Lucene search
K

13682 matches found

CVE
CVE
added 2025/02/06 12:0 a.m.46 views

CVE-2024-25883

CVE-2024-25883 affects the RSD project (rsd-devel) where the mstatus register update in commit 3d13a is incorrect, causing processing errors. The issue is described consistently across multiple databases, with no explicit exploitation details or fixes provided in the connected documents. The CVE ...

5.3CVSS6.6AI score0.00278EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/02/06 12:0 a.m.4 views

PT-2025-5876 · Unknown · Deep-Diver Llm-As-Chatbot

Name of the Vulnerable Software and Affected Versions: deep-diver LLM-As-Chatbot versions prior to commit 99c2c03 Description: The issue allows a remote attacker to execute arbitrary code via the modelsbyom.py component. Recommendations: For deep-diver LLM-As-Chatbot versions prior to commit...

8.8CVSS8.3AI score0.00778EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2025/02/05 11:0 p.m.7 views

CVE-2022-1253

Heap-based Buffer Overflow in GitHub repository strukturag/libde265 prior to and including 1.0.8. The fix is established in commit 8e89fe0e175d2870c39486fdd09250b230ec10b8 but does not yet belong to an official release...

9.8CVSS6.7AI score0.0202EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/02/05 7:41 p.m.9 views

CVE-2022-39274

LoRaMac-node is a reference implementation and documentation of a LoRa network node. Versions of LoRaMac-node prior to 4.7.0 are vulnerable to a buffer overflow. Improper size validation of the incoming radio frames can lead to an 65280-byte out-of-bounds write. The function ProcessRadioRxDone...

9.8CVSS7.2AI score0.0143EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/02/05 7:34 p.m.8 views

CVE-2022-39268

Impact In a CSRF attack, an innocent end user is tricked by an attacker into submitting a web request that they did not intend. This may cause actions to be performed on the website that can include inadvertent client or server data leakage, change of session state, or manipulation of an end user...

8.1CVSS6.4AI score0.00382EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/02/05 1:54 p.m.7 views

CVE-2020-4059

In mversion before 2.0.0, there is a command injection vulnerability. This issue may lead to remote code execution if a client of the library calls the vulnerable method with untrusted input. This vulnerability is patched by version 2.0.0. Previous releases are deprecated in npm. As a workaround,...

7.5CVSS8.1AI score0.02596EPSS
Exploits0
Cvelist
Cvelist
added 2025/02/05 9:7 a.m.11 views

CVE-2023-52924 netfilter: nf_tables: don't skip expired elements during walk

In the Linux kernel, the following vulnerability has been resolved: netfilter: nftables: don't skip expired elements during walk There is an asymmetry between commit/abort and preparation phase if the following conditions are met: 1. set is a verdict map "1.2.3.4 : jump foo" 2. timeouts are enabl...

0.00191EPSS
Exploits0References7
RedhatCVE
RedhatCVE
added 2025/02/05 8:17 a.m.5 views

CVE-2024-47179

RSSHub is an RSS network. Prior to commit 64e00e7, RSSHub's docker-test-cont.yml workflow is vulnerable to Artifact Poisoning, which could have lead to a full repository takeover. Downstream users of RSSHub are not vulnerable to this issue, and commit 64e00e7 fixed the underlying issue and made t...

8.8CVSS7AI score0.00714EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/02/05 7:52 a.m.22 views

CVE-2024-41118

streamlit-geospatial is a streamlit multipage app for geospatial applications. Prior to commit c4f81d9616d40c60584e36abb15300853a66e489, the url variable on line 47 of pages/7📦WebMapService.py takes user input, which is passed to getlayers function, in which url is used with getwmslayer method...

9.8CVSS9.4AI score0.00713EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/02/05 7:51 a.m.7 views

CVE-2024-41114

streamlit-geospatial is a streamlit multipage app for geospatial applications. Prior to commit c4f81d9616d40c60584e36abb15300853a66e489, the palette variable on line 430 in pages/1📷Timelapse.py takes user input, which is later used in the eval function on line 435, leading to remote code executio...

