Lucene search
K

13682 matches found

Cvelist
Cvelist
added 2025/01/22 2:26 p.m.13 views

CVE-2025-24027 ps_contactinfo has potential XSS due to usage of the nofilter tag in template

pscontactinfo, a PrestaShop module for displaying store contact information, has a cross-site scripting XSS vulnerability in versions up to and including 3.3.2. This can not be exploited in a fresh install of PrestaShop, only shops made vulnerable by third party modules are concerned. For example...

6.2CVSS0.00396EPSS
Exploits0References2
OSV
OSV
added 2025/01/21 12:18 p.m.5 views

CVE-2024-57945 riscv: mm: Fix the out of bound issue of vmemmap address

In the Linux kernel, the following vulnerability has been resolved: riscv: mm: Fix the out of bound issue of vmemmap address In sparse vmemmap model, the virtual address of vmemmap is calculated as: struct page VMEMMAPSTART - physrambase PAGESHIFT. And the struct page's va can be calculated with ...

7.1CVSS5.9AI score0.00208EPSS
Exploits0References8
VulnCheck KEV
VulnCheck KEV
added 2025/01/21 12:0 a.m.3 views

VulnCheck KEV: CVE-2023-26134

Versions of the package git-commit-info before 2.0.2 are vulnerable to Command Injection such that the package-exported method gitCommitInfo fails to sanitize its parameter commit, which later flows into a sensitive command execution API. As a result, attackers may inject malicious commands...

9.8CVSS6AI score0.03638EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2025/01/20 3:43 p.m.7 views

CVE-2025-23044 Cross-Site Request Forgery (CSRF) allows creating admin account with POST request

PwnDoc is a penetration test report generator. There is no CSRF protection in pwndoc, allowing attackers to send requests on a logged-in user's behalf. This includes GET and POST requests due to the missing SameSite= attribute on cookies and the ability to refresh cookies. Commit...

6.8CVSS6.6AI score0.00239EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2025/01/20 12:0 a.m.8 views

PT-2025-4789 · Pwndoc · Pwndoc

Name of the Vulnerable Software and Affected Versions: PwnDoc versions prior to the version that includes commit 14acb704891245bf1703ce6296d62112e85aa995 Description: PwnDoc is a penetration test report generator that lacks CSRF protection, allowing attackers to send requests on a logged-in user'...

8.1CVSS7.3AI score0.00239EPSS
Exploits1References7
CVE
CVE
added 2025/01/19 10:17 a.m.116 views

CVE-2025-21634

CVE-2025-21634 concerns the Linux kernel cpuset/cgroup path where kernfs active protection can be broken during concurrent cpuset writes, triggering a warning and potential deadlock risk. The root cause involved a sequence of hotplug-related changes that async/sync cpuset processing and previousl...

5.5CVSS6.8AI score0.00138EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2025/01/17 12:0 a.m.7 views

PT-2025-2192 · Newtec · Newtec/Idirect Ntc2299 +2

Name of the Vulnerable Software and Affected Versions: Newtec/iDirect NTC2218, NTC2250, NTC2299 versions 1.0.1.1 through 2.2.6.19 Description: The issue affects the commit multicast page in the modem's web administration interface, which improperly parses incoming data from the request before...

9.3CVSS6.8AI score0.00624EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2025/01/16 12:0 a.m.13 views

PT-2025-2932 · Unknown +1 · Gomatrixserverlib +1

Name of the Vulnerable Software and Affected Versions: Gomatrixserverlib affected versions not specified Description: Gomatrixserverlib is a Go library for matrix federation. It is vulnerable to server-side request forgery, serving content from a private network it can access, under certain...

8.9CVSS6.3AI score0.0104EPSS
Exploits2References91
OSV
OSV
added 2025/01/15 1:15 p.m.4 views

DEBIAN-CVE-2024-57886

In the Linux kernel, the following vulnerability has been resolved: mm/damon/core: fix new damontarget objects leaks on damoncommittargets Patch series "mm/damon/core: fix memory leaks and ignored inputs from damoncommitctx". Due to two bugs in damoncommittargets and damoncommitschemes, which are...

5.5CVSS5.6AI score0.00172EPSS
Exploits0References1
OSV
OSV
added 2025/01/14 6:0 p.m.5 views

UBUNTU-CVE-2024-52006

Git is a fast, scalable, distributed revision control system with an unusually rich command set that provides both high-level operations and full access to internals. Git defines a line-based protocol that is used to exchange information between Git and Git credential helpers. Some ecosystems mos...

