.00418EPSS
Exploits0References2
OSV
OSV
added 2025/02/10 4:15 p.m.2 views

UBUNTU-CVE-2024-57950

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Initialize denominator defaults to 1 WHAT & HOW Variables, used as denominators and maybe not assigned to other values, should be initialized to non-zero to avoid DIVIDEBYZERO, as reported by Coverity. cherry...

5.5CVSS6.5AI score0.00165EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2025/02/10 12:0 a.m.3 views

PT-2025-6112 · Unknown · Zoo-Project

Name of the Vulnerable Software and Affected Versions: ZOO-Project versions prior to commit 7a5ae1a Description: The issue is related to a reflected Cross-Site Scripting vulnerability in the ZOO-Project Web Processing Service WPS publish.py CGI script. This vulnerability occurs because the script...

6.9CVSS6.5AI score0.00418EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2025/02/10 12:0 a.m.5 views

PT-2025-6113 · Unknown · Zoo-Project

Name of the Vulnerable Software and Affected Versions: ZOO-Project versions prior to commit 7a5ae1a Description: The ZOO-Project Web Processing Service WPS Server contains a Cross-Site Scripting XSS vulnerability in its EchoProcess service. The vulnerability exists because the EchoProcess service...

6.9CVSS5.9AI score0.00511EPSS
Exploits0References9
Tenable Nessus
Tenable Nessus
added 2025/02/10 12:0 a.m.6 views

Azure Linux 3.0 Security Update: kernel (CVE-2024-43828)

The version of kernel installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-43828 advisory. - In the Linux kernel, the following vulnerability has been resolved: ext4: fix infinite loop when replaying...

5.5CVSS6AI score0.00231EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/02/10 12:0 a.m.12 views

EulerOS 2.0 SP11 : subversion (EulerOS-SA-2025-1148)

According to the versions of the subversion packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : Insufficient validation of filenames against control characters in Apache Subversion repositories served via moddavsvn allows authenticated...

4.3CVSS5AI score0.01905EPSS
Exploits1References2
RedhatCVE
RedhatCVE
added 2025/02/08 6:52 a.m.5 views

CVE-2024-25883

The mstatus register in RSD commit 3d13a updates incorrectly, leading to processing errors...

5.3CVSS6.8AI score0.00278EPSS
Exploits0References1
OSV
OSV
added 2025/02/06 10:15 p.m.1 views

DEBIAN-CVE-2024-57392

Buffer Overflow vulnerability in Proftpd commit 4017eff8 allows a remote attacker to execute arbitrary code and can cause a Denial of Service DoS on the FTP service by sending a maliciously crafted message to the ProFTPD service port...

7.5CVSS6.3AI score0.01064EPSS
Exploits0References1
OSV
OSV
added 2025/02/06 10:15 p.m.4 views

CVE-2024-25883

The mstatus register in RSD commit 3d13a updates incorrectly, leading to processing errors...

5.3CVSS5.8AI score0.00278EPSS
Exploits0References1
NVD
NVD
added 2025/02/06 10:15 p.m.8 views

CVE-2024-25883

The mstatus register in RSD commit 3d13a updates incorrectly, leading to processing errors...

5.3CVSS0.00278EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/02/06 4:47 a.m.5 views

CVE-2021-37663

TensorFlow is an end-to-end open source platform for machine learning. In affected versions due to incomplete validation in tf.rawops.QuantizeV2, an attacker can trigger undefined behavior via binding a reference to a null pointer or can access data outside the bounds of heap allocated arrays. Th...

7.8CVSS6.6AI score0.00173EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/02/06 4:46 a.m.7 views

CVE-2021-37676

TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can cause undefined behavior via binding a reference to null pointer in tf.rawops.SparseFillEmptyRows. The shape inference implementation does not validate that the input arguments are not empt...

7.8CVSS6.5AI score0.00173EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/02/06 12:0 a.m.8 views

CVE-2024-25883

The mstatus register in RSD commit 3d13a updates incorrectly, leading to processing errors...

0.00278EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/02/06 12:0 a.m.5 views

CVE-2024-25883

The mstatus register in RSD commit 3d13a updates incorrectly, leading to processing errors...

5.2AI score0.00278EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/02/06 12:0 a.m.3 views

PT-2025-5876 · Unknown · Deep-Diver Llm-As-Chatbot

Name of the Vulnerable Software and Affected Versions: deep-diver LLM-As-Chatbot versions prior to commit 99c2c03 Description: The issue allows a remote attacker to execute arbitrary code via the modelsbyom.py component. Recommendations: For deep-diver LLM-As-Chatbot versions prior to commit...

8.8CVSS8.3AI score0.00778EPSS
Exploits0References5
Rows per page
Query Builder