9.8CVSS9.7AI score0.01395EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/02/05 7:42 a.m.11 views

CVE-2024-41115

streamlit-geospatial is a streamlit multipage app for geospatial applications. Prior to commit c4f81d9616d40c60584e36abb15300853a66e489, the palette variable on line 488 in pages/1📷Timelapse.py takes user input, which is later used in the eval function on line 493, leading to remote code executio...

9.8CVSS9.7AI score0.01475EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/02/05 7:41 a.m.12 views

CVE-2024-41120

streamlit-geospatial is a streamlit multipage app for geospatial applications. Prior to commit c4f81d9616d40c60584e36abb15300853a66e489, the url variable on line 63 of pages/9🔲VectorDataVisualization.py takes user input, which is later passed to the gpd.readfile method. gpd.readfile method create...

9.8CVSS9.5AI score0.00786EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/02/05 3:43 a.m.6 views

CVE-2024-45059

i-Educar is free, fully online school management software that can be used by school secretaries, teachers, coordinators, and area managers. A SQL Injection vulnerability was found prior to the 2.9 branch in the ieducar/intranet/funcionariovinculodet.php file, which creates the query by...

8.8CVSS8.8AI score0.00665EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/02/05 12:33 a.m.10 views

CVE-2024-55602

PwnDoc is a penetration test report generator. Prior to commit 1d4219c596f4f518798492e48386a20c6e9a2fe6, an authenticated user who is able to update and download templates can inject path traversal ../ sequences into the file extension property to read arbitrary files on the system. Commit...

8.5CVSS6.8AI score0.00669EPSS
Exploits1References1
Github Security Blog
Github Security Blog
added 2025/01/30 5:51 p.m.10 views

Argo CD GitOps Engine does not scrub secret values from patch errors

Impact A vulnerability was discovered in Argo CD that exposed secret values in error messages and the diff view when an invalid Kubernetes Secret resource was synced from a repository. The vulnerability assumes the user has write access to the repository and can exploit it, either intentionally o...

6.7AI score
Exploits0References6Affected Software1
Microsoft CVE
Microsoft CVE
added 2025/01/29 8:0 a.m.3 views

ubifs: authentication: Fix use-after-free in ubifs_tnc_end_commit

...

7.8CVSS6.9AI score0.00285EPSS
Exploits0
SUSE CVE
SUSE CVE
added 2025/01/29 3:54 a.m.2 views

SUSE CVE-2024-52594

Gomatrixserverlib is a Go library for matrix federation. Gomatrixserverlib is vulnerable to server-side request forgery, serving content from a private network it can access, under certain conditions. The commit c4f1e01 fixes this issue. Users are advised to upgrade. Users unable to upgrade shoul...

4.3CVSS6.8AI score0.00332EPSS
Exploits0References3
AlpineLinux
AlpineLinux
added 2025/01/27 10:57 p.m.2 views

CVE-2025-24369

Anubis is a tool that allows administrators to protect bots against AI scrapers through bot-checking heuristics and a proof-of-work challenge to discourage scraping from multiple IP addresses. Anubis allows attackers to bypass the bot protection by requesting a challenge, formulates any nonce suc...

2.3CVSS6.9AI score0.004EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2025/01/24 12:0 a.m.5 views

PT-2025-4007 · Joeybling · Bootplus

Name of the Vulnerable Software and Affected Versions: JoeyBling bootplus versions up to 247d5f6c209be1a5cf10cd0fa18e1d8cc63cf55d Description: A critical issue has been found, allowing for remote SQL injection. The manipulation of the sort/order argument in an unknown function of the file...

6.5CVSS7.1AI score0.00408EPSS
Exploits0References9
Amazon
Amazon
added 2025/01/24 12:0 a.m.7 views

Medium: grpc

Issue Overview: There exists a denial of service through Data corruption in gRPC-C++ - gRPC-C++ servers with transmit zero copy enabled through the channel arg GRPCARGTCPTXZEROCOPYENABLED can experience data corruption issues. The data sent by the application may be corrupted before transmission...

6.9CVSS6.9AI score0.00576EPSS
Exploits0
Rows per page
Query Builder