7.5CVSS6.6AI score0.01019EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2025/01/14 12:0 a.m.7 views

PT-2025-3019 · Discourse · Discourse Ai

Name of the Vulnerable Software and Affected Versions: Discourse AI affected versions not specified Description: The issue concerns the Discourse AI plugin, which provides AI features. When sharing conversations from the Discourse AI Bot into posts, HTML entities from the conversation could leak...

9CVSS6.7AI score0.00406EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2025/01/13 12:0 a.m.3 views

PT-2025-7091

Name of the Vulnerable Software and Affected Versions: FFmpeg versions prior to commit d5873b Description: A memory leak was discovered in the libavutil/mem.c component. Recommendations: For versions prior to commit d5873b, update to a version that includes the fix for the memory leak in the...

7.8CVSS6.1AI score0.00352EPSS
Exploits1References12
Positive Technologies
Positive Technologies
added 2025/01/13 12:0 a.m.2 views

PT-2025-7092

Name of the Vulnerable Software and Affected Versions FFmpeg versions prior to commit d5873b Description The vulnerability is a memory leak in the libavutil/iamf.c component. Exploitation may allow a remote attacker to disclose protected information. The vulnerability can be exploited to crash...

6.5CVSS5.8AI score0.00281EPSS
Exploits1References21
NVD
NVD
added 2025/01/11 3:15 p.m.6 views

CVE-2024-57839

In the Linux kernel, the following vulnerability has been resolved: Revert "readahead: properly shorten readahead when falling back to dopagecachera" This reverts commit 7c877586da3178974a8a94577b6045a48377ff25. Anders and Philippe have reported that recent kernels occasionally hang when used wit...

5.5CVSS0.0017EPSS
Exploits0References2
OSV
OSV
added 2025/01/11 3:15 p.m.4 views

DEBIAN-CVE-2024-57839

In the Linux kernel, the following vulnerability has been resolved: Revert "readahead: properly shorten readahead when falling back to dopagecachera" This reverts commit 7c877586da3178974a8a94577b6045a48377ff25. Anders and Philippe have reported that recent kernels occasionally hang when used wit...

5.5CVSS5.6AI score0.0017EPSS
Exploits0References1
CVE
CVE
added 2025/01/11 2:30 p.m.172 views

CVE-2024-57843

CVE-2024-57843 : In the Linux kernel, a vulnerability in virtio-net can cause overflow in virtnet_rq_alloc when a fragment spans a page and the total buffer size plus virtnet_rq_dma exceeds one page. This can lead to reliable VM crashes or SCP failures. Root cause: virtnet_rq_dma reserves 16 byte...

5.5CVSS6.8AI score0.002EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2025/01/11 2:30 p.m.81 views

CVE-2024-57839

Technical details for CVE-2024-57839 are not provided in the connected documents. Public info appears limited to the initial description; monitor for official advisories for affected products, impact, and fixes.

5.5CVSS6.4AI score0.0017EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2025/01/11 2:30 p.m.7 views

CVE-2024-57839 Revert "readahead: properly shorten readahead when falling back to do_page_cache_ra()"

In the Linux kernel, the following vulnerability has been resolved: Revert "readahead: properly shorten readahead when falling back to dopagecachera" This reverts commit 7c877586da3178974a8a94577b6045a48377ff25. Anders and Philippe have reported that recent kernels occasionally hang when used wit...

5.5CVSS6AI score0.0017EPSS
Exploits0References5
OSV
OSV
added 2025/01/11 1:15 p.m.2 views

DEBIAN-CVE-2024-57806

In the Linux kernel, the following vulnerability has been resolved: btrfs: fix transaction atomicity bug when enabling simple quotas Set squota incompat bit before committing the transaction that enables the feature. With the config CONFIGBTRFSASSERT enabled, an assertion failure occurs regarding...

5.5CVSS5.7AI score0.00209EPSS
Exploits0References1
UbuntuCve
UbuntuCve
added 2025/01/09 12:0 a.m.14 views

CVE-2024-12084

A heap-based buffer overflow flaw was found in the rsync daemon. This issue is due to improper handling of attacker-controlled checksum lengths s2length in the code. When MAXDIGESTLEN exceeds the fixed SUMLENGTH 16 bytes, an attacker can write out of bounds in the sum2 buffer...

9.8CVSS7.5AI score0.72059EPSS
Exploits4References6
Rows per page
Query Builder